Data Privacy Detective - How Data Is Regulated, Managed, Protected, Collected, Mined, Stolen, Defended And Transcended.

Generative AI – ChatGPT for example. Have you considered how generative AI collects our personal information to provide its benefits in ways that can do us wrong? What can we do about the risks? How should legislators and regulators balance AI’s benefits with our rights to personal privacy? Rita Garry, a Chicago attorney with the firm of Howard & Howard Attorneys, PLLC, provides data privacy and cybersecurity services with a view to the specifics of each client. Tune in to learn what Generative AI is, how it affects individual privacy, what the recently announced White House five principles for AI regulation are, and what organizations and individuals can do about generative AI. Time stamps: 05:35 — White House’s AI Bill of Rights 14:00 — Advice on how we can decide how AI uses our data

July 2023 was hot – record setting global temperatures. Likewise in the data privacy world. Tune in for an exploration of three top topics in data privacy by Frost Brown Todd’s Yugo Nagashima and Brian St. Amour with the Data Privacy Detective. Illinois – major Supreme Court decision from the first state to adopt a biometric data privacy law – raising the stakes for businesses in using biometrics in the workplace. U.S./EU – a third attempt to facilitate personal data flows between the European Union and the United States is deemed “adequate” by the EU – will it work despite two prior failures? What’s the new option for U.S. businesses? The United Kingdom’s draft Online Safety Bill and Apple’s threat to leave the UK – what’s behind this battle between freedom and law & order in social media? Why is Apple threatening to leave the UK market rather than submit to new proposed rules that would require it to give the UK government a backdoor entry to end-to-end pro-privacy encryption? Time stamps: 00:40 — Illinois

Our personal data is collected, sold, shared, used, and misused in ways most of us cannot imagine. Data brokers that buy and sell our personal information (“PI”) do it behind the scenes and almost always without our knowledge or consent. Data brokers are largely unregulated. What can be done about perils that have led to murder, theft, and other mayhem through easy access to PI? Tom Daly, CEO of MePrism, takes us on a tour of the consumer privacy landscape. A consumer data privacy company, MePrism programmatically removes people’s sensitive information from the internet. Explore what can be done to protect individuals from swatting, doxxing, and other misuse of their personal information, early state and federal steps towards regulating data sales and sharing, and measures that organizations and individuals can take to prevent mal-actors from gaining ready access to our PI.

Who owns our personal data? As technology advances in Web 3.0, traditional software and claims of third parties over what they can do with our personal data are under challenge. Join Chris Were, co-founder and chief architect of the Australian company Verida, to consider how blockchain thinking can allow us to achieve self-sovereign identity. Explore in Episode 132 what this means and how we can take better control of our digital presence. Understand the meaning of self-sovereign identity, how it aims to secure sensitive information about ourselves and to put us in control of how our digital footprints are used and shared with others. Learn the role of zero-knowledge credentials and how a crypto wallet holding our personal information functions. Explore how digital assistants we engage could help us control our personal information as AI scrapes, stores, employs, and adapts our data in ways we may not approve.

Oregon, California, and TikTok top the list of data privacy developments of June 2023. Tune in for how Oregon’s new data privacy statute blends the best of California and other state statutes for a comprehensive code and adds a unique twist about who can enforce it. Learn how a California court extended the effective date of a California agency’s regulations drafted to implement the Golden State’s pioneering California Consumer Privacy Act. Consider a whistleblower’s sworn testimony that contradicts TikTok’s long-held position that it does not and will not share personal data of TikTok users with the Chinese Government, despite Chinese law intended to require such reporting on demand. In concise analysis that digs beneath the deadlines, Yugo Nagashima and Brion St. Amour, attorneys on the Data Security and Privacy Team of Frost Brown Todd LLP, share their insights with that of the Data Privacy Detective. Join our podcasts on the first Thursday of each month to probe three top developments from the prior mont

