The U.S. Supreme Court has been notoriously slow to tackle new technology. In 2002, Blackberry launched its first smart phone. On June 29, 2007, Steve Jobs announced the launch of the original Apple iPhone. But it took the Supreme Court until 2014 to decide a case involving the Fourth Amendment and smart phones – Riley v. California, 134 S.Ct. 2473 (2014). This past summer, the Supreme Court issued another opinion involving smart phones – Carpenter vs. United States, 138 S.Ct. 2206 (2018).
I am thrilled to have had the opportunity to interview Bart Huffman, a partner in Reed Smith’s global IP, Tech & Data Group, about the Supreme Court’s recent foray into smart phones.
I was fortunate to see James Graham’s incisive play “Privacy” this past Sunday at the Public Theater in New York City. The play is a witty and immensely engaging examination of all the data being collected about us and being assembled into digital dossiers. Technology is adeptly woven into the play. At many points during the production, audience members are asked to use their smart phones. The script is entertaining and intelligent. There is never a dull moment, and I was laughing throughout. Continue Reading
A dramatic legal battle is taking place that will have dramatic implications for the future of technology, privacy, security, and the extent of government power. The FBI obtained an order from a magistrate judge to force Apple to develop software to help the FBI break into an encrypted iPhone.
I’m pleased to announce a new training program: Spot the Risks: Privacy and Security. The program is a Where’s Waldo style risk-spotting game that takes about 5 minutes to complete. Trainees are asked to spot the risks in an office. Feedback is provided about each risk so trainees learn many of the most important best practices.
Recently, the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) publicized its resolution agreement in its HIPAA enforcement action against St. Elizabeth’s Medical Center (SEMC). SEMC agreed to pay $218,000.
The case began with a complaint filed with OCR back in 2012 that employees were sharing PHI of nearly 500 patients via an online sharing application without a risk analysis on such activities being undertaken. OCR investigation found that the medical center “failed to timely identify and respond to the known security incident, mitigate the harmful effects of the security incident and document the security incident and its outcome.”