DOCSLIB.ORG

1 02 Perfect FOIA 2020 Vision (Baron) IG World Spring 2019

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
1 02 Perfect FOIA 2020 Vision (Baron) IG World Spring 2019 American Society of Access Professionals National Training Conference July 22-24, 2019 Renaissance Capital View Hotel Arlington, Virginia Do You Have Perfect FOIA 2020 Vision? What are the New and Emerging Government Recordkeeping and access Issues Likely to Arise over the Next Decade? By Jason R. Baron Drinker Biddle “With permission to reprint from Spring 2019 edition of InfoGov World”. INFORMATION GOVERNANCE WORLD GDPR ONE YEAR OZ ALASHE ON ANALYTICS LATER W/ RICHARD HOGG & CYBERSECURITY ADVICE FROM LEADING IG EXPERTS JASON R. BARON ON RIM’S MAJOR THREAT NICOLAS ECONOMOU AI’S ROLE IN E-DISCOVERY SONIA LUNA ON COSO & RISK MANAGEMENT NATHANIEL PALMER IG & INTELLIGENT AUTOMATION JOHN ISAZA ON GLOBAL RIM HEIDI COMPLIANCE MAHER HER VISION FOR CGOC + IG & DATA PRIVACY BENCHMARKS VOL 1 • ISSUE 3 SUMMER 2019 INFOGOVWORLD.COM YOUR GLOBAL IG RESOURCE® PUBLISHER’S LETTER e are proud and pleased to bring BY LILLI GARCIA PHOTO you another spectacular issue! It is chocked full of engrossing content and keen insights from IG leaders. Our cover feature is an interview with CGOC’sW Executive Director, attorney Heidi Maher. Her story of her childhood in Iran, then immigrating to the US is intriguing; her rise to working in the Texas Attorney General’s office and then becoming a leading tech attorney is inspiring. And the story of how her parents met is quaint! We also feature two interviews from across the pond with keynote speakers at the annual MER Conference in Chicago. Oz Alashe, MBE, served as a leader in the British military and now applies his skills in leading a cybersecurity firm that leverages analytics and AI to prevent and detect threats. He offers some insights on looming cyber threats that you won’t want to miss. Nicolas Economou, the son of a diplomat who has traveled extensively, offers his discernments on AI governance and AI use in e-Discovery. Noted attorney and e-discovery expert Jason R. Baron provides a detailed look at ephemeral messaging and its threat to RIM. John Isaza, a leading attorney in the IG space, talks about his immigration from Columbia to Southern California, and his close friendship with fellow attorney and co-author John Jablonski. He then provides insights on global RIM compliance. Former ARMA President Fred Diers also contributed a provocative piece on RIM programs that every records management professional should read. We focus on data privacy heavily, especially in this issue. Richard Hogg, a leader in global privacy, gives us a look at GDPR a year after it went into effect, and our own Mark Driskill offers what he has uncovered about Metcalf, PhD, gives us a preview of the book he wrote GDPR as well. Also, Scott Allbert writes about what with several colleagues on blockchain in healthcare. financial institutions may not know about the impending Enjoy and learn! And please don’t forget to send us California Consumer Privacy Act. your topic ideas, opinions, and feedback – this is the IG Business process expert Nathaniel Palmer provides us community’s magazine and we strive to improve with with a clear view of the intersection of intelligent automation each issue. and IG. We also interviewed my friend Sonia Luna, CPA, who gives us expert insights on the COSO risk management For more information about becoming framework, cannabis compliance, and living in L.A. a Certified Records Manager or My longtime colleague at IMERGE Consulting, Certified Records Analyst Jim Just, and content analytics expert Brian Tuemmler, Robert Smallwood contact (518) 463-8644 or provide us with two viewpoints on cleaning up shared CEO & Publisher visit www.icrm.org drives with some very good advice. Again in this issue, data governance expert Merrill Albert gives us lessons on running a good DG program, and we are hoping the IG community picks up some of her tips. Tom Motzel writes about the rise of the Please send your comments, suggestions, and CDO and potential conflicts with the CISO; and David story ideas to me at [email protected] 4 INFOGOVWORLD.COM INFORMATION GOVERNANCE WORLD 5 INFORMATION GOVERNANCE WORLD YOUR GLOBAL IG RESOURCE® CONTENTS infogovworld.com INFORMATION GOVERNANCE REGULATORY COMPLIANCE EMERGING TECHNOLOGY VOLUME #1 IN SOCIETY 44 Law & Order: Interview with 64 Driving AI 10 ARMA Metro NYC Annual John Isaza, Esq. 65 AI Used to Transcribe Content ISSUE #3 Spring Conference 47 High Standards: Interview with 65 Future of Defense is AI SPRING 2019 11 The Annual AIIM Conference Sonia Luna, CEO and President at Aviva Spectrum INFORMATION GOVERNANCE INFORMATION GOVERNANCE HEALTHCARE BEST PRACTICES LEGAL & EDISCOVERY 66 Blockchain in Healthcare – 12 Mission Impossible 50 A.I. Governance: Interview Empowering Patients and by Jason R. Baron with Nicolas Economou Professionals by David Metcalf, PhD 67 Medical Bills Are Killing Americans INFORMATION PRIVACY RECORDS & INFORMATION 67 IG Leaders in Healthcare 16 GDPR One Year Later MANAGEMENT 68 Harvesting Computing Brainpower by Richard Hogg 52 Creating a Sustainable to Improve Healthcare CEO & PUBLISHER 19 Facebook Always Watching RIM Program – Fact or Fiction? 69 Artificial Intelligence in Healthcare Robert Smallwood 20 Cali Privacy Act to Hit by Fred Diers, CRM, FAI 70 Six Strategies to Consider When Financial Services Firms Implementing IG by Rita Bowen CHIEF OPERATING OFFICER the Hardest? by Scott Allbert DATA GOVERNANCE and Erin Head Baird Brueseke 22 GDPR’s First Birthday 56 Data Governance: Insights from by Mark Driskill the Field By Merrill Albert 72 INFORMATION GOVERNANCE CREATIVE DIRECTOR 57 What is Master Data Management? TRADE SHOWS Kenny Boyer INFORMATION SECURITY 24 An Interview with Cybersecurity CONTENT SERVICES 74 INFORMATION GOVERNANCE SENIOR EDITOR Leader Oz Alashe, MBE 58 Intelligent Automation & IG:The EVENTS Dan O’Brien 28 CSA’s Cloud Controls Matrix Critical Path to Digital Transformation Maps to Leading Frameworks by Nathaniel Palmer CONTRIBUTING EDITORS by Baird Brueseke 60 The Rise Of The CDO: 30 CIS Releases New Mobile Controls Conflicts Emerge With CISO Role? Mark Driskill, Martin Keen, Andrew Ysasi by Baird Brueseke by Tom Motzel CONTRIBUTING WRITERS COVER STORY ARCHIVING & LONG-TERM Merrill Albert, Scott Allbert, Jason Baron 32 The Visionary: Interview with DIGITAL PRESERVATION Rita Bowen, Baird Brueseke, Fred Diers Heidi Maher by Robert Smallwood 62 Newer Cloud-based Erin Head, Richard Hogg, Jim Just Check us out online Approaches Simplify David Metcalf, Tom Motzel, Nathaniel Palmer and sign up today for a ANALYTICS & INFONOMICS Digital Preservation Robert Smallwood, Brian Tuemmler 40 Clean-up content with Content free digital subscription to Analytics Technologies by Jim Just CONTRIBUTING PHOTOGRAPHERS Information Governance 42 Kick Start Your IG Program with Nikki Acosta, Lilli Garcia Content Cleanup by Brian Tuemmler Nate Kieser, Robert Smallwood, Christian Yi World magazine. SPECIAL THANKS TO INTERVIEWEES: Print subscriptions for Heidi Maher, Nicolas Econmou Sonia Luna, John Isaza, Oz Alashe the quarterly mag are $49/year, or $195 for five team members. ON THE COVER: Heidi Maher, Executive Director, Compliance, 2358 University Ave # 488, infogovworld.com Governance & Oversight San Diego, CA 92104 1.888.325.5914 888-325-5914 Council. Photo by Nikki Acosta, Magnetic Focus Photography. © 2019 InfoGov World Media LLC INFORMATION GOVERNANCE EDUCATION, NEWS & EVENTS: subscribe.infogovworld.com YOUR GLOBAL IG RESOURCE® 6 INFOGOVWORLD.COM OPERATIONALIZE Information Governance: YOUR PRIVACY PROGRAM A PRIMER O AUTOMATE