PRIVACY + SECURITY BLOG

News, Developments, and Insights

high-tech technology background with eyes on computer display

Does the U.S. Supreme Court’s Decision on the 4th Amendment and Cell Phones Signal Future Changes to the Third Party Doctrine?

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
July 2, 2014

T

by Daniel J. Solove

Today, the U.S. Supreme Court handed down a decision on two cases involving the police searching cell phones incident to arrest. The Court held 9-0 in an opinion written by Chief Justice Roberts that the Fourth Amendment requires a warrant to search a cell phone even after a person is placed under arrest.

The two cases are Riley v. California and United States v. Wurie, and they are decided in the same opinion with the title Riley v. California. The Court must have chosen toname the case after Riley to make things hard for criminal procedure experts, as there is a famous Fourth Amendment case called Florida v. Riley, 488 U,S, 445 (1989), which will now create confusion whenever someone refers to the “Riley case.”

Continue Reading

Being a Juror Can Result in a Huge Loss of Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 30, 2014

being a juror blog 1

by Daniel J. Solove

For trial attorneys, a key component to winning is carefully selecting people for the jury and tailoring arguments to best influence, nudge, or perhaps even manipulate jurors into reaching a particular verdict. As a result, there is a hunger to learn about the private lives of jurors, and serving on a jury can entail a huge loss of privacy.

Continue Reading

How the FTC Can Readily Halt Identity Theft

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
June 16, 2014

ftc halts identity theft blog 1

by Daniel J. Solove

Identity theft is terrible crime, and it can wreak havoc on victims’ lives. In an identity theft, the thief uses a victim’s personal information to improperly access accounts, obtain credit in the victim’s name, or impersonate the victim for other purposes.

But there is an effective way to stop a lot of identity theft, and the legal framework is already in place to do it. In a relatively short time, the Federal Trade Commission (FTC) could prevent a significant amount of identity theft – perhaps even a majority of it – and no new laws need to be passed.

I know that it might be hard to believe – as hard to believe as a suitcase filled with a million dollars just sitting abandoned on the sidewalk – but it is quite true.

Before I explain how, I need to provide some background.

Continue Reading

Is the Right to Be Forgotten Good or Bad? This Is the Wrong Question

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 29, 2014

right to be forgotten good or bad blog 1

by Daniel J. Solove

Is the right to be forgotten good or bad?

This is the question many are asking these days in light of the recent EU Court of Justice (ECJ) decision that requires search engines such as Google to remove personal data from search results when people request it. (For more background, I wrote about the ECJ decision last week.)

After the decision was released, critics attacked the right to be forgotten as impractical, undesirable, and antithetical to free speech.

Continue Reading

What Google Must Forget: The EU Ruling on the Right to Be Forgotten

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 20, 2014

 

google right to be forgotten blog 1

by Daniel J. Solove

In a momentous decision, the EU Court of Justice has ruled in favor of a Spanish man who sought to have links to his personal data removed from Google search results. Under what has become known as the “right to be forgotten,” EU citizens have a right to the deletion of certain personal data under the EU Data Protection Directive.

The EU Court of Justice has concluded that “the operator of a search engine is obliged to remove from the list of results displayed following a search made on the basis of a person’s name links to web pages, published by third parties and containing information relating to that person, also in a case where that name or information is not erased beforehand or simultaneously from those web pages, and even, as the case may be, when its publication in itself on those pages is lawful.”

Continue Reading

6 Lessons from the Costliest HIPAA Settlement to Date

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 20, 2014

Costliest HIPAA Settlement blog 1

by Daniel J. Solove

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced the costliest HIPAA settlement to date — a $4.8 million settlement with New York and Presbyterian Hospital (NYP) and Columbia University (CU). The case involved the disclosure of protected health information on the Internet. Here are some lessons from this latest case:

Continue Reading

Snapchat and FTC Privacy and Security Consent Orders

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 19, 2014

snapchat and ftc blog 1

by Daniel J. Solove

Co-authored by Woodrow Hartzog

snapchat and ftc blog 2

The Federal Trade Commission (FTC) recently entered into a consent order with the media service Snapchat for not living up to its promises about how it maintains the privacy and security of user’s data. The FTC order prohibits Snapchat from “misrepresenting the extent to which it maintains the privacy, security, or confidentiality of users’ information” and requires the company “to implement a comprehensive privacy program that will be monitored by an independent privacy professional for the next 20 years.”

Continue Reading

Big Data and Our Children’s Future: On Reforming FERPA

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 14, 2014

Double check

by Daniel J. Solove

Last week, the White House released its report, Big Data: Seizing Opportunities, Preserving Values. My reaction to it is mixed. The report mentions some concerns about privacy with Big Data and suggests some reforms, but everything is stated so mildly, in a way designed to please everyone. The report is painted in pastels; it finesses the hard issues and leaves specifics for another day. So it is a step forward, which is good, but it is a very small step, like a child on a beach reluctantly dipping a toe into ocean.

Continue Reading

Why Did inBloom Die? A Hard Lesson About Education Privacy

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 6, 2014

in bloom blog 1

by Daniel J. Solove

For any organization who doesn’t take privacy seriously, the demise of inBoom should be a loud wake up call. Funded by $100 million from the Gates Foundation, inBloom was a non-profit organization aiming to store student data so that school officials and teachers could use it to learn about their students and how to more effectively teach them and improve their performance in school. Who would have thought that a project with so much funding and promise would be shutting down just a few years after its creation? What went wrong?

Continue Reading

Our Privacy and Data Security Depend Upon Contracts Between Organizations

Daniel Solove     @daniel-solove.bsky.social
Founder of TeachPrivacy
May 5, 2014

contracts between organizations blog 1

by Daniel J. Solove

Increasingly, companies, hospitals, schools, and other organizations are using cloud service providers (and also other third party data service providers) to store and process the personal data of their customers, patients, clients, and others. When an entity shares people’s personal data with a cloud service provider, this data is protected in large part through a contract between the organization and the cloud service provider.

In many cases, these contracts fail to contain key protections of data. For example, a study conducted by Fordham School of Law’s Center on Law and Information Policy revealed that contracts between K-12 school districts and cloud service providers lacked essential terms for the protection of student data. I blogged about this study previously here.

Continue Reading