Employers and employees – how much privacy is there in the workplace? Episode 130 explores this question in the United States. What’s an employee’s reasonable expectation of privacy while working? How do federal and state laws limit employer surveillance of employee activity? What limits are there to an employer’s monitoring of employee use of company time and property? Employees use company-provided computers, phones, and other property for a variety of personal purposes, often injecting personal information through a company’s IT system. What should employers and employees do about this? And what about departing and former employees – to what extent can or should an employer monitor a departing employee’s data streams or keep a former employee’s personal information? Annee Duprey, a partner in the Labor & Employment Group of Frost Brown Todd LLP in its Columbus office, and Seth Granda, a senior associate in the firm’s Nashville, Tennessee office, tour this complicated and challenging terrain and offer top

What happens to our personal information after death? What can we or society do about whether any privacy exists for dead people? Episode 129 considers post-death privacy. Data privacy laws are largely for and about the living and give scant attention to the dead. But a few extend to protect data privacy after death, regarding medical information and dignitary interests of decedents and families. It’s not quite a free-for-all. Consider how estate plans generally ignore a person’s digital data but could be written to address this important interest. Learn how laws could be crafted to protect the reputational and other interests of deceased persons. Hear how technology can be used to create a digital avatar and project a person’s immortal presence for interactive conversations with great grandchildren and beyond. Think how you might wish to preserve your private information beyond your lifetime.

Our personal medical information is sensitive. It becomes digital data shared beyond the medical professional who requests and needs it to provide care. Learn how our medical information is shared and used in ways that create privacy risks many of us do not wish to assume, how tech companies profit from its use, how federal and state law provide rules about medical privacy, and what companies and individuals can do about the subject. Our guest Jay Barnes is an attorney with the firm of Simmons Hanly Conroy, which represents consumers and local governments in mass tort and class actions. Jay shares insight into how tech companies collect and use personal medical information to generate profits through customized advertising we may or may not wish to receive. He explores how the underlying principle should be that of giving each person the freedom to choose whether individual medical data can be shared with and used by third parties. Tune in for a segment about what businesses should do to comply with law and

Get the latest on data privacy news from May 2023. Meta is fined about $1.3 billion for transferring European personal data to the States. But what’s underneath this record fine? What does it mean for how personal data rules are enforced in the EU? Are EU standard contractual clauses no longer a safe harbor for trans-Atlantic business? Washington adopts a data privacy law for health data. Will this be copied by other states as part of the ebb and flow since Roe v. Wade’s overturning? Texas adopts a comprehensive data privacy code. How does it differ from other states with personal data privacy statutes? What does it portend as this mega-state becomes the tenth state to adopt an overall approach to personal data privacy? Tune in to Episode 127 to join the conversation. Time stamps: 00:14 — Meta fined by Ireland 09:10 — Washington State’s new data privacy law 15:00 — Texas’s new data privacy code

Bail decisions are critical in the lives of arrested persons. They come without judgment of guilt or innocence but can mean the deprivation of freedom for individuals as they await trial. But they can also have crushing unintended consequences for persons who become the victims of persons released without bail or on insufficient bail. Episode 126 takes no position on the headline debates about bail reform. Instead, Ken W. Good takes us on a tour of the privacy issues involved with bail. A thirty-plus-year attorney, Ken is on the board of directors of the Professional Bondsmen of Texas, the voice of the bail industry in that state. What information does a magistrate or judge obtain when deciding on bail? What personal information about the accused individual is available, and does this data become available to the public? Is setting bail an open court matter? Is AI entering the courtroom through algorithms that make risk assessments about accused persons? Tune in to consider this critical stage of the criminal

