Data Privacy Detective
Data Privacy Detective
About Data Privacy Detective
Data privacy is the footprint of our existence. It is our persona beyond ourselves, with traces of us scattered from birth certificates, Social Security numbers, shopping patterns, credit card histories, photographs, mugshots and health records. In a digital world, where memory is converted to 0’s and 1’s, then instantly transformed into a reproduction even in 3D, personal data is an urgent personal and collective subject. Those who wish to live anonymous lives must take extraordinary measures to succeed in that improbable quest, while those who hope for friendship or fame through the spread of their personal data must learn how to prevent theft of their identity and bank account. If you have ideas for interviews or stories, please email firstname.lastname@example.org. The internet in its blooming evolution makes personal data big business – for government, the private sector and denizens of the dark alike. The Data Privacy Detective explores how governments balance the interests of personal privacy with competing needs for public security, public health and other communal goods. It scans the globe for champions, villains, protectors and invaders of personal privacy and for the tools and technology used by individuals, business and government in the great competition between personal privacy and societal good order. We’ll discuss how to guard our privacy by safeguarding the personal data we want to protect. We’ll aim to limit the access others can gain to your sensitive personal data while enjoying the convenience and power of smartphones, Facebook, Google, EBay, PayPal and thousands of devices and sites. We’ll explore how sinister forces seek to penetrate defenses to access data you don’t want them to have. We’ll discover how companies providing us services and devices collect, use and try to exploit or safeguard our personal data. And we’ll keep up to date on how governments regulate personal data, including how they themselves create, use and disclose it in an effort to advance public goals in ways that vary dramatically from country to country. For the public good and personal privacy can be at odds. On one hand, governments try to deter terrorist incidents, theft, fraud and other criminal activity by accessing personal data, by collecting and analyzing health data to prevent and control disease and in other ways most people readily accept. On the other hand, many governments view personal privacy as a fundamental human right, with government as guardian of each citizen’s right to privacy. How authorities regulate data privacy is an ongoing balance of public and individual interests. We’ll report statutes, regulations, international agreements and court decisions that determine the balance in favor of one or more of the competing interests. And we’ll explore innovative efforts to transcend government control through blockchain and other technology. In audio posts of 5 to 10 minutes each, you’ll get tips on how to protect your privacy, updates on government efforts to protect or invade personal data, and news of technological developments that shape the speed-of-bit world in which our personal data resides. The laws governing legal advertising in some states require the following statements in any publication of this kind: "THIS IS AN ADVERTISEMENT."
Decentralized Finance – DeFi – is with us and spreading. Tune in to Episode 140 to understand DeFi - how blockchain technology works and what privacy concerns are at stake. Consider a technology that increases the protection of organizational and individual private information when financial transactions are conducted through DeFi instead of traditional buyer-seller information technology. Anish Mohammed, Co-Founder, CTO, and Chief Scientist of Panther Protocol, explains how DeFi works and the privacy considerations about its use. He discusses with the Detective the ways in which DeFi can be conducted in a way to protect financial data and trading strategies of DeFi participants, as well as how we as individuals can better guard our own identities and wealth. 01:07 — What is DeFi? 06:13 — Panther Protocol 09:49 — Advice for businesses 10:52 — Advice for individuals
Tech giants have invented eyeglasses that can tell us the name of a person we encounter. An image of the person is sent to an AI database. Within seconds, the glasses name the individual we are seeing. Retinal scans, fingerprints, photos posted on Facebook, Fitbit data about heart rate – all represent biometric information about us that is digitized and sent into the data stream. Imagine how useful such eyeglasses will be to visually impaired persons. The convenience and security of biometric data in making purchases or getting through airline security – undeniable. But also imagine how an authoritarian government or mal-actor can use biometric information teamed with AI to follow and target us. Is privacy dead? Has biometric AI gone too far? Tune in to Episode 139 for a tour of these profound issues. What are biometrics and how do biometric data get turned into products and services for good and ill? What laws and regulations protect and restrict biometric use? Who owns an individual’s image? Can others access our data without our consent? What can organizations and individuals do about this? Dan Cotter, attorney at Howard & Howard, discusses these matters with the Detective in Episode 139. Time stamps: 03:20 — Do current laws have protections for people's biometric data? 06:50 — Do we own our own biometric data? 11:05 — Tips for individuals 13:31 — What are the top issues that arise for organizations that use biometric info?
