Veterans, Data Privacy, Process of Advocacy, La America Latina, Homelessness, Mass Institutionalization, First Nations
Data Privacy
Federal Law on Data Privacy, data privacy policies, criminal records, meaningful remedies: Pardons, Expungement, Record Sealing
Data Privacy and Digital Records
Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men. --Ayn Rand
In 1968 the Federal Data Privacy Act passed into law and was subsequently amended following the debacle of Watergate. Over the course of the ensuing decade State Legislatures provided additional legislation governing data privacy. A wide range of further Federal privacy legislation has continued to be added to Federal Statue over the course of the ensuing decades right up to the present date, including the following;
Data mining is the intelligent search for new knowledge in existing masses of data. This article reviews what data mining technology can do and asks and answers the question, ‘Is data mining a violation of privacy that ought to be limited by law?’—tort law in the case of an individual actor and Fourth Amendment jurisprudence in the case of a state actor.Since data mining is a new technology and the existing data that are mined are presumed to be properly acquired, the answer would appear to be ‘No.’ However, we educe from three hypothetical cases of what might be called pre-technological data mining that our intuitions tell us that data mining is indeed a violation of privacy. We then review the case law—which does not agree with our intuitions—and briefly discuss alternative, technological means of protecting privacy in the face of advanced data mining techniques.
Abstract Today’s technical and legal landscape presents formidable challenges to personal data privacy. First, our increasing reliance on Web services causes personal data to be cached, copied, and archived by third parties, often without our knowledge or control. Second, the disclosure of private data has become commonplace due to carelessness, theft, or legal actions. Our research seeks to protect the privacy of past, archived data — such as copies of emails maintained by an email provider — against accidental, malicious, and legal attacks. Specifically, we wish to ensure that all copies of certain data become unreadable after a userspecified time, without any specific action on the part of a user, and even if an attacker obtains both a cached copy of that data and the user’s cryptographic keys and passwords. This paper presents Vanish, a system that meets this challenge through a novel integration of cryptographic techniques with global-scale, P2P, distributed hash tables (DHTs). We implemented a proof-of-concept Vanish prototype to use both the million-plus-node Vuze Bit-Torrent DHT and the restricted-membership OpenDHT. We evaluate experimentally and analytically the functionality, security, and performance properties of Vanish, demonstrating that it is practical to use and meets the privacy-preserving goals described above. We also describe two applications that we prototyped on Vanish: a Firefox plugin for Gmail and other Web sites and a Vanishing File application.
Health information is regarded as one of the most sensitive types of personal information1. For this reason it is important that appropriate legislation and policies are in place to provide protocols and guidance in relation to the collection and use of personal health information. Secondary use of data implies health data for use in activities outside of direct healthcare delivery including analysis, research, quality and safety measurement, and public health The General Practice Data Governance Council (GPDGC) has been established by peak general practice organisations to develop protocols to ensure that general practice clinical data provided to an agency outside a practice in which data is collected is used in accordance with relevant legislation, ethical principles and practice, and with appropriate informed consent. The GPDGC will promote the use of the GPDGC protocols to agencies that hold general practice data. This document sets out the data governance framework for data privacy. This paper highlights the relevant legislation that applies to the handling of personal health information and data. This includes the Health Records Act, the Privacy Act, the Healthcare Identifiers Act and Freedom of Information Act.
The LexisNexis Data Privacy Policy covers personally identifiable information received by LexisNexis, a division of Reed Elsevier, Inc. from its data suppliers, and which is distributed on the LexisNexis services. This personally identifiable information is contained in public records, publicly available information and non-public information (see definitions below). The LexisNexis Data Privacy Policy does not cover information that may be collected by LexisNexis from the user, whether online or offline. The LexisNexis Website Privacy Policy titled, “Privacy Notice – Your Privacy is Important to Us,” governs the collection of information from users of LexisNexis websites.
