Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.
Summary: Data privacy is the footprint of our existence. It is our persona beyond ourselves, with traces of us scattered from birth certificates, Social Security numbers, shopping patterns, credit card histories, photographs, mugshots and health records. In a digital world, where memory is converted to 0’s and 1’s, then instantly transformed into a reproduction even in 3D, personal data is an urgent personal and collective subject. Those who wish to live anonymous lives must take extraordinary measures to succeed in that improbable quest, while those who hope for friendship or fame through the spread of their personal data must learn how to prevent theft of their identity and bank account. If you have ideas for interviews or stories, please email email@example.com. The internet in its blooming evolution makes personal data big business – for government, the private sector and denizens of the dark alike. The Data Privacy Detective explores how governments balance the interests of personal privacy with competing needs for public security, public health and other communal goods. It scans the globe for champions, villains, protectors and invaders of personal privacy and for the tools and technology used by individuals, business and government in the great competition between personal privacy and societal good order. We’ll discuss how to guard our privacy by safeguarding the personal data we want to protect. We’ll aim to limit the access others can gain to your sensitive personal data while enjoying the convenience and power of smartphones, Facebook, Google, EBay, PayPal and thousands of devices and sites. We’ll explore how sinister forces seek to penetrate defenses to access data you don’t want them to have. We’ll discover how companies providing us services and devices collect, use and try to exploit or safeguard our personal data. And we’ll keep up to date on how governments regulate personal data, including how they themselves create, use and disclose it in an effort to advance public goals in ways that vary dramatically from country to country. For the public good and personal privacy can be at odds. On one hand, governments try to deter terrorist incidents, theft, fraud and other criminal activity by accessing personal data, by collecting and analyzing health data to prevent and control disease and in other ways most people readily accept. On the other hand, many governments view personal privacy as a fundamental human right, with government as guardian of each citizen’s right to privacy. How authorities regulate data privacy is an ongoing balance of public and individual interests. We’ll report statutes, regulations, international agreements and court decisions that determine the balance in favor of one or more of the competing interests. And we’ll explore innovative efforts to transcend government control through blockchain and other technology. In audio posts of 5 to 10 minutes each, you’ll get tips on how to protect your privacy, updates on government efforts to protect or invade personal data, and news of technological developments that shape the speed-of-bit world in which our personal data resides. The laws governing legal advertising in some states require the following statements in any publication of this kind: "THIS IS AN ADVERTISEMENT."
Sometimes it seems the United States is more a loose federation than a national government. States have a major role in law-making. Data privacy is no exception. A recent law adopted by the State of Maine differs greatly from the California act that will come into force on January 1, 2020. Maine’s law will be effective on July 1, 2020. This podcast hits the highlights of it. Melissa Kern, Co-Chair of Frost Brown Todd LLC’s Privacy and Data Security Team explains that the Maine law applies to broadband internet access services – the folks who bring us access to the internet – not website hosts, not everyone holding personal data – but providers like ATT and Spectrum as well as regional internet access providers. If a provider has even one customer in Maine that is billed for service there, the Maine law applies. There’s no safe harbor threshold. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
Encryption is often thought of as the basic and best cybersecurity approach to protecting data in transit or in flight. As guest Ken Morris, CEO and founder of KnectIQ, argues, it’s not. Encrypting data is an essential practice, but it’s really not the problem or the solution. Instead, any organization must consider its keys. Best practices in cybersecurity in 2019 require new technologies that address the role of and threats to keys. Once a hacker gets access to a key, the data are there to be taken, even without the data controller or processor knowing that the thief has entered the storeroom. As the day of quantum computing approaches, it will become ever more certain that encryption alone is inadequate to protect data in flight. This is becoming known to the authorities. And that is not an idle thought. Article 32 of the EU’s Global Data Protection Regulation, GDPR, forces possessors of personal data to consider the “state of the art” in deploying systems to protect personal data. And the increased sophistication of corporate espionage demands new thinking on how to prevent data break-ins. This podcast is a primer on how to think differently about cybersecurity and how the best practices of yesterday are no longer those of today. If you have ideas for more interviews or stories, please email email@example.com.
One country, two systems – that’s the 50-year agreement that led to Hong Kong’s becoming part of China in 1997. This remains an evolution in progress. Hong Kong retains many of its systems independent of the PRC and yet is part of China. What does this mean for data privacy and the rules that apply to business in this powerhouse commercial center? Padraig Walsh, a privacy leader at the prominent Hong Kong law firm of Tanner De Witt, provides insight into how multinational firms should view Hong Kong for digital services. Hong Kong’s 1996 data privacy law was a pioneer at the time in establishing a legal framework for protecting personal data and regulating companies that handle data flows as controllers or processors. If one asks is it like China’s or the EU’s or the USA’s approach to data privacy, the answer is that it is much more like the EU or USA approach than China’s. It was adopted in the final months of British sovereignty. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
No business or individual wants to be the victim of a disaster. Cyber-attacks can cause exactly that. Individuals are the first line of defense for personal privacy and cybersecurity. For businesses, it’s essential to train everyone associated with data systems to avoid letting hackers and other criminals into the network that holds data, Dr. Gleb Tsipursky explains in this podcast how disaster avoidance requires an approach based on emotional intelligence and training based on human psychology. While firewalls, policies and procedures are essential for protecting a company’s data flows, so is effective training of personnel – of employees, contractors, others who hold the keys to accessing a company’s computer systems. Freezes of entire company systems caused by ransomware, thefts of financial and intellectual property by hackers, improper releases of personal data of customers – these and other crimes of the digital age are often caused by one individual’s careless acts in letting a thief enter a business’ digital gateway. If you have ideas for more interviews or stories, please email email@example.com.