August 2023 was a news-filled month for data privacy. Tune in for a review of top developments: Biometrics – how Illinois deals with ClearviewAI’s use of facial recognition data and how a new lawsuit challenges Amazon’s and Starbucks’ use of biometric payment systems in New York City CFPB – how the U.S. Consumer Financial Protection Bureau has declared its intent to regulate data brokers India – how its newly adopted Digital Personal Data Protection Act charts an independent course to protecting personal digital data privacy of Indian residents. Brion St. Amour and Yugo Nagashima of Frost Brown Todd LLP’s Data Security and Privacy Team join the Detective on a tour about the meaning of these developments. Time stamps: 00:10 — Biometrics 06:33 — CFPB 11:48 — India
The U.S. Government collects data globally about persons and organizations. In doing so, it collects vast amounts of data about U.S. persons “incidental” to collecting foreign intel for national security purposes. Since the Carter Administration when the Foreign Intelligence Surveillance Act (FISA) became law, this has raised conflicts between the personal privacy of U.S. and foreign persons and the Government’s interest in national security and crime prevention. The FBI has accessed FISA databases millions of times through U.S. person queries without a warrant – creating front-page news and raising major concerns from the left and right of politics. Tune in to understand what is at stake, as Congress considers by December 31, 2023 whether and how to extend FISA. Learn about FISA, the reach of Section 702, how it operates in practice, and how the privacy issues involved affect data flows and commerce between the United States and Europe and the privacy of persons domestic and foreign. Consider how information about U.S. persons is involved and can be accessed without a judicial warrant. Our guests are Gene Price, a partner in Frost Brown Todd’s Louisville office, retired as Read Admiral from the U.S. Navy where he supported U.S. Cyber Command and Naval Information Forces Reserve, and Yugo Nagashima, a partner in the firm’s Washington, D.C. office and Deputy Chair of its Data Security and Privacy Team. Time stamps: 01:45 — What is FISA? 09:23 — What is a “US person query”? 15:15 — What are the privacy implications of FISA?
The world’s most populous country adopted a comprehensive data privacy code in August 2023 – the Digital Personal Data Protection Act. Join this episode for a tour of the law’s main features. A departure from the EU’s GDPR approach and from prior draft bills of the Government, India took a unique approach to protecting digital personal information of its residents. Instead of data localization, it chose to encourage global data flows under relatively flexible standards while requiring reasonable safeguards to prevent data breach. The law will come into force on a rolling basis in coming months. Stephen Mathias, Bangalore office partner-in-charge and Co-Chair of the Technology Law practice of Kochhar & Co., one of India’s premier large law firms, explains the Act’s main features. Learn the basic approach taken, not only to comply if your organization may be subject to its reach but also to consider how a vast country with highly skilled tech professionals chose to regulate personal data privacy, enable government use of personal data for security and public order, and embrace India’s strengths in the data economy. Time stamps: 01:00 — Evolution of the Digital Personal Data Protection Act 03:45 — How is the law similar to and different from GDPR 08:00 — The government's right to obtain data 13:32 — Data localization 15:02 — Significant data fiduciary
Generative AI – ChatGPT for example. Have you considered how generative AI collects our personal information to provide its benefits in ways that can do us wrong? What can we do about the risks? How should legislators and regulators balance AI’s benefits with our rights to personal privacy? Rita Garry, a Chicago attorney with the firm of Howard & Howard Attorneys, PLLC, provides data privacy and cybersecurity services with a view to the specifics of each client. Tune in to learn what Generative AI is, how it affects individual privacy, what the recently announced White House five principles for AI regulation are, and what organizations and individuals can do about generative AI. Time stamps: 05:35 — White House’s AI Bill of Rights 14:00 — Advice on how we can decide how AI uses our data
July 2023 was hot – record setting global temperatures. Likewise in the data privacy world. Tune in for an exploration of three top topics in data privacy by Frost Brown Todd’s Yugo Nagashima and Brian St. Amour with the Data Privacy Detective. Illinois – major Supreme Court decision from the first state to adopt a biometric data privacy law – raising the stakes for businesses in using biometrics in the workplace. U.S./EU – a third attempt to facilitate personal data flows between the European Union and the United States is deemed “adequate” by the EU – will it work despite two prior failures? What’s the new option for U.S. businesses? The United Kingdom’s draft Online Safety Bill and Apple’s threat to leave the UK – what’s behind this battle between freedom and law & order in social media? Why is Apple threatening to leave the UK market rather than submit to new proposed rules that would require it to give the UK government a backdoor entry to end-to-end pro-privacy encryption? Time stamps: 00:40 — Illinois 05:47 — U.S./EU 14:22 — UK
Our personal data is collected, sold, shared, used, and misused in ways most of us cannot imagine. Data brokers that buy and sell our personal information (“PI”) do it behind the scenes and almost always without our knowledge or consent. Data brokers are largely unregulated. What can be done about perils that have led to murder, theft, and other mayhem through easy access to PI? Tom Daly, CEO of MePrism, takes us on a tour of the consumer privacy landscape. A consumer data privacy company, MePrism programmatically removes people’s sensitive information from the internet. Explore what can be done to protect individuals from swatting, doxxing, and other misuse of their personal information, early state and federal steps towards regulating data sales and sharing, and measures that organizations and individuals can take to prevent mal-actors from gaining ready access to our PI.
Who owns our personal data? As technology advances in Web 3.0, traditional software and claims of third parties over what they can do with our personal data are under challenge. Join Chris Were, co-founder and chief architect of the Australian company Verida, to consider how blockchain thinking can allow us to achieve self-sovereign identity. Explore in Episode 132 what this means and how we can take better control of our digital presence. Understand the meaning of self-sovereign identity, how it aims to secure sensitive information about ourselves and to put us in control of how our digital footprints are used and shared with others. Learn the role of zero-knowledge credentials and how a crypto wallet holding our personal information functions. Explore how digital assistants we engage could help us control our personal information as AI scrapes, stores, employs, and adapts our data in ways we may not approve.
Oregon, California, and TikTok top the list of data privacy developments of June 2023. Tune in for how Oregon’s new data privacy statute blends the best of California and other state statutes for a comprehensive code and adds a unique twist about who can enforce it. Learn how a California court extended the effective date of a California agency’s regulations drafted to implement the Golden State’s pioneering California Consumer Privacy Act. Consider a whistleblower’s sworn testimony that contradicts TikTok’s long-held position that it does not and will not share personal data of TikTok users with the Chinese Government, despite Chinese law intended to require such reporting on demand. In concise analysis that digs beneath the deadlines, Yugo Nagashima and Brion St. Amour, attorneys on the Data Security and Privacy Team of Frost Brown Todd LLP, share their insights with that of the Data Privacy Detective. Join our podcasts on the first Thursday of each month to probe three top developments from the prior month. Time Stamps: 01:04 — Oregon 05:41 — California 08:32 — TikTok
Employers and employees – how much privacy is there in the workplace? Episode 130 explores this question in the United States. What’s an employee’s reasonable expectation of privacy while working? How do federal and state laws limit employer surveillance of employee activity? What limits are there to an employer’s monitoring of employee use of company time and property? Employees use company-provided computers, phones, and other property for a variety of personal purposes, often injecting personal information through a company’s IT system. What should employers and employees do about this? And what about departing and former employees – to what extent can or should an employer monitor a departing employee’s data streams or keep a former employee’s personal information? Annee Duprey, a partner in the Labor & Employment Group of Frost Brown Todd LLP in its Columbus office, and Seth Granda, a senior associate in the firm’s Nashville, Tennessee office, tour this complicated and challenging terrain and offer top tips to both employers and employees. Time stamps: 01:20 — What is a reasonable expectation for employee privacy in the US workplace? 08:18 — Are there limits to what kind of monitoring employers can conduct on their employees? 14:35 — What limitations are there for employees on what they can do with company-provided devices? 20:15 — Top tips for employees and employers?