With the proliferation of privacy concerns raised by the mere mention of the term “data mining,” defining what data mining is and is not has become increasingly important. As recently defined by the U.S. Government Accountability Office (formerly the U.S. General Accounting Office) (GAO), data mining is “the application of database technology and techniques—such as statistical analysis and modeling—to uncover hidden patterns and subtle relationships in data and to infer rules that allow for the prediction of future results.” However, data warehousing, ad hoc inquiries/reporting, software agents, online analytical processes (OLAP), and data visualization alone do not constitute data mining. GAO acknowledges that the term “data mining” is ambiguous and, according to some experts in the field, overlaps with other types of analytical activities, such as data profiling, data warehousing, online analytical processing, and enterprise analytical applications.3 Examples of analytical approaches that fall within the generally accepted definition of data mining are decision trees, nearest neighbor classification, neural networks, rule induction, and k-means clustering.
The criminal record background check has become a ubiquitous part of American culture. As some observers have noted, “Today, background checking—for employment purposes, for eligibility to serve as a volunteer, for tenant screening, and for so many other purposes—has become a necessary, even if not always a welcome, rite of passage for almost every adult American.” A Society for Human Resource Management survey of employers, the results of which were published in January 2004, found that more than 80 percent conduct criminal background checks of prospective employees. Fifty-one percent of employers conducted such checks in 1996. The terrorist attacks of September 11, 2001, resulted in millions more criminal record checks being conducted routinely. Just weeks after the attacks, Federal Aviation Administration administrator Jane Garvey ordered criminal checks of up to 1 million workers with access to secure areas in the nation’s airports. The Patriot Act, enacted by Congress in October 2001, directed the criminal backgrounding of hazardous materials transporters. The process was expected to result in approximately 3.5 million checks each year. Similar checks were contemplated for those working in U.S. ports and in the country’s chemical industry.
In response to public outrage spurred by the revelation that the FBI compiled files on Vietnam War protestors, civil rights activists, celebrities, and thousands of other citizens seemingly selected at random, Congress passed the Privacy Act of 1974. The purpose of the Privacy Act was “to promote governmental respect for the privacy of citizens by requiring all departments and agencies of the executive branch…to observe certain constitutional rules in the computerization, collection, management, use, and disclosure of personal information about individuals.” Specifically, the act was “designed to prevent the kind of illegal, unwise, over broad, investigation and record surveillance of law-abiding citizens [by] over-zealous investigators and [curious] government administrators.”
Official U.S. Government policy calls for the research, development, and implementation of advanced information technologies for aggregating and analyzing data, including data mining, in the effort to protect domestic security. Civil libertarians and libertarians alike have decried and opposed these efforts as an unprecedented invasion of privacy and a threat to our freedoms. This Article examines these technologies in the context of domestic security. The purpose of this Article is not to critique or endorse any particular proposed use of these technologies but, rather, to inform the debate by elucidating the intersection of technology potential and development with legitimate privacy concerns. This Article argues that security with privacy can be achieved by employing value-sensitive technology development strategies that take privacy concerns into account during development, in particular, by building in rule-based processing, selective revelation, and strong credential and audit features. This Article does not argue that these technical features alone can eliminate privacy concerns but, rather, that these features can enable familiar, existing privacy protecting oversight and control mechanisms, procedures and doctrines (or their analogues)
There is widespread interest in obtaining access to criminal history record information from reliable sources for the purpose of screening an individual’s suitability for employment, licensing, or placement in positions of trust. The interest comes from private and public employers, as well as non-profit organizations that place employees and volunteers to work with vulnerable populations such as children, the elderly, and disabled persons. The interest is based on a desire or perceived need to evaluate the risk of hiring or placing someone with a criminal record in particular positions and is intended to protect employees, customers, vulnerable persons, and business assets. Employers and organizations are subject to potential liability under negligent hiring doctrines if they fail to exercise due diligence in determining whether an applicant has a criminal history that is relevant to the responsibilities of a job and determining whether placement of the individual in the position would create an unreasonable risk to other employees or the public. In addition to addressing this litigation risk, employers want to assess the risks to their assets and reputations posed by placing persons with criminal histories in certain positions. To meet these business needs, employers can and frequently do ask applicants whether they have a criminal history. Such employers and organizations want access to criminal history records to determine whether applicants are answering the question about their criminal history truthfully and completely. They believe that having access to good sources of criminal history information is the only way the interest in performing due diligence to protect employees, assets, and the public can be served. Public employers’ need for the information often goes beyond considering job suitability and includes security clearance determinations. There also has been a growing use of criminal history screening in certain sectors of the economy related to counterterrorism efforts.
