Build engaged audiences through publishing by curation.
Sign up with Facebook
Sign up with Twitter
I don't have a Facebook or a Twitter account
Start a free trial of Scoop.it Business
"There have never been so many job opportunities for privacy professionals. Nor have there ever been so many challenges. Trevor Hughes of the IAPP discusses what it takes to grow a privacy career."
Are you sure you want to delete this scoop?
The risks to student privacy are growing as more information on young people is being collected and stored.
The growing use of technology has allowed for the collection of mass amounts of data on students. Control over personal information has been lost by students and the risks to student privacy have risen dramatically. In this post, Khaliah Barnes, director of the Student Privacy Project and administrative law counsel for the non-profit Electronic Privacy Information Center, lays out a Student Privacy Bill of Rights that gives back to students control over information about their lives.
In Dragnet Nation, Julia Angwin describes an oppressive blanket of electronic data surveillance. "There's a price you pay for living in the modern world," she says. "You have to share your data."
Google Inc., fighting claims that it illegally scanned private e-mail messages, argues it shouldn’t have to face a single lawsuit that lumps together hundreds of millions of Internet users.
Related articles from The Berkeley Blog: http://blogs.berkeley.edu/2014/03/01/bmail-and-googles-content-one-box/ and SaveGov.org: http://safegov.org/2014/1/31/google-admits-data-mining-student-emails-in-its-free-education-apps
The last two blogs were about what should be done. This one is about some progressive initiatives. In terms of national policy, the Snowden disclosures have re-opened an important conversation about electronic surveillance laws. We are all in charge of keeping that conversation going to the very least conclusion of updating privacy laws such as the Family Education Rights Privacy Act, Computer Fraud and Abuse Act of 1986; the Electronic Communications Privacy Act also of 1986; the U.S.A.-Patriot Act of 2001 and the Foreign Intelligence Surveillance Act, originally of 1978, updated in 2008, but evidently in need of further revision to balance civil rights and national security.
To mark Data Privacy Month, the University of Pennsylvania and the National Constitution Center hosted a Town Hall program with some of the nation's leading experts on privacy and surveillance. On February 3, 2014, Peter Swire of the White House NSA Review Board, Anita Allen of the University of Pennsylvania, and Charlie Savage of the New York Times joined Constitution Center's Jeffrey Rosen to discuss the NSA and government surveillance past and future. University of Pennsylvania faculty, staff, and students, as well as members of the public, were invited to participate in this free event.
If you could not attend the discussion in person, a video recording is now publicly available. Please fee free to share this resource on your campus in order to continue the privacy dialog with your colleagues.
Like many of you, I have been told repeatedly that “privacy is dead.” Most recently, I was walking down the hall in my office building, carrying my Ultrabook with the Future of Privacy Forum’s “I (heart) privacy” sticker on it, and minding my own business. A marketing colleague stopped me and abruptly advised me that “the thing you love is dead.”
Good heavens. For a minute I panicked. What thing? Cuban sandwiches? My cat? Cowboy boots? What? He pointed to my sticker and said, “Privacy is dead!”
Oh, that. No sir, it is not dead.
I am a big fan of zombie movies, and I can tell you that privacy is not dead. At worst, it is the living dead. The undead. Perhaps like Frankenstein’s monster, you thought it was dead, but in fact, it’s aliiiiive!
Recent stories about smart fridges being hacked, cars knowing our intimate secrets and energy companies predicting what we are having for dinner—OK, I made that one up—highlight the fascinating challenges that the Internet of Things (IoT) is set to bring. More fascinating, however, is the fact that addressing and successfully dealing with these challenges in a way that the opportunities are fully realised at the same time that our privacy is properly safeguarded rests with today's and tomorrow's privacy professionals.
Data Privacy Month 2014 Guest blogger Mike Corn:
"Within the privacy community it is commonly said that privacy is tightly coupled to societal notions of respect. We advocate for our local, national, and international institutions to protect personal information, to collect only the minimum needed, and to do so not merely to prevent financial loss or compliance with regulations, but because it demonstrates respect for individuals.
But what is the basis for this respect? We show respect for one another's feelings, we respect an individual's rights, and when we confront people in moments of great suffering or joy, we show respect for their privacy — we allow individuals the right to decide whether or not to share with us.
This is the point I want to focus on: By respecting individual privacy, we protect each person's right to choose whom they wish to speak with, to assemble with, and to worship with. Basic human rights codified in the first amendment to the Constitution of the United States of America. By looking at privacy through this lens, we change the color of the conversation, raising the bar quite a bit higher than compliance with the red flag rule or protection from identity theft."
