Data Privacy Detective - How Data Is Regulated, Managed, Protected, Collected, Mined, Stolen, Defended And Transcended.

Episode 155 considers three important developments as 2024 opens: -How the European Union’s pending AI Act blazes a new trail -How umbrella insurance may or may not apply to claims involving biometrics -How Quebec’s 2023 data privacy act will reshape privacy notices throughout North America. Yugo Nagashima and Brion St. Amour, attorneys with the coast-to-coast U.S. law firm Frost Brown Todd LLP, team with the Data Privacy Detective to cover these three essential matters. On December 9, the European Union published a preliminary agreement on the Artificial Intelligence Act, a pioneering law that provides a framework for sale and use of AI in the EU. We consider what the AI Act covers and the four-levels-of-risk approach the EU will take for regulating AI. We then jump into discussion of a class action lawsuit against Krispy Kreme Doughnut Corp. The suit claims a violation of the Illinois Biometric Information Privacy Act (BIPA). Does Krispy Kreme’s insurance coverage apply? We consider the distinction be

Why do businesses create cookies for their websites – and what choices can visitors make when a popup asks us to choose? Can chatbots write privacy policies for businesses? How can we determine if a website shares personal information we provide to it – and if so, for what purposes? Donata Stroink-Skillrud, President and Legal Engineer of Termageddon (https://www.termageddon.com), addresses these questions. As data privacy laws and regulations spread, data privacy technology and policies must adapt. As website visitors, we should understand our choices when deciding what to click on cookie popups and should know whether a website business is gathering our personal information for limited and proper purposes. Learn a trick about how to know if a business shares personal information. Businesses wishing to be privacy compliant and earn a privacy-centric reputation should consider top tips. For individuals, hear advice for how we can protect our personal information in a world of growing threats to our privacy.

When we visit websites, we increasingly see popups. Why is this? How does consent affect online advertising? And what’s changing in 2024? Mate Prgin, founder/CEO of Enzuzo (https://www.enzuzo.com) explains how Google’s 2024 standards force online retailers to obtain express consent from customers for collecting and sharing personal information. Bolstered by the recent Quebec Law 25 (first in North America to adopt GDPR-style consent standards) and spreading U.S. state laws led by California, North American online sellers are driven to change their website technology and practices to give consumers the choice of allowing or refusing their personal information to be shared and used for personalized advertising. The meaning of “consent” and how it is provided in practice become essential for internet commerce in 2024. Understand how internet retailers can comply with law and private sector standards, how individuals will be empowered to exercise choices when shopping online about how their personal information

Data clutter – we keep our homes tidy, at least some of us do. But what about digital data? It accumulates and grows over time. Unlike hard copy files, which can be pitched or sent to long-term (expensive) storage, data is silent and unobservable (except perhaps to IT personnel). Explore how organizations amass vast amounts of data containing personal information, some highly sensitive. There it resides, posing serious risks to organizations and individuals. In Episode 152 Jason Cassidy, CEO of Shinydocs (https://shinydocs.com ), takes us on a tour of data clutter. Learn the vast amounts of unintended data gathered and kept by businesses that don’t need it, how this can be managed, how personal privacy can be more secure through state-of-the-art data management. Consider how data can be auto-classified on creation, how files can be better located with data breach risk minimized. Hear an industry expert’s top tips about data management for organizations and individuals. Make it a new year’s resolution to de-c

Major data privacy news from November - the meaning beneath the headlines: California issues proposed rules on ADTs – Automated Decision-making Technology. Applying California’s principal data privacy statute, the California Privacy Protection Agency proposes opt-out requirements, pre-use notices, and other measures for AI and related organizations. A New Landmark for Consumer Control Over their Personal Information: CPPA Proposes Regulatory Framework for Automated Decisionmaking Technology (ca.gov). The TSA is using biometrics at U.S. airports with little notice or disclosure. Some U.S. Senators have called “time-out.” What’s going on with biometrics at airports? BUR23A41 (senate.gov). The influential Data & Trust Alliance proposes eight cross-border Data Provenance Standards. Learn how international standards are being set by the private sector to increase transparency, reliability, and use of datasets essential for AI. Will data become labeled and tracked like food and art? How does private standard setti

Perry Johnson & Associates (PJ&A) provides medical transcription services to healthcare organizations. Its website states that it offers “secure HIT solutions,” using “multiple U.S. based, secure data centers for documentation storage and disaster recovery.” But in November 2023, PJ&A began informing about nine million people by individually sent letters that “between March 27, 2023 and May 2, 2023, PJ&A learned that an unauthorized party gained access” to its network and “acquired copies of certain files from PJ&A systems.” A November 2023 TechRadar report summarizes the background: “A total of 8.95 million individuals are affected, with the stolen data including full names, birth dates, postal addresses, medical records, and hospital account numbers. Furthermore, the hackers took admission diagnoses, as well as dates and times of service. In some cases, the hackers also stole Social Security Numbers (SSN), insurance and clinical information from medical transcription files, and names of healthcare providers

Blockchain technology. Can it be a solution to privacy risks inherent in traditional IT? How is it different from cryptocurrency? What can it do to allow both individuals and organizations to limit and protect personal information exchanged in daily life? Explore these questions in Episode 149, with Zenobia Godschalk, head of communications for Swirlds Labs (https://swirldslabs.com). Take a brisk tour of an open-source approach that applies blockchain technology to our evolving web. Learn about Hedera – an open source, leaderless proof-of-stake network. Consider how an individual need not share a lot of personal information when a transaction requires only proof of one thing – such as whether the individual is an adult or whether a person actually is a bank account holder. Listen for top tips to organizations and individuals about how open-source blockchain technology can minimize risks to personal information and identity theft. Hear how public ledgers for decentralized economies are changing our digital e

Post-Quantum Data Privacy – what is it? What does it mean for organizations and individuals? That is this episode’s focus. Tune in to learn how one company offers privacy-protect ive messaging and cryptocurrency services in the age of Web 3.0 and quantum computing. JB Benjamin, the founder of UK-based Kryotech Ltd. (Kryotech Group), provides a tour of Vox Messenger and Vox Wallet. These services employ privacy-centric technology. Explore how our personal information is collected, used, and shared often without our knowledge or approval. Consider how technology beyond passwords is essential to deter unwanted use of our personal information and to minimize rising theft of our financial resources and even our identities. Quantum computing means an exponentially increased power that can be used to break through lengthy passwords and otherwise hack and misuse data, both personal and organizational. Defenses are also evolving. Post-quantum privacy entails use of double-ratchet encryption, message immolation, sophi

How small and mid-sized organizations can afford privacy by design: Making data privacy and security affordable and scalable Tech giants have vast budgets for cybersecurity and data privacy. But most organizations are small or mid-sized enterprises (SMEs) and can’t afford expensive in-house talent, hardware, and software to combat data piracy or prevent data breaches. How do startups, SMEs, and MSPs create a privacy responsible foundation as they start and grow? How can they make privacy part of their offering to customers? How can they maintain first-class cybersecurity and data privacy as they scale and grow on an affordable budget? Darren Gallop, co-founder and CEO of Carbide (Company | Carbide (carbidesecure.com), provides advice on these and other topics in this Episode. With an overview of how secure personal information is today, Darren explains the benefits of starting with a secure privacy-centric foundation on an outsourced basis, then adding essential tools as an organization grows. Listen for top

October 2023 was a busy month for data privacy. Join our monthly podcast of three major developments in the world of personal information and technology. Our picks are these: 1. On October 30, President Biden issued an Executive Order on Safe, Secure, and Trustworthy Artificial Intelligence (AI). Noteworthy to Data Privacy was his call for Congress to pass bipartisan data privacy legislation, especially for children, which would be a significant step towards a federal data privacy law. In addition to national security and other features, the EO prioritizes federal support for accelerating privacy-preserving techniques, strengthening privacy-preserving research and technologies, evaluating how agencies collect and use commercially available information, and developing guidelines for federal agencies to evaluate the effectiveness of privacy-preserving techniques. Explore what the Executive can do in the absence of Congressional action on data privacy. FACT SHEET: President Biden Issues Executive Order on Saf