GDPR ccording to the Sedona Conference, RECORD KEEPING Information Governance (IG) is about minimizing information risks and costs while maximizing information value. This is a compact way to convey the key aims of IG programs. The definition of IG can be distilled Afurther. An even more succinct “elevator pitch” definition of IG is, “security, control, and optimization” of information. This is a short definition that anyone can remember. It is a READINESS & PIA, DPIA & PbD DATA MAPPING COOKIE CONSENT & useful one for communicating the basics of IG to executives. ACCOUNTABILITY TOOL AUTOMATION AUTOMATION WEBSITE SCANNING To go into more detail: This definition means that An even more succinct information—particularly confidential, personal, or other Benchmark organizational Choose from pre-defined Populate the data flow Conduct ongoing scans of “elevator pitch” definition of IG is, readiness and provide screening questionnaires to inventory through websites and generate cookie sensitive information—is kept secure. “ executive-level visibility with generate appropriate record questionnaires, scanning banners and notices. It means that your organizational IG processes control “security, control, and optimization” detailed reports. keeping requirements. technologies or who has access to which information, and when. through bulk import. And it means that information that no longer of information. GDPR Articles 5 & 24 GDPR Articles 25, 35 & 36 GDPR Articles 6, 30 & 32 GDPR Articles 7 & 21 has business value is destroyed and the most valuable ” ePrivacy Directive Draft Regulation information is leveraged to provide new insights and value. In other words, it is optimized. DG includes data modeling and data security, and IG PROGRAMS REQUIRE CROSS FUNCTIONAL also utilizes data cleansing (or data scrubbing) to strip COLLABORATION out corrupted, inaccurate, or extraneous data and de- IG involves coordination between data privacy, information duplication, to eliminate redundant occurrences of data. security, IT, legal and litigation/e-discovery,
Load more

Recommended publications
  • ICO – Privacy Impact Assessment Handbook
    Using this handbook Part 1 – Background information Part 2 – The PIA process Appendix 1 – The PIA screening questions Appendix 2 – Data protection compliance checklist template Appendix 3 – PECR compliance checklist template Appendix 4 – Privacy strategies Using this handbook Back to ICO homepage Advice on using this handbook Because organisations vary greatly in size, the extent to which their activities intrude on privacy, and their experience in dealing with privacy issues makes it difficult to write a ‘one size fits all’ guide. The purpose of this handbook is to be comprehensive. It is important to note now that not all of the information provided in this handbook will be relevant to every project that will be assessed. The handbook is split into two distinct parts. Part I (Chapters I and II) are designed to give background information on the privacy impact assessment (PIA) process and privacy. Part II is a practical “how to” guide on the PIA process. The handbook’s structure is intended to enable a reader who is knowledgeable about privacy to quickly start working on the PIA. Background information on privacy and PIAs is provided for other readers who would like some general information prior to starting the PIA process. It is also important to note that some of the recommendations in this handbook may overlap with work which is being done to satisfy other requirements, such as information security and assurance, other forms of impact assessment or requirements to carry out broader consultations during the development of a project. A PIA does not have to be conducted as a completely separate exercise and it can be useful to consider privacy issues in a broader policy context.