Identity orchestration. Explore its meaning. Discover in Episode 125 how identity orchestration can protect data privacy and data security. Founder and CEO of Strata Identity [https://www.strata.io/], Eric Olden explores with us the change under way from passwords and multi-factor authentication to a radically different approach to safeguarding and verifying identities in a world of distributed data. Learn what a blue checkmark will mean within LinkedIn as one example. Consider how a system of passwords and identity exposure sprinkled among hundreds of applications and sources exposes individuals and organizations to hacking and theft risk at the weakest link. Can technology protect us from ourselves? Learn what OIDC (OpenID Connect) means and how it relates to the ongoing struggle between mal-actors and the rest of us. Time stamps: 01:12 — What is Identity Orchestration? 04:12 — What is Project Indigo? 07:01 — OIDC - OpenID Connect Protocol 15:25 — Challenges for privacy as technology changes, and what we c

The modern automobile – a marvel of technology and transportation. It collects enormous amounts of data about us. This information is used for continuous improvement in design and safety and for our convenience. But it also creates risks to personal privacy. Episode 124 provides a tour of what automakers, suppliers, and users can do to create fair controls over how the automobile monitors, records, and shares personal information. Standard setting includes the Alliance for Automotive Innovation, in its Consumer Privacy Protection Principles. NIST (the National Institute for Standards and Technology) issued 2023 revisions to its Cyber-Security Framework. In the absence of national law or regulation about automotive privacy, these standards are a baseline for acceptable use of automotive generated personal data. Tune in to consider what automotive businesses and private individuals can do to safeguard personal privacy while allowing continuing technological and safety progress. Matt Schantz, an attorney with Fr

What do Indiana, Tennessee, and Montana have in common? They adopted comprehensive data privacy laws in April 2023. Explore the similarities and differences and a unique Tennessee provision about national standards. Is a pattern emerging for how the U.S. regulates personal data? Consider the privacy implications of Artificial Intelligence. Global leaders are racing to understand and decide how to regulate AI. G7 leadership met in Japan on April 29 to consider a joint approach to the dark side of AI. And hear how a request to Google’s Bard resulted in both a text and a refusal to generate a deep fake. Utah enacts the first state law giving parents control over minors’ use of social media. Whose privacy is paramount before a person reaches age 18? How does Utah’s law address the rights of parents and children in a world of social media with its far-reaching impact on us all? Time stamps: 00:40 — What do Indiana, Tennessee, and Montana have in common? 02:50 — Tennessee adopts NIST privacy framework 05:16 — Ho

How can an organization comply with a wide diversity of privacy laws being adopted and changed across the globe? How does an organization create a compliant and privacy-responsible policy to assure its customers that their privacy will be protected? Join Rachael Ormiston, Head of Privacy at Osano, as we explore these questions. Osano offers a “No Fines, No Penalties Pledge” to its customers. The World's Most Trusted Data Privacy Software Platform | Osano (https://www.osano.com/). Consider how and why it does this and seeks to offer real-time compliance in an evolving world of data privacy regulation. Hear the trends of data regulation and learn whether there is hope for harmonization across borders for how our personal information is regulated and protected. Time stamps: 01:28 — What does Osano do? 03:06 — What are the essential elements of a successful privacy policy for a mid-sized organization? 05:55 — How do you aim to create a privacy policy that is compliant with current and future regulations? 09:58 —

Join Duane Laflotte and Patrick Hynds of Pulsar Security as the Data Privacy Detective asks these essential questions about cyber-crime and data privacy: How hard is it to break into a website or organization’s IT system? What are top tips for mid-sized organizations to defeat data attacks? What’s the future for people seeking a cybersecurity career? Pulsar Security offers institutions cyber-protection through software and services to prevent data leaks and losses at reasonable cost. Offensive Network Security | Enterprise Security Software | Pulsar Security. Tune in for insights into countering the growing tide of data and identity theft Time stamps: 02:15 — How hard is it for a bad actor to infiltrate a company's website or IT system? 03:37 — How much safer is HTTPS? 05:50 — What are the top ways a mid-sized business can protect itself from cybercriminals? 07:10 — Why is it important to know which data is flowing through your organization? 09:55 — How often should you change your passwords?

