Monday, August 11, 2014

It sounds trivial, but ask yourself what other laws, rules, regulations or procedures they don't bother following.
Kevin Cirilli reports:
An internal government report obtained by The Hill says the Securities and Exchange Commission has failed to properly guard sensitive nonpublic information. [READ INSPECTOR GENERAL REPORT.]
The report from the SEC’s Inspector General says the agency failed to clear the room during non-public executive session votes of the five-member board.
It also found that officials didn’t keep complete attendance records during at least one high-profile meeting involving a J.P. Morgan settlement worth $200 million.
The 16-page Office of the Inspector General (OIG) report didn’t blame an individual for leaking information, but it raised questions about how the agency conducts routine business.
Read more on The Hill.

(Related)
Preparing For Your First Board Meeting? Security Now #1 Topic
Corporate Board Member and FTI Consulting recently conducted a study involving more than 500 directors and general counsel. Among the many interesting findings was a significant rise in concerns related to IT and cyber risk.
When asked, “What keeps you up at night?” directors placed data security at the top of their list. Corporate reputation and crisis preparedness were tied for fifth. General counsel had data security at number two behind regulatory compliance, followed by corporate reputation and crisis preparedness as number three and four respectively.


The pendulum of the law swings again.
Orin Kerr writes:
Back in March, I had a long post titled “A remarkable new opinion on search warrants for online accounts — and why I think it’s wrong.” My post addressed an opinion by Magistrate Judge John Facciola that had rejected the common practice of executing e-mail warrants in two steps. Under the two-step process, the provider gives the government the entire contents of the account. Next, investigators search through the account for the specific evidence sought by the warrant. Facciola ruled that this procedure was “repugnant to the Fourth Amendment.” According to Facciola, the better approach — and perhaps the constitutionally mandated approach — is to have the service provider execute the warrant for the government and then send on the responsive files to investigators.
On Friday, Chief Judge Roberts reversed Magistrate Judge Facciola.
Read more on WaPo The Volokh Conspiracy.


How it should be done?
Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance
by Sabrina I. Pacifici on Aug 10, 2014
Sylvain, Olivier, Failing Expectations: Fourth Amendment Doctrine in the Era of Total Surveillance (July 28, 2014). 49 Wake Forest Law Review 485. Available for download at SSRN: http://ssrn.com/abstract=2473101
“Today’s reasonable expectation test and the third-party doctrine have little to nothing to offer by way of privacy protection if users today are at least conflicted about whether transactional noncontent data should be shared with third parties, including law enforcement officials. This uncertainty about how to define public expectation as a descriptive matter has compelled courts to defer to legislatures to find out what public expectation ought to be more as a matter of prudence than doctrine. Courts and others presume that legislatures are far better than courts at defining public expectations about emergent technologies. This Essay argues that the reasonable expectation standard is particularly flawed if it has the effect of encouraging judges to seek guidance from legislatures on constitutional norms and principles. Judicial review is the vital antimajoritarian check against excessive government intrusions on individual liberty under our constitutional scheme. This is a responsibility that courts cannot pass off to the political branches when, as is the case today, most people expect that the cost of network connection is total surveillance. It is beyond irony that, today, courts consult public expectation to determine private entitlements. This Essays argues that court-administered privacy law doctrine must change if the protection against “unreasonable searches and seizures” is to have any positive legal meaning. The current court-created doctrine will not be able to keep up if it compels judges to measure public expectation. It is time for courts to reassert their positive duty to say what privacy law is.”

No comments: