Category: Privacy (Medical)

0

The Year in Privacy Books 2011

Here’s a list of notable privacy books published in 2011.

Previous lists:

Privacy Books 2010

Privacy Books 2009

Privacy Books 2008

 

Saul Levmore & Martha Nussbaum, eds., The Offensive Internet (Harvard 2011)

 

This is a great collection of essays about the clash of free speech and privacy online.  I have a book chapter in this volume along with Martha Nussbaum, Cass Sunstein, Brian Leiter, Danielle Citron, Frank Pasquale, Geoffrey Stone, and many others.

Daniel J. Solove, Nothing to Hide: The False Tradeoff Between Privacy and Security (Yale 2011)

 

Nothing to Hide “succinctly and persuasively debunks the arguments that have contributed to privacy’s demise, including the canard that if you have nothing to hide, you have nothing to fear from surveillance. Privacy, he reminds us, is an essential aspect of human existence, and of a healthy liberal democracy—a right that protects the innocent, not just the guilty.” — David Cole, New York Review of Books

Jeff Jarvis, Public Parts: How Sharing in the Digital Age Improves the Way We Work and Live (Simon & Schuster 2011)

 

I strongly disagree with a lot of what Jarvis says, but the book is certainly provocative and engaging.

Daniel J. Solove & Paul M. Schwartz, Privacy Law Fundamentals (IAPP 2011)

 

“A key resource for busy professional practitioners. Solove and Schwartz have succeeded in distilling the fundamentals of privacy law in a manner accessible to a broad audience.” – Jules Polonetsky, Future of Privacy Forum

Eli Pariser, The Filter Bubble (Penguin 2011)

 

An interesting critique of the personalization of the Internet.  We often don’t see the Internet directly, but through tinted goggles designed by others who determine what we want to see. 

Siva Vaidhyanathan, The Googlization of Everything (U. California 2011)

 

A vigorous critique of Google and other companies that shape the Internet.  With regard to privacy, Vaidhyanathan explains how social media and other companies encourage people’s sharing of information through their architecture — and often confound people in their ability to control their reputation.

Susan Landau, Surveillance or Security? The Risk Posed by New Wiretapping Technologies (MIT 2011)

 

A compelling argument for how designing technologies around surveillance capabilities will undermine rather than promote security.

 


Kevin Mitnick, Ghost in the Wires (Little Brown 2011)

 

A fascinating account of the exploits of Kevin Mitnick, the famous ex-hacker who inspired War Games.  His tales are quite engaging, and he demonstrates that hacking is often not just about technical wizardry but old-fashioned con-artistry.

Matt Ivester, lol . . . OMG! (CreateSpace 2011)

 

Ivester created Juicy Campus, the notorious college gossip website.  After the site’s demise, Ivester changed his views about online gossip, recognizing the problems with Juicy Campus and the harms it caused.  In this book, he offers thoughtful advice for students about what they post online.

Joseph Epstein, Gossip: The Untrivial Pursuit (Houghton Mifflin Harcourt 2011)

 

A short engaging book that is filled with interesting stories and quotes about gossip.  Highly literate, this book aims to expose gossip’s bad and good sides, and how new media are transforming gossip in troublesome ways.

Anita Allen, Unpopular Privacy (Oxford 2011)

 

My blurb: “We live in a world of increasing exposure, and privacy is increasingly imperiled by the torrent of information being released online. In this powerful book, Anita Allen examines when the law should mandate privacy and when it shouldn’t. With nuance and thoughtfulness, Allen bravely tackles some of the toughest questions about privacy law — those involving the appropriate level of legal paternalism. Unpopular Privacy is lively, engaging, and provocative. It is filled with vivid examples, complex and fascinating issues, and thought-provoking ideas.”

Frederick Lane, Cybertraps for the Young (NTI Upstream 2011)

 

A great overview of the various problems the Internet poses for children such as cyberbullying and sexting.  This book is a very accessible overview for parents.