Artificial Intelligence and data privacy. Explore their relationship in this episode. It’s a subject little addressed by law or regulators and largely invisible to the public. AI depends on amassing a huge amount of personal information, collected and processed largely without consent or awareness of individuals whose personal information is being used. Once collected by AI businesses, personal data can leak to bad actors. And the services that are AI-driven can result in misapplications and mistaken projections, causing untoward harm to individuals. Vinay Kumar, CEO and Founder of Arya.ai, opens for us the black box of AI. We consider how ML Observability tools such as AryaXAI can make AI understandable to all stakeholders, including those whose personal data is used to train AI models and create AI-powered services in finance and other fields. Time stamps: 01:08 — What do AI and data privacy have to do with each other? 04:28 — What is ML Observability tool?

What do ChatGPT, Iowa, TikTok, and Spyware have in common? They all made data privacy news in March 2023. Italy’s Data Protection Authority blocked ChatGPT internet use on privacy grounds, the first western government to do so. Iowa became the sixth U.S. state to adopt a comprehensive personal data protection code. President Biden issued an Executive Order against federal use of social media containing spyware, without expressly naming TikTok or China as the targets. Join the Data Privacy Detective’s conversation with Mike Nitardy and Yugo Nagashima, attorneys with the Data Privacy Team of Frost Brown Todd LLP. Explore the meaning of these developments for data privacy and its place in the world of technology and of us all. Time stamps: 00:43 — ChatGPT in Italy 06:54 — Iowa develops a comprehensive personal data protection code 12:00 — Executive order against federal use of social media containing spyware

Prominent South African data privacy attorney Ahmore Burger-Smidt described 2022 as a year of “bloodbath” for personal data privacy in a recent report from her firm Werksmans. The firm manages the Lex Africa Legal Alliance, with members in over twenty-five African countries. Cybercrime is extensive and growing in Africa, similar to trends evident in the rest of the world. Cybercriminals employ increasingly sophisticated phishing attacks and business email compromise schemes and have expanded with cryptocurrency attacks and direct entry into data storage and other technology to steal personal data and identities. African countries have responded through governmental and private sector efforts. South Africa’s Protection of Personal Information Act (POPIA) is about two years in force, with its implementation encouragingly steadfast. Click on Episode 118 for an African view of how the battle between cybercrime and civil society is unfolding. Time stamps: 01:33 — What cyber crime / data privacy issues are we

The European Union’s GDPR (General Data Protection Regulation) became effective in May 2018. It declared a thorough and far-reaching set of rules for data privacy and became the global leader in how personal data privacy can be regulated and enhanced. What have almost five years shown? Is it successful? Entrenched? A model others follow? And how does it work in practice in 2023? Episode 117 considers how GDPR has become an embedded fabric for how personal information flows – or fails to flow – across borders. While an adopted framework within the EU and affecting global business without regard to borders, GDPR has not been copied everywhere. It varies both from the data localization approach of some countries and from the freer market approach of the United States and other countries. Tune in for what’s happening in early 2023 with GDPR and how it has worked in practice. Time Stamps: 01:28 — GDPR Fines 03:36 — United Kingdom privacy regime 04:43 — 2023 examples of laws influenced by GDPR 07:40 — US and EU att

Government regulation is moving towards giving consumers the right to stop companies from selling or share their personal information. How easy do companies make it for consumers to make this request—and then have it mean something? This episode contrasts two companies that take very different approaches to the question. One company makes its money through advertising, and to do that it needs to collect and share personal information of those who use its browser and other offerings. Another was fined by the California Attorney General for failing to give its visitors a choice. It now posts a clear and simple way for consumers to stop it from selling or sharing their personal information to others. Consider in Episode 116 how websites can provide consumers the right to protect their privacy and what consumers can do about it when companies make it difficult or impossible to stop them from selling or sharing their personal data. Time stamps: 00:30 — Sephora’s privacy policy 07:57 — Google’s privacy policy