Malevolent attacks on data are rising. Misuse of data is an increasingly sophisticated criminal industry. How to defend? Philippe Humeau, a founder and the CEO of CrowdSec (CrowdSec - The open-source & collaborative security suite) is our guest. He explains how an open-source approach to editing a collaborative security stack for identifying and sharing malicious IP addresses across a community of users can be a powerful force for good in protecting data against mal-actors. This episode explores how malevolent data attacks occur and are expanding, how malicious IP addresses can be identified and shared, and how building a community defense can make the internet a safer place for everyone. Learn how open source can improve defenses, how multilayer firewalls function, how VPN’s are addressed in the defense of data. Receive top tips for organizations and individuals on how to protect personal and organizational data. Time stamps: 03:08 - Malevolent Data Actors 08:03 - Can an open source platform defend against

External data privacy – what is it? How do current threats to personal data privacy require defenses beyond stronger hardware and software? Harry Maugans, CEO of Privacy Bee - https://privacybee.com - explains how external data privacy requires us all to think beyond protections provided by organizations to which we belong. Data brokers, AI database collectors, and cybercriminals all seek access to PII (personally identifiable information), which can be used for good and bad purposes and can result in physical and financial risks to individuals. Steps can be taken to safeguard personal information, even of famous individuals who don’t want certain types of information made public or misused about them. Tune in to Episode 144 to enrich your understanding of privacy-centric thinking and take practical steps in protecting personal data privacy. Time Stamps: 00:55 — What does 'external data privacy' mean? 08:55 — How do cybercriminals exploit systemic weakness? 11:25 — How does a well-known person keep their pri

Today’s vehicles have cameras looking inside and outside and communicate information about us to third parties as we drive. This supports continuous product improvement by automakers. But it also raises important privacy concerns. Yevgeny Khessin, Founder and CTO, and Andy Chatham, Co-Founder, of DIMO (https://dimo.zone) take us on a tour of how our privacy is at risk while we are mobile. Episode 143 considers these questions: How do individuals and vehicles get connected while mobile? ​What privacy concerns does the modern vehicle raise? Who owns our data while mobile? ​How can privacy concerns be addressed by privacy-centric automakers? ​What can automakers and each of us do to safeguard privacy while mobile? Time Stamps: 01:28 — In what ways do people share data with their vehicles? 04:00 — What are the privacy concerns? 06:27 — What does DIMO do? 11:12 — Top tips for producers of mobile/vehicle products 15:05 — Top tips for individuals who want to safeguard their privacy

Amazon Store challenges the European Union over whether it is a VLOP. What’s that, you ask? Find out and discover how an EU Court issued an early split decision under the EU’s Digital Services Act. America’s first state, Delaware becomes the 12th state to adopt a comprehensive data privacy code. Google agrees to pay $93 million, strengthen its privacy policies, and be more transparent about location tracking, to settle California claims. Explore the deeper meaning of these September 2023 data privacy developments. Yugo Nagashima, Brion St. Amour, and Joe Dehner, members of Frost Brown Todd LLP’s Data Privacy and Cyber Security Team, discuss what these events mean for organizations and individuals. Join the dialogue! Time stamps: 00:33 — Delaware adopts data privacy code 05:20 — Google agrees to pay $93 million 10:48 — EU Court issues split decision under EU’s Digital Services Act

Artificial intelligence – AI. Headline news, Senators gathering with gurus to figure out what to do, lawsuits, chatbots that offer to be our virtual concierge but then make up stuff in their responses. What’s at stake for our privacy? And what does it mean for us as individuals? Not for us as unwitting data providers or as recipients of communications from machines that can spew misinformation, but as human beings? Tune in to Episode 141 for a brisk walk down the yellow brick road of AI. Check out what’s behind the wizard’s curtain as AI aims to improve our lives and even to organize them. Consider the front end – is our personal information ours, or is it free for the taking? And the back end – how can a Chatbot affect us when we seek its benefits and cause suffering when it misadventures? Time stamps: 00:29 — How is data being used to train AI? 09:20 — What can AI providers do to safeguard consumer privacy? 11:56 — What can we do to safeguard our privacy when working with AI?

