Open Access. Powered by Scholars. Published by Universities.®

Law Commons

Open Access. Powered by Scholars. Published by Universities.®

Articles 1 - 30 of 34

Full-Text Articles in Law

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes Jul 2022

The Three Laws: The Chinese Communist Party Throws Down The Data Regulation Gauntlet, William Chaskes

Washington and Lee Law Review

Criticism of the Chinese Communist Party (CCP) runs a wide gamut. Accusations of human rights abuses, intellectual property theft, authoritarian domestic policies, disrespecting sovereign borders, and propaganda campaigns all have one common factor: the CCP’s desire to control information. Controlling information means controlling data. Lurking beneath the People’s Republic of China’s (PRC) tumultuous relationship with the rest of the world is the fight between nations to control their citizens’ data while also keeping it out of the hands of adversaries. The CCP’s Three Laws are its newest weapon in this data war.

One byproduct of the CCP’s emphasis on controlling …


Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo Jun 2022

Gauging The Acceptance Of Contact Tracing Technology: An Empirical Study Of Singapore Residents’ Concerns With Sharing Their Information And Willingness To Trust, Ee-Ing Ong, Wee Ling Loo

Research Collection Yong Pung How School Of Law

In response to the COVID-19 pandemic, governments began implementing various forms of contact tracing technology. Singapore’s implementation of its contact tracing technology, TraceTogether, however, was met with significant concern by its population, with regard to privacy and data security. This concern did not fit with the general perception that Singaporeans have a high level of trust in its government. We explore this disconnect, using responses to our survey (conducted pre-COVID-19) in which we asked participants about their level of concern with the government and business collecting certain categories of personal data. The results show that respondents had less concern with …


Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa May 2022

Small Business Cybersecurity: A Loophole To Consumer Data, Matthew R. Espinosa

The Scholar: St. Mary's Law Review on Race and Social Justice

Small businesses and small minority owned businesses are vital to our nation’s economy; therefore legislation, regulation, and policy has been created in order to assist them in overcoming their economic stability issues and ensure they continue to serve the communities that rely on them. However, there is not a focus on regulating nor assisting small businesses to ensure their cybersecurity standards are up to par despite them increasingly becoming a victim of cyberattacks that yield high consequences. The external oversight and assistance is necessary for small businesses due to their lack of knowledge in implementing effective cybersecurity policies, the fiscal …


Individuals As Gatekeepers Against Data Misuse, Ying Hu Dec 2021

Individuals As Gatekeepers Against Data Misuse, Ying Hu

Michigan Technology Law Review

This article makes a case for treating individual data subjects as gatekeepers against misuse of personal data. Imposing gatekeeper responsibility on individuals is most useful where (a) the primary wrongdoers engage in data misuse intentionally or recklessly; (b) misuse of personal data is likely to lead to serious harm; and (c) one or more individuals are able to detect and prevent data misuse at a reasonable cost.

As gatekeepers, individuals should have a legal duty to take reasonable measures to prevent data misuse where they are aware of facts indicating that the person seeking personal data from them is highly …


Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori May 2020

Exploring Lawful Hacking As A Possible Answer To The "Going Dark" Debate, Carlos Liguori

Michigan Technology Law Review

The debate on government access to encrypted data, popularly known as the “going dark” debate, has intensified over the years. On the one hand, law enforcement authorities have been pushing for mandatory exceptional access mechanisms on encryption systems in order to enable criminal investigations of both data in transit and at rest. On the other hand, both technical and industry experts argue that this solution compromises the security of encrypted systems and, thus, the privacy of their users. Some claim that other means of investigation could provide the information authorities seek without weakening encryption, with lawful hacking being one of …


Healthy Data Protection, Lothar Determann May 2020

Healthy Data Protection, Lothar Determann

Michigan Technology Law Review

Modern medicine is evolving at a tremendous speed. On a daily basis, we learn about new treatments, drugs, medical devices, and diagnoses. Both established technology companies and start-ups focus on health-related products and services in competition with traditional healthcare businesses. Telemedicine and electronic health records have the potential to improve the effectiveness of treatments significantly. Progress in the medical field depends above all on data, specifically health information. Physicians, researchers, and developers need health information to help patients by improving diagnoses, customizing treatments and finding new cures.

