Sunday, January 27, 2013

Global Government Surveillance State: Privacy, Data Protection And Social Media Between March - December 2012

Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Digital Forensics and Privacy and Technology in Balance at the 34th International Conference of Data Protection and Privacy Commissioners

The 34th International Conference of Data Protection and Privacy Professionals was held this year in Punta del Este, Uruguay, on October 22-26.
Uruguay enacted a comprehensive Data Protection Law, the Ley no. 183331, in 2008, and was recently declared a “third country with an adequate level of data protection” by the European Union.Uruguay was one of the first Latin American countries (after Argentina) to adopt an omnibus privacy law, after which Mexico, Colombia, Costa Rica, Peru and Nicaragua followed suit. Brazil, Chile and Ecuador might be next. We are definitely witnessing a trend in Latin America towards enacting data protection laws, modeled after the European Union data protection framework.

Part of a 1977 Punta del Este Mural by Carlos Paez Vilaro – Picture by Monique Altheim
The theme of the conference was: Privacy and Technology in Balance. As Jose Clastornik of the Unidad Reguladora y de Control de Datos Personales (URCDP), the DPA of Uruguay, declared: since technology is part of the problem, it should also be part of the solution.
The iconic symbol of Punta del Este is the “La Mano” sculpure on Brava Beach. It expresses the action of humans in nature. As such, it was also an appropriate symbol for this conference: How to balance the technological advances created by humans with what most data protection authorities around the globe consider human beings’ natural right to privacy and data protection.

“La Mano” sculpure in Punta del Este by Mario Irarrázabal – Picture by Monique Altheim
Uruguay’s President, Jose Mujica, expressed serious worries about the lack of privacy created by technological developments. He said, jokingly: “Sinners, you’re doomed!” At the same time, he expressed the need for knowledge to move forward and the hope that a proper balance between advancing technology and privacy protection will be achieved.
In Uruguay, technology and knowledge is indeed moving forward at a rapid pace, thanks to the remarkable CEIBAL project. About four years ago, the Uruguyan Government started distributing free laptops to all elementary school students and teachers, and provides no-cost internet connection to all.

From left to right: Diego Caneda, Jose Mujica Cordano (President of Uruguay), Felipe Rotondo (President of URCDP), Jose Clastornik (Member of Executive Council URCDP)
In sync with the theme of the conference, I was asked to moderate a panel on digital forensics, titled: “Forensic Tools: What Our Devices Tell About Us”.
Unfortunately, I don’t know much Spanish. That led to an amusing misunderstanding. A Latin American colleague tried to converse with me in English, and asked whether I had seen the hen yet. I said no, what is the hen? He explained that it was a very famous sculpture on the beach of Punta del Este. I spent whatever free time I had in Punta looking for a hen, but couldn’t find any. It was only when an American colleague pointed to a sculpture on the beach and said: this is the “hand”, that I finally understood.
We all speak different languages, and the misunderstandings this creates can lead to some problems of miscommunication, but they have usually limited consequences. All you need, after all, is a translator, dictionary or Google app to set things straight.
We all speak one language though that is identical: today, we all speak digital. We communicate through email, text messages, videoconferencing and social media. Those data are stored on databases in private companies and government agencies, on our laptops, mobile phones and, increasingly, on servers in the “cloud”. According to a recent IBM report, there are currently 2.7 zetabytes of digital data in the universe. That equals one trillion truckloads full of documents. In the case of a security breach, private civil litigation or internal audit, government civil or criminal investigation, the goal is always to find relevant evidence. How does one find relevant evidence among such monstrous numbers? How do we ensure the authenticity and accuracy of digital evidence? And how do we make sure that data protection and privacy rights of individuals are not trampled upon during the search for evidence?
This is the domain of ediscovery and digital forensics, and my panel of experts examined every aspect of this fascinating issue.
My panel consisted of, from left to right,  Oscar Puccinelli, an attorney and professor of Constitutional Law at the National University of Rosario in Argentina, Jeimy Cano, CIS at Ecopetrol and professor at the Univesidad de Los Andes in Bogota, Colombia, Gustavo Betarte, CTO at Tilsor and researcher and professor at the Engineering School of the Univesidad de la Republica in Montevideo, Uruguay.

And, from left to right, Yoram Hacohen, head of the Israeli Law, Information and Technology Authority (ILITA), and William C. Barker, associate director and chief cyber security advisor at the National Institute of Standards and Technology (NIST).

William C. Barker started by giving us a digital forensics 101 overview, which you can follow in this powerpoint presentation. He explained the different phases of digital forensics, concepts such as digital signatures and hashing, the policies companies and organizations should adopt regarding forensic investigations, and the standards that NIST has developed so far, such as the Computer Forensic Tool Testing (CFTT).
Digital Forensics by William C. Barker (NIST)
Following this excellent presentation, Gustavo Betarte delved into the privacy issues arising out of forensic analysis of deleted data. He explained how amazingly difficult it is to truly delete data from computer systems and how very oftern forensic investigators find troves of sensitive data thought to be deleted.  For example, in the notorious Enron case, many of the incriminating emails were reconstructed from a “deleted data” folder.
After listening to Gustavo  for a while, I started thinking that maybe the whole “right to be forgotten” controversy is just wishful thinking of policymakers with no knowledge of computer forensics.
For more details on Gustavo’s presentation, check out his slides:
Threats to Privacy in the Management of Data Stored in Computer Systems by Gustavo Betarte
Yoram Hacohen gave us a couple of interesting practical case studies conducted by his office involving forensic examinations and privacy.
He explained how his department, with the help of its forensics lab, cracked the biggest privacy breach case that ever occurred in Israel, involving the theft of Israel’s entire Population Registry. See here a previous entry about this notorious case.
Yoram put it very succintly when he said: the suspect remained silent, but his computer spoke volumes!
Watch this fascinating briefing to find out how the investigation led to the unmasking and arrest of six suspects and how one fatal “mistake” by the hacker who published the registry online led to his discovery.
As more and more companies and organizations move their IT operations to the “cloud”, it was essential to address the forensics issues arising in this ecosystem.
Jeimy  Cano gave a comprehensive powerpoint presentation on digital forensics in the cloud environment.
This slide gives one an idea of the complexity of conducting digital forensics analysis in a cloud architecture. One of the particularities of cloud forensics is the ability to conduct remote probing into distant systems. There are even applications one can install in order to allow for future remote forensic investigations, should the need arise.