    [Show full text]
  • Spotlight On… Protection of Sensitive Data Including Personal Information
    Spotlight On… Protection of Sensitive Data including Personal Information Purpose On Sept. 7, 2017 media reports indicated that a large American credit score bureau had been breached, exposing the personal information of millions of consumers in the U.S. and in the U.K. and potentially affecting 8,000 individuals in Canada. On November 28, 2017 the Canadian arm of this U.S. company posted information on its website indicating that an additional 11,670 Canadians had been affected by the breach, bringing the total number of Canadians affected to about 19,000. In response to CCIRC partner questions concerning this event, this product provides information on what organizations can do to reduce the risk of sensitive data, such as personal information, being exfiltrated from their organization. Information in this note includes: . The Canadian statutory definitions of personal information . Upcoming regulatory changes to data breach reporting in Canada . Examples of reported breaches of Canadian personal information . Tactics, techniques, and procedures employed to target Canadian personal information . Tips for safeguarding sensitive information . Advice from the Royal Canadian Mounted Police (RCMP) for individuals who believe their personal information may have been compromised What is “Personal Information”? According to the Office of the Privacy Commissioner of Canada (OPC), these are the statutory provisions relevant to the meaning of “Personal Information” in Canada: Section 2(1) of the Personal Information Protection and Electronic Documents
    [Show full text]
  • Annual Privacy Report
    U.S. DEPARTMENT OF JUSTICE ANNUAL PRIVACY REPORT THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER AND THE OFFICE OF PRIVACY AND CIVIL LIBERTIES OCTOBER 1, 2016 – SEPTEMBER 30, 2020 1 (MULTI) ANNUAL PRIVACY REPORT MESSAGE FROM THE CHIEF PRIVACY AND CIVIL LIBERTIES OFFICER I am pleased to present the Department of Justice’s (Department or DOJ) Annual Privacy Report, describing the operations and activities of the Chief Privacy and Civil Liberties Officer (CPCLO) and the Office of Privacy and Civil Liberties (OPCL), in accordance with Section 1174 of the Violence Against Women and Department of Justice Reauthorization Act of 2005. This report covers the period from October 1, 2016, through September 30, 2020. The Department’s privacy program is supported by a team of dedicated privacy professionals who strive to build a culture and understanding of privacy within the complex and diverse mission work of the Department. The work of the Department’s privacy team is evident in the care, consideration, and dialogue about privacy that is incorporated in the daily operations of the Department. During this reporting period, there has been an evolving landscape of technological development and advancement in areas such as artificial intelligence, biometrics, complex data flows, and an increase in the number of cyber security events resulting in significant impacts to the privacy of individuals. Thus, the CPCLO and OPCL have developed new policies and guidance to assist the Department with navigating these areas, some of which include the following:
    [Show full text]
  • What Is a Data Protection Officer? INTRODUCTION
    What is a Data Protection Officer? INTRODUCTION In the first in a series of linked articles about Data Protection Officers (DPOs) under the General Data Protection Regulation (GDPR), we take a detailed look at who exactly the Data Protection Officer is from the history of how the DPO evolved into a legally appointed position, essential information on fulfilling the role of a DPO, and a comparison with other data focussed senior executives within the organisation. The GDPR represents the most significant overhaul in 25 years of privacy and data protection law. With its extraterritorial scope, the GDPR covers every organisation no matter whether they are a company, charity, or government body providing they have dealings with EU-based consumers. Affected organisations are required to conduct a detailed review of their internal data protection policies and procedures to bring them in line with the GDPR. This includes supply-chain contracts, along with implementing robust mechanisms for data breach detection and reporting. An essential element of these preparations includes identifying if they are required to appoint a DPO. The primary role of the data protection officer (DPO) is to ensure their organisation processes personal data “of staff, customers, providers or any other individuals (referred to as data subjects) in compliance with the applicable data protection rules. European Data Protection Supervisor Freevacy | What is a Data Protection Officer? Page 1 CONTENTS Key facts about Page 3 Data Protection Officers History of the Page 4 Data Protection Officer How the GDPR sets out Page 5 the role of the DPO The European Data Page 7 Protection Board The role played by the Page 8 ICO regarding a DPO Comparing the role of the Page 9 DPO with other data roles The growing importance Page 11 of the DPO role Page 12 Available Courses KEY FACTS ABOUT DATA PROTECTION OFFICERS A role defined within the legislation, the DPO is the appointed person responsible for monitoring compliance with the GDPR.
