Q: Why is my kid’s email and home address being sold on a marketing list? I didn’t give permission for this information to be released! How did this happen? This kind of sharing could happen unless you proactively opt out of allowing schools to share the information they keep on your kids such as their
California Governor Jerry Brown signed a new law today that requires smartphone phone manufacturers to put a “kill switch” (remote lock) in phones, and to turn it on by default. Lawmakers have stated that they see this as an important way to reduce smart phone crimes. For consumers, it’s a way to prevent our personal information from getting into the wrong hands when we misplace, lose, or otherwise are missing our smartphones. Apple users can already use Find My iPhone as a remote lock. See more …
New California privacy enforcement office — California Attorney General Kamala Harris has created a new privacy protection and enforcement unit. The unit will be housed in the Department of Justice and will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws, a news release said. “The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights. ” Joanne McNabb, who ran the now de-funded California Office of Privacy Protection, will serve as director of privacy education and policy for the unit.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
01/23/2012 GPS tracking | United States v. Jones — The US Supreme Court unanimously ruled that police must get a warrant before using GPS devices to track criminal suspects. This case was narrow and dealt specifically with a GPS device physically attached to a suspect’s vehicle. The concurring opinion of Justice Sotomayor points out that the subtler issues of digital era tracking were not dealt with in this case, for example, cell phone tracking, web site tracking, etc. She wrote: “More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976).” She continued: “This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”