And finally,  cloud computing creates a unique challenge in criminal investigations. Whereas in a physical home search, the police must show a warrant before proceeding, in a remote search of computers or servers in the cloud, the data subject or data controllers/processors are not in a position to ask for a warrant before letting investigators in, since remote digital forensics can be executed without the knowledge of the data subject or the data controller/processor. The same is true when cybercrime investigators install remote trojans to monitor suspect computer systems.
Oscar Puccinelli tackled this thorny issue. He sighed at the fact that the law is always seriously trailing behind the technology, and stressed that currently there is a lack of balance between technology and the law. Technology develops at lightning speed, while the law develops at a snails’ pace. This is especially true concerning the cloud environment. He stressed the importance of international cooperation, and praised the EU and US for their cooperation efforts in this field.
Important efforts harmonizing substantive and procedural criminal law come from the Council of Europe Cybercrime Convention, the leading public international law in this field, which came into force on July 2004 with some 47 signatures, including non-European states such as the United States.
Oscar deplored the lack of a regional agreement in Latin America.
He also mentioned that the cloud is a new space that is strongly monitored under national security laws by most government agencies around the globe.
The “Patriot Act” is not alone.
For example, the German Federal Office of Criminal Investigation (BKA) may, in investigations involving terrorism or national security, use a “Federal Trojan” (a government-issued computer virus) to search a Cloud provider’s servers, monitor ongoing communications, or collect communication traffic data without the knowledge of the target. In addition, the G10 Act provides German intelligence services with the authority to monitor and record telecommunications without a court order in investigations of a serious crime or a threat against national security, such as terrorism.
Oscar ‘s conclusion: Clouds in the cloud.

In order not to end with such a gloomy “weather forecast”, I included a short recording of the lavish party that the Uruguayan organizers had prepared for the conference’s attendees. Besides being served a sumptuous banquet, the delegates were treated to a show of “Candombe” an Afro-Uruguayan traditional dance. Enjoy!

Ediscovery, Privacy, Data Protection and Social Media Weekly Updates

  • Australia Post in online privacy breach http://ow.ly/2sLkOk 
  • Ediscovery and DataProtection Daily is out! http://bit.ly/n02JL6 
  • Infographic on the parties’ views on cybersecrity – Here’s a terrific infographic from Veracode that helps one navig… http://ow.ly/2sL2ty 
  • Webinar: How to Protect Your Organization Without Sinking in the Quagmire of New Background Check Laws http://ow.ly/2sKCE
  • PLS Financial/Payday Loan Store settles government charges of improper disposal of customer records
  • Eighth Circuit rules against students’ free speech claim over offensive website http://ow.ly/2sKuCt 
  • Teacher Accidentally Puts Racy Photo On Students’ iPad. School Bizarrely Suspends Students. http://ow.ly/2sKuCv
  • Canadian and German Data Protection Authorities Sign Collaboration Agreement http://ow.ly/2sKeVK 
  • The European Court of Justice Rules That Austria’s Data Protection Authority Is Not Sufficiently Independent http://ow.ly/2sKeVL 
  • UK: Housing association email attachment gaffe discloses employees’ sensitive personal information http://ow.ly/2sK3TL 
  • Ediscovery and DataProtection Daily is out! http://bit.ly/n02JL6  ▸ Top stories today via @WarOnPrivacy

Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates


Ediscovery, Privacy, Data Protection and Social Media Weekly Updates

E-Discovery Legal Issues for IT



Lawyers are often labeled as “luddites” and their lack of understanding of technology is legendary.
In an era, where almost all business records are in the form of electronically stored information, it has become essential for lawyers to become more technologically savvy.
On the other hand, it is just as important for IT to understand legal and its requests.
Ediscovery is one area, where this has become an absolute necessity.
But how well do IT professionals understand the legal aspects of their work? Most probably, not very well.

