Data Privacy Detective - how data is regulated, managed, protected, collected, mined, stolen, defended and transcended.
Summary: Data privacy is the footprint of our existence. It is our persona beyond ourselves, with traces of us scattered from birth certificates, Social Security numbers, shopping patterns, credit card histories, photographs, mugshots and health records. In a digital world, where memory is converted to 0’s and 1’s, then instantly transformed into a reproduction even in 3D, personal data is an urgent personal and collective subject. Those who wish to live anonymous lives must take extraordinary measures to succeed in that improbable quest, while those who hope for friendship or fame through the spread of their personal data must learn how to prevent theft of their identity and bank account. If you have ideas for interviews or stories, please email info@thedataprivacydetective.com. The internet in its blooming evolution makes personal data big business – for government, the private sector and denizens of the dark alike. The Data Privacy Detective explores how governments balance the interests of personal privacy with competing needs for public security, public health and other communal goods. It scans the globe for champions, villains, protectors and invaders of personal privacy and for the tools and technology used by individuals, business and government in the great competition between personal privacy and societal good order. We’ll discuss how to guard our privacy by safeguarding the personal data we want to protect. We’ll aim to limit the access others can gain to your sensitive personal data while enjoying the convenience and power of smartphones, Facebook, Google, EBay, PayPal and thousands of devices and sites. We’ll explore how sinister forces seek to penetrate defenses to access data you don’t want them to have. We’ll discover how companies providing us services and devices collect, use and try to exploit or safeguard our personal data. And we’ll keep up to date on how governments regulate personal data, including how they themselves create, use and disclose it in an effort to advance public goals in ways that vary dramatically from country to country. For the public good and personal privacy can be at odds. On one hand, governments try to deter terrorist incidents, theft, fraud and other criminal activity by accessing personal data, by collecting and analyzing health data to prevent and control disease and in other ways most people readily accept. On the other hand, many governments view personal privacy as a fundamental human right, with government as guardian of each citizen’s right to privacy. How authorities regulate data privacy is an ongoing balance of public and individual interests. We’ll report statutes, regulations, international agreements and court decisions that determine the balance in favor of one or more of the competing interests. And we’ll explore innovative efforts to transcend government control through blockchain and other technology. In audio posts of 5 to 10 minutes each, you’ll get tips on how to protect your privacy, updates on government efforts to protect or invade personal data, and news of technological developments that shape the speed-of-bit world in which our personal data resides. The laws governing legal advertising in some states require the following statements in any publication of this kind: "THIS IS AN ADVERTISEMENT."
- Visit Website
- RSS
- Artist: Joe Dehner - Global Data Privacy Lawyer
- Copyright: All rights reserved
Podcasts:
The Data Privacy Detective turns the spotlight on five American data privacy developments in a conversation with Melissa Kern, Co-Chair of Frost Brown Todd’s Privacy and Data Security Team. 1. California’s data privacy law, CCPA, comes into force in 2020. It’s occupied attention because of California’s size and its potential extraterritorial application. It provides limited rights for individuals to sue companies that violate CCPA, restricted to certain cases of data breach. Privacy advocates were disappointed when the California State Senate rejected a bill to empower individuals to sue companies that violate any part of CCPA, a big win for the tech sector in America’s largest state. 2. In the absence of an overarching U.S. law, the statutory action in data privacy has been on a state level, as in California. But the Network Advertising Initiative foresees the need for national standards and intends to fill that role as a Self-Regulatory Organization (SRO) rather than have a national law that could be less friendly to business interests. It issued a revised Code of Conduct 2020. A key upgrade requires opt-in consent of persons whose location data will be collected from various devices. 3. WhatsApp users were stunned to learn that spyware could be implanted on their phones without their knowledge. WhatsApp promptly issued an upgrade to be downloaded at no charge that was said to fix this stealth attack, permitted by exploitation of a buffer-overflow vulnerability. Another privacy embarrassment for Google, though one promptly addressed. 4. San Francisco became the first city known to prohibit use by city agencies of facial recognition technology. Other cities are considering similar bans. Unlike local laws banning cameras to catch drivers going through red lights, this ban restricts the use of analytical technology without barring devices that take photos without our express okay. 5. Google is rolling out settings on its Chrome browser that will enable users to delete 3d-party cookies. This will be optional, as some individuals may want to go to their grocery store and have their device tell them about a discount on their favorite foods and beverages without being asked. Others find it creepy that our whereabouts are not only being monitored by third parties but are used to stay in touch with us without our asking them to come along for the ride. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
