Author: Daniel Solove

0

Privacy Torts in Canada and the International Convergence of Privacy Law

Over at the HL Chronicle of Data Protection, I have a post entitled Privacy Torts in Canada and the International Convergence of Privacy Law. The post discusses a recent privacy tort case from Ontario, Canada that recognizes the Warren and Brandeis’ privacy tort of intrusion upon seclusion.  From the post:

The recognition of the US privacy torts by a Canadian court is further demonstration of a general trend – the convergence of privacy law across countries around the world.  Although profound differences in the law remain between countries, there has also been significant convergence.

Read the rest of the post over at HL Chronicle.

2

The Demi Moore 911 Call: A Breach of Medical Confidentiality?

I’ve written before on the issue of whether 911 calls should be public.  The recent release of the Demi Moore 911 call raises the issues once again.  From CBS News:

The tape of the frantic 911 call from actress Demi Moore’s Beverly Hills home Monday night is out and, reports CBS News national correspondent Lee Cowan, the scene sounds a lot more dire than her publicist had let on.

After Moore was rushed to the hospital, a statement said she ‘d be seeking professional help for exhaustion and her overall health.

“The 911 tape really indicates that this is a much more serious situation than we were first led to believe,” says US Weekly’s Melanie Bromley. “We’ve been told it’s exhaustion that she’s suffering from, but you can tell from the tape that there’s a very desperate situation there. She’s having convulsions and she’s almost losing consciousness. It’s a very scary tape to listen to.”

Why is this public?   Many 911 calls, like the one with Demi Moore, involve requests for medical treatment.  Typically, whenever any doctor, nurse, or healthcare professional learns information about a person, it is stringently protected.  A healthcare provider who breaches medical confidentiality can face ethical charges as well as legal liability for the breach of confidentiality tort.  In addition, there may be HIPAA violations of the healthcare provider is HIPAA-regulated.  911 call centers are not HIPAA-regulated, but the operators are in a special position of trust and are often providing healthcare advice (and calling for healthcare services such as ambulances).  If the call from Demi Moore’s home had been to a hospital or a doctor or any other type of healhcare provider, public disclosure of the call would be forbidden.  Why isn’t a 911 call seen in the same light?

As I pointed out in my earlier post about the issue, I believe the release of 911 call transcripts to the public violates the constitutional right to information privacy.  The cases generally recognize strong privacy rights whenever health information is involved.  States with laws, policies, or practices that infringe upon the constitutional right to information privacy might be liable in a Section 1983 suit.  I have not seen one yet, but it is about time something sparks states to rethink their policies about making the calls public.

The rationale for making the calls public is to provide transparency about the responsiveness of 911 call centers.  But this can be done in other ways without violating the privacy of individuals.  The main use of the Demi Moore call being public is to serve as grist for the media to learn about her problems.  This doesn’t make the 911 system safer or better; it just makes the tabloids sell faster.

3

United States v. Jones — The Fourth Amendment and GPS Surveillance

The U.S. Supreme Court has decided United States v. Jones, concluding that when the government installs a GPS surveillance device on a car, it is a Fourth Amendment search.  The majority uses a property-based rationale and the concurring opinion (Alito, Ginsburg, Breyer, and Kagan) uses a privacy-based rationale.   More thoughts and analysis to come later.

I also want to congratulate my colleague Orin Kerr, who is cited in both the majority opinion and in a concurring opinion for his article, The Fourth Amendment and New Technologies: Constitutional Myths and the Case for Caution, 102 Mich. L. Rev. 801 (2004).  The majority opinion relies heavily on Orin’s theory of the Fourth Amendment and property that he sets forth in the first part of his article.

0

The Intersection of Privacy and Security: Data Privacy Day Event at GW Law School

The National Cyber Security Alliance Presents:

Data Privacy Day 2012

The Intersection of Privacy & Security

Featuring: The Honorable Julie Brill
Commissioner, Federal Trade Commission

Data Privacy Day Logo

 Event Sponsored by:

Sponsor Logos

Thursday, January 26, 2012 | 9:00am – 11:45amGeorge Washington Law School – Moot Court Room
2000 H Street, NW • Washington, DC 20052

 


The convergence of privacy and security: how do we overcome the conflict that seems to be inherent between the two? Is it a philosophical impossibility or an aspiration to be achieved?

Data security, according to common definition is the “confidentiality, integrity and availability” of data. It is the practice of ensuring that the data being stored is safe from unauthorized access and use, ensuring that the data is reliable and accurate and that is available for use when it is needed. Privacy on the other hand, is the appropriate use of data.

Our panel will consider the implications of how privacy and security are two sides of the same coin and what companies can and should do to ensure privacy and security are protected while allowing innovation to flourish.