Are you an IT professional?
Do you believe that all your company’s data should be deleted as quick as possible? Do you believe that none of your company’s data should ever be deleted?
Have you ever received an instruction from the legal department that sounded like: “Save all responsive documents” and scratched your head as to what documents legal was referring to?
Is your company moving its database to the cloud? Are you involved in acquiring new hardware or software for your company?
If you answered yes to any of the above questions, the newly published e-book “E-Discovery Legal Issues Guidebook” is for you. It was published on September 7, 2012, by PenTest Magazine, the “only magazine devoted exclusively to penetration testing”.
This seventy page e-book is specifically aimed at IT professionals who deal with ediscovery. With its collection of eleven articles, written by thought leaders in the  field of ediscovery, it aims to inform IT professionals of the basic legal issues surrounding ediscovery.
In it, you will find analyses of the major ediscovery cases, from the seminal Zubulake case to the more recent Apple v. Samsung case. Basic legal ediscovery principles, such as the duty to preserve and spoliation are explained without the usual legal jargon. More advanced topics, such as ediscovery of data stored in the cloud and ediscovery of personal data in the EU are covered as well.
This publication recognizes the essential part IT professionals play in the process of ediscovery, and aims to foster co-operation between the legal and IT departments.
Disclosure: This blogger has contributed to the publication with a chapter on international ediscovery and EU data protection.


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery

Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


U.S. Cross Border Ediscovery vs. EU Data Protection: Clash of the Titans

I recently gave a CLE presentation at the LegalTech West Coast Conference in Los Angeles on the legal problems and tensions of conducting U.S. civil litigation ediscovery in the European Economic Area (EEA), which consists of the 27 EU member states plus Iceland, Liechtenstein and Norway.
The subtitle “Clash of the Titans” derives from the fact that on the one hand the U.S. has the broadest pre-trial civil litigation discovery procedure on earth, while on the other hand the EU has the most stringent data protection framework on the planet. Trying to collect and transfer terabytes of data, most of which contain personal components, in the EU, where data protection is a fundamental right and very heavily regulated, is indeed quite a challenge.
In this presentation, I analyzed the U.S. jurisprudence on the extra-territorial application of  U.S. ediscovery obligations as well as the EU guidelines concerning personal data collected while conducting U.S. civil ediscovery in the EEA. I introduced the mostly American audience to principles of EU data protection.
Here is the slide deck I used for this presentation.
Legaltech West Coast: Cross Border Ediscovery vs. EU Data Protection
Earlier this year, I organized and moderated three panels on Ediscovery at the CPDP Conference in Brussels, where I introduced the unique U.S. civil ediscovery framework to the mostly European audience.
Here is the video of the cross-border ediscovery panel I moderated.
Thanks to my dual qualification as an attorney in the U.S., as well as in the EU, I am in a unique position to act as a bridge between the exclusively common law tradition of pre-trial ediscovery in civil litigation in the U.S.  and the EU tradition of data protection of personal data.

Are Facebook Users Giving up their Expectation of Privacy in Return for an Expectation of Imaginary Connection?