Background and purpose: This report presents the findings of a telephone survey conducted in February and March 2000 among a national probability sample of 1,030 adults 18 years of age and older, living in private households in the continental United States. SEARCH, acting with Dr. Alan Westin, a well-respected expert on issues of privacy and the use of personal information, commissioned Opinion Research Corporation International (ORC International) to conduct this research. The primary purpose of the study is to assess public attitudes toward the availability and use of individuals’ criminal history records outside of the criminal justice system.
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
There is substantial public (that is, adult) support for making certain types of criminal justice records available outside the criminal justice system when there is a perceived rationale of public benefit and/or safety. Support declines noticeably when the goal is purely private. In general, American adults tend to favor making individual conviction records available to employers, governmental licensing agencies, and other entities. They are far more reluctant, however, to support access to arrest-only (or arrest) without conviction) records.
Abstract: The Department of Homeland Security (DHS) is working with the Department of Defense to pilot the Automated Continuing Evaluation System (ACES). ACES conducts automated records checks to identify new issues of security concern for DHS personnel and contractors requiring a security clearance. During the ACES pilot, DHS will assess the feasibility of using ACES for initial and continuing evaluation of DHS security clearance holders. This Privacy Impact Assessment (PIA) is for the DHS implementation of the ACES Pilot.
This Compendium is the latest in a series of nine U.S. Department of Justice publications that reference and analyze state laws and regulations relating to privacy and security of criminal history record information.1 These compendia include: (1) compilations of state laws and administrative regulations, and (2) analyses of findings and trends reflected in that body of law and policy documents. The purpose of these compendia is to assist legislators, planners, administrators, legal analysts and other interested individuals in reviewing state statutes and regulations governing the maintenance and use of criminal records and in analyzing national trends in this important area. Comparing and contrasting the various approaches reflected in the many state laws and regulations cited in these documents should assist planners and administrators to develop effective and fair policies for their jurisdictions. By facilitating such comparisons and by furthering research in this area, the compendia are intended to promote the evolution of enlightened privacy and information policy.
Privacy has become an important issue in the progress of data mining techniques. Many laws are being enacted in various countries to protect the privacy of data. This privacy concern has been addressed by developing data mining techniques under a framework called privacy preserving data mining. Presently there are two main approaches popularly used -data perturbation and secure multiparty computation. In this paper we propose a technique for privacy preserving clustering using Principal component Analysis(PCA) based transformation approach. This method is suitable for clustering horizontally partitioned or centralized data sets .The framework was implemented on synthetic datasets and clustering was done using Self organizing Map(SOM). The accuracy of clustering before and after privacy preserving transformation was estimated.