A team of researchers has developed an Android app to help people better understand when their location is being accessed, something that happens more often than people think.
Android phones display a flashing GPS icon when apps are trying to access the user's location. But few people notice or understand what the icon is telling them, the researchers found.
The app they developed is designed to fix that, by making it clearer to users when other apps are accessing their location data. They tried several methods, including a message that flashes on the device's screen reading, "Your location is being accessed by [app name]."
In his recent remarks on the NSA and surveillance, President Barack Obama grabbed the Big Data bull by the horns. We commend the president’s decision to task the Council of Advisors on Science and Technology (PCAST) to reach out to privacy experts, technologists and business leaders to examine the challenges inherent in Big Data. Government surveillance raises distinct civil liberties concerns that commercial and scientific use of Big Data does not; still, it is appropriate to address the profound impact of new technologies on Big Data business opportunities.
Big Data was all the rage in privacy circles in 2013, and now it is achieving appropriate broad policy attention. It implicates modern day dilemmas, which transcend privacy and impact a variety of delicate balancing acts at the core of free market democracy. The examination requires engagement not only by privacy professionals but also by ethicists, scientists and philosophers to address what may very well be the biggest public policy challenge of our time.
Today's EDUCAUSE Policy Digest features blogs about Data Privacy Month, the NIST Draft Cybersecurity Framework, Senator Leahy's Personal Data Privacy and Security Act, Net Neutrality, and more.
January 28 promises to be the most widely recognized Data Privacy Day since its first observation in 2008.
This, of course, is one effect of the many stories over the past year that has put data privacy in headlines across the world. These stories have reinvigorated old debates, and prompted new questions, about the increasingly complex relationship between individuals, online data they create or is about them, and how data is protected and shared.
We are undergoing a revolution in the way that information about our purchases, our conversations, our social networks, our movements, and even our physical identities are collected, stored, analyzed and used.
The immense volume, diversity and potential value of data will have profound implications for privacy, the economy, and public policy. The working group will consider all those issues, and specifically how the present and future state of these technologies might motivate changes in our policies across a range of sectors.
When we complete our work, we expect to deliver to the President a report that anticipates future technological trends and frames the key questions that the collection, availability, and use of “big data” raise – both for our government, and the nation as a whole. It will help identify technological changes to watch, whether those technological changes are addressed by the U.S.’s current policy framework and highlight where further government action, funding, research and consideration may be required.
At the IAPP Global Privacy Summit, the IAPP and AvePoint announced the release of a new free privacy impact assessment tool that will allow privacy professionals to better organize PIAs, involve other departments in the organization and complete PIAs more rapidly. Available from the front page of the IAPP’s Resource Center and called the AvePoint Privacy Impact Assessment system, or APIA, it is a piece of software organizations can install on their own servers, which is then accessible through a standard web browser. It allows privacy professionals to assign roles, track progress, offer up different questions for types of products and services and has many other advantages over the standard Word- or Excel-based systems currently in place.
As the field of privacy has developed, solutions to privacy concerns have multiplied in the marketplace. Tech vendors, service providers, consultants, law firms—all have broadened and deepened the offerings they have for privacy professionals to purchase in governing data, and data is becoming a company’s most valuable asset.
Privacy is a dynamic industry that has moved quickly, so quickly that few have stopped to take stock in how far the industry has come, and perhaps more importantly, what the industry has become. The IAPP Industry of Privacy Study seeks to do just that. This study is a comprehensive survey that will cover the entire industry of privacy and inventory all of the solutions and services available; and categorize those solutions and services into meaningful segments that are useful to privacy professionals. This project will allow privacy pros to better understand their organizational maturity and risk profile. Further, it will provide IAPP members with tools to engage a broader audience of influencers who are making spending decisions on privacy-related solutions and services within the enterprise. The industry of privacy deserves to be documented and understood in its entirety. This is still a work in progress but we would like to share some of our early insights to give you a taste of what’s to come.
Richard Clarke’s short but very interesting keynote focused on his takeaways from Snowdon and the NSA spying and his top 10 observations in the forty-six recommendations he and his team made about US intelligence gathering.