    [Show full text]
  • Anonymity, Obscurity, and Technology: Reconsidering Privacy in the Age of Biometrics
    ANONYMITY, OBSCURITY, AND TECHNOLOGY: RECONSIDERING PRIVACY IN THE AGE OF BIOMETRICS JONATHAN TURLEY ABSTRACT For decades, cinematic and literary works have explored worlds without privacy: fishbowl societies with continual, omnipresent surveillance. For those worried about a post-privacy world, facial recognition technology and other biometric technology could well be the expanding portal to that dystopia. These technologies are rapidly transforming a society predicated on privacy into a diaphanous society where identity and transparency are defining elements. Biometric technology is perfectly suited to evade current privacy protections and doctrines because it presents new challenges to the existing legal framework protecting privacy. The greatest threat of this technological shift is to democratic activities—the very reason that countries such as China have invested so heavily into biometric surveillance systems. This Article explores how our traditional privacy notions fit into a new age of biometrics. It seeks to frame the debate on what values society’s notions of privacy protect, and how to protect them. After exploring prior approaches and definitions to privacy, it proposes a shift from an emphasis on anonymity to a focus on obscurity. The truth is that we now live in a “nonymous” world where our movements and associations will be made increasingly transparent. This Article concludes by recommending a comprehensive approach to biometric technology that would obscure increasingly available images and data while recasting privacy protections to fit a new and unfolding biometric reality. This obscurity will allow participation in society to continue unimpeded by the chilling effects created by the new technology. Without it, our democratic society will never be the same.
    [Show full text]
  • Data Protection 2017
    ICLG The International Comparative Legal Guide to: Data Protection 2017 4th Edition A practical cross-border insight into data protection law Published by Global Legal Group, with contributions from: Affärsadvokaterna i Sverige AB Hunton & Williams Bae, Kim & Lee LLC Koushos Korfiotis Papacharalambous LLC Bagus Enrico & Partners Lee and Li, Attorneys-at-Law Creel, García-Cuéllar, Aiza y Enríquez, S.C. LPS L@w Cuatrecasas Matheson Dittmar & Indrenius Mori Hamada & Matsumoto Drew & Napier LLC Osler, Hoskin & Harcourt LLP Ecija Abogados Pachiu & Associates ErsoyBilgehan Pestalozzi Attorneys at Law Ltd. Eversheds Sutherland Portolano Cavallo GANADO Advocates Gilbert + Tobin Rato, Ling, Lei & Cortés Lawyers GRATA International Rossi Asociados Hacohen & Co. Subramaniam & Associates (SNA) Herbst Kinsky Rechtsanwälte GmbH Wikborg Rein Advokatfirma AS The International Comparative Legal Guide to: Data Protection 2017 General Chapter: 1 All Change for Data Protection: The European Data Protection Regulation – Bridget Treacy & Anita Bapat, Hunton & Williams 1 Country Question and Answer Chapters: Contributing Editors 2 Australia Gilbert + Tobin: Melissa Fai & Alex Borowsky 7 Anita Bapat and Aaron P. Simpson, Hunton & Williams 3 Austria Herbst Kinsky Rechtsanwälte GmbH: Dr. Sonja Hebenstreit & Dr. Isabel Funk-Leisch 23 Sales Director Florjan Osmani 4 Belgium Hunton & Williams: Wim Nauwelaerts & David Dumont 34 Account Director 5 Canada Osler, Hoskin & Harcourt LLP: Adam Kardash & Brandon Kerstens 43 Oliver Smith 6 Chile Rossi Asociados: Claudia Rossi
    [Show full text]
  • MIXED STATE of READINESS for NEW CYBERSECURITY REGULATIONS in EUROPE French, German and UK Organisations Need More Clarity on Compliance Requirements for 2015-2017
    in association with SPECIAL REPORT MIXED STATE OF READINESS FOR NEW CYBERSECURITY REGULATIONS IN EUROPE French, German and UK organisations need more clarity on compliance requirements for 2015-2017 Survey conducted by IDG Connect on behalf of FireEye Role: Decision Maker Segment: European Organisations Orientation: General Education Region: UK, France, Germany SECURITY REIMAGINED in association with SPECIAL REPORT Mixed State of Readiness for New Cybersecurity Regulations in Europe Organisations Better Prepared for NIS than GDPR Cost and Complexity Remain Significant Challenges 2. NIS GDPR 8% EXECUTIVE 50% 44% 18% 39% SUMMARY 23% 27% 37% 23% 25% 12% 20% 11% 18% 9% 5% 6% 0% A B C D Incident Reporting Process Requirements Policy Complexity A - All Required Measures are in Place Implementation Costs B - Most Required Measures are in Place New Hardware/Software Investment Requirements C - Some Required Measures are in Place Sourcing Sufficient Expertise D - No Required Measures are in Place Pre-enforcement Confirmation of Systems, Processes and Policies Incident Reporting Timeframe Requirements The majority of those in France, Germany and the UK still have work to do in implementing sufficient security measures to meet new requirements Investment in new hardware and software to support mandated by new EU Networking and Information NIS/GDPR compliance initiatives is seen as the biggest Security (NIS) and General Data Protection challenge to IT departments, closely followed by Regulation (GDPR) which will come into force in the implementation costs and more complex next two to three years. security policies. in association with SPECIAL REPORT Mixed State of Readiness for New Cybersecurity Regulations in Europe 2a.