If you are like me, you post on Facebook in leaps and bounds.
I have periods of silence, followed by bursts of sharing of photos, links to articles and status updates.
During one recent prolific posting period of two weeks, I noticed that none of my posts had generated any reaction whatsoever: not a single “like”, not a single “comment”.
I was devastated. I had become invisible and ignored. I had become a Facebook outcast. I felt like I had stopped existing.
I feverishly scanned my 30 something posts since the last sign of human recognition, and started to wonder whether I had made a faux pas somewhere along the line.
Had I posted something too racy? Something too controversial?
Had I posted too often? Where my posts too boring, too irrelevant?
Had all my Facebook friends blocked me? Had Facebook censored me?
Then by chance, as I was talking to one of my close Facebook friends over the phone, I learned that he had just not seen any of my posts for the last two weeks. This started me thinking: what if none of my 180 Facebook friends had seen any of my posts either? What if the simple reason for the lack of engagement was that I had become literally invisible on Facebook? I decided to conduct a little poll among a random list of a dozen or so Facebook friends and tagged them in a post with the question whether they had seen any of my posts for the last two weeks. The response was overwhelming: none of my friends had seen them. Except for a couple of more sophisticated Facebookers, who had a gazillion friends and availed themselves of all sorts of filter tools and therefore might not have seen my posts due to their own decision of filtering me out, the majority of my Facebook friends were just regular folks with a manageable load of updates to sift through, who genuinely liked to find out what their friends were up to, without any filters whatsoever.
That could only mean one thing: something in the Facebook machine had decided that whatever I posted should be invisible to the majority of my Facebook friends. My invisibility was not caused by me, nor by my Facebook friends.
While, in the end, I succeeded in resolving a technical glitch that seemed to have caused my total invisibility, this rather painful experience started me thinking about the importance of visibility or reach on social media. No matter how fascinating, original or groundbreaking the post, if no one sees it, what exactly is the purpose of posting it?
I was reminded of the age old question of when a tree falls in the forest, but no one is around to hear it, does it make a sound?
A lot has been written about privacy, or rather the lack of it, online and especially on the social media sites. The common wisdom, at least in the US, is, that in exchange for the privilege of using sites like Facebook, one gives away one’s private data for monetization purposes by those sites. The user gets to use the platform in exchange for his/her data that the platform provider gets to use. Translated into legal terms, one could say that the user of a social media site like  Facebook gives up his/her “expectation of privacy” for an “expectation of connecting with friends”. Except that in the case of Facebook (and probably other sites as well), this exchange is seriously flawed.
When you talk within the physical walls of a room, you are immediately aware who you are talking to and how wide your reach is: your audience is right in front of you.
When the average Facebook user posts something on Facebook, he/she assumes that all his/her friends on Facebook are able to see that post.
What the majority of Facebook users do not realize is that, according to a recent study, the average post is only visible to 12% of one’s Facebook friends. Facebook’s secret algorithms decide which post is seen by which friends. When you subtract from the 12% visibility all the friends who do not regularly check their news feed, or do not get notified of new posts and also subtract from the 12% the more sophisticated Facebook friends who have siloed  their friends into lists and groups and who have not included you in any of those and you are left with a very puny audience indeed.
The average Facebook user has 150 friends. The average Facebook user is also led to believe that all his posts will be visible to all his 150 friends. In reality, the average Facebook user’s post is visible to a maximum of 10 to 15 friends.
If the new paradigm is the exchange of private information for the opportunity to connect with friends, then social media sites like Facebook are not only not keeping their end of the bargain, they are also misleading their users concerning the exchange.
The agreement between the Postal Services and the users is that the user writes down an address and glues the required stamp on the envelope and the Postal Services delivers the letter. If the Postal Services would only deliver 12% of the mail you sent, you would righteously be outraged and start a law suit: you have a right to expect that each letter that you put the appropriate stamp on, gets delivered (or at least almost each letter, taking into account inevitable mistakes in delivery). Otherwise, you should only have to pay 12% of the stamp value. The same logic should apply for each status update on Facebook: with each status update, you give away private data that Facebook monetizes. You have a right to expect that each update gets delivered to its intended audience: your Facebook friends, at a minimum (unless you set your privacy setting to “only me”). By limiting the amount of your Facebook friends who can see your posts to 12%, Facebook is not keeping its purported end of the bargain. The whole concept of Facebook is built on the idea that one can share information with one’s Facebook friends. Facebook does not inform its users that they will only be able to share with at most 12% of their friends. The average Facebook user has a rightful expectation of reaching all his/ her Facebook friends with each update. Facebook monetizes 100% of all user’s updates, but gives only 12% of friend connection in return.
To add injury to insult, Facebook now plans to charge users who want more than 12% of their friends to see their posts on their news feeds, a few $$ per post with their new “Highlight” program.
To use the analogy with the Postal Services: this is the same as if the Postal Services would announce that if you want more than 12% of your letters to be actually delivered, you must pay a hefty premium ( on top of paying for the stamp). Otherwise, you can just continue to write the letter, pay for the stamp, send the letter, but sorry, only 12% of those letters will be delivered.
As far as I am concerned, I did a simple math exercise: I have around 180 Facebook friends. 12 % of 180 is 21.6. Out of the 21.6 friends who might see my post in their feeds, at least a couple will be too busy to check their newsfeed regularly and another couple will not have me included in the lists or groups that they do check. I am now down to approximately about 15 friends who might see my post. Out of those, maybe half will be inclined to occasionally engage with my posts. After making a cost/ benefit analysis of the time and effort it takes me to post, and the loss of privacy I experience by having each post monetized to third parties on the one hand and the benefit of connecting and sharing with a very small audience of maybe 15 Facebook friends on the other hand, I have come to the conclusion that the ROI is just not there for me.
Even a Facebook superstar with the maximum allotted 5000 Facebook friends, will only get a maximum reach of 600, and will have no say in who those 600 are, since they will be secretly and algorithmically determined by Facebook.
The only chance of ever reaching a significant audience is to make all your posts public and get hundreds of thousans of subscribers. Or to create a public Page, and get millions to “like” it.
Over time, Facebook has morphed from a site, where one could keep up with one’s friends, to an all-in-one Twitter, Google+, Pinterest wannabe public forum. Personally, if I want to post to those kinds of public fora, I post to Twitter, Google+, and Pinterest.
Where should I go to share with friends?
I am looking forward to reading your comments.

Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


First Infographic

A first try at Infographics. Tweet it, Like it, Pin it, Plus it and most of all, Like The Law Office of Monique Altheim!

create infographics with visual.ly

Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery


The Privacy Law Salon: Dialogue with Policymakers


Yesterday, the first Privacy Law Salon in Washington DC, took place at the National Press Club. The Privacy Law Salon: Dialogue with Policymakers, was “a unique meeting of the most experienced practitioners and corporate executives dealing with privacy law matters, and a unique opportunity to interact with the policymakers affecting the future of privacy.”
The purpose of the Salon was “to facilitate a high-level exchange of ideas and in-depth dialogue on cutting-edge and emerging issues that are vital to clients, corporations, government and the public interest.”
The Salon was held under the Chatham House Rule.
Some of the main points discussed included:
1. Do Not Track: The DNT system will be in place within a year from now.
2. EU and Global Privacy Interoperability:
  • The global debate of the EU prescriptive system v. the US enforcement system will take center stage in the coming year.
  • The global flow of information has been rephrased as a trade policy issue: the use of mutual recognition and enforcement arrangements, so information can flow freely.
  • Many are uncomfortable with the notion of the US seeking “adequacy” status from the EU. The terms “interoperability” and “mutual recognition” are much preferred.
  • The single most important action from the US towards “interoperability” with the EU would be the passing of the “Privacy Bill of Rights” proposed by The White House last February, but it is very questionable whether this bill will be passed within the next year.
  • Instead, the Safe Harbor and BCR Frameworks will probably be expanded.
3. Context:
  • The new “context of interaction “ standard, recommended in the FTC  report of last March, for establishing whether the consumer needs to be provided with privacy choice when personal data are collected, prompted a lot of participants to demand clarification as to exactly what that new standard meant: Is the new standard to be measured by the “Expectation of Privacy” from the consumer, or should the absence v. possibility of harm to the consumer be preferred as a measuring rod in order to determine whether the collection of personal data happened within the “context of interaction”? The latter seemed to be the more popular view.
  • This lead to a request from participants for more clarity and guidance as to what exactly constitutes “privacy harm”.
4. Hot Topics: As current “hot topics” in Privacy were mentioned:
  • Social Media Policies and their need for compliance with the NLRB rules.
  • The need for coherence in policymaking and applications of the rules.
  • The need for more technical knowledge from the regulators.
  • The gaps in health data coverage by HIPAA. The example was cited of the physician who does not accept health insurance, and therefore is not covered by HIPAA.
  • The “Cloud” and access to personal data by Governments.
5. FTC Enforcement Issues: Participants expressed a desire for more transparency and for more disclosure of standards used in FTC settlements. It was pointed out that, even though the right to appeal the FTC settlement decisions exists, it has never been exercised.
The lack of jurisprudence in this area was unanimously deplored.


