This shouldn't surprise
anyone...
Allison Bell reports:
The
federal agency that enforces health data security regulations did a
poor job of protecting the data it was using in its own
investigations.
Officials
at the Office of Inspector General at the U.S. Department of Health
and Human Services announced that conclusion in this latest report.
Thomas
Salmon and other HHS OIG staffers were looking at the efforts of the
HHS Office for Civil Rights to enforce the Health Insurance
Portability and Accountability Act health data Security Rule.
Read more on Benefits
Pro.
Related:
The
Office for Civil Rights Did Not Meet All Federal Requirements in Its
Oversight and Enforcement of the Health Insurance Portability and
Accountability Act Security Rule (complete report, .pdf, 26 pp.)
Hmmmm.
Jenna Green reports
what’s on the FTC’s wish list for legislation:
…
Ramirez said she favors making the FTC the sole
federal agency in charge of enforcing a uniform set of national data
breach notification requirements. Such requirements would
compel businesses to notify consumers of a data breach promptly, and
also to notify credit bureaus. The FTC has urged Congress to give
the agency civil penalty authority against companies that fail to
maintain reasonable security.
Ramirez
also said she supported making the federal rules supersede state
requirements—and to make the rules enforceable by both the FTC and
state attorneys general. Further, she said a violation of data
breach requirements should be deemed an unfair or deceptive act in
commerce, and thus subject to FTC authority under the FTC Act.
Read more on Law.com,
as there’s much more to their wish list but I’m just focusing on
breach notification in this post.
Of course, some of the
proposed federal data breach notification laws did make the FTC the
responsible federal agency for enforcement, but not all of them do.
And as I’ve argued repeatedly for lo, these many years, a federal
data breach notification law that supercedes the patchwork of state
laws is a great idea – but only if it is as strong as the strongest
existing state law so that consumers do not lose protections they
currently have. The federal law would also need to encompass data in
all formats and clarify who has the responsibility to notify
consumers when the data loss or breach occurs at a contractor or
vendor. And of course, it needs to have some safe harbor provisions
that would encourage entities to implement rigorous security.
And while we’re on
the subject, see Adam Greenberg’s report on why breach notification
laws are likely to remain state-by-state.
Not voluntary because
he was surrounded by cops? How many cops does it take to be
intimidated? (One with his gun in hand would probably work for me)
Orin Kerr writes:
Yesterday
the Fourth Circuit handed down an interesting Fourth Amendment
decision in United
States v. Robertson, involving a consent search at a bus
shelter. It’s a rare published decision from the Fourth Circuit,
with a divided vote, and my tentative view is that the dissent is
correct.
As
I understand the facts, several officers converged on
the bus shelter (which I assume something like this)
to try to figure out if any of the people at the shelter knew of a
foot chase involving a gun that had just been reported in the area.
Robertson was one of the men sitting at the bus shelter, and he was
approached by Officer Welch. Welch asked Robinson, “Do you have
anything illegal on you?”, but Robertson remained silent. Welch
then waved Robertson toward him and said, “Do you mind if I search
you?” Robertson stood up, walked two yards towards Officer Welch,
turned around, and raised his hands above his head. Welch interpreted
that as consent, and conducted a search. The search recovered a
firearm, and that led to charges for illegal firearms possession.
Read more on The
Volokh Conspiracy.
Well, that's why there
is a Supreme Court. OR, does the exemption cover anything I do on a
regular basis?
Julia Love reports:
A
pair of Silicon Valley judges have dramatically parted ways on how
much wiggle room email providers have under federal wiretap laws to
gather user information.
In
an order issued Tuesday evening, U.S. Magistrate Judge Paul Grewal of
the Northern District of California tossed a class action that
accused Google of violating users’ privacy by harnessing their
personal data across various products. Grewal ruled in In re
Google Privacy Policy Litigation, 12-1382, that Google’s
practices fall under an exemption in federal anti-surveillance
laws for activities conducted by communications service providers in
the “ordinary course of business.” Congress crafted that
phrase to cover a wide range of activity, he concluded, siding with
Google’s lawyers at Durie Tangri.
“The
amended complaint fails to allege any interception that falls outside
the scope of this broad immunity,” he wrote in a 30-page
order.
That
philosophy appears to clash with the thinking of U.S. District Judge
Lucy Koh, who refused
to let Google off the hook in another pending privacy suit.
Read more on Law.com.
“We can, therefore we
must!” Even if it doesn't really work too well yet.
Glyn Moody writes:
One
of the reasons that the total surveillance programs of the NSA and
GCHQ are possible is that computers continue to become more
powerful and cheaper, allowing ever-more complex analyses to be
conducted, including those that were simply not feasible before.
Here’s another
example of the kind of large-scale monitoring that is now possible,
as reported by Nikkei Asian Review:
NEC
announced that it has developed the world’s first crowd behavior
analysis technology. Based on the simulated behavioral patterns
exhibited by people in emergencies, the system is designed to detect
any abnormalities in the behavior of congested public places.
Read more on TechDirt.
I'm a sucker for a good
infographic...
A
Visual History of Computers
Very slick!
Pop
Up Archive Transcribes and Tags Sounds, Searches Historical
Broadcasts
Initially started as a
project at University of California, Berkeley, Pop Up Archive is a
new tool to help journalists, media, archivists, historians and
others easily find and reuse sound.
“As
we launch Pop Up Archive publicly, our goal has grown much bigger. We
want to make it easy for all storytellers to find and reuse recorded
sound. Now, anyone can visit popuparchive.org to make audio findable
through auto-transcription, auto-tagging, and easy-to-use sound
management tools. We’re gathering thousands of hours of sounds
from around the world, audio collections large and small — and
they’re all waiting to be discovered,” says Anne Wootton,
one of the co-founders.
After having made an
audio recording, users can upload it to Pop Up Archive, which
automatically transcribes it and issues timestamps,
making it easy to search for the recordings. The sounds are indexed
so they can be recovered by keyword, date, contributor, location and
more. Transcribing isn’t new, of course, and tools like Voicebase
already offer that.
“We’ve
done the heavy lifting and tethered lots of services in one place:
transcription, cataloging, storage, preservation, a hypermedia API,
and a platform for processing large amounts of digital sound,”
Pop Up Archive says in its description.
Right now, you can
visit the website and search through the archives that it has stored,
in partnership with Public Radio Exchange (PRX). You can hear Buster
Keaton explaining silent film captioning; Chicago Mayor Rahm
Emanuel’s plans for his city; and the future of Bitcoin.
There’s thousands of
hours of great audio waiting to be discovered at the Pop
Up Archive.
No comments:
Post a Comment