Yet law and policymakers are currently more focused on the fact that health …


A New Frontier Facing Attorneys And Paralegals: The Promise & Challenges Of Artificial Intelligence As Applied To Law & Legal Decision-Making, Marissa Moran Jan 2020

A New Frontier Facing Attorneys And Paralegals: The Promise & Challenges Of Artificial Intelligence As Applied To Law & Legal Decision-Making, Marissa Moran

Publications and Research

Artificial Intelligence/AI invisibly navigates and informs our lives today and may also be used to determine a client’s legal fate. Through executive order, statements by a U.S. Supreme Court justice and a Congressional Commission on AI, all three branches of the United States government have addressed the use of AI to resolve societal and legal matters. Pursuant to the American Bar Association Model Rules of Professional Conduct[i] and New York Rules of Professional Conduct (NYRPC), [ii] the legal profession recognizes the need for competency in technology which requires both substantive knowledge of law and competent use of technology for …


Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran Feb 2019

Breaches Within Breaches: The Crossroads Of Erisa Fiduciary Responsibilities And Data Security, Gregg Moran

University of Miami Law Review

Although the drafters of the Employee Retirement Income Security Act of 1974 (“ERISA”) likely could not have anticipated the data security issues of the twenty-first century, ERISA’s duty of prudence almost certainly requires employee benefit plan fiduciaries to protect sensitive participant data in at least some manner. This Article suggests the Department of Labor should issue a regulation clarifying fiduciaries’ data security obligations. Given that fiduciaries are in the best positions to recognize their plans’ individual security needs and capabilities, the regulation should not attempt to micromanage fiduciaries’ substantive data security policies; rather, it should focus on the procedures by …


Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom Nov 2017

Who Are The Real Cyberbullies: Hackers Or The Ftc? The Fairness Of The Ftc’S Authority In The Data Security Context, Jaclyn K. Haughom

Catholic University Law Review

As technology continues to be an integral part of daily life, there lies an ever-increasing threat of the personally identifiable information of consumers being lost, stolen, or accessed without authorization. The Federal Trade Commission (FTC) is the U.S. government’s primary consumer protection agency and the country’s lead enforcer against companies subject to data breaches. Although the FTC lacks explicit statutory authority to enforce against data breaches, the Commission has successfully relied on Section 5 of the FTC Act (FTCA) to exercise its consumer protection power in the data security context. However, as the FTC continues to take action against businesses …


Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski Jan 2017

Standing After Snowden: Lessons On Privacy Harm From National Security Surveillance Litigation, Margot E. Kaminski

Publications

Article III standing is difficult to achieve in the context of data security and data privacy claims. Injury in fact must be "concrete," "particularized," and "actual or imminent"--all characteristics that are challenging to meet with information harms. This Article suggests looking to an unusual source for clarification on privacy and standing: recent national security surveillance litigation. There we can find significant discussions of what rises to the level of Article III injury in fact. The answers may be surprising: the interception of sensitive information; the seizure of less sensitive information and housing of it in a database for analysis; and …


Health Information Equity, Craig Konnoth Jan 2017

Health Information Equity, Craig Konnoth

Publications

In the last few years, numerous Americans’ health information has been collected and used for follow-on, secondary research. This research studies correlations between medical conditions, genetic or behavioral profiles, and treatments, to customize medical care to specific individuals. Recent federal legislation and regulations make it easier to collect and use the data of the low-income, unwell, and elderly for this purpose. This would impose disproportionate security and autonomy burdens on these individuals. Those who are well-off and pay out of pocket could effectively exempt their data from the publicly available information pot. This presents a problem which modern research ethics …


Cybersecurity Stovepiping, David Thaw Jan 2017

Cybersecurity Stovepiping, David Thaw

Articles

Most readers of this Article probably have encountered – and been frustrated by – password complexity requirements. Such requirements have become a mainstream part of contemporary culture: "the more complex your password is, the more secure you are, right?" So the cybersecurity experts tell us… and policymakers have accepted this "expertise" and even adopted such requirements into law and regulation.

