Drones: Aren’t the Laws Already on the Books?

February 25, 2014
“The grandfathers of privacy wouldn’t argue for new, drone-specific privacy rules,” writes Jeff Kosseff, CIPP/US. Rather, the common-law privacy torts they articulated more than a century ago would apply equally to drones as they do to older information-gathering technologies. In part one of a three-part series on drones, Kosseff looks at existing U.S. laws to be considered when it comes to the use of drones for gathering information. Look for part two, on private-sector drone use, in the April edition of The Privacy Advisor.

HIPAA Changes Mean Tightening Up Vendor Relationships

February 25, 2014
With the changes to the HIPAA Privacy and Security Rules, the responsibilities and relationships between covered entities and their vendors have moved to the forefront of information security management. Particularly, renewed emphasis has been placed on vendor security management and the responsibility that covered entities bear on performing appropriate due diligence. David Holtzman, CIPP/G, and Erin McMillan drill down on how to comply with the changes.

Ten Steps to a Quality Privacy Program, Part Seven: Identifying the Root Cause; Implementing Correct

February 25, 2014
In this seventh installment in her series “Ten Steps to a Quality Privacy Program,” Deidre Rodriguez, CIPP/US, looks at the importance of identifying root causes, correcting the issues and documenting actions taken. “Taking the time to identify and document the proper root cause of an incident or privacy issue, creating a formal corrective action plan and documenting sanctions will save you time and frustration if this information is needed to respond to a regulatory inquiry,” she writes.

Ireland: Europe’s Scapegoat for an Out-of-Date Directive

February 25, 2014
“Europe is currently endeavouring to regulate this world with a directive that was enacted in 1995 but conceived in 1981,” writes Denis Kelleher. While recent years have seen some express frustrations about Ireland’s data protection regime, “such frustrations may be better directed at a European Data Protection regime that is now out of date.” Kelleher looks at Ireland’s Office of the Data Protection Commissioner’s powers and the country’s views on privacy.

CNIL Amends Whistleblowing Rules, Effective Now

February 25, 2014
The French Data Protection Authority’s whistleblowing scheme allows companies to comply via a self-certification procedure whereby they make a formal undertaking that their whistleblowing hotline complies with the pre-established conditions set out in single authorization AU-004. The CNIL's view on whistleblowing schemes has evolved over time, and it recently revised AU-004 to cover a wider scope, including workplace harassment and the environment, and specifies that anonymous reporting should be discouraged. In this report, Olivier Proust examines the amended rules in detail.

A Privacy Pro Takes a Test Drive With Google Glass

February 25, 2014
Privacy professionals have long been warning of the dangers to privacy from wearable technology. Often, the concerns have been expressed based on anecdotal evidence. So, when Bob Siegel, CIPP/US, CIPP/IT, CIPP/C, CIPM, had the opportunity to join the Google Glass Explorer program, he jumped at the chance. Siegel describes reactions to wearing the glasses at a dinner with friends, out in public and in professional settings.

From RSA: In Times of Distrust, Innovation and Collaboration Will Be Key

February 25, 2014
The Internet has become a prison. A prison in which the warden can see all of the prisoners, but none of the prisoners can see each other, or the warden. Because what Silicon Valley knows how to do best is collect user data without notifying the user it’s doing so, and for what purpose, and then sell it for profit. But it shouldn’t be that way, and it doesn’t have to be. That’s how Michael Fertik, founder and CEO of Reputation.com, led off the IAPP’s first panel discussion at RSA Conference, and it offered a springboard for Jules Polonetsky, CIPP/US, Anne Toth and Stan Crosley, CIPP/US, CIPM, to talk about how brands can establish trust and ethically collect and use data in the post-Snowden era. Hint: IT and privacy professionals are going to have to work closely together.

It’s Complicated: The Social Lives of Networked Teens Does Not Shy Away from Tough Subjects

February 25, 2014
It’s Complicated: The Social Lives of Networked Teens, a new book by danah boyd, is “easy to read, applicable to the privacy field and full of interesting, well-considered research,” K Royal, CIPP/US, CIPP/E, writes in this review. Royal offers an overview of the book’s eight chapters and considers the relevance of the subject matter for privacy professionals and the general public alike. “I can do nothing less than highly recommend this book” to those interested in privacy or issues affecting teens, Royal writes.