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery

  • Quote of the Day: Dharun Ravi Finally Speaks – Dharun Ravi says he does not regret not taking the plea deal, and tha… http://t.co/8LQLmx1M #
  • Senator Wants To Make It Illegal For Employers To Ask For Your Facebook Password http://t.co/4NQ1yo8z #
  • Philippines Passes Omnibus Data Protection Law – On March 20, 2012, the Philippine Senate unanimously approved an E… http://t.co/Pdq8eLOP #
  • Pa. Firm Claims Ex-Partner Used Portable Drives to Steal Client Files http://t.co/MzZLKggd #
  • Three Of The Internet's Biggest Problems, According To Google's Eric Schmidt http://t.co/vMHPDg90 #
  • Pointer: Verizon DBIR 2012 http://t.co/87Hjdrzd #
  • Follow-up: Anger follows University of Tampa data breach http://t.co/K9tnRo4u #
  • Breach Leaves Thousands Of Kaiser Permanente Employees Checking Their Credit Report http://t.co/DL0Yg9JM #
  • RT @ZDNet: Facebook changes privacy policy: Is your personal data now 'fair game'? http://t.co/s1sw4oNO #
  • Follow-up: Two men who stole bank info from Michaels customers headed to federal prison http://t.co/MYHivVwg #
  • Maryland and Illinois Introduce Bills to Limit Employer Access to Employees' Social Networking Accounts http://t.co/azZnwZYh #
  • NTIA Extends Deadline for Comments on Developing Consumer Data Privacy Codes of Conduct http://t.co/vuq9qShq #
  • MI: Wayne County sends out email blast containing some 1300 names and social security numbers http://t.co/6JBpCNqE #
  • Da Silva Moore Plaintiffs File Reply Brief In Support of Objections to Discovery Rulings http://t.co/cdimBAUx #
  • Trayvon Martin And The Failure To Intervene – In one 911 call after the shooting of Florida teenager Trayvon Martin,… http://t.co/b5YLLjR0 #
  • US-EU Safe Harbor Framework News and Views http://t.co/7EZKNslX #privacy #eudpconf #privchat #
  • US-EU Safe Harbor News and Views http://t.co/3ddkQ3YC #
  • Third Circuit Addresses Taxable Costs: Vacates Award of the District Court, Remands with Instructions to Re-Tax Cost… http://t.co/P4Xn2Fa8 #
  • Podcast of EU-US panel: Enforcing the protection of personal data with @cedric_laurant http://t.co/276ks81h #privacy #dataprotection #
  • EU Privacy and Protection of Personal Data: U.S.- EU Safe Harbor panel VIDEO http://t.co/7DeqvnsP #
  • Update: Computer seized over Belfast City Hall breach http://t.co/w8JHGXhK #
  • Privacy and Data Protection; Americans are from Mars, Europeans are from Venus. My report on a most fascinating… http://t.co/av9vTpUc #
  • Privacy & Data Protection: Americans are from Mars, Europeans are from Venus http://t.co/DJ33HNR3 #eudpconf #
  • EU Privacy and Protection of Personal Data: U.S.- EU Safe Harbor panel VIDEO http://t.co/7DeqvnsP #eudpconf #
  • Podcast of EU-US panel: Enforcing the protection of personal data with @cedric_laurant http://t.co/276ks81h #eudpconf #privacy… #
  • Ph: Senate approves Data Privacy Act on 3rd reading http://t.co/RNSFV29Q #
  • Would You Buy A Drone To Walk Your Child To School? – Consumers may embrace drones as readily as they embraced Faceb… http://t.co/j06FIQkp #
  • How LinkedIn Is Like OKCupid – LinkedIn users with a photo in their profile are seven times more likely to have thei… http://t.co/Lsrnr1gH #
  • Ediscovery and DataProtection Daily is out! http://t.co/CkzbLJTx ▸ Top stories today via @jeffrichardson @CompTechReview @LitSuppGuru #
  • #eudpconf Privacy regulators: U.S. and EU will take different approaches #eudpconf http://t.co/7Mn7CL53 #
  • US-EU Safe Harbor Framework under attack in Washington DC EU Conference http://t.co/BzKVXyaI #
  • On the occasion of the EU Conference on Privacy and Protection of Personal Data, held simultaneously in Washington… http://t.co/gUzPtBmg #
  • Quote of the Day: Deletion Is Futile – "Text messages, tweets, e-mails, iChats are never gone. Be careful. I’ve alre… http://t.co/OFRV2fYa #
  • #eudpconf LeBail (EC): Law or not Law, that is the question #
  • #eudpconf vin Reden: Safe Harbor is now a teenager & needs a lot if TLC & a lot of money! #
  • #eudpconf re: improvements Safe Harbor: O'Neill(DoC): more resources; Albrecht (MEP): individual redress;Smith(ICO):more audits; #
  • Does Webcam Spying Really Deserve A Ten-Year Prison Sentence? http://t.co/0WUBZdOS #
  • #eudpconf A lot of talk today from regulators & commissioners of " room for improvement" of Safe Harbor framework, without specifying how. #
  • #eudpconf LeBail: Safe Harbor is not at risk with new EU Regulation #
  • #eudpconf Nemitz: if Codes of Conduct will encapsulate Safe Harbor Principles, it will be a great step towards EU finding US adequate #
  • #eudpconf Kohnstamm: if multi stakeholders' agreement results in opt-out for OBA, it will not be adequate from the EU viewpoint #
  • #eudpconf Chester: FTC enforcement good under Obama, but under previous administration, FTC was asleep at the digital switch #
  • #eudpconf Mithal (FTC) : FTC's better PR helps to serve as a deterrent for infractions, so thank you P. Nemitz for the compliment! #
  • #eudpconf In EU, enforcement of data protection is enforcement of human right, as well as enforcement of constitutional right in many stats #
