Friday, September 14, 2012

Worth a close read. Is this the state of modern journalism or am I just overly suspicious?
30-plus laptop computers stolen from Jacksonville’s Wounded Warrior project HQ
September 14, 2012 by admin
Dan Scanlan reports:
At least 33 laptop computers and iPads were stolen in late July from the Wounded Warrior Project’s third-floor office at 4899 Belfort Road in Jacksonville.
They may contain personal information on “some, but not all of our former employees,” [No risk to “clients?” Bob] according to a letter sent out Sept. 7 by Wounded Warrior Executive Director Steve Nardizzi. So he has offered victims free credit monitoring in case someone hacks into them.
Read more on the Florida Times-Union.
[From the article:
Spokeswoman Ayla Jay said the agency has been told whoever did this wanted to wipe out the hard drive and sell the computers. [I doubt it. Without a mind reader on staff this would be impossible, wouldn't it? Bob]
There’s no evidence any information was taken. [Except what was on the computers? Bob]
Our IT team was able to lock all of the stolen equipment [Makes it sound like this was done 'after the thefts' but it is also impossible to confirm Bob] so if anyone tried to get in, they could not have.”
Alarm records show someone pried open an office door seven times between 9:10 p.m. July 25 and 6:20 a.m. the next day, according to the police report. [Great alarm system guys... Bob] Each time they scooped up silver/gray Elite Books laptops as well as one iPad — about $27,000 worth. More missing computers will be added as serial numbers are obtained, the report said.


Unfortunate
Twitter to surrender Occupy protester’s tweets – lawyer
September 14, 2012 by Dissent
Joseph Ax reports:
Twitter is expected to hand over tweets from an Occupy Wall Street protester to a New York criminal judge on Friday after months of unsuccessfully fighting a subpoena from prosecutors, the protester’s lawyer said on Thursday.
Manhattan Criminal Court Judge Matthew Sciarrino ordered Twitter earlier this week to comply with the subpoena by Friday or face contempt and a substantial fine.
Read more on Reuters.


Very interesting idea. Something security consulting firms could adapt?
By Dissent, September 14, 2012
The Office of the National Coordinator for Health Information Technology’s (ONC) Office of the Chief Privacy Officer (OCPO) has released its first web-based security training module, CyberSecure: Your Medical Practice. Play the Game Now.
The security training module, which was developed with the assistance of the Regional Extension Center Program’s Privacy and Security Community of Practice, uses a game format that requires users to respond to privacy and security challenges often faced in a typical small medical practice. Users choosing the right response earn points and see their virtual medical practices flourish. But users making the wrong security decisions can hurt their virtual practices.
The use of gamification by ONC is an innovative approach aimed at educating health care providers to make more informed decisions regarding privacy and security of health information.


Is that what he meant?
Presentations on the Obama Administration’s “Privacy Bill of Rights” and the Proposed Amendments to the EU Data Privacy Directive
September 13, 2012 by Dissent
Eric Goldman has a blog post on his presentations on the Obama Administration’s “Privacy Bill of Rights” and the Proposed Amendments to the EU Data Privacy Directive. You can read his blog entry and access copies of his presentations on Technology & Marketing Law Blog.


Stronger, always stronger...
Where would a constitutional challenge to FERPA leave us?
September 13, 2012 by Dissent
Frank D. LoMonte has a commentary on Inside Higher Ed, “Why FERPA Is Unconstitutional.” In his commentary, he suggests that the Supreme Court’s ruling in National Federation of Independent Businesses v. Sebelius (the “Obamacare” ruling) could also be applied to FERPA (the Family Educational Rights Privacy Act). You can read his analysis and argument on Inside Higher Ed.
While LoMonte, a lawyer who is executive director of the Student Press Law Center, sees the demise of FERPA as a good thing, I fear we’d be throwing the baby out with the bath water. That FERPA has been misused is indisputable. But it is equally indisputable that state education agencies and local education agencies (school districts) need some clear bright line on what information they may not disclose or share without parental consent (or the student’s consent when the student comes of age). Absent such firm prohibitions backed up by meaningful and severe consequences, nothing really stops schools from unfettered data sharing. Mr. LoMonte writes:
To be clear, striking down FERPA will not throw open genuinely private records that everyone agrees should be kept confidential. Grades, minor disciplinary scrapes and other non-newsworthy information still may be kept secret, because open-records statutes exclude information that clearly invades personal privacy.
“Still may be” is not “will be.” We have already seen the Oklahoma State Education Department decide that their open records laws required them to reveal personally identifiable information about students and their families, including grades. With FERPA off the books, we would be more likely to see such outrageous trampling of the privacy of education records.
With FERPA off the books, what would stop school districts from selling lists of their top 20 seniors’ SAT scores or grades to college recruiters?
LoMonte writes:
With FERPA off the books, schools and courts will be free to make common-sense judgments as to when privacy has been waived – for instance, when a nationally known athlete admits committing a crime – and secrecy serves no rational purpose.
Why should schools make the decision as to whether privacy has been waived? The schools will decide whatever is convenient to them or best serves their purpose – not the privacy interests of the students and parents.
And what will give parents or students the right to sue in court? As LoMonte notes, FERPA does not include a private cause of action. What state law provides for that? And do all states have that kind of law?
No, I fear that with FERPA gone, there will be no strong inducement for schools to even attempt to secure and protect students’ educational records.
This balancing test – weighing, case-by-case, personal privacy against the community’s interest in disclosure – is the right way to protect legitimate confidences while giving the public the information essential to evaluating how its schools are being managed.
Accountability and transparency are important, of course. We agree on that. But eliminating a federal law that protects privacy is not a solution. Would LoMonte suggest we get rid of HIPAA, too, because sometimes that’s used as a basis for denying the public and press information that it deems essential in evaluating situations?
If LoMonte would care to outline or propose a better federal protection law for student privacy, I’m all ears. I think FERPA started out with the best of intentions, but the current situation on data security and privacy of student education records leaves much to be desired. But just declaring FERPA unconstitutional without replacing it with a better law serves the press and community at the expense of student privacy.

No comments: