Get started
Garnter Peer Reviews
Garnter Peer Reviews
Garnter Peer Reviews

Garnter Peer Reviews
Garnter Peer Reviews
Menu
Get started
Blog header general

Privacy 2014-2015: data breaches, doxxing and eDiscovery

Jeffrey Wolff
Jan 7, 2015, 9:57:43 AM

Here are some of the issues and events I’ve been tracking in the nexus between eDiscovery and privacy. To predict the future, one only needs to look to what is already happening.

The Sony hack released entire email stores and employee health data.

The tension is palpable between open access and privacy. FOIA disclosures with SSN’s and other personal data are finally beginning to decrease at the IRS according to Carl Malamud (@carlmalamud).

Seattle held a bodycam hackathon to develop an approach to redacting personal information generated by police body cameras.

Snapchat’s quick erase of photos did not really erase.

Uber’s use of location data created an uproar.

Doxxing became a vocabulary word, where personal data is dug up via social engineering, databanks and hacking and exposed on the internet, by hackers, ex’s and increasingly, journalists.

While peaceful protesters were creating visual evidence with cell phone cameras, militant protesters were advised to leave cell phones at home to beat location tracking and minimize metadata.

Verizon and ATT introduced perma-cookies, or super cookies tied to devices on their networks, while advertisers created cookies to follow web browsers. Some would call it spyware.

American surveillance leaders and the ABA are negotiating about privilege. British intelligence manuals explicitly allow such surveillance and attorneys are not happy.

The first wearable evidence (Fitbit) was announced in a Canadian personal injury case.

Privacy and data breaches continue to be under the oversight of many countries, states and agencies. The FTC takes the lead in the US. The EU is still considering whether to change the Safe Harbor where organizations self-certify about handling privacy and breaches to EU standards, and also to dramatically increase penalties. There is growing interest in privacy harmonization.

The tech industry organized to change surveillance and started resisting requests and orders for computer files. Microsoft refused to hand over data held in Ireland, Apple started to encrypt hard drives by default and Google enabled HTTPS.

California enacted several privacy laws effective Jan 1, 2015: Minors now have an “eraser button” similar to Google in the EU “Right to be forgotten”. Also enacted rules regarding student privacy, release of explicit materials, and recording of people where there is a “reasonable expectation of privacy.”

HIPAA business associate rules go into effect for service providers and law firms serving health related companies.

We’ll be discussing privacy at Legal Tech, with an all star panel, sponsored by Women in Ediscovery on February 5, 2015. Details to come for the registration, limited to the first 90 registrants.

You May Also Like

These Stories on GDPR