  • #eudpconf Paul Nemitz: FTC global leaders in data protection? Perhaps global leaders in PR #
  • #eudpconf Kerry (DoC) explains how in US legal system, Codes of Conduct are legally enforceable. #
  • #eudpconf http://t.co/9OObE3vv session 3: Enforcing the protection of personal data #
  • #eudpconf Brill (FTC): FTC's enforcement actions also protect the global community eg Facebook community #
  • Data Privacy Regulation for Websites in China Takes Effect, National Standards for All Industries Forthcoming http://t.co/1jJfoct7 #
  • ‘Indian call centres accused of selling Britons’ personal data for as little as two pence’ http://t.co/5K1GBry6 #
  • #eudpconf Question abt incorporating & investing in PETs besides legislation #
  • #eudpconf Pradelles (HP): why not give adequacy status to compliant companies/organizations like it is given to countries #
  • #eudpconf Voss (MEP): we need global data traffic regulation #
  • #eudpconf Boulanger: Move in US towards more legislation will improve interoperability with EU #
  • #eudpconf Ulmer ( Deitsche Telekom) Harmonization & Legal Certainty essential #
  • Ediscovery and DataProtection Daily is out! http://t.co/CkzbLJTx ▸ Top stories today via @talk_2joe @kuan0 @DamienMcC_dli #
  • #eudpconf Ulmer( Deutsche Telekom) Privacy is global issue #
  • #eudpconf Peter Hustinx: if Obama's White Paper will be made binding ( voted into a law), then I can see EU finding US "adequate". #
  • #eudpconf Jennifer Stoddart very optimistic as well re interoperability #
  • #eudpconf Strickling believes mutual recognition (interoperability) can be achieved with Europe. #
  • #eudpconf 2 http://t.co/sFmY5ezM Panel on compatibility, compliance & accountability #
  • #eudpconf Markey proposes common rules for EU/US concerning data protection of 15 y olds and under #
  • #eudpconf refreshing to hear Markey advocating data protection legislation becse it's immoral not to, and not bcse of"consumer trust" issues #
  • #eudpconf Markey: For children, the right to be forgotten is also the right to develop, to grow up, to make mistakes. #
  • #eudpconf Dorff (EDRi) touched upon important issue: leakage of personal data from private to public sector. #
  • #eudpconf Consumer Trust popular buzz word so far. #
  • #eudpconf Bryson (US Secretary of Commerce) also states that data protection is essential for consumer trust, which is drive for dig. econ. #
  • #eudpconf Reding: New EU regulation will provide one-stop-shop for data protection regulation and enforcement #
  • #eudpconf LeBail :consumer trust important drive for innovation; Comprehensive Law improves consumer trust; ergo Law good for innovation #
  • #eudpconf Vladeck: Codes of Conduct more adaptable to fast changes in technology; Congress too slow; #
  • #eudpconf Vladeck(FTC) Voluntary codes of conduct are enforced by FTC the same as if they were enacted into law by Congress. #
  • #eudpconf Dorff (EDRI) US privacy framework falls far short of EU standards of pricacy as a fundamental human right #
  • #eudpconf Vladeck: interoperability is key in global economy #
  • Inside Telstra’s customer information breach http://t.co/y18wuHej #
  • #eudpconf Starting now #
  • New Methods for Legal Search and Review – New systems of e-discovery are emerging that are designed for today’… http://t.co/5cJo0OUx #
  • Police look into firm’s database of private info…. on 150 million! http://t.co/Mc7kiR4X #
  • Carder.su ID Theft Ring Busted; Feds Arrest 19 In 9 States http://t.co/Vd11SCGl #
  • Ediscovery and DataProtection Daily is out! http://t.co/CkzbLJTx #
  • GA: Thefts reported at OB/GYN offices in Gwinnett http://t.co/IsAtNcrF #
  • TRICARE Financial Fraud Claims Don’t Make Sense http://t.co/FjXC8S3X #
  • Laptop stolen from Kennedy Space Center worker’s car contained personal info on 2,300 http://t.co/baERaInZ #
  • Ediscovery and DataProtection Daily is out! http://t.co/CkzbLJTx ▸ Top stories today via @bfpennington @BlackStoneInfo @AdvDiscovery #
  • District Court Judge to Have Last Word on Computer-Assisted Review, Grants Plaintiffs' Motion to Allow Additional Br… http://t.co/Iv7evPR6 #
  • RT@thenextweb OS X Mountain Lion DP 2 now asks permission before allowing apps to access your contacts http://t.co/yLe55mls by @mpanzarino #
  • Oink Privacy Hole Exposes Everything You’ve Uploaded http://t.co/hqZyXyVM #
  • Ca: Private info of 4,600 B.C. students leaked http://t.co/KzGy6Sjo #
  • Thnx! RT @Tips4Tech: #FF @privatewifi @EUdiscovery @PrivacyProf @mikekeay @CyberRisk @MaximizeSocial @mklubok @DouglasDavidson… #
  • Thanks!!! RT @privacymatters: #FF @PrivacyProf @PrivacyPrivee @PaulbernalUK @privacychoice @zephoria @EUdiscovery #
  • EU Conference on privacy and protection of personal data in DC on 3/19 http://t.co/sy9Olhy1 #
  • Ediscovery and DataProtection Daily is out! http://t.co/CkzbLJTx ▸ Top stories today via @McAfeeDLP @bjgreenberg #
  • Univ. of Tampa notifies over 30,000 students and staff that their Social Security numbers were exposed on the Intern… http://t.co/tQeqg2ev #
  • Twitter Weekly Updates for EUdiscovery – #ediscovery #privacy http://t.co/9iZbalmq #

