Data Privacy Detective - How Data Is Regulated, Managed, Protected, Collected, Mined, Stolen, Defended And Transcended.

Get an update on lawsuits launched and settled in August 2022. Consider FBI warnings about DeFi platform and CISA declarations about protecting critical infrastructure. Learn of a draft bill circulating in California about an age-appropriate code for websites. A data broker is sued by the Federal Trade Commission for selling geolocation data that can be used to track who’s visiting a women’s reproductive health center, an addiction treatment facility, and everywhere else a smartphone travels. Tune in for this September 2022 update of what’s been happening in data privacy and cybersecurity. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Data privacy and the laws that protect our personal information mostly deal with digital data and data equipment like computers and smartphones. But the Internet of Things – IoT – is meeting data infrastructure (listen to Episode 90 about the Edge for more on that). Things we don’t think of as data collectors collect our personal information and share it with others, often without our notice or consent, and sometimes in ways we do not want. Is the law ready to deal with this? Daniel Murray, an intellectual property and technology transactions attorney at Frost Brown Todd LLC join the Detective in exploring the issues. With a mishmash of state and federal rules, the U.S. lacks a comprehensive data privacy code. International laws differ greatly, some granting control to individuals over their personal data and others giving central government authorities almost total control over personal data about residents. As IoT devices, including automobiles and home furnishings, watch and record us and our visitors,

Data localization – we’ve devoted several episodes to what countries are doing to control and restrict data flows involving their residents. What happens when there’s a war (or “military operation” if you prefer) going on? Do recent actions by the Russian government reflect a growing trend toward a splinternet, treating data as though it were national cattle being locked within a corral? Or is this more a reaction to sanctions imposed by other nations, having little do with data? This podcast considers how data localization is on the rise in democracies like Indonesia, but India’s government shelved a draft national data law that would have increased control and domestication of data after pressure and objection from its broader society. With Yugo Nagashima, a Frost Brown Todd attorney focused on international and domestic data privacy and technology, we discuss expanding fines and Russia’s seizure of Google’s Russian subsidiary’s bank account, aiming to force U.S. and other non-Russian companies to agree t

Cryptography comes from the ancient Greek word “cryptos,” meaning “hidden” or “secret.” Encryption is a cybersecurity pillar, a key defense against invasion of our privacy. But it may be underappreciated in practice. Tune in to learn about the growing need for encryption technology to combat the rising tide of cyber-attacks. A recent report by the Port of Los Angeles to the FBI indicated that it suffers from over one million cyber-attacks per day. Dan Draper, CEO and Founder of CipherStash, explains from his home in Sydney, Australia the role of cryptography in protecting sensitive personal and other information. Dan’s company provides a data storage platform for sensitive data that uses searchable encryption technology to protect against attacks. Dan discusses how encryption protects personal data and how traditional databases are vulnerable to hacking and other risks. Learn why cryptography is becoming increasingly crucial in guarding data privacy and why Dan is optimistic about the use of encryption even

5G is the buzzword for the new generation of mobile networking. It brings blazing speed to digital communication. With that comes concern about the impact on our privacy. 5G speeds up data sharing – the good, the bad, the annoying, the criminal. With the emergence of the Edge linking devices and data infrastructure (DPD podcast 90), 5G shares information in virtual real-time about your health, your highway speed, your browsing and entertainment, your choices in a grocery store, and your location. In equally instant time, this data will be shared by a growing number of companies and people watching and listening to us (known and unknown), who will turn the information into benefits for themselves and risks for your privacy. National security is also at stake. Criminal elements will exploit the benefits, along with governments foreign and domestic. Explore in this episode the intersection of 5G and personal information. What does 5G mean for data privacy and what can the U.S. Government do to address the nati

TikTok built a global platform sharing short videos of wild and wonderful doings of people, animals, and things. It is the first Chinese-owned company to create a global base of more than a billion users. What are the risks to personal data privacy from TikTok? How can regular users and influencers protect their personal privacy while using TikTok? How different are the TikTok risks from those of other social media companies that are not owned in part by the Chinese Government? Our guest is Ben Kunde, a Certified Fraud Examiner who leads the international investigations practice at Interfor. Starting with a tragic story about a 13-year-old girl who amassed a million fans that included a demented stalker, Ben discusses prudent privacy measures individuals can take to enjoy a platform’s offerings without needlessly sharing personal data. We also consider controls a country can take when a foreign-owned media giant creates risks to minors and others and what reasonable measures can apply in a world of global da