What happens to our personal information after death? What can we or society do about whether any privacy exists for dead people? Episode 129 considers post-death privacy. Data privacy laws are largely for and about the living and give scant attention to the dead. But a few extend to protect data privacy after death, regarding medical information and dignitary interests of decedents and families. It’s not quite a free-for-all. Consider how estate plans generally ignore a person’s digital data but could be written to address this important interest. Learn how laws could be crafted to protect the reputational and other interests of deceased persons. Hear how technology can be used to create a digital avatar and project a person’s immortal presence for interactive conversations with great grandchildren and beyond. Think how you might wish to preserve your private information beyond your lifetime.
Our personal medical information is sensitive. It becomes digital data shared beyond the medical professional who requests and needs it to provide care. Learn how our medical information is shared and used in ways that create privacy risks many of us do not wish to assume, how tech companies profit from its use, how federal and state law provide rules about medical privacy, and what companies and individuals can do about the subject. Our guest Jay Barnes is an attorney with the firm of Simmons Hanly Conroy, which represents consumers and local governments in mass tort and class actions. Jay shares insight into how tech companies collect and use personal medical information to generate profits through customized advertising we may or may not wish to receive. He explores how the underlying principle should be that of giving each person the freedom to choose whether individual medical data can be shared with and used by third parties. Tune in for a segment about what businesses should do to comply with law and earn a privacy-centric reputation and what each of us can do to increase the privacy of our medical data. Time stamps: 00:56 — How is medical data digitized and shared? 05:10 — How do state laws deal with medical data privacy? 10:04 — How can a balance between personal data privacy and public health data be struck? 14:22 — Advice for businesses on how to handle consumer medical data responsibly and safely? 16:16 — Advice for individuals on keeping their medical data secure
Get the latest on data privacy news from May 2023. Meta is fined about $1.3 billion for transferring European personal data to the States. But what’s underneath this record fine? What does it mean for how personal data rules are enforced in the EU? Are EU standard contractual clauses no longer a safe harbor for trans-Atlantic business? Washington adopts a data privacy law for health data. Will this be copied by other states as part of the ebb and flow since Roe v. Wade’s overturning? Texas adopts a comprehensive data privacy code. How does it differ from other states with personal data privacy statutes? What does it portend as this mega-state becomes the tenth state to adopt an overall approach to personal data privacy? Tune in to Episode 127 to join the conversation. Time stamps: 00:14 — Meta fined by Ireland 09:10 — Washington State’s new data privacy law 15:00 — Texas’s new data privacy code
Bail decisions are critical in the lives of arrested persons. They come without judgment of guilt or innocence but can mean the deprivation of freedom for individuals as they await trial. But they can also have crushing unintended consequences for persons who become the victims of persons released without bail or on insufficient bail. Episode 126 takes no position on the headline debates about bail reform. Instead, Ken W. Good takes us on a tour of the privacy issues involved with bail. A thirty-plus-year attorney, Ken is on the board of directors of the Professional Bondsmen of Texas, the voice of the bail industry in that state. What information does a magistrate or judge obtain when deciding on bail? What personal information about the accused individual is available, and does this data become available to the public? Is setting bail an open court matter? Is AI entering the courtroom through algorithms that make risk assessments about accused persons? Tune in to consider this critical stage of the criminal justice system and how the privacy of all of us is affected. Time stamps: 01:06 — What is the bail bondsman's view of bail and potential bail reform? 02:34 — What are the privacy issues of bail? 05:40 — What data is presented before a magistrate in determining bail? 08:52 — Is the bail decision a public record? 10:15 — Are A.I. and algorithms being used in bail determinations? 12:07 — How might bail decisions evolve in the next 5-10 years?