U.S. – EU Safe Harbor Framework News and Views

In 2000, the EU and the U.S. agreed on the Safe Harbor Framework as a means to ensure adequate protection for personal data, transferred from the EU to be processed by U.S. companies.
At the recent EU Conference on Privacy and Protection of Personal Data, held in Washington DC,  the last panel took the opportunity for taking stock and discussing the way forward for this agreement. In this session, businesses and regulators presented their views and experiences with the U.S.-EU Safe Harbor Framework.
Francoise Le Bail, Director-General for Justice, European Commission, started by reassuring all stakeholders that the current reform in EU Data Protection Law would not put the Safe Harbor Framework at risk as one of accepted ways for adequate transfer of personal data between the EU and the US, as was mentioned in the Joint Statement issued by EC Vice-President Viviane Reding and U.S. Secretary of Commerce John Bryson.
“In line with the objectives of increasing trade and regulatory cooperation outlined by our leaders at the U.S.-EU Summit, the United States and the European Union reaffirm their respective commitments to the U.S.-EU Safe Harbor Framework”.
The panelists considered the framework to be mostly a success story, with 3,000 US companies currently enrolled in the program, 50% of which are small and medium enterprises, but most agreed that the system could use some improvement.
David Smith of the British Data Protection Authority, the ICO, recounted the “absolutely awful” birth of the framework, the difficult young years and the current maturing into a working instrument for data protection interoperability between the US and the EU. “The mistrust is gone, as we believe the US is acting in good faith.” He did concede though, that a larger amount of audits would ensure better effective compliance by all companies.
Michelle O’Neill, of the Department of Commerce, added that in order to ensure better compliance, the supervising  departments needed more resources.
She announced that her department is currently discussing the expansion of the Safe Harbor Framework to non-profit organizations.
Hugh Stevenson, of the Federal Trade Commission, stressed the importance of enforcement and awareness raising in order to make compliance the norm, but deplored the lack of resources to achieve that goal. He appealed for more international enforcement cooperation as well.
Jan Philipp Albrecht, Member of the European Parliament, concurred that Safe Harbor was performing well but was in need of improvement on the compliance front. He suggested the granting of individual rights of action for consumers in order to ensure better compliance by the Safe Harbor certified companies. Currently, enforcement of Safe Harbor rests with the FTC, under section 5 of the FTC Act, which prohibits “unfair and deceptive trade practices”.
Nuala Kelly O’Connor, Senior Counsel – Information Governance & Privacy at General Electric, advocated for more global privacy interoperability, in addition to Safe Harbor, which is limited to the EU – US transfer of personal data.
For a complete overview of this panel, please watch this 4 Gigabyte HD video, which I taped and uploaded on my YouTube Channel EdiscoveryMap.
Moderator: Armgard von Reden, Lecturer at SRH and Quadriga University, Berlin
Participants, from left to right:
• Françoise Le Bail, Director-General for Justice, European Commission
• Michelle o’Neill, Deputy Under Secretary for International Trade,
US Department of Commerce
• Jan Philipp Albrecht, Member of the European Parliament
• David Smith, Deputy Information Commissioner, United Kingdom
• Hugh Stevenson, Deputy Director for International Consumer Protection, Federal Trade Commission
• Nuala O’Connor-Kelly, Senior Counsel – Information Governance & Privacy, General Electric

EU – US Privacy and Protection of Personal Data: Americans Are from Mars, Europeans Are from Venus

