Tag:Privacy & Security
Privacy Lessons Learned from Litigation: Video Surveillance of the Robert Kraft Massage Parlor-Prostitution Sting Operation
The criminal case against the NFL New England Patriots’ franchise owner, Robert Kraft, has taken an astounding turn of events as the Florida Court of Appeals handed down its ruling on Kraft’s privacy objections against law enforcement’s surveillance video evidence showing the billionaire soliciting prostitution at a local spa. Kraft filed a motion to suppress the evidence arguing that Florida law enforcement’s non-consensual and surreptitious recording of non-audio video surveillance of the premises of a private business, that is open to the public, runs afoul of Kraft’s, and others’, Fourth Amendment right to be free from unreasonable government searches. The ruling of the Appeals Court not only affirmed a similar lower court ruling by the Palm Beach County trial court, favoring Kraft, but it served up an interesting compliance lesson on the privacy protections required of law enforcement during their surreptitious video surveillance operations.
How COPPA and FERPA affect Education in the Age of Remote Learning
As thousands of schools across the country comply with state and local social distancing orders due to the global pandemic COVID-19 for this 2020-21 school year, many schools are now faced with having to educate students from their homes in either hybrid or fully remote models. Millions of students are now utilizing online educational services to aid in remote learning. Although these education technology companies (“EdTech”) are now providing crucial remote learning opportunities for students, school districts must also keep students’ privacy rights in mind. Many of these EdTech services will collect and use personal information of students who use their services. This is where the Federal Trade Commission’s Children’s Online Privacy Protection Act (“COPPA”) pertains.
Telehealth in the Age of COVID-19
The Health Insurance Portability and Accountability Act – enacted in 1996 by the U.S. Congress and signed by then-President Bill Clinton – has long served to maintain the standards of electronic health records and patient privacy, among many other provisions. Violating HIPAA can result in both criminal prosecution as well as steep civil penalties. As the healthcare industry transitioned from the use of paper records to storing patient data on electronic health records over the last two decades, health organizations have learned to adapt to HIPAA compliance, with many increasing their compliance programs by hiring full-time compliance officers, designating an individual as the compliance manager, and/or appointing a compliance committee within the organization.
Privacy Lessons Learned from Litigation: The unfair and deceptive practices lawsuit against Zoom
Yet another privacy and data security-related lawsuit has been filed against Zoom Video Communications, Inc. (“Zoom Inc.”). Zoom Inc. has been the subject of several complaints related to its video-conferencing service since its meteoric and spectacular rise in popularity due to the Coronavirus pandemic and related quarantine measures beginning in March 2020. In this particular case, there are compliance lessons to be learned from the unfair and deceptive practices claims alleged against Zoom Inc. in the plaintiff’s D.C. Superior Court filing.
Corporate Cybersecurity: Managing Data in the Era of Cyberattacks
Within the last decade, data has surpassed oil as the world’s most valuable commodity. Earlier this year the Securities and Exchange Commission (SEC) released its observations made during audits that detailed the methods used by corporations to secure their data. This included the kinds of cybersecurity practices employed by companies as well as advice on how to better deal with sensitive data and protect against potential cyberattacks. The SEC’s observations coincide with a recent announcement from the National Security Agency (NSA) that showcases an increased concern surrounding cybersecurity in the corporate world.
New SEC Report Cautions Public Companies to Safeguard Assets From Cyber Fraud
In the age of digitization, data seems less secure than ever. Public companies constantly attempt to safeguard both personal and financial data, yet their efforts fail due to new outbreaks of malicious encryption viruses and persistent email phishing attempts. Data breaches and cyber fraud carry severe financial implications for public companies who fall victim to these types of attacks. But a new Securities and Exchange Commission (SEC) report says that public companies that are easy targets of cyber scams could also be in violation of federal securities laws and accounting regulations that call for firms to safeguard their assets. Although the SEC has issued its warning to public companies about the compliance and financial risks posed by cyber fraud, many companies are still struggling to implement effective protections against newly-evolved forms of cyber-attacks.
As Direct-to-Consumer Genetic Analysis Becomes More Popular, Five Privacy Considerations Arise
Direct-to-consumer genetic testing kits have exploded in popularity over the last decade. Ancestry.com and 23andMe proudly state they have had ten million and five million customers, respectively, using their DNA testing services. One study projects that improvements in technology and popularity will cause DNA testing to increase tenfold by 2021. Many experts in the field of genetics and bioethics have expressed concern regarding the ability of regulators and privacy infrastructure to keep pace with the expansion of these types of genetic services. We may not be at a point where we understand the full implications of having such large banks of genetic information, but here are five reasons to be concerned.
Stemming the Tide of Medical Information Data Breaches
Protected Health Information is seeing a surge of breaches on the cyber security front due to contractor error. It’s also impacting the most consumers in comparison to other data breaches and, in some cases, has the power to cause chaos in national infrastructure. Advances in technology and compliance measures can stem the tide and protect the most valuable information in consumers lives.
Amazon Go versus the GDPR
New data privacy regulations entail questioning both current and future technologies. Recently, Amazon has introduced a store concept that eliminates everyone’s least favorite things about shopping, long lines and small talk. Amazon Go is the grocery store of the future and these stores allow consumers to walk in, pick up the items that they need, and then walk right back out. That’s it. No long lines, no cashiers, no shopping carts. However, as great as this concept seems, there are still concerns from a data privacy standpoint as Amazon needs to collect personal data from its consumers in order to be able to lawfully execute these checkout-less stores.
EU Copyright in the Internet Age
On September 12, 2018, the European Parliament approved amendments to the Directive on Copyright in the Digital Single Market, commonly known as the EU Copyright Directive (the “Directive”). The amendments primarily cover copyright protection over internet resources. There are two parts of the Directive that have caused concern: Articles 11 and 13. Article 11, also referred to as the “link tax,” provides publishers with a method to collect revenue from news content shared online. Article 13, also referred to as the “upload filter,” holds Internet platforms, such as Facebook and Twitter, liable for copyright infringement committed by users. Together, large and small platform providers that would have to comply with these new regulations have declared that the enactment of these articles places a heavier burden on service providers. Critics of these amendments also say the requirements are likely to lead to increased taxation and more lawsuits. The final vote on the directive is scheduled for January 2019.