Identity orchestration. Explore its meaning. Discover in Episode 125 how identity orchestration can protect data privacy and data security. Founder and CEO of Strata Identity [https://www.strata.io/], Eric Olden explores with us the change under way from passwords and multi-factor authentication to a radically different approach to safeguarding and verifying identities in a world of distributed data. Learn what a blue checkmark will mean within LinkedIn as one example. Consider how a system of passwords and identity exposure sprinkled among hundreds of applications and sources exposes individuals and organizations to hacking and theft risk at the weakest link. Can technology protect us from ourselves? Learn what OIDC (OpenID Connect) means and how it relates to the ongoing struggle between mal-actors and the rest of us. Time stamps: 01:12 — What is Identity Orchestration? 04:12 — What is Project Indigo? 07:01 — OIDC - OpenID Connect Protocol 15:25 — Challenges for privacy as technology changes, and what we can do about it
The modern automobile – a marvel of technology and transportation. It collects enormous amounts of data about us. This information is used for continuous improvement in design and safety and for our convenience. But it also creates risks to personal privacy. Episode 124 provides a tour of what automakers, suppliers, and users can do to create fair controls over how the automobile monitors, records, and shares personal information. Standard setting includes the Alliance for Automotive Innovation, in its Consumer Privacy Protection Principles. NIST (the National Institute for Standards and Technology) issued 2023 revisions to its Cyber-Security Framework. In the absence of national law or regulation about automotive privacy, these standards are a baseline for acceptable use of automotive generated personal data. Tune in to consider what automotive businesses and private individuals can do to safeguard personal privacy while allowing continuing technological and safety progress. Matt Schantz, an attorney with Frost Brown Todd’s Automotive Industry Team, with a focus on intellectual property and technology agreements, leads an exploration of how our car is watching, listening, recording, and sharing our data – and choices business and consumers have to protect personal privacy. Time stamps: 01:10 — How do today's automobiles collect data about their drivers? 05:00 — How do automakers and suppliers address privacy concerns? 06:40 — What guidance does NIST have on balancing automaker interests with individual privacy concerns? 10:19 — Tips for automakers and suppliers about meeting privacy concerns and/or regulations? 13:57 — TIps for drivers about safeguarding their data
What do Indiana, Tennessee, and Montana have in common? They adopted comprehensive data privacy laws in April 2023. Explore the similarities and differences and a unique Tennessee provision about national standards. Is a pattern emerging for how the U.S. regulates personal data? Consider the privacy implications of Artificial Intelligence. Global leaders are racing to understand and decide how to regulate AI. G7 leadership met in Japan on April 29 to consider a joint approach to the dark side of AI. And hear how a request to Google’s Bard resulted in both a text and a refusal to generate a deep fake. Utah enacts the first state law giving parents control over minors’ use of social media. Whose privacy is paramount before a person reaches age 18? How does Utah’s law address the rights of parents and children in a world of social media with its far-reaching impact on us all? Time stamps: 00:40 — What do Indiana, Tennessee, and Montana have in common? 02:50 — Tennessee adopts NIST privacy framework 05:16 — How are governments thinking about how to regulate artificial intelligence? 07:27 — What is generative A.I.? 08:03 — G7 leaders met in April to discuss A.I. 11:07 — Utah enacts law giving parents control over their children's social media
Join Duane Laflotte and Patrick Hynds of Pulsar Security as the Data Privacy Detective asks these essential questions about cyber-crime and data privacy: How hard is it to break into a website or organization’s IT system? What are top tips for mid-sized organizations to defeat data attacks? What’s the future for people seeking a cybersecurity career? Pulsar Security offers institutions cyber-protection through software and services to prevent data leaks and losses at reasonable cost. Offensive Network Security | Enterprise Security Software | Pulsar Security. Tune in for insights into countering the growing tide of data and identity theft Time stamps: 02:15 — How hard is it for a bad actor to infiltrate a company's website or IT system? 03:37 — How much safer is HTTPS? 05:50 — What are the top ways a mid-sized business can protect itself from cybercriminals? 07:10 — Why is it important to know which data is flowing through your organization? 09:55 — How often should you change your passwords? 13:18 — Are we going to be able to keep up with cybercriminals?