Join New York City's Chief Privacy Officer, Mike Fitzpatrick. Explore the role of a city's CPO. Cities must balance the interests of personal privacy and municipal operations, while complying with open records and other federal and state laws. Municipalities collect, use, and share vast databases of personally identifiable information (PII). They use PII to deter crime, advance public safety, and serve public health and other needs. Like everyone, cities can be cyber attack targets and victims o...
Jan 16, 2025•16 min
The Data Privacy Detective returns from a short sabbatical to recommend a New Year's Resolution for 2025 - make this the Year of the Passkey. Data privacy best practice moved from passwords to multi-factor authentication. But this has not stopped the increasing online theft of assets and identities. Password-based technology is failing to stem financial and other losses that increase each year. Passkeys are on the rise. A passkey is a form of authentication technology that simplifies our online ...
Jan 02, 2025•10 min
The United States has three major credit bureaus - Experian, Equifax, and TransUnion. How they score individuals has a major impact on their lives. Credit scores can raise interest rates to double what an excellent rating would produce and can result in inability to borrow or have a credit card. How the credit rating system works is hidden to most people. The Detective turns his spyglass to how the big three credit bureaus use false data, employ algorithms that inaccurately report credit risk, a...
Oct 24, 2024•17 min
October is Cybersecurity Awareness Month. For our personal data this Halloween, will it be trick or treat? In Episode 185, we explore one of the most private of all U.S. organizations - the law firm - to assess the security of private personal information. The American Bar Association reports that a quarter of all law firms have been the victim of a data breach and that 40% were not aware that they were attacked. What do insurance companies that serve law firms recommend as best cybersecurity pr...
Oct 10, 2024•15 min
Two major data privacy developments from September 2024: a Staff Report from the FTC and California's new statute about brain data. Tune in to Episode as the Data Privacy Detective provides meaning beneath the headlines. Neither of these was front page stuff. But each is more newsworthy than what company was sued for a data breach or whose privacy was invaded by a hacker. Staff reports are seldom covered as news. But the FTC staff report of September 19, 2024 is essential groundwork for regulati...
Oct 03, 2024•18 min
When clouds gather, we prepare for storms, sometimes hurricanes. In a data world that is increasingly multi-cloud, how can we protect data that is ever more susceptible to attack by mal-actors? Enter Identity Orchestration (IO) and Identity and Access Management (IAM). Eric Olden, author of "Identity Orchestration for Dummies" - https://www.strata.io/resources/whitepapers/identity-orchestration-for-dummies/ - and CEO of Strata.io, explains IO and IAM and why it is essential that privacy by desig...
Sep 26, 2024•25 min
Today's automobiles and trucks are more than transport vehicles. Filled with computer technology,cars and trucks are data collectors and transmitters - and a potential way for hackers to steal personal information and invade privacy. The expansive use of technology in vehicles creates risks of identity theft, invasion of privacy, and even the ability to take over a vehicle's operation for tragic purposes. A September 6, 2024 American Automobile Association post, How to Protect Your Car from Cybe...
Sep 19, 2024•20 min
Tune in for our August 2024 roundtable about three hot data privacy developments. Yugo Nagashima and Brio St. Amour join the Data Privacy Detective to plumb meaning beneath the headlines: The Netherland Data Protection Authority fines Uber 290 million Euros for data transfers of sensitive private information. Minnesota adopts a data privacy code. Data brokers emerge from the shadows after an enormous database hack and a call to action. Consider what happens when the European Court of Justice inv...
Sep 05, 2024•22 min
We turn our magnifying glass to what some August 2024 headlines call the biggest data breach in history. One report said the entire population of the United States, Canada, and United Kingdom was hacked, with up to 2.9 billion people's identities at risk. On closer inspection, it appears that 2.9 billion rows of data were packaged and posted for sale on the dark web for $3.5 million. Social Security numbers and other personally identifiable information were exposed, including between 100 and 300...
Aug 22, 2024•15 min
Microsoft announced at an April 2024 IAPP conference a preview offering called Microsoft Priva. Described as a platform that helps organizations automate how they handle and deal with personal information, Priva aims to "streamline compliance across on-premises, hybrid and multicloud environments." https://www.microsoft.com/en-us/security/business/microsoft-priva Episode 179 explores Priva as a measure of where we are on data privacy infrastructure in mid-2024. Organizations collect, process, us...