    [Show full text]
  • Protecting the Privacy of Canadians: Review of the Privacy Act
    PROTECTING THE PRIVACY OF CANADIANS: REVIEW OF THE PRIVACY ACT Report of the Standing Committee on Access to Information, Privacy and Ethics Blaine Calkins Chair DECEMBER 2016 42nd PARLIAMENT, 1st SESSION Published under the authority of the Speaker of the House of Commons SPEAKER’S PERMISSION Reproduction of the proceedings of the House of Commons and its Committees, in whole or in part and in any medium, is hereby permitted provided that the reproduction is accurate and is not presented as official. This permission does not extend to reproduction, distribution or use for commercial purpose of financial gain. Reproduction or use outside this permission or without authorization may be treated as copyright infringement in accordance with the Copyright Act. Authorization may be obtained on written application to the Office of the Speaker of the House of Commons. Reproduction in accordance with this permission does not constitute publication under the authority of the House of Commons. The absolute privilege that applies to the proceedings of the House of Commons does not extend to these permitted reproductions. Where a reproduction includes briefs to a Standing Committee of the House of Commons, authorization for reproduction may be required from the authors in accordance with the Copyright Act. Nothing in this permission abrogates or derogates from the privileges, powers, immunities and rights of the House of Commons and its Committees. For greater certainty, this permission does not affect the prohibition against impeaching or questioning the proceedings of the House of Commons in courts or otherwise. The House of Commons retains the right and privilege to find users in contempt of Parliament if a reproduction or use is not in accordance with this permission.
    [Show full text]
  • Law Enforcement & Unmanned Aircraft Systems
    Community Policing & Unmanned Aircraft Systems (UAS) Guidelines to Enhance Community Trust Maria Valdovinos James Specht Jennifer Zeunik This project was supported by cooperative agreement number 2013-CK-WX-K002 awarded by the Office of Community Oriented Policing Services, U.S. Department of Justice. The opinions contained herein are those of the author(s) and do not necessarily represent the official position or policies of the U.S. Department of Justice. References to specific agencies, companies, products, or services should not be considered an endorsement by the author(s) or the U.S. Department of Justice. Rather, the references are illustrations to supplement discussion of the issues. This document contains preliminary analysis that is subject to further review and modification. It may not be quoted or cited and should not be disseminated further without the express permission of the Police Foundation or the U.S. Department of Justice. Any copyright in this work is subject to the Government’s Unlimited Rights license as defined in FAR 52-227.14. The reproduction of this work for commercial purposes is strictly prohibited. Nongovernmental users may copy and distribute this document in any medium, either commercial or noncommercial, provided that this copyright notice is reproduced in all copies. Nongovernmental users may not use technical measures to obstruct or control the reading or further copying of the copies they make or distribute. Nongovernmental users may not accept compensation of any manner in exchange for copies. All other rights reserved. The Internet references cited in this publication were valid as of the date of this publication.
