Posted in August 2013


For Federal Privacy Programs, the Final Fair Information Practice Principle Is Crucial

By Mary Ellen Callahan, CIPP/US

When I was Chief Privacy Officer at the U.S. Department of Homeland Security from 2009-2012, I was asked frequently how the Department of Homeland Security Privacy Office was able to ascertain whether the privacy protections initially embedded in DHS programs and systems were being applied, and whether they were effective in protecting privacy. As with many things in privacy, the answer is: auditing and accountability, the last Fair Information Practice Principle. In order to be effective, the accountability must be integrated through all parts of the information governance lifecycle, including analyzing the privacy programs at the Department and component level themselves.

From the Tool Belt

Overcoming the Security and Privacy Challenges of the Cloud


There is no doubt that the use of the cloud will continue to grow at an impressive rate. IDC estimates the cloud market will be worth over $50 billion by 2014 and over $120 billion by 2020. Even the U.S. government, who is not viewed as a leader in the use of technology, has a “cloud first” mandate. With compelling evidence that migration to the cloud will improve an organization’s bottom line and business efficiencies, it would seem to be an easy decision. 

However, the ubiquitous articles and blog posts about the seemingly insurmountable security and privacy risks of moving mainstream applications to the cloud have created ample fear, uncertainty and doubt in some organizations.

More from Chris Zoladz


On Privacy Today: While Technology Hits Home Runs, Public Policy Strikes Out

By Jedidiah Bracy, CIPP/US, CIPP/E

Baseball fans, particularly those in the Detroit area, may have been struck recently with news that All-Star slugger Prince Fielder is going through a divorce. Was this just another case of some overpaid, spoiled, out-of-touch athlete causing a public scene and bringing painful attention to his private life?

No. Actually, this was not the case.

It all started last week when veteran teammate Torii Hunter was answering questions on a local radio show about Fielder’s recent struggles at the plate. Hunter defended his teammate, suggesting Fielder was bravely dealing with off-the-field issues.

Ok, no big deal, right?

More from Jedidiah Bracy


IAPP Westin Research Center

Privacy and Big Data: The Biggest Public Policy Challenge of Our Time?

Imagine the government could reduce the likelihood of a deadly terrorist attack by deploying a sophisticated algorithm to sift through the contents of all email correspondence of US citizens. Would the tradeoff of privacy for national security be justified from a public policy point of view? Would it make a difference whether such big data analysis helped avert one such attack per decade or two per year? What about if the database included not email contents but only “to/from” and “subject line” routing information? These questions and others have been hurled to the forefront of public debate by the recent revelations about the scope of NSA surveillance. Yet the benefits of big data – powerful new ways to collect, analyze and store massive amounts of information – exceed the realm of national security or even government usage and extend to areas such as scientific research, public health and energy conservation by the private sector.

More from Omer Tene


Sensationalist Headlines Might Drive Page Views, but Not Good Privacy Law or Policy

By Tanya Forsheit, CIPP/US

Skimming through my daily privacy law newsfeeds last week, I came across the following headline on multiple occasions:  Google says e-mail users have “no reasonable expectation of privacy.” In quotes. Meaning Google actually said that. “Really?” I thought. That can’t be right. I bet Google did not actually say that. 

Guess what? Google did not actually say that. 

I’ll preface the rest of this piece by making clear that I am not in the business of defending or apologizing for Google. Those who know me well know that’s not the case. Not in the least. But what happened last week reaches far beyond Google and demonstrates the folly of letting the media drive the privacy debate in this country—and, consequently, the development of privacy law and policy.

More from Tanya Forsheit


Is Your Privacy My Privacy? The Strange Tale of Martin Manley

By Jedidiah Bracy, CIPP/US, CIPP/E

We are social creatures. But we love our privacy, too. One of the reasons I love a good piece of fiction is that it often allows me into the minds of others in a very human way—often revealing personal struggles and deeply embedded worldviews in ways I might not have experienced. As such, I find that literature is an amazing way to come to understand the people and world around me.

But, I’m talking about fiction. And though an author’s narrative derives from personal experience, it’s couched in a story. Sometimes fiction mirrors reality so closely, real people are affected—I refer you to Thomas Mann’s roman à clef Buddenbrooks, which was so close to the people in his hometown, an entire family was scandalized.

Last week, a different kind of unfettered view into the mind of another human appeared on the Internet. And it’s not easy to grapple with.

More from Jedidiah Bracy


410,000 Lavabit Users Weren’t Edward Snowden

By Andrew Clearwater, CIPP/US

Lavabit founder Ladar Levison shut down his company rather than cooperate with a government investigation. Recent reports indicated that Lavabit’s secure e-mail service included NSA whistleblower Edward Snowden among its users. Now the Lavabit website shows only a letter stating in part: “I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit.” It seems that Lavabit has lived up to its mission to be the “e-mail service that never sacrifices privacy for profits.”

More from Andrew Clearwater