Aug 15, 2024•16 min
Calendar scheduling—it can be simplified with third-party apps that schedule meeting times without a lot of back and forth. But third-party apps that do such scheduling entail significant privacy risks and choices. Using Calendly as an example, we explore in Episode 178 what happens when we allow a third-party app to connect through our IT platform, in this case that of Google. Google provides ample information and details about allowing third-party apps to connect through a Google sign-in. http...
Aug 08, 2024•18 min
Join Brion St. Amour, Yugo Nagashima, and the Detective to review three top data privacy developments from July 2024. Our monthly review focuses on these topics: Automobiles - Are they spying on us without our consent? A letter from Senators Wyden and Markey to the U.S. Federal Trade Commission (FTC) asks for transparency and data protection from auto makers and those who share vehicle use data. What's going on here? AI safety and the search for standards - On July 26, the U.S. Department of Com...
Aug 01, 2024•23 min
It's time for standards about data provenance. Unless information is reliable and trustworthy - and able to be used properly - datasets hold doubtful value. Yet, datasets are the foundation of Artificial Intelligence. Standards for the provenance of data are thus essential, as Episode 175 explored. Enter the June 2024 release of Data Provenance Standards of the Data & Trust Alliance, or D&TA. https://dataandtrustalliance.org/work/data-provenance-standards Standards covering the Source, P...
Jul 25, 2024•22 min
Artificial intelligence is not new. But now an acronym in common usage, AI is dominating markets, politics, industry, and our attention. And its use affects personal privacy. Let's take a couple examples. Bathsheba was the mother of Solomon in Torah and biblical days. Solomon's father was King David. tIf you ask Google's Gemini what ethnicity was Bathsheba, you'll get an answer that this is uncertain but she probably was Hebrew. We can't ask her, because she died about three millenia ago. But wh...
Jul 18, 2024•13 min
When the Chairs of Senate and House committees, one a Democrat and one a Republican, agree on a comprehensive and thorough federal data privacy statute, one might guess it will be enacted - or at least move forward to votes on amendments and packaged into a final form. Proposed by House Energy & Commerce Committee Chair Cathy McMorris Rodgers and Senate Commerce Committee Chair Maria Cantwell, the APRA offers the most comprehensive bipartisan approach yet to a comprehensive national data pri...
Jul 04, 2024•14 min
The U.S. Defense Department is forcing its contractors and subcontractors to upgrade their cybersecurity practices through CMMC version 2.0. CMMC is shorthand for Cybersecurity Maturity Model Certification. This affects virtually all suppliers to DOD that deal in Controlled Unclassified Information. 2.0 sets demanding cybersecurity standards in an ongoing effort to protect digital data from spies, hackers, thieves, and unwanted disclosures. Learn CMMC 2.0 basics and how it may be setting a 2024 ...
Jun 13, 2024•18 min
Vermont joined the "we have a data privacy code" group - almost a third of U.S. states now with a statute devoted to personal data privacy. Illinois modifies its code on biometrics to soften business costs of compliance. DataGrail's 2024 Data Privacy Trends report focuses on a surge in data subject requests. Join Yugo Nagashima of Frost Brown Todd, Brion St. Amour of the Wabash Marketplace, and the Data Privacy Detective for an update on May 2024 developments. Tune in to see how Vermont provides...
Jun 06, 2024•24 min
Privacy statements - how can one be written that applies globally? That seems like an impossible, even hopeless, challenge. Laws change regularly, even within countries and groupings like the EU. Rules differ. There are no "international" laws making data privacy a commonly regulated matter. This episode presents an approach to a comprehensive data privacy statement that can be used globally. Consider the essential elements. Express principles and practices that encompass the diversity of regula...
May 30, 2024•24 min•Ep. 171
Skimming—once defined as an internal business fraud of insiders taking money off the top of a company's cash flow. E-skimming - the growing theft of personal digital information to steal funds and benefits from individuals. A May 22, 2024 New York Times report focused on how food stamp holders are victimized by crime rings when their benefit cards are hijacked through e-skimming. Episode 170 explores how thieves collect card and PIN numbers to steal what the FBI estimates to be $1 billion a year...
May 23, 2024•19 min•Ep. 170
How do organizations convert leads into revenue? How can they do this effectively while being privacy-conscious, not bombarding people with unwanted cold calls or messages? In Episode 169, the Data Privacy Detective converses with Thomas Ryan, CEO and founder of Bigly Sales. https://biglysales.com . Learn how the sales industry is undergoing rapid transformation, how it is beginning to use Artificial Intelligence to shape conversations that turn leads into customers, while being respectful of in...
