Dec 162017
 December 16, 2017  Business, Healthcare, U.S. No Responses »

Carol Ann Alaimo reports:

One of this year’s hottest holiday gifts has privacy advocates worried.

In Tucson and elsewhere, sales of home DNA testing kits are soaring, spurred by discount pricing and ubiquitous TV ads that promise users insights into their family heritage.

But the saliva tests can also reveal propensities for diseases, and critics fear users may be putting their medical privacy at risk by providing genetic information to companies that can’t guarantee it will remain anonymous.

Count me among the privacy advocates who are concerned about these kits – and not just for the very good reasons listed above. As I watched a TV ad that showed family members greeting each with percent of shared DNA flashed on the screen, I wondered how this will play out when someone discovers that they do NOT share DNA with the people they always believed they shared DNA with. What will happen when someone suddenly discovers that perhaps they were adopted? What will happen when someone suddenly discovers that a child’s “grandfather” is their father and not their grandfather? Yeah, it can get ugly and make for a not-so-merry Christmas.

There are down sides to these kits, and I wish there was more discussion of the privacy risks and concerns – not just the risk of de-anonymizing or breaches, although those concerns are huge, but all these other concerns as well.

Read more on Tucson.com.

Dec 162017
 December 16, 2017  Breaches, Featured News, Online No Responses »

Andrew Russell reports:

The Toronto-area dental office didn’t know it but the security camera in its waiting room was being streamed live on the Internet.

Anyone could log on to the website and watch as patients came and went. Front-desk staff answering phones and working on their computers entering patient information.

Read more on Global News.

Dec 152017
 December 15, 2017  Business, Court, Surveillance 2 Responses »

Radio NZ reports that John Edwards, New Zealand’s Privacy Commissioner, has taken a position opposing the United States in its case involving information held in an Irish centre owned by Microsoft.

America’s government wants to access private information about a US citizen accused of drug trafficking, which is held in an Irish centre owned by Microsoft.

Rather than asking Ireland to hand over the information, the government wants to seize it under US search warrant laws.

Mr. Edwards’s submission took the position that if the U.S. were to prevail, that would enable them to seize information held in New Zealand under a U.S. search warrant, which is… well… not acceptable.

How many countries have to push back against the long arm of a U.S. search warrant, and will the U.S. Supreme Court care what they say/think?

Dec 152017
 December 15, 2017  Breaches, Court, U.S., Workplace No Responses »

Jeffrey M. Schlossberg writes:

A data breach occurs in which an outside individual obtains your company’s employees’ W-2 forms including social security numbers, addresses, and salary information. As a result, your company notifies all affected employees, explains what occurred, and offers a complimentary two-year membership to a service that helps detect misuse of personal information.   Is your company liable for negligence and breach of contract?

The answer may be, “yes,” according to a federal district court in Kentucky. Savidge v. Pharm-Save, Inc. (W.D. Ky. Dec. 1, 2017).  In Savidge, the plaintiffs alleged various state law claims that their former employer was liable due to the theft of their personally identifiable information (“PII”).  With regard to one plaintiff, the data breach resulted in a false tax return being filed on her behalf.

Read more on Jackson Lewis Workplace Privacy, DataManagement & Security Report