Clare Sullivan, Digital Identity (University of Adelaide Press 2011)

 

Australian scholar Clare Sullivan explores the rise of “digital identity,” which is used for engaging in various transactions.  Instead of arguing against systematized identification, she sees the future as heading inevitably in that direction and proposes a robust set of rights individuals should have over such identities.  This is a thoughtful and pragmatic book, with a great discussion of Australian, UK, and EU law.

0

Surveillance, For Your Benefit?

Bloomberg Businessweek reports on retailers’ use of camera surveillance to glean intelligence from shoppers’ behavior.  A company called RetailNext, for instance, runs its software through a store’s security camera video feed to analyze customer behavior.  It describes itself as the “leader in real-time in-store monitoring, enabling retailers and manufacturers to collect, analyze and visualize in-store data.”  According to the company, it “uses best-in-class video analytics, on-shelf sensors, along with data from point-of-sale and other business systems, to automatically inform retailers about how people engage in their stores.”  RetailNext’s software can integrate data from hardware such as RFID chips and motion sensors to track customers’ movements.  The company explains that it “tracks more than 20 million shoppers per month by collecting data from more than 15,000 sensors in retail stores.”  Its service apparently helps stores figure out where to place certain merchandise to boost sales.  T-Mobile uses similar technology from another firm 3VR, whose software tracks how people move around their stores, how long they stand in front of displays, and which phones they pick up and for how long.  3VR is testing facial-recognition software that can identify shoppers’ gender and approximate age.   Businessweek explains that the “software would give retailers a better handle on customer demographics and help them tailor promotions.”  What we are seeing is, according to 3VR’s CEO, just “scratching the surface as someday “you’ll have the ability to measure every metric imaginable.”

Indeed.  Little imagination is needed to predict the future in light of our present.  As Joseph Turow‘s important new book The Daily You: How the New Advertising Industry Is Defining Your Identity and Worth (Yale University Press) explores, data collection and analysis of individuals is breathtaking.  In the name of better, more relevant advertising and marketing efforts, companies like Acxiom have databases teeming with our demographic data (age, gender, race, ethnicity, address, income, marital status), interests, online and offline spending habits, and heath status based on our purchases and online comments (diabetic, allergy sufferer, and the like).  Consumers are sorted into categories such as “Corporate Clout,” “Soccer and SUV,” “Mortgage Woes,” and “On the Edge.”  eXelate gathers online data of over 200 million unique individuals per month through deals with hundreds of sites: their demographics, social activities, and social networks.  Advertisers can add even more data to eXelate’s cookies– data from Nielsen, which includes Census Bureau data, as well as data brokers’ digital dossiers.  Data firms like Lotame track the comments that people leave on sites and categorize them.  Now, let’s consider weaving in facial recognition software and retailer cameras of companies like 3VR and RetailNext.  And to really top things off, let’s think about linking all of this data to cellphone location information.  The surveillance of networked spaces would be totalizing.

Turow’s book exposes important costs of these developments.  This post will discuss a few–hopefully, I can have Professor Turow on for a Bright Ideas feature.  This sort of targeting and hyper surveillance leaves many with far more narrow options and with social discrimination.  Marketers use these databases to determine if Americans are worthy “targets” or not-worth-bothering with “waste.”  For the “Soccer and SUV” moms between 35 and 45 who live in the West Coast and want to buy a small car, car companies may offer them serious discounts via online advertisements and e-mail.  But their “On the Edge” counterparts get left in the cold with higher prices–why bother trying to attract people who don’t pay their debts?  All of this sorting encourages media to offer soft stories designed to meet people’s interests, as secretly determined by those gathering and analyzing our networked lives.  This discussion brings to mind to another important read: Julie Cohen‘s Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (Yale University Press).   As Professor Cohen thoughtfully explores, this sort of surveillance has a profound impact on the creative play of our everyday lives.  It creates hierarchies among those watched and systematizes difference.  I’ll have lots more to say about Cohen’s take on our networked society more generally, soon.  In March, we will be hosting an online symposium on her book–much to look forward to in the new year.