The EU’s General Data Protection Regulation (GDPR) turned one year old on May 25, 2019. What’s been the experience? Kim Walker, Co-Chair of the Privacy Team of Shakespeare Martineau, a premier UK law firm, provides insight into how this comprehensive law of personal data privacy has unfolded in the United Kingdom. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
India is about to enact a comprehensive data privacy law that will force global and Indian businesses to revise their approach. Stephen Mathias, Co-Chair of the Tech Team at Kochhar & Co., one of India’s premier law firms, explains how India will shift from relatively lax regulation of data privacy to one of the world’s most protective regimens once the new bill is enacted. If you have ideas for more interviews or stories, please email email@example.com.
What do serial killers, employees who don’t want their fingerprints shared and a U.S. Senator have in common? Data privacy. In this podcast, Victoria Beckman, Co-Chair of Frost Brown Todd’s Privacy and Data Security Team, discusses this and other news. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
The Data Privacy Detective turns the spotlight on five American data privacy developments in a conversation with Melissa Kern, Co-Chair of Frost Brown Todd’s Privacy and Data Security Team. 1. California’s data privacy law, CCPA, comes into force in 2020. It’s occupied attention because of California’s size and its potential extraterritorial application. It provides limited rights for individuals to sue companies that violate CCPA, restricted to certain cases of data breach. Privacy advocates were disappointed when the California State Senate rejected a bill to empower individuals to sue companies that violate any part of CCPA, a big win for the tech sector in America’s largest state. 2. In the absence of an overarching U.S. law, the statutory action in data privacy has been on a state level, as in California. But the Network Advertising Initiative foresees the need for national standards and intends to fill that role as a Self-Regulatory Organization (SRO) rather than have a national law that could be less friendly to business interests. It issued a revised Code of Conduct 2020. A key upgrade requires opt-in consent of persons whose location data will be collected from various devices. 3. WhatsApp users were stunned to learn that spyware could be implanted on their phones without their knowledge. WhatsApp promptly issued an upgrade to be downloaded at no charge that was said to fix this stealth attack, permitted by exploitation of a buffer-overflow vulnerability. Another privacy embarrassment for Google, though one promptly addressed. 4. San Francisco became the first city known to prohibit use by city agencies of facial recognition technology. Other cities are considering similar bans. Unlike local laws banning cameras to catch drivers going through red lights, this ban restricts the use of analytical technology without barring devices that take photos without our express okay. 5. Google is rolling out settings on its Chrome browser that will enable users to delete 3d-party cookies. This will be optional, as some individuals may want to go to their grocery store and have their device tell them about a discount on their favorite foods and beverages without being asked. Others find it creepy that our whereabouts are not only being monitored by third parties but are used to stay in touch with us without our asking them to come along for the ride. If you have ideas for more interviews or stories, please email email@example.com.
The May 2-3, 2019 International Association of Privacy Professionals Conference featured leading U.S. officials and participants in the data privacy field. Mike Nitardy, a certified Privacy Professional (U.S.) and data privacy attorney at Frost Brown Todd LLC shares highlights from the conference. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
Businesses have far more personal data than they think they have, and information expands by the hour. This is a key finding from an April 2019 Data Privacy Maturity Study from Integris Software – www.integris.io. Data flows change daily, and yet many businesses rely on spreadsheets and annual surveys to learn what data they house, resulting in inaccurate information that risks reputation and non-compliance. Kristina Bergman, Integris’ founder and CEO, offers important insights in this podcast about how business can deal more effectively with avalanches of data and blizzards of national and state data privacy regulation through an automated approach to the inventory of data. If you have ideas for more interviews or stories, please email email@example.com.
Businesses hold vast amounts of digital and hard copy data. Much is personal data regulated by differing country and state laws and rules. The first step towards personal data privacy compliance is to know what personal data are held by a company. But traditional means of inventorying personal data undercount and are almost always behind the curve of time. Network analytics is the answer to this challenge. In this episode, the Data Privacy Detective has a conversation with 1touch’s CCO Mark Wellins, and they explore how to discover, map and flow data in a more comprehensive and timely way than traditional methods allow. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
Data incidents arise regularly for businesses. The perpetrators range from sophisticated scoundrels seeking a quick ransom payment, to foreign governments conducting industrial espionage, to thieves seeking inside information, to distant hackers seeking personal data to sell on the dark web. When an incident arises, companies turn to legal counsel as part of the response team. In this podcast, Bob Dibert, a Frost Brown Todd attorney with 30 years’ experience and a veteran of data incidents, discusses how incidents arise and how they’re handled. There’s a three-step approach when an incident arises: 1. Contain: Immediately aim to stop further leakage and prevent additional harm from arising. 2. Counsel and Plan: Promptly analyze the scope and nature of the incident, what needs to be done to address it both immediately and longer term. 3. Remediate: Solve the problems, remedy the damage, notify those affected if required. If you have ideas for more interviews or stories, please email email@example.com.
The European Commission issued its second review of how the EU PrivacyShield is working in late December 2018. Over 4,000 U.S. firms have signed up so far for this method of dealing with the GDPR (General Data Protection Regulation) of the European Union that protects personal data of its residents. The Commission’s report approves U.S. efforts to support the bilateral agreement that supports the Privacy Shield, with one important matter to be address in February 2019. If you have ideas for more interviews or stories, please email firstname.lastname@example.org.
China should never be viewed through a foreign lens. And yet, what other lens do we have from the USA or most of the world but to do just that? Bloomberg News reported two statistics on November 21, 2018 that will shock most non-Chinese citizens – “By the end of May, people with bad credit in China have been blocked from booking more than 11 million flights and 4 million high-speed train trips, according to the National Development and Reform Commission.” If you have ideas for more interviews or stories, please email email@example.com.