This Article asks two questions. First, do complex passwords actually achieve the goals many experts claim? Does using the password "Tr0ub4dor&3" or the passphrase "correcthorsebatterystaple" actually protect your account? Second, if not, then why did such requirements become so widespread? …


The Privacy Policymaking Of State Attorneys General, Danielle K. Citron Dec 2016

The Privacy Policymaking Of State Attorneys General, Danielle K. Citron

Faculty Scholarship

Accounts of privacy law have focused on legislation, federal agencies, and the self-regulation of privacy professionals. Crucial agents of regulatory change, however, have been ignored: the state attorneys general. This article is the first in-depth study of the privacy norm entrepreneurship of state attorneys general. Because so little has been written about this phenomenon, I engaged with primary sources — first interviewing state attorneys general and current and former career staff, and then examining documentary evidence received through FOIA requests submitted to AG offices around the country.

Much as Justice Louis Brandeis imagined states as laboratories of the law, offices …


Just What The Doctor Ordered: Protecting Privacy Without Impeding Development Of Digital Pills, Amelia R. Montgomery Jan 2016

Just What The Doctor Ordered: Protecting Privacy Without Impeding Development Of Digital Pills, Amelia R. Montgomery

Vanderbilt Journal of Entertainment & Technology Law

Using technology, humans are receiving more and more information about the world around them via the Internet of Things, and the next area of connection will be the inside of the human body. Several forms of "digital pills" that send information from places like the human digestive tract or bloodstream are being developed, with a few already in use. These pills could stand to provide information that could drastically improve the lives of many people, but they also have privacy and data security implications that could put consumers at great risk. This Note analyzes these risks and suggests that short-term …


Taking Trust Seriously In Privacy Law, Neil Richards, Woodrow Hartzog Jan 2016

Taking Trust Seriously In Privacy Law, Neil Richards, Woodrow Hartzog

Faculty Scholarship

Trust is beautiful. The willingness to accept vulnerability to the actions of others is the essential ingredient for friendship, commerce, transportation, and virtually every other activity that involves other people. It allows us to build things, and it allows us to grow. Trust is everywhere, but particularly at the core of the information relationships that have come to characterize our modern, digital lives. Relationships between people and their ISPs, social networks, and hired professionals are typically understood in terms of privacy. But the way we have talked about privacy has a pessimism problem – privacy is conceptualized in negative terms, …


Anonymization And Risk, Ira S. Rubinstein, Woodrow Hartzog Jan 2016

Anonymization And Risk, Ira S. Rubinstein, Woodrow Hartzog

Faculty Scholarship

Perfect anonymization of data sets that contain personal information has failed. But the process of protecting data subjects in shared information remains integral to privacy practice and policy. While the deidentification debate has been vigorous and productive, there is no clear direction for policy. As a result, the law has been slow to adapt a holistic approach to protecting data subjects when data sets are released to others. Currently, the law is focused on whether an individual can be identified within a given set. We argue that the best way to move data release policy past the alleged failures of …


Implications For The Future Of Global Data Security And Privacy: The Territorial Application Of The Stored Communications Act And The Microsoft Case, Russell Hsiao Dec 2015

Implications For The Future Of Global Data Security And Privacy: The Territorial Application Of The Stored Communications Act And The Microsoft Case, Russell Hsiao

Catholic University Journal of Law and Technology

No abstract provided.


The Scope And Potential Of Ftc Data Protection, Woodrow Hartzog, Daniel J. Solove Jan 2015

The Scope And Potential Of Ftc Data Protection, Woodrow Hartzog, Daniel J. Solove

Faculty Scholarship

For more than fifteen years, the FTC has regulated privacy and data security through its authority to police deceptive and unfair trade practices as well as through powers conferred by specific statutes and international agreements. Recently, the FTC’s powers for data protection have been challenged by Wyndham Worldwide Corp. and LabMD. These recent cases raise a fundamental issue, and one that has surprisingly not been well explored: How broad are the FTC’s privacy and data security regulatory powers? How broad should they be?