Agenda

9:00 Registration
9:30 Welcome

  • Michael Kaiser
    Executive Director, National Cyber Security Alliance
  • Dan Solove
    John Marshall Harlan Research Professor of Law, The George Washington University School of Law
  • Paul Schiff Berman
    Dean and Robert Kramer Research Professor of Law, The George Washington University School of Law

9:40 Keynote

The Honorable Julie Brill
Commissioner, Federal Trade Commission

10:10 Panel Discussion

Reflections & Aspirations: The Past, The Present & The Future

Moderator
Christopher Wolf
Founder & Co-Chair, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • David Hoffman
    Director of Security Policy and Global Privacy Officer, Intel
  • Gerard Lewis
    Vice President, Deputy General Counsel & Chief Privacy Officer, Comcast Cable
  • Ari Schwartz
    Senior Internet Policy Advisor, Office of the Secretary, U.S. Department of Commerce

10:50 Panel Discussion

Privacy & Security: Best Practices in Action

Moderator
Christopher Wolf
Co-Chair & Founder, Future of Privacy Forum and Partner, Hogan Lovells US LLP

Panelists

  • Rick Buck
    Head of Privacy GSI, eBay
  • Erin Egan
    Chief Privacy Officer, Policy, Facebook
  • JoAnn C. Stonier
    Global Privacy & Data Protection Officer, MasterCard Worldwide
  • Bob Quinn
    Senior Vice President-Federal Regulatory & Chief Privacy Officer, AT&T

 

 

 

 


 

0

More on the Student Data Grab

Here’s another piece critiquing the Education Department’s student data grab.   I am a bit dismayed that this story has barely received coverage from the mainstream media or much general concern by the public.  Many privacy advocacy organizations have been very quiet about it.  I think that these developments are quite troublesome — they are a George W. Bush-esque endeavor, but this time, the reaction is largely ho-hum.  It shouldn’t be.

0

Data Security in Healthcare: Some Startling Statistics

A new report by the Ponemon Institute reveals some startling statistics about data security in healthcare:

The frequency of data breaches among organizations in this study has increased 32 percent from the previous year.  In fact, 96 percent of all healthcare providers say they have had at least one data breach in the last two years. Most of these were due to employee mistakes and sloppiness—49 percent of respondents in this study cite lost or stolen computing devices and 41 percent note unintentional employee action. Another disturbing cause is third-party error, including business associates, according to 46 percent of participants.

There is a lot more alarming information in the report.

Self-interest alert: I provide privacy and data security programs to healthcare institutions.

0

Posting about Patients on Social Media Sites

An increasing problem is caused when medical personnel post details about patients on their social media websites.  From Daily News:

Providence Holy Cross Medical Center officials are investigating an employee who allegedly posted a patient’s medical information on his Facebook page, apparently to make fun of the woman and her medical condition.

According to a printout of the Facebook page obtained by the Daily News, the employee displayed a photo of a medical record listing the woman’s name and the date she was admitted, and posted the comment: “Funny but this patient came in to cure her VD and get birth control.”

Providence officials said the employee was provided by a staffing agency.

An interesting fact in this article is that most healthcare institutions lack policies for employee use of social media:

Only about a third of all hospitals are believed to have specific policies in place regarding patient information and social media sites, such as Facebook and Twitter, according to published reports.

I expect this to change in the next few years.

Hat Tip: Pogo Was Right

0

Who Owns Twitter Followers?

A bizarre lawsuit by a company claiming that it owns a former employee’s Twitter followers:

An Internet company has sued one of its former employees, saying the worker cost the company thousands of dollars in lost business when he took 17,000 Twitter followers with him when he left the firm.

PhoneDog LLC filed a lawsuit in July against Noah Kravitz, a writer who worked for the Mount Pleasant, S.C., company from 2006 until last year. Attorneys for the website, which reviews mobile devices like phones and tablets, said Kravitz owes them $340,000.

The company said when Kravitz resigned, he changed his Twitter name from PhoneDog_Noah to noahkravitz, and kept his 17,000 followers. The company said the followers should be treated like a customer list, and therefore PhoneDog’s property.

PhoneDog said Kravitz should pay $2.50 per follower per month for eight months, or a total of $340,000.

0

The Year in Privacy Books 2011

Here’s a list of notable privacy books published in 2011.

Previous lists:

Privacy Books 2010

Privacy Books 2009

Privacy Books 2008

 

Saul Levmore & Martha Nussbaum, eds., The Offensive Internet (Harvard 2011)

 

This is a great collection of essays about the clash of free speech and privacy online.  I have a book chapter in this volume along with Martha Nussbaum, Cass Sunstein, Brian Leiter, Danielle Citron, Frank Pasquale, Geoffrey Stone, and many others.

Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011)

 

Nothing to Hide “succinctly and persuasively debunks the arguments that have contributed to privacy’s demise, including the canard that if you have nothing to hide, you have nothing to fear from surveillance. Privacy, he reminds us, is an essential aspect of human existence, and of a healthy liberal democracy—a right that protects the innocent, not just the guilty.” — David Cole, New York Review of Books

Jeff Jarvis, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live (Simon & Schuster 2011)

 

I strongly disagree with a lot of what Jarvis says, but the book is certainly provocative and engaging.

Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 2011)

 

“A key resource for busy professional practitioners. Solove and Schwartz have succeeded in distilling the fundamentals of privacy law in a manner accessible to a broad audience.” – Jules Polonetsky, Future of Privacy Forum

Eli Pariser, The Filter Bubble (Penguin 2011)

 

An interesting critique of the personalization of the Internet.  We often don’t see the Internet directly, but through tinted goggles designed by others who determine what we want to see. 

Siva Vaidhyanathan, The Googlization of Everything (U. California 2011)

 

A vigorous critique of Google and other companies that shape the Internet.  With regard to privacy, Vaidhyanathan explains how social media and other companies encourage people’s sharing of information through their architecture — and often confound people in their ability to control their reputation.

Susan Landau, Surveillance or Security? The Risk Posed by New Wiretapping Technologies (MIT 2011)

 

A compelling argument for how designing technologies around surveillance capabilities will undermine rather than promote security.

 


Kevin Mitnick, Ghost in the Wires (Little Brown 2011)

 

A fascinating account of the exploits of Kevin Mitnick, the famous ex-hacker who inspired War Games.  His tales are quite engaging, and he demonstrates that hacking is often not just about technical wizardry but old-fashioned con-artistry.

Matt Ivester, lol . . . OMG! (CreateSpace 2011)

 

Ivester created Juicy Campus, the notorious college gossip website.  After the site’s demise, Ivester changed his views about online gossip, recognizing the problems with Juicy Campus and the harms it caused.  In this book, he offers thoughtful advice for students about what they post online.

Joseph Epstein, Gossip: The Untrivial Pursuit (Houghton Mifflin Harcourt 2011)

 

A short engaging book that is filled with interesting stories and quotes about gossip.  Highly literate, this book aims to expose gossip’s bad and good sides, and how new media are transforming gossip in troublesome ways.

Anita Allen, Unpopular Privacy (Oxford 2011)

 

My blurb: “We live in a world of increasing exposure, and privacy is increasingly imperiled by the torrent of information being released online. In this powerful book, Anita Allen examines when the law should mandate privacy and when it shouldn’t. With nuance and thoughtfulness, Allen bravely tackles some of the toughest questions about privacy law — those involving the appropriate level of legal paternalism. Unpopular Privacy is lively, engaging, and provocative. It is filled with vivid examples, complex and fascinating issues, and thought-provoking ideas.”

Frederick Lane, Cybertraps for the Young (NTI Upstream 2011)

 

A great overview of the various problems the Internet poses for children such as cyberbullying and sexting.  This book is a very accessible overview for parents.

Clare Sullivan, Digital Identity (University of Adelaide Press 2011)

 

Australian scholar Clare Sullivan explores the rise of “digital identity,” which is used for engaging in various transactions.  Instead of arguing against systematized identification, she sees the future as heading inevitably in that direction and proposes a robust set of rights individuals should have over such identities.  This is a thoughtful and pragmatic book, with a great discussion of Australian, UK, and EU law.

0

The Student Data Grab

There’s a good editorial in the NY Post today about the big data grab the Education Department is facilitating with student data.  I blogged about this issue a short while ago at the Huffington Post.

According to the op-ed:

Would it bother you to know that the federal Centers for Disease Control had been shown your daughter’s health records to see how she responded to an STD/teen-pregnancy-prevention program? How about if the federal Department of Education and Department of Labor scrutinized your son’s academic performance to see if he should be “encouraged” to leave high school early to learn a trade? Would you think the government was intruding on your territory as a parent?

Under regulations the Obama Department of Education released this month, these scenarios could become reality. The department has taken a giant step toward creating a de facto national student database that will track students by their personal information from preschool through career. Although current federal law prohibits this, the department decided to ignore Congress and, in effect, rewrite the law. Student privacy and parental authority will suffer.

How did it happen? Buried within the enormous 2009 stimulus bill were provisions encouraging states to develop data systems for collecting copious information on public-school kids. To qualify for stimulus money, states had to agree to build such systems according to federally dictated standards. So all 50 states either now maintain or are capable of maintaining extensive databases on public-school students.

The administration wants this data to include much more than name, address and test scores. According to the National Data Collection Model, the government should collect information on health-care history, family income and family voting status. In its view, public schools offer a golden opportunity to mine reams of data from a captive audience.