data privacy

Ruth Reader, writing for VentureBeat, reports that, in 2014, healthcare providers made up nearly one-third of all data breaches: "Hot medical identities can sell for as little as $50, according to a report issued earlier this year by the FBI. With more and more hospitals moving to electronic health records and healthcare breaches on the rise, its hard to see how this problem won’t become more widespread in the coming year." Reader also points out that, unlike for financial breaches, it is much harder to prove that a consumer didn't receive medical services on their records.

Microsoft is fighting a U.S. warrant for data stored overseas in Ireland, Corporate Counsel reports. The outcome of the litigation could have big implications for cloud computing and data privacy.

Microsoft argues that the warrant doesn't extend to data stored on servers located overseas, while the U.S. government said that the pre-cloud computing-era Stored Communications Act gives it access, Corporate Counsel also reports. 

Arguments on the dispute are set to be heard Thursday.

Shawn DuBravac, chief economist of the Consumer Electronics Association, posits in Techdirt that the U.S. Supreme Court's rulings that warrants are needed before police may search criminal suspects' cellphones has struck the first blow to protect digital privacy in the era of the Internet of Things, or physical objects being connected to the Internet like smart thermostats, coffee pots and refrigerators: the decision "comes at just the right time, because it's not just our phones that are getting smart. Soon, just about everything we touch will capture data about us. Our cars. Our watches. Our clothing. The fundamental privacies at stake in this ruling transcend far beyond phones. The Supreme Court needed to write its decision with the bigger picture in mind, and it did."

ProPublica's Julia Angwin reported this week on how marketers' tracking of customers is getting more intrusive: "Online marketers are increasingly seeking to track users offline, as well, by collecting data about people's offline habits—such as recent purchases, where you live, how many kids you have, and what kind of car you drive."

Angwin goes on to explain how it works: after sharing your e-mail address with a store, a marketer locates customers online when they use their email addresses to log into websites, then a marketer tags customers' computers with a tracker, and then when customers arrive at the website of the same story they will see a site customized to them.

The Washington Post reported last week on how some federal magistrate judges are "balking at sweeping requests by law enforcement officials for cellphone and other sensitive personal data, declaring the demands overly broad and at odds with basic constitutional rights." For example, D.C. Magistrate Judge John M. Facciola, "deemed a law enforcement request for the entire contents of an e-mail account 'repugnant' to the U.S. Constitution," the Post also reports. He is an outlier but "part of a small but growing faction, including judges in Texas, Kansas, New York and Pennsylvanai, who have penned decisions seeking to check the reach of federal law enforcement power in the digital world."

The Wall Street Journal reports that research by the U.S. Senate Commerce Committee found that data brokers are maintaining health records as part of their massive data collection: "Marketers maintain databases that purport to track and sell the names of people who have diabetes, depression, and osteoporosis, as well as how often women visit a gynecologist."

There is little oversight of data brokers, including from the subjects of the data collection; we don't have the right to find out what type of data is collected about us or who buys the information about us.

"An industry which began in the 1970s collecting data from public records to help marketers send direct mail has become an engine of a global $120 billion digital-advertising industry, helping marketers deliver increasingly targeted ads across the web and on mobile phones," The Journal also reports.

Drug and Device Blog reports on a California Court of Appeal decision in which an intermediate appellate panel held that the California Confidentiality of Medical Information Act does not allow for plaintiffs to sue over the negligent maintenance of their confidential medical information unless their information was accessed wrongfully or without authorization.

In the underlying case, a doctor took home a hard drive containing the personal health information for 16,000 patients. The hard drive, as well as the encryption passcodes, were stolen, but no one knows if the thief viewed or tried to view the patients' personal health information.

Drug and Device Blog said the case has "broad appeal because the fact pattern is so typical of 'data security breach' lawsuits: Private information resides on a stolen hard drive or is sent off into the ether with nary an indication that anyone received, reviewed, used, or otherwise paid any attention to the information. At another level, such lawsuits (which are usually class actions) almost never articulate any credible basis that the plaintiffs suffered any actual harm."