The High Level EU Conference on Privacy and Protection of Personal Data, held on March 19, was organized by the European Commission and hosted by the US Institute of Peace in Washinton D.C. The conference was held simultaneously in Brussels as well, via a video conference link.
This conference was meant to deepen transatlantic dialogue on commercial data privacy issues in order  to achieve further interoperability between the two systems at a time, when both the EU and the US have taken significant steps towards new data potection legislation.
On January 25, the European Commission had published a draft proposal for a new Data Protection Regulation , and on February 23, the White House had released its privacy blueprint, including the Consumer Privacy Bill of Rights.
On the occasion of this conference,  Commerce Secretary John Bryson and European Union Commissioner Viviane Reding announced in a joint statement a new commitment to collaborate on privacy issues and laws.
While most all panelists on the EU side insisted on the necessity of a binding set of laws, accompanied by individual rights of action in order to get significant privacy compliance from data controllers, most panelists on the U.S. side affirmed that voluntary codes of conduct, combined with enforcement by the FTC would achieve the same result, while allowing for more flexibility in adapting to the constantly changing technological landscape.
Even though the panelists went through great efforts to stress the common values and goals of the EU and U.S. policy makers, there is no denying that the European and American “privacy DNAs”remain vastly different. One major difference is the fact that, even in the commercial realm, privacy and data protection is a human and constitutional right in the EU, while in the U.S. it is at best considered a consumer right, if a right at all.
Did the conference achieve its goal of bringing the two sides a little bit closer together?
In order to enable those who could not attend the conference, either live or through video transmission, to judge for themselves, I wrote a “play” in three acts, based on the actual discussions that took place during three panels.

Americans Are from Mars, Europeans Are from Venus

Act 1: A Law or not a Law?

 Francoise Le Bail (EC): I realize I am in the Lion’s Den (giggle), but I shall be brave. It is critical to have a privacy LAW, so that people will TRUST the internet!
 Daniel Weitzner (White House): We will call on Congress to legislate in order to provide people with the necessary TRUST in the new information economy. But, meanwhile, we hope that the stakeholders will create their own little codes of conduct.
 David Vladeck (FTC): We all agree! Yay! By the way, did you know that in the U.S. Voluntary Codes of Conduct are just like Laws? We are so good, we even obey the law, when there is no law! And they are so flexible, to boot!
 Douwe Korff(EDRi): Waddya all talking about?? Did you know that in the EU, privacy is a human right? You need a CONSTITUTION to guarantee a human right! Voluntary codes of conduct, humph.
Mark Rothenberg (EPIC): I see a window of opportunity. I see legislation on the horizon.
Vivian Reding (EC): One-Stop-Shop!
John Bryson (White House): This will be a landmark year for data protection!
Ed Markey (D-MA): The Europeans are coming! I love them. We must legislate, especially my own very excellent proposal. Do it for the children, folks! It’s immoral not to.
APPLAUSE FROM THE EUROPEANS. END OF ACT 1.

Act 2: The Interoperability Dream

Lawrence Strickling (DoC): Yes, we can!
Jennifer Stoddart (Privacy Commissioner Canada): If the Europeans can do it with the Canadians, they can do it wit the Americans too!
Peter Hustinx (EDPS): Now wait, little children: first eat your voluntary codes, and make them binding, and then we shall see. I might have a surprise for you!
Daniel Pradelles (HP): Self Regulation Rocks! Plus, we at HP are the only ones to have BCRs approved by all DPAs of all the EU Member States.
Claus-Dieter Ulmer: (Deutsche Telekom): Will you make up your minds already?  The faster and the easier the solution, the better for us. Either way, we need to know.
Marie-Helene Boulanger (EC): First, second, third and finally, fourth. And if you Americans will get off your a..es and legislate already, well then, we might just become interoperable with you guys.
Axel Voss ((MEP): What we really need is global data traffic regulation.
Joe Alhadeff (Oracle): HOW on earth are you going to do all this?
END OF ACT 2. LUNCH.

Act 3: Let Me Count the Ways I Enforce Thee

Julie Brill (FTC): We at the FTC protect the Global Community with our fierce enforcement actions!
Cameron Kerry (DoC): The FTC is the Global Leader in enforcing privacy protection!
Paul Nemitz (EC): Global Leader?? Global Leader in P.R., ha!
Maneesha Mithal (FTC): Paul Nemitz, we make sure to publicize our daring dawn raids, so the bad guys will tremble in their board rooms, ha!
Jacob Kohnstamm (Dutch DPA) (with an inexplicable tired look on his face): We need to enforce to get compliance. And FYI, opt-out in OBA is NOT adequate. You give me explicit consent, I give you adequate, capice?
Kostas Rossoglou (BEUC): I wish we had class actions for data protection law suits.
Jeff Chester (CDD): The FTC enforces, and Google and Facebook are expanding their data collection like never before. Please listen to me, the entire world is analyzing the entire world!
Law Student Max Schrems (Europe v. Facebook) (fresh faced): I took Facebook to task, so why can’t you, old geezers?
Maneesh Mithal and Jacob Kohnstamm (in unison): if I were a rich man, lala lala lala la, all day long I’do nothing but enforce, la la la la la!
THE END

PANEL 3, moderated by Cedric Laurant, or where can be heard what really was said :


Safe Harbor, discussed during the fourth panel, will be the subject of a seperate post.


Twitter Weekly Updates for EUdiscovery


Twitter Weekly Updates for EUdiscovery

5 comments:

  1. Did you know that you can shorten your urls with AdFly and earn money from every click on your shortened links.

    ReplyDelete
  2. DreamHost is ultimately one of the best hosting company with plans for all of your hosting needs.

    ReplyDelete
  3. I got my first electronic cigarette kit from VaporFi, and I love it very much.

    ReplyDelete
  4. There's SHOCKING news in the sports betting world.

    It's been said that every bettor needs to look at this,

    Watch this or quit placing bets on sports...

    Sports Cash System - Advanced Sports Betting Software.

    ReplyDelete
  5. +$3,624 PROFIT last week...

    Receive 5 Star verified winning bets on MLB, NHL, NBA and NFL + Anti-Vegas Smart Money Signals!!!

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...