School officials on Wednesday said they reported a case of sexting to police to protect the privacy of students whose naked photos were being shared.
A female student saw pictures of a friend on a classmate’s phone in April and reported it to the assistant principal. The school’s resource officer called the Cape May County Prosecutor’s Office.
An investigation led to criminal charges being filed against 20 students at Lower Cape May Regional High School and the Richard M. Teitelman Middle School for allegedly invading the privacy of several female classmates.
This case has nothing to do with HIPAA, but should be a warning to zealous covered entities and other types of business entities trying to give patients or consumers more information about data privacy than is required under applicable law. In short, giving individuals more information is not better, especially where the information might be construed as partially inaccurate or misleading.
License plate scanners have become a fact of life. They’re attached to traffic lights, on police cars — even “repo” staff use them. All those devices have created a torrent of data, raising new concerns about how it’s being stored and analyzed.
Bryce Newell’s laptop is filled with the comings and goings of Seattle residents. The data comes from the city’s license plate scanner, acquired from the police through public disclosure requests. He plugs in a license plate number, uncovering evidence of long-forgotten errands.
Privacy law in the U.S. is weaker than in most places, but hey, at least we’ve got Section 5.
While many countries around the world have affirmative privacy protections for most data, the U.S. instead enforces a hundred-year old prohibition against deceptive business practices to merely prohibit companies from tricking people about data practices. In recent years, the FTC has expanded its interpretation of Section 5’s ban on deceptive practices to apply not just to misstatements but also to affirmative omissions—that is, when by failure to mention a potentially controversial privacy practice, the company is effectively trying to deceive consumers. This line of enforcement is all in the name of creating external accountability for privacy practices, and a transparent market for personal information. This market is far from perfect, and I think the law should do more to empower people to assess various privacy practices and control the flow of their information.
Still, at bottom, the U.S. has always had one (fairly low!) baseline: don’t lie about what you’re doing.
Recently, however, even this weak standard has been called into question—by two sitting Commissioners of the FTC no less.
There are some good and bad parts of the settlement. Although I am unhappy with how it reads at a glance — it seems like a defeat — under closer inspection, you can see that New Jersey’s ‘victory’ is Pyrrhic at best.
The new Investigatory Powers Bill, announced in yesterday’s Queen’s Speech, will include legislation to force Internet companies to give access to encrypted conversations of suspected terrorists and criminals. According to The Telegraph: “New laws will require WhatsApp, which is owned by Facebook, Snapchat and other popular apps to hand messages sent by their users to MI5, MI6 and GCHQ about suspects under investigation.”