Gambill on Justice
Veterans, Data Privacy, Process of Advocacy, La America Latina, Homelessness, Mass Institutionalization, First Nations
Data Privacy
Federal Law on Data Privacy, data privacy policies, criminal records, meaningful remedies: Pardons, Expungement, Record Sealing
Data Privacy and Digital Records
Civilization is the progress toward a society of privacy. The savage's whole existence is public, ruled by the laws of his tribe. Civilization is the process of setting man free from men. --Ayn Rand
In 1968 the Federal Data Privacy Act passed into law and was subsequently amended following the debacle of Watergate. Over the course of the ensuing decade State Legislatures provided additional legislation governing data privacy. A wide range of further Federal privacy legislation has continued to be added to Federal Statue over the course of the ensuing decades right up to the present date, including the following;
Federal Legislation (United States)
Americans with Disabilities Act (ADA):
Cable Communications Policy Act of 1984:
Children's Internet Protection Acf (CIPA) of 2001:
Children's On-Line Privacy Protection Act (COPPA) of 1998:
Communications Assistance for Law Enforcement Act of 1994 (CALEA):
Computer Fraud and Abuse Act (CFAA) of 1986:
Computer Security Act of 1987:
Computer Credit Reporting Reform Act (CCRA) of 1996:
Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN-SPAM) OF 2003:
Electronic Funds Transfer Act (EFTA):
Fair Credit Reporting Act:
Federal Information Security Management Act (FISMA):
Driver's Privacy Protection Act of 1994:
Electronic Communications Privacy Protection Act (ECPA) of 1986:
Electronic Freedom of Information Act (E-FOIA) of 1996:
Family Education Rights and Privacy Act (FERPA) of 1974;
Fairt Credit Reporting Act (FCRA):
Privacy Protection Act (PPA) of 1980:
Right to Financial Privacy Act (RFPA) of 1978:
Telecommunications Act of 1996:
Telephone Consumer Protection Act (TCPA) of 1991:
Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001:
On Data-Mining and Privacy (United States, Canada, Britain, Australia):
Fulda, Joseph A., Data Mining and Privacy
Data mining is the intelligent search for new knowledge in existing masses of data. This article reviews what data mining technology can do and asks and answers the question, ‘Is data mining a violation of privacy that ought to be limited by law?’—tort law in the case of an individual actor and Fourth Amendment jurisprudence in the case of a state actor.Since data mining is a new technology and the existing data that are mined are presumed to be properly acquired, the answer would appear to be ‘No.’ However, we educe from three hypothetical cases of what might be called pre-technological data mining that our intuitions tell us that data mining is indeed a violation of privacy. We then review the case law—which does not agree with our intuitions—and briefly discuss alternative, technological means of protecting privacy in the face of advanced data mining techniques.
Geambasu, Roxana, Vanish: Increasing Data Privacy with Self-Destructing Data, University of Washington
Taipale, K. A., Data Mining and Domestic Security: Connecting the Dots to Make Sense of Data, the Colombia Science and Technology Law Review
Official U.S. Government policy calls for the research, development, and implementation of advanced information technologies for aggregating and analyzing data, including data mining, in the effort to protect domestic security. Civil libertarians and libertarians alike have decried and opposed these efforts as an unprecedented invasion of privacy and a threat to our freedoms. This Article examines these technologies in the context of domestic security. The purpose of this Article is not to critique or endorse any particular proposed use of these technologies but, rather, to inform the debate by elucidating the intersection of technology potential and development with legitimate privacy concerns. This Article argues that security with privacy can be achieved by employing value-sensitive technology development strategies that take privacy concerns into account during development, in particular, by building in rule-based processing, selective revelation, and strong credential and audit features. This Article does not argue that these technical features alone can eliminate privacy concerns but, rather, that these features can enable familiar, existing privacy protecting oversight and control mechanisms, procedures and doctrines (or their analogues)
United States Department of Justice, Office of the Attorney Journal, The Attorney General's Report on Criminal History Background Checks, June 2006
There is widespread interest in obtaining access to criminal history record information from reliable sources for the purpose of screening an individual’s suitability for employment, licensing, or placement in positions of trust. The interest comes from private and public employers, as well as non-profit organizations that place employees and volunteers to work with vulnerable populations such as children, the elderly, and disabled persons. The interest is based on a desire or perceived need to evaluate the risk of hiring or placing someone with a criminal record in particular positions and is intended to protect employees, customers, vulnerable persons, and business assets. Employers and organizations are subject to potential liability under negligent hiring doctrines if they fail to exercise due diligence in determining whether an applicant has a criminal history that is relevant to the responsibilities of a job and determining whether placement of the individual in the position would create an unreasonable risk to other employees or the public. In addition to addressing this litigation risk, employers want to assess the risks to their assets and reputations posed by placing persons with criminal histories in certain positions. To meet these business needs, employers can and frequently do ask applicants whether they have a criminal history. Such employers and organizations want access to criminal history records to determine whether applicants are answering the question about their criminal history truthfully and completely. They believe that having access to good sources of criminal history information is the only way the interest in performing due diligence to protect employees, assets, and the public can be served. Public employers’ need for the information often goes beyond considering job suitability and includes security clearance determinations. There also has been a growing use of criminal history screening in certain sectors of the economy related to counterterrorism efforts.