May 09, 2024•18 min
Progress towards a U.S. federal data privacy code? Consider the APRA, a bipartisan congressional effort in that direction - and its hot spots and chances. Learn about the Maryland Online Data Privacy Act and how it challenges big tech's preferences. Discover what Max Schremms, AI, and birthdays have in common. Episode 169 explores these topics from April 2024 in fifteen minutes. Join Yugo Nagashima of Frost Brown Todd LLP in conversation with the Data Privacy Detective for this monthly update on...
May 02, 2024•24 min
In April 2024 Colorado became the first U.S. state to declare neural data - what goes on in our brains - to be "sensitive data" subject to its Privacy Act. Neural data will be treated the same as medical and other sensitive data such as fingerprints and facial images. The law will permit individuals to access, delete and correct their neural data. It will require organizations collecting neural data to obtain prior consent and disclose what they will do with it . https://leg.colorado.gov/sites/d...
Apr 25, 2024•16 min•Season 2Ep. 167
For about ten years, Estonia has pioneered a digital ID system for its 1.3 million citizens. Every Estonian receives a digital identity at birth or later. Estonians use this e-ID for a host of interactions with government and the private sector. The e-ID is not guarded zealously like a U.S. Social Security number. Instead, it is a kind of public key, with personal information about the individual held separately and securely. Is Estonia's e-ID system helpful or hurtful to individual privacy? Thi...
Apr 18, 2024•14 min•Season 2Ep. 166
Our medical and health data are valuable - both to promote public health and to enrich data brokers selling our sensitive personal information without our consent. HIPAA is the U.S. federal statute intended to safeguard our medical information - but it does not cover many of the ways our information is released and shared, with unintended consequences and risks. Episode 165 considers the difference between PI and PII and how organizations and individuals can safeguard our health information. Lea...
Apr 11, 2024•14 min•Season 2Ep. 165
Episode 164 covers three March 2024 developments: Florida bans social media platform accounts of children under 14 - and more; Illinois modifies its pioneering biometrics laws; and President Biden and the House of Representatives act together about the sale of personal information to countries "of concern." Consider how social media platforms are affected by Florida's new effort to limit social media use by most minors - and how this creates privacy risks in an unintended way. https://www.flsena...
Apr 04, 2024•28 min•Season 2Ep. 164
Identity Orchestration - the difference between Identity and ID. Join Gerry Gebel, IT veteran, now Head of Standards at Strata Identity - https://strata.io . Gerry leads an effort to develop Identity Query Language, a policy orchestration standard. Strata Identity pioneered the concept of Identity Orchestration, which helps organizations integrate and control incompatible identity systems. Consider the state of data privacy today in a dizzying world of information flows. Can separating credentia...
Mar 28, 2024•15 min•Season 2Ep. 163
From the day of birth, and perhaps even earlier, we become public data subjects. Without our express consent, our personal information is collected and poured out like salt from a shaker because of public records laws. There has been little federal attention to this for 50 years, and state laws vary. Tune in for an exploration of many ways in which we are data public beyond our personal control. Is it time to consider a change? Whether it's to document major life events, property purchases, voti...
Mar 21, 2024•13 min•Season 2Ep. 162
Privacy - "freedom from unauthorized invasion," says Webster's Collegiate Dictionary, or "the quality or state of being apart from company or observation." The Detective did not authorize an online onslaught. But every day my computer and phone are bombarded with unsolicited ads and messages. My digital space is invaded by demands for my attention. I'm forced constantly to declutter. I try to swat away these pests, like waving arms at mosquitoes in a smarmy jungle. Advertising, promotions, socia...
Mar 07, 2024•14 min•Season 2Ep. 161
Join Yugo Nagashima, data privacy and technology attorney at Frost Brown Todd, as he and the Data Privacy Detective discusses two major topics from February 2024. Learn how DoorDash and California settled a dispute under California's privacy law that raises important issues for business and consumers. DoorDash was accused of failing to inform customers about its providing their personal information to marketing co-operative members, which then sent targeted advertisements to the customers. Calif...
Feb 29, 2024•21 min•Season 2Ep. 160
Who doesn't like cookies? When a website posts a notice about cookies, that sounds like a free offer for something good. But cookies on the internet are not good or bad. They aren't cookies at all in any real sense. They are simply embedded technology that attract and use information about us and what we do on a website. Aside from software that enables a website to function, many "cookies" - let's change their name right now to "Collectors" - grab, share, sell, and use our personal information....
Feb 22, 2024•14 min•Season 2Ep. 159