With the reversal of Roe v. Wade by the U.S. Supreme Court, data privacy becomes a more important issue than ever. This podcast considers how highly personal, sensitive information about the period between conception and birth is shared and used, how prosecutors obtain and use digital evidence, how private parties obtain information about women considering their options. Learn how individuals can protect their digital healthcare data against unwanted future use by third parties. Consider how a person can safeguard thoughts, considerations, and decisions about intimate personal matters, including the consequences of pregnancy termination. In the uncertainty of what individual states will impose on women’s healthcare and decisions, understand what steps one can take to protect personal digital privacy. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Protecting and using personal information has focused on computer and software technology. With the Internet of Things (IoT), the Edge has arrived – the place where devices and traditional data infrastructure connect. Niranjan Maka takes us on a tour of the Edge and explains what it means to enterprises and individuals and the risks the Edge creates for us all. Niranjan heads SmartHub.ai, Enterprise IoT Platform | Smarthub.ai, an Edge company spun out from VMware, focused on bringing AI/ML powered management and monitoring to IoT/Edge devices. Our physical presence is replete with siloed millions of devices and sensors that collect, process, and share our personal information and enterprise data. As a veteran holding leadership positions at companies like RSA Security, Niranjan explains how we must become aware of the devices and sensors that are constantly with us and how the Edge changes how enterprises and individuals manage data and affect how our personal information is gathered and used. Tune in for a

What’s at stake as Congress considers a national data privacy law? The National Restaurant Association is the U.S.’ leading trade association for the restaurant and foodservice industry, representing thousands of members from the largest chain to solo providers. Brennan Duckett, its Director of Technology and Innovation Policy, discusses the key issues for the restaurant industry as Congress debates whether to adopt a national data privacy law. The “Three Corners Bill” recently introduced with bipartisan and bicameral support endorses substantial federal preemption of state law and a limited private right of action for substantial and individualized harm. How does a major industry see this proposal, and what are the changes needed before it is enacted? Our personal data is shared when we order, pay for, and receive a meal. Restaurants and food service companies can be both data controllers and data processors. They interact with other companies that are data processors and controllers. Tune in to this podcas

Through a new cybersecurity regulation, businesses in India will have six hours to report cyberattacks to the government, pursuant to a regulation that comes into force at the end of June 2022. On April 28, 2022, the Indian Computer Emergency Response Team – CERT – part of the Ministry of Electronics and Information Technology, announced regulations that include the world’s most time-sensitive deadline for reporting cyber incidents to the government. Stephen Mathias, head of the Technology Law Practice at the premier Indian law firm Kochhar & Co., presents the substance, challenges, and ambiguities of this pioneering effort. The regulation covers cyberattacks regardless of whether personal data is involved. In comparison to other global reporting requirements (such as GDPR’s 72-hour deadline for reporting breaches of personal data), the 6-hour deadline is daunting and perhaps unworkable. Wording covers attacks even if not successful, in effect requiring Indian businesses to report in real-time the stream of

Japan is a major U.S. ally commercially and otherwise. What is the Japanese approach to personal data privacy, and how does it differ from the U.S.’s privacy culture? Erik Jacobs addresses the differences in how privacy is conceived and addressed in Japan in contrast to the complex U.S. system that has no overarching federal law about how our personal information is collected, stored, sold, and otherwise handled. Erik advised the White House Office of Science and Technology and coordinated policy at the U.S. Energy Department during the prior administration. Fluent in Japanese and English, Erik is now Policy Manager for the U.S. and Asia at Access Partnership, a leading global public policy firm dedicated to opening markets for technology. He discusses the Japanese attitude toward privacy policy and Japan’s 2022 Act on Protection of Personal Information (APPI), a comprehensive personal data privacy code that augments sectoral and other laws governing the flow of personal data. Tune in to learn Japan’s appro

Blockchain. Does it protect personal privacy? Is it a tool that can evade the law? How should we think about the relationship between blockchain technology and individual privacy? In this first of a series of podcast episodes about blockchain and privacy, we turn our spotlight on the first use of U.S. Government sanctions against a cryptocurrency mining company. On April 20, 2022, the U.S. sanctioned the Russian-Swiss Bitriver conglomerate, as part of its response to Russia’s 2022 invasion of Ukraine. Consider how blockchain and privacy interact and what it means for the future of this technology, the use of cryptocurrency, and the ongoing contest between government and personal privacy. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Japan’s Act on the Protection of Personal Information (APPI) becomes effective on April 1, 2022. The APPI strengthens the country’s comprehensive personal data privacy code and affects all businesses that collect or process personal information of Japanese residents. Yugo Nagashima of Frost Brown Todd LLC explores four key developments that affect global business: 1. “Person Related Information” – a new category of data – with consent required to transfer such data to a person related information handler. 2. Extra-Territorial Reach – Instead of an adequacy approach (like the EU), Japan requires a business that will handle Japanese personal information outside Japan to have the consent of those persons after a clear description of the data privacy laws of the foreign jurisdiction. 3. Data Breach Notification – A two-step notification process is mandatory for data breaches, with a low threshold of 1,000 persons triggering a mandatory notification. 4. Pseudonymous Information – Specific definition of pseudo

The data protection laws of the European Union require many European and other companies holding or processing personal information of EU residents to appoint a Data Protection Officer – a DPO. This role creates a triangle of DPO duties – with responsibilities to the individuals whose personal information is at stake, to the company the DPO serves, and to the Data Protection Authorities who enforce GDPR. Marie Penot provides outsourced DPO services to companies in German, French, and English from her own German consultancy. We explore with her the working life of an outsourced DPO. Learn how companies benefit from the independent role of a DPO regarding EU residents’ personal data. Explore advantages and disadvantages of an outsourced DPO instead of one appointed internally. If you have ideas for more interviews or stories, please email info@thedataprivacydetective.com.

