by Daniel J. Solove
This post is co-authored with Professor Paul M. Schwartz.
This post is part of a post series where we round up some of the interesting news and resources we’re finding. For a PDF version of this post, and for archived issues of previous posts, click here.
We became quite busy after the last update, so we’re a bit backlogged. We are catching up on developments late last year and we have a lot of material. We will release the next issue soon, as there is too much material to fit into this issue.
For a PDF version of this post, click here.
If you are interested in privacy and data security issues, there are many great ways Professor Solove can help you stay informed:
Professor Solove’s LinkedIn Influencer blog
You can follow Professor Solove on his blog at LinkedIn, where he is an “LinkedIn Influencer.” He blogs about various privacy and data security issues. His blog has more than 600,000 followers.
* * * *
Professor Solove’s Twitter Feed
Professor Solove is active on Twitter and posts links to current privacy and data security stories and new scholarship, cases, and developments of note.
* * * *
Professor Solove’s Newsletter
Sign up for our newsletter where Professor Solove provides information about his recent writings and new training programs that he has created.
* * * *
Professor Solove’s LinkedIn Discussion Groups
Please join one or more of Professor Solove’s LinkedIn discussion groups, where you can follow new developments on privacy, data security, HIPAA, and education privacy issues. You can also participate in the discussion, share interesting news and articles, ask questions, or start new conversations:
by Daniel J. Solove
A PC World article discusses a new study by Forrester that reveals that internal threats are the “leading cause” of data breaches. The survey involved companies in Canada, France, Germany, the UK, and the US. The study revealed that 36% of breaches involve “inadvertent misuse of data by employees.”
According to the article, the study also indicated that “only 42 percent of the North American and European small and midsize business workforce surveyed had received training on how to remain secure at work, while only 57 percent say that they’re even aware of their organization’s current security policies.” The article quotes Heidi Shey, the study’s author, who says: “People don’t know what they don’t know. You’ve got to give them some kind of guidance and guard rails to work with.”
by Daniel J. Solove
In 2012, the media erupted with news about employers demanding employees provide them with their social media passwords so the employers could access their accounts. This news took many people by surprise, and it set off a firestorm of public outrage. It even sparked a significant legislative response in the states.
I thought that the practice of demanding passwords was so outrageous that it couldn’t be very common. What kind of company or organization would actually do this? I thought it was a fringe practice done by a few small companies without much awareness of privacy law.
Posted by Daniel J. Solove
The frequent use of social media by employees has created a new domain of risk for employers – employees who reveal confidential or sensitive information or who otherwise say things that damage their institution’s reputation or create strife with their colleagues.
For example, in the healthcare context, in a number of widely-publicized incidents, employees revealed confidential information about patients on their blogs and social network profiles. For example, according to a Boston Globe story, an emergency room physician posted data online about the patient. The physician thought that it was safe to post about as long as she did not include the patient’s name. But others could identify the patient. There are numerous recent cases where hospital staff have posted photos and other information about patients online.
The U.S. Supreme Court has decided NASA v. Nelson, reversing the 9th Circuit 8-0. My thoughts about the case are here and here, and as I predicted, the Court rejected the 9th Circuit holding that the government employment background check questionnaires violated the constitutional right to information privacy. Fortunately, the Court kept its opinion narrow and didn’t use it as an opportunity to wipe out the constitutional right to information privacy, a right that the Court mentioned just a few times but that has taken on more of a life in the circuit courts.
I blogged about City of Ontario v. Quon a few days ago, and I want to raise another important issue in the case, one my colleague Orin Kerr has astutely pointed out. The case is on appeal to the U.S. Supreme from the 9th Circuit: Quon v. Arch Wireless Operating Co., Inc., 529 F.3d 892 (9th Cir. 2008). The case involves whether employees at a police department have a reasonable expectation of privacy in the contents of their text message communications made from pagers while on the job. In my previous post, I addressed this issue, which involves how to interpret the city’s monitoring policy (it had a general written policy for computer use but a set of informal practices for texting that were different).
The Supreme Court will soon hear arguments in City of Ontario v. Quon, an important Fourth Amendment case involving the privacy of electronic communications in the workplace.
Ever since the Washington Post exposé about the AutoAdmit discussion board, it has been in a downward tailspin. According to the Washington Post article of March 2007: Continue Reading
The United States v. Ziegler case I wrote about in a previous post brings to mind a radical employment law case decided last December in New Jersey. [Thanks to Charlie Sullivan and Timothy Glynn for bringing the case to my attention]. The case is Doe v. XYC, 887 A.2d 1156 (N.J. Super. 2005). Since I couldn’t find a version of it online, I’ve posted a copy here.