In this Article, we address the issue of the scope of FTC authority in the areas of …


Unfair And Deceptive Robots, Woodrow Hartzog Jan 2015

Unfair And Deceptive Robots, Woodrow Hartzog

Faculty Scholarship

Robots, like household helpers, personal digital assistants, automated cars, and personal drones are or will soon be available to consumers. These robots raise common consumer protection issues, such as fraud, privacy, data security, and risks to health, physical safety and finances. Robots also raise new consumer protection issues, or at least call into question how existing consumer protection regimes might be applied to such emerging technologies. Yet it is unclear which legal regimes should govern these robots and what consumer protection rules for robots should look like.

The thesis of the Article is that the FTC’s grant of authority and …


Exposure Without Redress: A Proposed Remedial Tool For The Victimns Who Were Set Aside, Elizabeth T. Isaacs Jan 2015

Exposure Without Redress: A Proposed Remedial Tool For The Victimns Who Were Set Aside, Elizabeth T. Isaacs

Oklahoma Law Review

No abstract provided.


The Ftc And Privacy And Security Duties For The Cloud, Daniel J. Solove Jan 2014

The Ftc And Privacy And Security Duties For The Cloud, Daniel J. Solove

Faculty Scholarship

Third-party data service providers, especially providers of cloud computing services, present unique and difficult privacy and data security challenges. While many companies that directly collect data from consumers are bound by the promises they make to individuals in their privacy policies, cloud service providers are usually not a part of this arrangement. It is not entirely clear what, if any, obligations cloud service providers have to protect the data of individuals with whom they have no contractual relationship. This problem is especially acute because many institutions sharing personal data with cloud service providers fail to include significant privacy and security …


The Ftc And The New Common Law Of Privacy, Daniel J. Solove, Woodrow Hartzog Jan 2014

The Ftc And The New Common Law Of Privacy, Daniel J. Solove, Woodrow Hartzog

Faculty Scholarship

One of the great ironies about information privacy law is that the primary regulation of privacy in the United States has barely been studied in a scholarly way. Since the late 1990s, the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its authority to police unfair and deceptive trade practices. Despite over fifteen years of FTC enforcement, there is no meaningful body of judicial decisions to show for it. The cases have nearly all resulted in settlement agreements. Nevertheless, companies look to these agreements to guide their privacy practices. Thus, in practice, FTC privacy jurisprudence has become …


Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru Oct 2012

Limits Of The Federal Wiretap Act's Ability To Protect Against Wi-Fi Sniffing, Mani Potnuru

Michigan Law Review

Adoption of Wi-Fi wireless technology continues to see explosive growth. However many users still operate their home Wi-Fi networks in unsecured mode or use publicly available unsecured Wi-Fi networks, thus exposing their communications to the dangers of "packet sniffing," a technique used for eavesdropping on a network. Some have argued that communications over unsecured Wi-Fi networks are "readily accessible to the general public" and that such communications are therefore excluded from the broad protections of the Federal Wiretap Act against intentional interception of electronic communications. This Note examines the Federal Wiretap Act and argues that the current Act's treatment of …


Known And Unknown, Property And Contract: Comments On Hoofnagle And Moringiello, James Grimmelmann Oct 2010

Known And Unknown, Property And Contract: Comments On Hoofnagle And Moringiello, James Grimmelmann

Cornell Law Faculty Publications

In addition to gerund-noun-noun titles and a concern with the misaligned incentives of businesses that handle consumers' financial data, Chris Hoofnagle's Internalizing Identity Theft and Juliet Moringiello's Warranting Data Security share something else: hidden themes. Hoofnagle's paper is officially about an empirical study of identity theft, but behind the scenes it's also an exploration of where we draw the line between public information shared freely and secret information used to authenticate individuals. Moringiello's paper is officially a proposal for a new warranty of secure handling of payment information, but under the surface, it invites us to think about the relationship …


There Is A Time To Keep Silent And A Time To Speak, The Hard Part Is Knowing Which Is Which: Striking The Balance Between Privacy Protection And The Flow Of Health Care Information, Daniel J. Gilman, James C. Cooper Jan 2010