Hacking – it gets a bad rap. For good reason. It’s associated with bad actors who infiltrate an IT system and steal organizational and personal information for criminal purposes. But hacking is simply an activity. Ethical hacking is a means for companies and people to test their data systems and avoid bad actors from getting into them. Ethical hacking is a tool to protect data by upgrading defenses. André Sollner is Global CFO of wizlynx group, a global ethical hacking and penetration testing provider. André holds numerous certifications over a 20+-year career in cybersecurity, including that of Certified Data Privacy Solutions Engineer. He is our tour guide for how a system assessment is conducted in five phases, from understanding and mapping an IT system and all points of entry, to a final assessment and report after the system is ethically attacked. This podcast episode will inform you about preventive system assessments that can fortify defenses against data theft, ransomware attacks, and other data di

India is about to enact a far-reaching Data Privacy Law. Expected to be passed by April 2022 and in force as early as 1st quarter 2023, it represents a far-reaching comprehensive approach based on but extending beyond the model of European Union’s GDPR. It would govern not only personal information but how non-personal data is collected and processed across borders. The bill would force global companies that gather and use data of Indian residents – or that have personal data of non-Indian persons processed by India’s stellar offshoring/outsourcing industry – to reconsider existing privacy policies and procedures. By including non-personal data and introducing measures of data localization, India’s novel approach would represent perhaps the most onerous and strict national policy about data collection, storage, and use. Join this excursion to India, guided by Stephen Mathias, head of the Technology Law Practice at Kochhar & Co. (https://kochhar.com), one of India’s premier multi-city law firms. If you have

Quantum computing – some view its emergence as heralding the end of data privacy. It threatens to penetrate encryption used in conventional computing to give hackers ready access to digital data. What will quantum computing mean for our privacy and the digital world? And what can we do to defend against its perils? Our guest is Ken Morris, CEO of KnectIQ, a company that provides beyond military grade identity, authentication, access, and data protection solutions for highly sensitive environments. KnectIQ: ZeroTrust based identity, access & data protection. Explore the meaning of quantum computing - its promise, timing, and limitations, as well as the defenses against attackers who will harness it to steal and misuse our data. Learn the two schools of thought about defenses to data theft when quantum computing empowers bad actors as never before. This podcast will force you to rethink cryptography as the sole defense against data loss. Learn how we can better protect data by dealing directly with the infras

Backup – what does it have to do with protecting data privacy? And how does a backup service work? What should businesses and individuals know about backing up their digital data? On one hand, a backup of data provides a second target for data thieves. Not properly handled, backups can increase privacy risks. But without a backup of data, it can be lost and subject to exfiltration by thieves who steal or freeze the data held by businesses and government, the prime targets of ransomware criminals. This podcast explores the world of backup with W. Curtis Preston, sometimes referred to as Mr. Backup. Host of the podcast series “Restore It All,” author of books, veteran of the data backup business, and Chief Technical Evangelist for Druva (www.druva.com), our guest will take you on a tour of a business and service little understood but vital for protecting and recovering data in case of loss. Learn the meaning and importance in tech field lingo of “regular expressions” and “immutability.” Consider how backup se

Taiwan occupies a unique geopolitical position – with a substantial population and robust economy, it lacks formal diplomatic recognition by most countries and is considered by the People’s Republic to be rightfully part of it. Taiwan has its own system and laws. How does it approach personal data flows beyond its borders? Taiwan has a comprehensive personal data privacy law with a GDPR-similar approach. It provides more flexibility than the EU in how Taiwanese personal information is collected and processed. There is no express extraterritorial reach to its law. But Taiwan businesses must comply with rules on handling data they collect and can be held criminally and civilly liable for exporting data that infringes Taiwan principles. There are statutory exceptions to the relatively free ability for cross-border sharing and processing of personal data. Taiwan’s financial regulator requires financial institutions to obtain consent for the export of personal financial data. Taiwan prohibits its telecommunicati

Turkey is the first 2022 stop on our global tour about data localization. What is Turkey’s approach to cross-border transfers of personal data about its citizens and residents? Turkey’s Law on Protection of Personal Data is comprehensive and like the European Union’s former Data Protection Directive, though it differs in some respects. Data localization is not part of this existing Turkish law. Instead, Turkey takes a sectoral approach to cross-border collection and processing of personal data of its residents. Turkish banks must collect and store Turkish customer data within Turkey. Data localizations requirements apply to payment and electronic money institutions, forcing companies like Paypal or Venmo to locate a payment system within Turkey and to comply with Turkish data privacy regulations. Social media providers must register with and report every six months to Turkish authorities about Turkish social media users. In August 2021, the Turkish Data Protection Authority (KVKK) proposed to amend Turkish