0

New Edition of Information Privacy Law Casebooks

The new edition of my casebook, Information Privacy Law (4th edition) (with Paul M. Schwartz) is hot off the presses.  And there’s a new edition of my casebook, Privacy, Information, and Technology (3rd edition) (with Paul M. Schwartz).   Copies should be sent out to adopters very soon.  If you’re interested in adopting the book and are having any difficulties getting a hold of a copy, please let me know.

You also might be interested in my concise guide to privacy law, also with Paul Schwartz, entitled Privacy Law Fundamentals.   This short book was published earlier this year.  You can order it on Amazon or via IAPP.  It might make for a useful reference tool for students.

 

1

The PII Problem: Privacy and a New Concept of Personally Identifiable Information

My article, The PII Problem: Privacy and a New Concept of Personally Identifiable Information (with Professor Paul Schwartz), is now out in print.   You can download the final published version from SSRN.  Here’s the abstract:

Personally identifiable information (PII) is one of the most central concepts in information privacy regulation. The scope of privacy laws typically turns on whether PII is involved. The basic assumption behind the applicable laws is that if PII is not involved, then there can be no privacy harm. At the same time, there is no uniform definition of PII in information privacy law. Moreover, computer science has shown that in many circumstances non-PII can be linked to individuals, and that de-identified data can be re-identified. PII and non-PII are thus not immutable categories, and there is a risk that information deemed non-PII at one time can be transformed into PII at a later juncture. Due to the malleable nature of what constitutes PII, some commentators have even suggested that PII be abandoned as the mechanism by which to define the boundaries of privacy law.

In this Article, we argue that although the current approaches to PII are flawed, the concept of PII should not be abandoned. We develop a new approach called “PII 2.0,” which accounts for PII’s malleability. Based upon a standard rather than a rule, PII 2.0 utilizes a continuum of risk of identification. PII 2.0 regulates information that relates to either an “identified” or “identifiable” individual, and it establishes different requirements for each category. To illustrate this theory, we use the example of regulating behavioral marketing to adults and children. We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.

Audit Trails: The Corporate Surveillance We Need

What do the following problems have in common?

1) food poisoning
2) systemic risk in the financial system
3) data breaches
4) violations of civil liberties
5) tax evasion
6) insider trading

In each case, we could do a lot more to stop the problem if we better tracked the actions that lead to it. An “audit trail” can enable that tracking. Decades ago, such tracking would be inordinately costly. Nowadays, it is increasingly embedded into any quality logistical system. The technologies of RFID chips, cheap imaging and data storage, and rapid search are ubiquitous. Corporations use them to track customers and products. Now public authorities need to use them to track corporations.

Consider, for instance, this recent story on food safety:
Read More

No More Secret Dossiers: We Need Full FTC or CFPB Investigation of “Fourth Bureau” Reputation Intermediaries

There is a superb article by Ylan Q. Mui on the growth of new firms that create consumer reputations. They operate outside the traditional regulation of the three major credit bureaus. Mui calls this shadowy world of reputational intermediaries the “fourth bureau.” The Federal Trade Commission should conduct an immediate investigation of the “black box” practices described by an industry leader in the article. This should be part of a larger political and social movement to stop the collection of “secret dossiers” about individuals by corporate entities. The Murdoch scandal now unraveling in Britain is only the most extreme example of a wholesale assault on privacy led by unscrupulous data collectors.

Once a critical mass of data about a person has been collected for a commercial purpose, she deserves to know what the data is and who is gathering it. Once an educator, employer, landlord, banker, or insurer makes a decision based on that data, the affected individual should be able to challenge and correct it. I have made a preliminary case for such reforms in my chapter Reputation Regulation, in this book. I now think this agenda is more urgent than ever, given the creeping spread of unaccountable data mining in the internet sector to a wild west of reputational intermediaries.