My daughter needed a little bit of prodding to pick which colleges she wanted to tour over spring break. When she showed me a list of universities ranked by a tool offered through her school, her boyfriend warned, "Be careful with those ranking websites." I waited for him to tell us that rankings don’t measure individual fit or other things that really matter. But then he said something unexpected: "Because if a college knows you really want to come, they’ll give you less financial aid." Whoa...What? Where did he hear that?
The Massachusetts Institute of Technology is still trying to figure out how to answer criticism of its response to the controversial federal prosecution of Aaron Swartz, the hacker and activist who was arrested on the MIT campus in 2011.
On Thursday university officials charged with reviewing MIT’s existing policies and practices flagged several ways the university could do more to protect digital privacy and encourage open-access publishing, according to an update from MIT’s news office.
Following a public comment period, the Federal Trade Commission has approved the kidSAFE Seal Program as a safe harbor program under the Children’s Online Privacy Protection Act (COPPA) and the agency’s COPPA Rule.
The Commission’s COPPA Rule requires operators of online sites and services directed at children under the age of 13 to provide notice and obtain permission from a child’s parents before collecting personal information from that child. The COPPA safe harbor provision provides flexibility and promotes efficiency in complying with the Act by encouraging industry members or groups to develop their own COPPA oversight programs.
The COPPA law also directs the Commission to review and approve self-regulatory program guidelines that would serve as safe harbors. Website operators that participate in a COPPA safe harbor program will, in most circumstances, be subject to the review and disciplinary procedures provided in the safe harbor's guidelines in lieu of formal FTC investigation and law enforcement.
Recommendations for creating a foundation for data privacy.
Yet another bill to create a federal requirement for data breach notification has been introduced, this time by Democratic leaders of the Senate Commerce, Science and Transportation Committee.
The Data Security and Breach Notification Act of 2014 would, for the first time, provide a federal standard for companies to safeguard consumers' personal information throughout their systems and to quickly notify consumers if those systems are breached.
The legislation, introduced Jan. 30 by Committee Chairman Jay Rockefeller, D-W.V., and three co-sponsors, would require the Federal Trade Commission to issue security standards for companies that hold consumers' personal and financial information. In the event of a data breach, companies would be obligated in most instances to notify their affected customers within 30 days of a breach so they can take steps to protect themselves from the risk of identity theftand fraud.
A key challenge for any organization is balancing the protection of institutional data, respecting privacy and enabling trust, when employees access institutional systems with personally owned devices. Any BYOD strategy should address this balance. Personally owned devices usually are not under the control of the institution, and verifying that the devices are securely configured can feel intrusive. Allowing personal devices that are not checked for secure configuration and vulnerabilities to log into protected systems creates potentially serious and unknown risks. Institutional attempts to influence or cause configuration changes on personally owned assets and scanning them for vulnerabilities raises questions about trust and liability.
Institutions that provide employees properly configured mobile devices help reduce the need of employees to access institutional systems with personally owned devices, but this approach does not work in all situations. While the potential cost of a security breach can easily exceed the cost of providing mobile devices to employees, the cost of providing the mobile devices also can exceed available funding. Institutionally issued mobile devices may not address all legitimate needs.
Today, more than ever, businesses and organizations need to stay one step ahead of online attackers and other malicious actors.
There’s ample evidence all around us that proves adversaries are coming up with new and much more sophisticated methods for distributing malware, while remaining undetected for long periods and stealing sensitive customer data, intellectual property or disrupting critical systems.
This 3rd annual Cyber Data Risk Managers 2014 report (PDF), released on Data Privacy Day, includes many invaluable insights and recommendations offered by Data Privacy and Information Security industry experts that will prove useful for businesses and organizations, regardless of industry or sector.
For Data Privacy Month this year, our theme is “Respecting Privacy, Safeguarding Data, Enabling Trust.” If I were re-writing the theme, I would add “Privacy Matters.” It matters a lot.
Data Privacy Month (January 28–February 28) presents an opportunity for universities to collaborate with one another, and to raise awareness on our campuses about the importance of protecting privacy rights.
On our campuses, privacy is not simply a legal obligation. Our privacy policies and practices pave the way for us to build trust and demonstrate respect for our faculty, staff, and students.
Wearable technology is not just for consumers. CIOs who want to stay ahead of the curve need to start preparing for this new wave of gadgets today.
"What is the real promise of wearable technology for enterprise? What industries stand to benefit the most? What about security? How, and when, should CIOs and IT departments start preparing and strategizing for wearables? CIO.com spoke with a handful of analysts, experts and executives working with wearables to help answer these questions and more."