There Is A Time To Keep Silent And A Time To Speak, The Hard Part Is Knowing Which Is Which: Striking The Balance Between Privacy Protection And The Flow Of Health Care Information, Daniel J. Gilman, James C. Cooper

Michigan Telecommunications & Technology Law Review

Health information technology (HIT) has become a signal element of federal health policy, especially as the recently enacted American Recovery and Reinvestment Act of 2009 (Recovery Act or ARRA) comprises numerous provisions related to HIT and commits tens of billions of dollars to its development and adoption. These provisions charge various agencies of the federal government with both general and specific HIT-related implementation tasks including, inter alia, providing funding for HIT in various contexts: the implementation of interoperable HIT, HIT-related infrastructure, and HIT-related training and research. The Recovery Act also contains various regulatory provisions pertaining to HIT. Provisions of the …


Best Practices And The State Of Information Security, Kevin Cronin Jun 2009

Best Practices And The State Of Information Security, Kevin Cronin

Chicago-Kent Law Review

The forces of globalization, together with widely available industry standards and best practices, and heightened state legislative activity, are driving the U.S. towards a more unified approach to data security. But the success of this unified approach requires more than free market efficiency and innovation. In order to maintain a state of evolutionary equilibrium in the global information economy, the U.S. must move from a fragmented approach towards data security and privacy standards, towards a more comprehensive set of standards with new penalties and effective enforcement, to better reflect the inherent value of personal data in today's global marketplace.


Returning To A Principled Basis For Data Protection, Gus Hosein Jun 2009

Returning To A Principled Basis For Data Protection, Gus Hosein

Chicago-Kent Law Review

Society must remain conscious of both pragmatic and principle-based rationales for information security rules. The identity card debate in the United Kingdom provides an example of exactly why a governmental information security approach that is sensitive to civil liberties would be the best approach to data protection. In contrast, we should be cautious of a balancing test that places security in parity with civil liberties and, therefore, erroneously allows pragmatism to triumph over principle.


Reasons Why We Should Amend The Constitution To Protect Privacy, Deborah Pierce Jun 2009

Reasons Why We Should Amend The Constitution To Protect Privacy, Deborah Pierce

Chicago-Kent Law Review

Threats to consumer privacy are many, and varied. Some threats come from corporate entities such as data aggregators and social networking sites; while others come from panoptics government surveillance systems such as Secure Flight. Not only can the data be compromised, but consumers may be adversely affected by incorrect information in their files. The time may be right to explicitly protect privacy via a constitutional amendment to the U.S. Constitution.


When Mobile Phones Are Rfid-Equipped - Finding E.U.-U.S. Solutions To Protect Consumer Privacy And Facilitate Mobile Commerce, Nancy J. King Jan 2008

When Mobile Phones Are Rfid-Equipped - Finding E.U.-U.S. Solutions To Protect Consumer Privacy And Facilitate Mobile Commerce, Nancy J. King

Michigan Telecommunications & Technology Law Review

New mobile phones have been designed to include delivery of mobile advertising and other useful location-based services, but have they also been designed to protect consumers' privacy? One of the key enabling technologies for these new types of phones and new mobile services is Radio Frequency Identification (RFID), a wireless communication technology that enables the unique identification of tagged objects. In the case of RFID-enabled mobile phones, the personal nature of the devices makes it very likely that, by locating a phone, businesses will also be able to locate its owner. Consumers are currently testing new RFID-enabled phones around the …


'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes Sep 2005

'Code' And The Slow Erosion Of Privacy, Bert-Jaap Koops, Ronald Leenes

Michigan Telecommunications & Technology Law Review

The notion of software code replacing legal code as a mechanism to control human behavior--"code as law"--is often illustrated with examples in intellectual property and freedom of speech. This Article examines the neglected issue of the impact of "code as law" on privacy. To what extent is privacy-related "code" being used, either to undermine or to enhance privacy? On the basis of cases in the domains of law enforcement, national security, E-government, and commerce, it is concluded that technology rarely incorporates specific privacy-related norms. At the same time, however, technology very often does have clear effects on privacy, as it …