From a Fair Credit Reporting Act to a Fair Reputation Reporting Act

To understand why, it’s helpful to take a step back and look at how poorly regulated even the established credit bureaus are. As Shawn Fremstad and Amy Traub have noted in the Demos report Discrediting America, ample empirical evidence has confirmed that a vast number of traditional credit bureau files are erroneous:
Read More

3

Solove in SCOTUS

Since he’s not the kind of guy to post this himself, I thought I’d alert readers that our own Dan Solove was cited today in Justice Breyer’s dissent in Sorrell v. IMS.  Eugene Volokh helpfully summarizes the case (and its ancestors) here.  I agree with everything he says, except for the phrase “I think the majority (the conservatives plus Justice Sotomayor) is basically right.”

Rethinking Sorrell v. IMS Health: Privacy as a First Amendment Value

The Supreme Court will soon hear oral arguments in Sorrell v. IMS Health. The case pits medical data giant IMS Health (and some other plaintiffs) against the state of Vermont, which restricted the distribution of certain “physician-identified” medical data if the doctors who generated the data failed to affirmatively permit its distribution.* I have contributed to an amicus brief submitted on behalf of the New England Journal of Medicine regarding the case, and I agree with the views expressed by brief co-author David Orentlicher in his excellent article Prescription Data Mining and the Protection of Patients’ Interests. I think he, Sean Flynn, and Kevin Outterson have, in various venues, made a compelling case for Vermont’s restrictions. But I think it is easy to “miss the forest for the trees” in this complex case, and want to make some points below about its stakes.**

Privacy Promotes Freedom of Expression

Privacy has repeatedly been subordinated to other, competing values. Priscilla Regan chronicles how efficiency has trumped privacy in U.S. legislative contexts. In campaign finance and citizen petition cases, democracy has trumped the right of donors and signers to keep their identities secret. Numerous tech law commentators chronicle a tension between privacy and innovation. And now Sorrell is billed as a case pitting privacy against the First Amendment.
Read More

0

New Privacy Law Reference Book: Privacy Law Fundamentals

Professor Paul Schwartz (Berkeley School of Law) and I recently published a new book, PRIVACY LAW FUNDAMENTALS.  This book is a distilled guide to the essential elements of U.S. data privacy law. In an easily-digestible format, the book covers core concepts, key laws, and leading cases.

The book explains the major provisions of all of the major privacy statutes, regulations, cases, including state privacy laws and FTC enforcement actions. It provides numerous charts and tables summarizing the privacy statutes (i.e. statutes with private rights of action, preemption, and liquidated damages, among other things). Topics covered include: the media, domestic law enforcement, national security, government records, health and genetic data, financial information, consumer data and business records, government access to private sector records, data security law, school privacy, employment privacy, and international privacy law.

This book provides an concise yet comprehensive overview of the field of privacy law for those who do not want to labor through lengthy treatises.  Paul and I worked hard to keep it under 200 pages — our goal was to include a lot of information yet do so as succinctly as possible.   PRIVACY LAW FUNDAMENTALS is written for those who want a handy reference, a bird’s eye view of the field, or a primer for courses in privacy law.

We wrote this book to be a useful reference for practitioners — ideally, a book they’d keep at the corner of their desks or in their briefcases.

We also think it can serve as a useful study aid for students taking privacy law courses.

You can check it out here, where you can download the table of contents.

Can Suspicious Activity Reports Trigger Health Data Gathering?

In an article entitled “Monitoring America,” Dana Priest and William Arkin describe an extraordinary pattern of governmental surveillance. To be sure, in the wake of the attacks of 9/11, there are important reasons to increase the government’s ability to understand threats to order. However, the persistence, replicability, and searchability of the databases now being compiled for intelligence purposes raise very difficult questions about the use and abuse of profiles, particularly in cases where health data informs the classification of individuals as threats.
Read More