Decentralized Finance – DeFi – is with us and spreading. Tune in to Episode 140 to understand DeFi - how blockchain technology works and what privacy concerns are at stake. Consider a technology that increases the protection of organizational and individual private information when financial transactions are conducted through DeFi instead of traditional buyer-seller information technology. Anish Mohammed, Co-Founder, CTO, and Chief Scientist of Panther Protocol, explains how DeFi works and the privacy considerations about its use. He discusses with the Detective the ways in which DeFi can be conducted in a way to protect financial data and trading strategies of DeFi participants, as well as how we as individuals can better guard our own identities and wealth. 01:07 — What is DeFi? 06:13 — Panther Protocol 09:49 — Advice for businesses 10:52 — Advice for individuals

Tech giants have invented eyeglasses that can tell us the name of a person we encounter. An image of the person is sent to an AI database. Within seconds, the glasses name the individual we are seeing. Retinal scans, fingerprints, photos posted on Facebook, Fitbit data about heart rate – all represent biometric information about us that is digitized and sent into the data stream. Imagine how useful such eyeglasses will be to visually impaired persons. The convenience and security of biometric data in making purchases or getting through airline security – undeniable. But also imagine how an authoritarian government or mal-actor can use biometric information teamed with AI to follow and target us. Is privacy dead? Has biometric AI gone too far? Tune in to Episode 139 for a tour of these profound issues. What are biometrics and how do biometric data get turned into products and services for good and ill? What laws and regulations protect and restrict biometric use? Who owns an individual’s image? Can others ac

August 2023 was a news-filled month for data privacy. Tune in for a review of top developments: Biometrics – how Illinois deals with ClearviewAI’s use of facial recognition data and how a new lawsuit challenges Amazon’s and Starbucks’ use of biometric payment systems in New York City CFPB – how the U.S. Consumer Financial Protection Bureau has declared its intent to regulate data brokers India – how its newly adopted Digital Personal Data Protection Act charts an independent course to protecting personal digital data privacy of Indian residents. Brion St. Amour and Yugo Nagashima of Frost Brown Todd LLP’s Data Security and Privacy Team join the Detective on a tour about the meaning of these developments. Time stamps: 00:10 — Biometrics 06:33 — CFPB 11:48 — India

The U.S. Government collects data globally about persons and organizations. In doing so, it collects vast amounts of data about U.S. persons “incidental” to collecting foreign intel for national security purposes. Since the Carter Administration when the Foreign Intelligence Surveillance Act (FISA) became law, this has raised conflicts between the personal privacy of U.S. and foreign persons and the Government’s interest in national security and crime prevention. The FBI has accessed FISA databases millions of times through U.S. person queries without a warrant – creating front-page news and raising major concerns from the left and right of politics. Tune in to understand what is at stake, as Congress considers by December 31, 2023 whether and how to extend FISA. Learn about FISA, the reach of Section 702, how it operates in practice, and how the privacy issues involved affect data flows and commerce between the United States and Europe and the privacy of persons domestic and foreign. Consider how informatio

The world’s most populous country adopted a comprehensive data privacy code in August 2023 – the Digital Personal Data Protection Act. Join this episode for a tour of the law’s main features. A departure from the EU’s GDPR approach and from prior draft bills of the Government, India took a unique approach to protecting digital personal information of its residents. Instead of data localization, it chose to encourage global data flows under relatively flexible standards while requiring reasonable safeguards to prevent data breach. The law will come into force on a rolling basis in coming months. Stephen Mathias, Bangalore office partner-in-charge and Co-Chair of the Technology Law practice of Kochhar & Co., one of India’s premier large law firms, explains the Act’s main features. Learn the basic approach taken, not only to comply if your organization may be subject to its reach but also to consider how a vast country with highly skilled tech professionals chose to regulate personal data privacy, enable governm