Privacy Law Symposium Delves into the Difficult Privacy Issues of the Digital Age

February 24, 2014
Who’s governing privacy? That was the main question asked at the Maine Law Review 2014 Privacy Symposium on Friday. Implementing public policy to create appropriate levels of regulation and data protection in the Digital Age is a thorny issue with no easy answers, but privacy and legal experts from the U.S. and Europe did their best to flesh out what’s possible and what’s needed in Portland, ME. In all, seven law review papers were presented at the symposium, covering topics as diverse as the privacy issues raised by license plate scanners, the effectiveness of the multistakeholder process and transnational surveillance. This exclusive gives you the lowdown on the event.

Erecting a New Legal Edifice: Christopher Kuner on Transborder Data Flows

February 12, 2014
“Few people personify the field they work in as much as Christopher Kuner. As a lawyer, European-American, academic and professor, and longtime leader of the ICC, Kuner straddles the fault lines of the privacy world with ease,” IAPP Vice President of Research and Education Omer Tene writes in this review of Kuner’s latest work, Transborder Data Flows and Data Privacy Law. Tene examines the wealth of information included in Kuner’s book, suggesting it may “constitute one of the building blocks for a new legal edifice being designed and erected these very days, a regulatory model for a technologically borderless world.”

Target Breach Fallout Persists; PCI DSS Compliance Tough To Maintain

February 10, 2014
A Verizon report has found that a vast majority of companies who achieve compliance with the Payment Card Industry Data Security Standard annually fail to maintain that status, leaving them exposed to potential breaches and other security risks, Computerworld reports. The report found that 11 percent maintained compliance status between each PCI DSS assessment. Meanwhile, the FBI recently warned retailers that the recent attacks against Target and other brands foreshadow events to come, and a number of brands have announced new breaches.

Letter to the Editor: Brill Clarifies Mutual Cooperation Status

February 10, 2014
Last week, The Privacy Advisor covered Federal Trade Commissioner Julie Brill’s Twitter chat, in which Brill took live questions on the relationship between the EU and the U.S. on data processing, the use of mobile devices in healthcare and what the web might look like in a cookie-less world, among other topics. In our coverage, we indicated Brill “shut down the idea” of future EU-U.S. collaboration in her response to a question about whether discussion had “evolved” on plans for a mutual enforcement program between the EU and U.S. In this letter to the editor, Brill clarifies the FTC is “engaged in important ongoing dialogues” on enforcement cooperation in various organizations.

NTIA Holds First Meeting on a Facial-Recognition Technology Code of Conduct

February 7, 2014
The Department of Commerce’s National Telecommunications and Internet Administration yesterday held the first of a series of meetings aimed at creating a voluntary code of conduct for development and implementation of facial recognition technology. The meeting, which hosted stakeholders spanning advocacy and industry, was primarily a chance for the group, as well as the 100 or so watching the live webcast, to hear from experts on how the technology works, how it’s currently being applied and for what reasons and what it might be capable of accomplishing in the future. In this exclusive, Angelique Carson, CIPP/US, breaks down the most important testimony and summarizes the project’s goals and likely outcomes.

Breaches and Calls for Mandated Data Security Increase

February 7, 2014
The recent breaches of Target and Neiman Marcus and their subsequent testimony in front of Congress this week has been part of a trigger for an increasing chorus of lawmakers and government agencies calling for federal data security legislation. On Thursday, U.S. Federal Reserve Governor Daniel Tarullo joined in by testifying that retailers and companies with customer payments should follow the same obligations as banks to report data breaches. Additionally, a new survey of government employees reveals Congress may be part of the cybersecurity solution, while a Texas-based healthcare system may have been hit by one of the largest data breaches to ever affect an individual hospital. This roundup brings together the latest developments in cybersecurity and data breach response.

FTC’s Brill Does Twitter Chat

February 6, 2014
FTC Commissioner Julie Brill took to Twitter yesterday, taking questions on the partnership between the U.S. and EU on data processing, the use of mobile devices in healthcare and a potentially cookie-less web ecosystem. The full conversation is at #FTCpriv.

Page 4 of 45 pages ‹ First  < 2 3 4 5 6 >  Last ›