United Statess Department of Justice, Office of Justice Programs, Privacy, Technology and Criminal Justice Information, Uses of Criminal History Information, July 2001,
Background and purpose: This report presents the findings of a telephone survey conducted in February and March 2000 among a national probability sample of 1,030 adults 18 years of age and older, living in private households in the continental United States. SEARCH, acting with Dr. Alan Westin, a well-respected expert on issues of privacy and the use of personal information, commissioned Opinion Research Corporation International (ORC International) to conduct this research. The primary purpose of the study is to assess public attitudes toward the availability and use of individuals’ criminal history records outside of the criminal justice system.
United States Department of Health and Human Services, Summary of the HIPAA Privacy Rule
The Standards for Privacy of Individually Identifiable Health Information (“Privacy Rule”) establishes, for the first time, a set of national standards for the protection of certain health information. The U.S. Department of Health and Human Services (“HHS”) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). 1 The Privacy Rule standards address the use and disclosure of individuals’ health information—called “protected health information” by organizations subject to the Privacy Rule — called “covered entities,” as well as standards for individuals' privacy rights to understand and control how their health information is used. Within HHS, the Office for Civil Rights (“OCR”) has responsibility for implementing and enforcing the Privacy Rule with respect to voluntary compliance activities and civil money penalties.
United States Department of Justice, Bureau of Justice Statistics, Privacy, Technology and Criminal Justice Information, July 2001, NCJ 187663
There is substantial public (that is, adult) support for making certain types of criminal justice records available outside the criminal justice system when there is a perceived rationale of public benefit and/or safety. Support declines noticeably when the goal is purely private. In general, American adults tend to favor making individual conviction records available to employers, governmental licensing agencies, and other entities. They are far more reluctant, however, to support access to arrest-only (or arrest) without conviction) records.
United States Department of Homeland Security, Privacy Impact Statement for the (ACES) Automated Continuing Evaluation System, April 9, 2007
Abstract: The Department of Homeland Security (DHS) is working with the Department of Defense to pilot the Automated Continuing Evaluation System (ACES). ACES conducts automated records checks to identify new issues of security concern for DHS personnel and contractors requiring a security clearance. During the ACES pilot, DHS will assess the feasibility of using ACES for initial and continuing evaluation of DHS security clearance holders. This Privacy Impact Assessment (PIA) is for the DHS implementation of the ACES Pilot.
United States Deparrtment of Justice, Bureau of Justice Statistics, Compendium of State Privacy and Security Legislation 1994 Overview
This Compendium is the latest in a series of nine U.S. Department of Justice publications that reference and analyze state laws and regulations relating to privacy and security of criminal history record information.1 These compendia include: (1) compilations of state laws and administrative regulations, and (2) analyses of findings and trends reflected in that body of law and policy documents. The purpose of these compendia is to assist legislators, planners, administrators, legal analysts and other interested individuals in reviewing state statutes and regulations governing the maintenance and use of criminal records and in analyzing national trends in this important area. Comparing and contrasting the various approaches reflected in the many state laws and regulations cited in these documents should assist planners and administrators to develop effective and fair policies for their jurisdictions. By facilitating such comparisons and by furthering research in this area, the compendia are intended to promote the evolution of enlightened privacy and information policy.
Vidyabanu, R., A Model Based Framework for Privacy Preserving Clustering Using SOM, 2010 International Journal of Computer Applications (0975 – 8887) Volume 1 – No. 13