    [Show full text]
  • Data Privacy in the Workplace
    Chapter Twenty-Seven Data Privacy Issues in Privacy Data the Workplace Chapter Twenty-Seven DATA PRIVACY IN THE WORKPLACE 945 Copyright © 2016 FordHarrison LLP. All rights reserved. Chapter Twenty-Seven DATA PRIVACY ISSUES IN THE WORKPLACE Table of Contents I. INTRODUCTION .................................................949 II. DATA BREACH NOTIFICATION REQUIREMENTS ........................950 A. Proposed Personal Data Notification & Protection Act .......................950 B. Prevention of a Data Breach ...........................................951 III. DATA PRIVACY AND SECURITY LAWS................................952 A. Federal Laws Addressing Data Privacy and Security ........................952 B. State Data Privacy Laws..............................................957 IV. EMPLOYEE MONITORING .........................................961 A. Monitoring Electronic Communications, Internet and Computer Usage. .........961 B. The SCA . 965 C. Employees’ Privacy Rights ............................................968 D. State Laws Restricting Employer Access to Employees’ Social Media . 970 E. Monitoring Telephone Conversations ....................................971 F. Video Monitoring of Employees ........................................972 G. Employee Tracking Devices ...........................................972 V. BYOD PROGRAMS...............................................974 A. Data Security Issues.................................................974 B. E-Discovery Issues ..................................................976 C.
    [Show full text]
  • Reflections on Reform of the Federal Privacy Act
    Reflections on Reform of the Federal Privacy Act David H. Flaherty* June 2008 *Privacy and Information Policy consultant, Victoria, BC; Professor Emeritus, University of Western Ontario; 1st Information and Privacy Commissioner for British Columbia; author of Protecting Privacy in Surveillance Societies: The Federal Republic of Germany, Sweden, France, Canada, and the United States (1989). 1 “Today's commonplace information technologies — the Internet and new surveillance technologies such as digital video, linked networks, global positioning systems, black boxes in cars, genetic testing, biometric identifiers and radio frequency identification devices (RFIDs) — did not exist when the federal Privacy Act came into force in 1983. Characterizing the current Act as dated in coping with today's realities is an understatement — the Act is tantamount to a cart horse struggling to keep up with technologies approaching warp speed.”1 “The federal Privacy Act is woefully deficient as a vehicle for protecting the privacy rights of Canadians. Time and again, Privacy Commissioners and privacy advocates have called for a thorough review and modernization of the legislation. The Privacy Act contains no effective mechanism to deal strategically with complaints, requiring that every complaint be examined – a potentially overwhelming, but unnecessary, burden. The Act was drafted well before the extensive penetration of computing power and surveillance technology into our lives. It was drafted long before the era of globalization and the extensive sharing of personal information across borders with corporations, with governments, and indirectly through corporations to foreign governments. It was drafted long before the era when the word terrorism began to fall from everyone’s lips amid calls for ever greater amounts of personal information in the quest to enhance personal and national security.”2 “The Privacy Act is at the hub of the informational relationship between state agencies and individuals.
    [Show full text]
  • Guide to Privacy, the Freedom of Information Act, and Records Management
    Summary of Changes Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management Handbook AS-353, Guide to Privacy, the Freedom of Information Act, and Records Management, has been updated with Postal Bulletin articles through February 6, 2014 as follows: The chapter, subchapter, in Postal part, Bulletin with an appendix, or issue issue date section... titled... was... number... of.... Appendix — Privacy Act System of Records Section E Complete Text of revised to account for the collection of 22382 2-6-14 Systems of Records applicant ID numbers from applicants who file an inquiry or complaint. Guide to Privacy,Transmittal the FreedomLetter of Information Act, and Records Management Handbook AS-353 February 2014 Transmittal Letter A. Introduction. Key strategies of the Postal Service’s Transformation Plan are to achieve growth by adding value for customers and to improve the workplace environment. The proper collection, use, and protection of customer and employee information are key parts of that value proposition. B. Instructions. This handbook replaces the original publication dated September 2005. C. Explanation. This handbook provides direction and guidance for Postal Service™ employees, suppliers, or other authorized users with access to Postal Service records and information resources. The handbook also provides direction and guidance for customers, employees, suppliers, or other individuals about how their information is collected, maintained, used, disclosed, and safeguarded. This version of the handbook includes a completely revised appendix of Privacy Act systems of records, as last published in their entirety in the Federal Register. In addition, chapters 1 through 4 were revised to clarify current procedures.
    [Show full text]