The May 2-3, 2019 International Association of Privacy Professionals Conference featured leading U.S. officials and participants in the data privacy field. Mike Nitardy, a certified Privacy Professional (U.S.) and data privacy attorney at Frost Brown Todd LLC shares highlights from the conference. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Picture frontline employees – like those at a motel’s front desk. In come ICE agents with gold badges asking to see guest logs, aiming to identify and track down undocumented aliens. What’s the desk attendant to do? Most likely, cooperate without thinking it through. This led to costly problems for Motel 6 – a $12 million settlement in the State of Washington alone. The lesson is this – don’t let frontline employees decide whether to turn over personal data of guests or customers. That’s a big decision that should be made at a higher level, in sync with the company’s privacy policy. This podcast explores what happened to Motel 6 and draws lessons for what a business should do to safeguard the privacy of customer data. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Businesses have far more personal data than they think they have, and information expands by the hour. This is a key finding from an April 2019 Data Privacy Maturity Study from Integris Software – www.integris.io. Data flows change daily, and yet many businesses rely on spreadsheets and annual surveys to learn what data they house, resulting in inaccurate information that risks reputation and non-compliance. Kristina Bergman, Integris’ founder and CEO, offers important insights in this podcast about how business can deal more effectively with avalanches of data and blizzards of national and state data privacy regulation through an automated approach to the inventory of data. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Businesses hold vast amounts of digital and hard copy data. Much is personal data regulated by differing country and state laws and rules. The first step towards personal data privacy compliance is to know what personal data are held by a company. But traditional means of inventorying personal data undercount and are almost always behind the curve of time. Network analytics is the answer to this challenge. In this episode, the Data Privacy Detective has a conversation with 1touch’s CCO Mark Wellins, and they explore how to discover, map and flow data in a more comprehensive and timely way than traditional methods allow. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Data incidents arise regularly for businesses. The perpetrators range from sophisticated scoundrels seeking a quick ransom payment, to foreign governments conducting industrial espionage, to thieves seeking inside information, to distant hackers seeking personal data to sell on the dark web. When an incident arises, companies turn to legal counsel as part of the response team. In this podcast, Bob Dibert, a Frost Brown Todd attorney with 30 years’ experience and a veteran of data incidents, discusses how incidents arise and how they’re handled. There’s a three-step approach when an incident arises: 1. Contain: Immediately aim to stop further leakage and prevent additional harm from arising. 2. Counsel and Plan: Promptly analyze the scope and nature of the incident, what needs to be done to address it both immediately and longer term. 3. Remediate: Solve the problems, remedy the damage, notify those affected if required. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
The European Commission issued its second review of how the EU PrivacyShield is working in late December 2018. Over 4,000 U.S. firms have signed up so far for this method of dealing with the GDPR (General Data Protection Regulation) of the European Union that protects personal data of its residents. The Commission’s report approves U.S. efforts to support the bilateral agreement that supports the Privacy Shield, with one important matter to be address in February 2019. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
China should never be viewed through a foreign lens. And yet, what other lens do we have from the USA or most of the world but to do just that? Bloomberg News reported two statistics on November 21, 2018 that will shock most non-Chinese citizens – “By the end of May, people with bad credit in China have been blocked from booking more than 11 million flights and 4 million high-speed train trips, according to the National Development and Reform Commission.” If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Russia governs personal data of its residents based on a generally applicable law. As a federal country, Russia has rules below the federal law, but they conform to standards set by statute throughout the nation. Though not as comprehensive as Europe’s broadly extensive General Data Protection Regulation (GDPR), Russia’s statute aims to protect the personal data of Russians similar to the GDPR’s approach. Concepts of consent of persons to use their data, privacy by design, data minimization, cybersecurity minimum standards and other principles are augmented by a data localization focus different from the GDPR.
