Sunday, March 17, 2019

Privacy (law) is spreading faster than swine flu.
Joseph J. Lazzarotti, Jason C. Gavejian and Maya Atrakchi of Jackson Lewis write:
The California Consumer Privacy Act (CCPA), which goes into effect January 1, 2020, is considered the most expansive state privacy law in the United States. Organizations familiar with the European Union’s General Data Protection Regulation (GDPR), which became effective on May 25, 2018, certainly will understand CCPA’s implications. Perhaps the best known comprehensive privacy and security regime globally, GDPR solidified and expanded a prior set of guidelines/directives and granted individuals certain rights with respect to their personal data. The CCPA seems to have spurred a flood of similar legislative proposals on the state level.
Since the start of 2019, at least six state legislatures have already introduced privacy laws mirrored largely on the CCPA. Below are some of the highlights of each state legislative proposal:
[From the article:
  • Hawaii
  • Maryland
  • Massachusetts
  • Mississippi
  • New Mexico


(Related)
Victorianne Musonza writes:
In the shadow of the EU General Data Protection Regulation, which went into effect in 2018, and the resurgence of global privacy laws, Virginia has proposed a new privacy statute, HB 2793, that imposes a duty of care on businesses on the disposal of personal information. HB 2793 applies to both paper and electronic records. Businesses that own, license or maintain personal information about customers will be required to comply with the bill.
The bill does not cover publicly available information that an individual has voluntarily disseminated and/or consented to be listed, such as a name, address or telephone number.
Read more on IAPP.


(Related)
Hunton Andrews Kurth writes:
On February 28, 2019, Thailand’s National Legislative Assembly finally approved and endorsed the draft Personal Data Protection Act (the “PDPA”), which will now be submitted for royal endorsement and subsequent publication in the Government Gazette. Publication is anticipated to occur within the next few weeks.
The PDPA provides for a one-year grace period, such that the operative provisions concerning personal data protection, rights of data subjects, complaints, civil liabilities and penalties will take force one year after publication in the Government Gazette. The aim is to allow sufficient time for business operators to prepare and implement internal controls and systems for PDPA compliance.




Perhaps they are just creapy?
Maybe some people are starting to wake up to the risks? Writing about voice assistant devices like Siri and Google Assistant and Alexa, Eric Johnson writes:
Whether it’s your alarm clock, bluetooth speaker, or even microwave, voice assistants can be found in practically every room of a home or office. But more and more people are starting to think twice before asking Alexa for the daily forecast. According to a recent PwC survey, 38 percent of participants chose not to purchase a smart device because they “don’t want something listening in on [their lives] all the time.” Additionally, 28 percent of respondents are “concerned about privacy issues with [their] data/security.”
Read more on TNW.




Just because I went to school with Tony Soprano does not mean my voice reveals a mob connection. New Jersey, yes. Italian neighborhood, yes. Secret meatballl recipe, yes. Is that enough to convict?
Why companies want to mine the secrets in your voice
Voices are highly personal, hard to fake, and contain surprising information about our mental health and behaviors.
Voicesense makes an intriguing promise to its clients: give us someone’s voice, and we’ll tell you what they will do. The Israeli company uses real-time voice analysis during calls to evaluate whether someone is likely to default on a bank loan, buy a more expensive product, or be the best candidate for a job.




Courts don’t always think like I do. Do testing labs need to know the name of the person whose blood they are testing? If there was only a code provided by the doctor, then is the name protected?
A blood sample in a lab is not “information” within the physician-patient privilege statute. The state sought a search warrant for the blood sample. State v. Atwood, 2019 Minn. LEXIS 122 (Mar. 13, 2019).
I had never thought of that before, but yes, I can see how it is not “information” although the outcome/results/test report might be “information” as it is necessary to provide treatment to the patient.   But if the purpose of privilege is to make the patient feel safe providing information that the doctor needs to properly diagnose and treat, then is this court splitting a hair that shouldn’t be split? What if a patient declined to give doctors a DNA sample to test for hereditary diseases like Huntington’s? The doctor needs the information to treat/advise the patient, but if the sample isn’t protected from non-parties to the medical relationship….?




How do you counter a manifesto before the act?
Technology is terrorism’s most effective ally. It delivers a global audience
Terrorism is effective because it always seems near. It always seems new. And it always seems personal. Ever since the first wave of terrorist violence broke across the newly industrialised cities of the west in the late 19th century this has been true.
It feels personal because, although statistics may show we are many times more likely to die in a banal domestic accident, we instinctively conclude from an attack on the other side of the street, the city or, in the case of New Zealand, the other side of the world, we might be next.
… Tarrant said in his “manifesto” that he did not seek to die, but accepted that might happen. But he will still be seen as a martyr to the cause by supporters. The word martyr is of Greek origin and refers to a witness. The Arabic equivalent has similar roots. Witnesses need an audience or their acts are empty. For some terrorists, that witness is God alone, but these are few. For a growing number, that audience, via Facebook, via virtually unmoderated sites in the dark corners of the web, via the mainstream media they so detest and suspect, is everyone.


(Related)
Facebook removed 1.5 million videos of the Christchurch attacks within 24 hours — and there were still many more.


No comments: