Tag:

privacy

MSG’s Usage of Facial Recognition Technology Sparks Civil Rights Debate

A woman attempting to chaperone her daughter’s Girl Scout troop on a trip to attend a Rockette’s show at Radio City Music Hall was denied entry based on facial recognition technology. The security subsequently revealed that she was on a list of excluded attorneys as her firm was involved in ongoing litigation against Madison Square Garden (MSG) Entertainment (which owns Radio City Music Hall). this could be one of the consequences of allowing private corporations to use facial recognition technology.

Digital Footprints in the Post-Roe Era

On June 24, the Supreme Court officially overturned Roe v. Wade. In doing so, it declared that there was no longer a constitutional right to abortion, allowing state police power to determine its legality. Immediately after this decision, trigger laws went into effect across a quarter of the states, making abortions illegal. Post Dobbs, information collected on personal devices, especially through period-tracking and telemedicine apps, is at risk of being exposed and utilized as criminal evidence.

The Case for Expanding Privacy Protections in a Post-Roe World

In Dobbs v. Jackson Women’s Health Organization (Dobbs), the US Supreme Court ruled that abortion is not a fundamental right protected by the Constitution. This decision resulted in additional abortion protections in California, Michigan, and Vermont, and prompted many patients, providers, regulators, and tech companies to rethink data privacy. However, because most abortions are still banned in at least 13 states, this patchwork of state abortion laws, combined with the lack of any sufficient national privacy law, puts patient privacy at risk.

The Need for Federal Regulation of Tracking Pixels to Protect Patient Data

In June 2022, a nonprofit news site called The Markup released a report stating that hospitals using Meta Pixel may be releasing patient data to Meta Platforms, Inc. (previously Facebook, Inc.). Since this report was released, many of the hospitals identified in the report removed pixel technology from their websites. In addition, some hospitals have released public breach notices and reported potential data privacy breaches to the US Department of Health and Human Services (HHS) Office of Civil Rights (OCR). Most recently, on October 20, 2022, Advocate Aurora Health, a large health system located in the Midwest, released a notice publicly announcing its potential pixel breach, which may affect as many as three million patients.

How To Keep Your Government Accountable

On October 26, 2017, the United States government released files relating to the assassination of President John F. Kennedy and the investigation that followed. The majority of the documents generated by the investigation – about 88% of all FBI, CIA, and other agencies’ files – have been available for years, but the rest of the documents were due to be released this year. On the recommendation of the investigatory agencies, President Trump decided to keep some of this remaining information redacted due to “national security, law enforcement, and foreign affairs concerns.” Speculation as to the contents of these documents and the reasons for redacting secure information have renewed a continuing discussion about what information the public should be privy to and how this information can be accessed.

Handling a Data Breach: Equifax v Google

Google answered Amazon’s Echo Dot by recently launching their own pint-sized smart speaker, the Google Home Mini. Recently, Google was forced to disable one of the features on the Home Mini after it was discovered that a technical glitch led to near 24/7 audio recording. Google responded quickly and appropriately, investigating the cause and quickly releasing an update to disable the hardware responsible for the glitch. The Equifax hack –  a breach of personal data including social security numbers, driver’s license information, and other credit details – exposed nearly half the country and waited months to respond. Upcoming European legislation that can significantly impact American companies with European Union clients may be part of the reason for their drastically different responses.  

What Happens When The Police Demand PHI

It happens in every emergency department: a law enforcement officer comes into the ER at two o’clock in the morning and demands to test the blood alcohol levels of a patient brought in after an auto accident. The officer pulls an exhausted nurse to the side in the hopes that the nurse will forget his or her training, or become anxious enough to give up the information for fear of being arrested. Yet no matter the specific facts, the question remains: can a hospital give law enforcement officers a patient’s PHI without authorization from the patient? In some situations, is it even required?

There is a provision under the HIPAA Privacy Rule that allows, and in some cases, requires, entities to disclose patient’s PHI to law enforcement without the patient’s authorization. However, state law can complicate this picture with more restrictive regulations and guidance.

FISA Section 702 and the Fading Future of Effective Surveillance Laws in the Midst of Governmental Mishaps

Section 702 of the Foreign Intelligence Surveillance Act (FISA) allows the United States government to obtain access to the communications (e.g. emails) of non-U.S. citizens without a warrant. The rationale behind the law is its potential for use in gathering intelligence on potential terrorists and potential terrorist activity. The law has become controversial because intelligence on U.S. citizens has incidentally occurred as well, as emails and phone calls from U.S. citizens have been contained in intelligence-storing databases. As the law expires at the end of 2017, Congress is considering changing the ways intelligence is collected pursuant to the collection procedures stipulated under the law. 

Data Breaches: How Do We Keep Our Data Safe?

In the last month, multiple large-scale data breaches were reported by various entities, with 3 breaches reported in the past week alone. Unfortunately, even the most well-known entities do not stand a chance against increasing technological abilities of bad actors. Since the Equifax breach in early September, Whole Foods, Sonic, Deloitte and the Securities Exchange Commission, among others, had similar large-scale breaches affecting consumers across the country.

Enforcing Foreign Compliance with U.S. Regulations

Compliance standards in the United States come from the laws and policies enacted by the government and its related agencies. Administering U.S. standards on foreign institutions, public or private, poses a unique challenge. Our public and private companies are held accountable by federal, state, local, or agency rules, as well as the guidelines providedby the United States Sentencing Commission. But foreign organizations, in theory, have no real obligation to follow our lead. There have been several notable attempts in recent years to enact legislation on foreign organizations and impose sanctions for noncompliance, and it is likely a continuing trend as the compliance industry grows.