The internet was once viewed as an instrument of freedom. It freed communications across borders, aided the ability of people to rally against repressive governments, dramatically lowered entry barriers to sellers of goods and services across borders. But like many good things, the internet has been increasingly harnessed to repress – or more neutrally to assist those in control of government to keep their power and a watchful eye and long arm over those who threaten their view of public order, The Freedom House report is a disturbing compilation of the rise of digital authoritarianism. The study of 65 countries that hold 87% of the world’s internet users found a decline in freedom from June 2017-May 2018 in 26 nations compared to gains in 19. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Because U.S. states employ over 16 million people and hold the data of almost all American residents, state governments are major targets for data villains seeking to obtain data about us. How safe is our personal information in the hands of state governments and what security challenges must states address to better protect personal data? Podcast guest Trey Grayson is a veteran of these issues, having served as Kentucky’s Secretary of State for eight years and later as director of Harvard’s Kennedy School of Government’s Institute of Politics and member of the President’s Commission on Election Administration, which reviewed the 2012 election. Trey is now a principal of the public policy firm CivicPoint and an attorney with Frost Brown Todd LLC. As an attorney and public policy expert, Trey offers guidance on the state of cybersecurity and state-held data in episode 26 of the Data Privacy Detective podcast.
The EU’s GDPR requires businesses outside the EU to appoint a “representative” in a member state and a Data Protection Officer in the EU to consult on and monitor data privacy matters. In this episode, Alessandro Di Mattia joins us to explore the definitions and requirements surrounding these positions and the roles they play in protecting consumer personal data according to the GDPR.
The California Supreme Court faced a challenge that may have been the first stone cast in a global debate about free expression on the internet. The case centered on a San Francisco law firm that got a one-star YELP review from an unhappy former client. When the firm’s YELP rating dipped from 5.0 to 4.5 the law firm successfully sued the reviewer for a defamation claim. YELP was not originally a party to the case, but when the judgment ordered YELP to remove the information, YELP refused. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
“California enacts the strictest online privacy law in the country!” trumpeted CNN/Tech. A statute passed unanimously in the legislature and immediately signed by Governor Brown, AB 375, had the support of large tech firms and privacy advocates. It moves California in the direction of the European Union, granting rights to California consumers concerning personal information they share online. The Data Privacy Detective turns his magnifying glass on this statute. It will have an impact. If California were a country, it would boast the world’s fifth largest economy. California has citizen initiative rights that let people propose laws enacted by a popular vote, bypassing the legislature. Enraged by the Cambridge Analytica scandal of data shared by Facebook that ended up sold without consumers’ direct knowledge for political campaign purposes, a wealthy Californian tired of waiting for the legislature to act. He promoted an initiative aimed at creating tough consumer data privacy protections. Alarmed by the proposal, California’s large tech community backed a quick legislative response that is a compromise compared to the initiative language. It was drafted, enacted, approved and signed into law in about a week, and the initiative leader withdrew his effort and supported the outcome. See www.caprivacy.org. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
Businesses not located in the European Union have tried to understand whether the General Data Protection Regulation (GDPR), applies to them. And if it does, or if it might, one of the puzzles has been whether a non-EU business needs to appoint a natural person or legal entity to be its “representative” or a natural person to be its “Data Protection Officer” for dealing with EU and its Member States’ Data Protection Authorities (DPAs). This podcast focuses on that question. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.
