Parry Aftab is The Privacy Lawyer columnist for Information Week and does privacy coaching and consulting. She was one of the first cyberlawyers in the United States and donates a substantial portion of her time to Internet safety, privacy and security education. Parry heads up the largest online safety and help group in cyberspace, WiredSafety.org.
Parry Aftab is an Internet privacy and security lawyer and founded and runs WiredSafety.org, the world's first cybersafety group. She is a regular resource for TV news and talk shows and print journalism. Her main site, aftab.com, contains more information about her work.
She provides best practices advice to industry leaders and is the Managing Director of WiredTrust, a risk management consulting firm and home of the Socially Safe Seal.
CNN.com - Keeping name private can be crime, court rules - Jun 21, 2004
CNN.com - Keeping name private can be crime, court rules - Jun 21, 2004 This U.S. Supreme Court decision upheld a Nevada law that permitted someone to be arrested for failing to provide their name and identification in an unprovoked stop by law enforcement. It means that in the states with similar laws, or the states that will adopt such laws, you have to provide ID if the law enforcement officer asks you for it, even if you haven't done anything wrong.
At least one Supreme Court Justice saw this as violating the person's civil rights. But in a post-September 11th world, requiring people to prove who they are is more acceptable than it might otherwise be.
It's the law now, so arguing won't make much of a difference. And if not abused and used only within its correct boundaries, this may not be a problem. But what if it's misused or abused?
CNN.com - Keeping name private can be crime, court rules - Jun 21, 2004
CNN.com - Keeping name private can be crime, court rules - Jun 21, 2004 This U.S. Supreme Court decision upheld a Nevada law that permitted someone to be arrested for failing to provide their name and identification in an unprovoked stop by law enforcement. It means that in the states with similar laws, or the states that will adopt such laws, you have to provide ID if the law enforcement officer asks you for it, even if you haven't done anything wrong.
At least one Supreme Court Justice saw this as violating the person's civil rights. But in a post-September 11th world, requiring people to prove who they are is more acceptable than it might otherwise be.
It's the law now, so arguing won't make much of a difference. And if not abused and used only within its correct boundaries, this may not be a problem. But what if it's misused or abused?
Thanks Charlie.
Privilege issues arise when someone tries to subpoena or use certain information or compilations of information from a litigant. If something is privileged, it cannot ever be collected in discovery. It’s not just harder to get, it can’t be gotten at all. But privilege issues are very tricky here. You would have to prove that the information was gathered just for the lawyer, in anticipation of litigation. If the information otherwise exists in another form, or somehow privilege is negated (a third party is also privy to the information) or it doesn’t comply with all requisite requirements, it can be obtained in most discovery requests, governmental or private litigation.
I agree that this is an ongoing issue, but the audit starts the process, letting people know what they need to look at to spot where information is stored, accessed and originates. This is the first of three articles. The next one deals with what you do once the initial audit is compiled. Perhaps you and others in this group can help me with real life suggestions. Lawyers, even tech-savvy ones, are just that, “layers.” You and others like you are the real experts. Teach me what I need to know. J
Thanks,
Parry
The Privacy Lawyer,
Aftab.com and theprivacylawyer.blogspot.com
data mapping...a comment from a fellow blogger and tech-expert.
(Parry is "The Privacy Lawyer" for Information Week and has called for the creation of a "Data Map" to manage privacy.)
Hi Parry,
I enjoyed your article "It's time to build a data map." I have referenced it favorably on my weblog www.erp4it.com.
My perspective is that what you call for should not be done episodically (e.g. through a periodic audit process) but rather should be intrinsic in how the IT organization is managed... Doing this requires sophisticated systems and processes to get it right and keep it up to date, and the irony is that IT tends to be the "cobbler's barefoot child" -- building and running powerful systems for its clients, while struggling along with spreadsheets and undocumented, easily-abused processes to run its own business. This is an increasing topic of conversation in large IT shops as the dot com hangover wears off and enterprises start to face the reality of managing complex application portfolios.
My day job is working for a Fortune 100 electronics specialty retailer, where I head a capability called the Metadata Management Office. I don't know if you have ever heard the term "metadata," but it is the core of what you are talking about. It means data about data, and data about the systems that process the data. It's a longstanding concept in large scale IT; in earlier years it was called the "data dictionary" which became the "metadata repository" and now there is a related concept called a "configuration management database." Supporting process frameworks have emerged in ITIL and COBIT. Other relevant concepts are enterprise architecture, systems management frameworks, and portfolio management; tools marketed under these categories would cover large sections of the problem (but by no means all of what you call for). One key thesis of mine is that all of these tools are inexorably converging into a generalized "ERP for IT" domain.
One question I have as a non-lawyer is what is meant by "privileged" information. I assume this means that if the information were captured as part of an audit done under certain protocols, it would be harder to subpoena in a court case?
I can't speak to whether this is a significant risk, but I do know that your "data map" is information generally hard to come by in most large IT shops, and eagerly sought whenever it is compiled. It has day to day value in planning, building, and running IT systems, and it would be unfortunate if this complex and hard to inventory data were locked away once compiled; it's just too useful. It's also information not easily represented in the tools I imagine an external audit team would use: spreadsheets, Word documents, and so forth. Kind of like trying to "audit" an Intel microprocessor; you need specialized tools just to handle the complexity.
All for now; very interested in your perspectives.
Charlie Betz
The Power of One, a new book about community involvement
Trafford Publishing: Item 6246 PageThis book contains the history of how I became involved with protecting others online. Debra Schweiger is a wonderful woman and has written this as her first book.
Internet Super Heroes - Cyberbullying, Flaming and Cyberstalking
Internet Super Heroes - Cyberbullying, Flaming and CyberstalkingCan you tell the difference between flaiming, cyberbullying and harassment and cyberstalking? It's not always easy. This series of articles helps you know everything you need ot know to handle cyberbullying.
Internet Super Heroes - Using Marvel's superheroes and supervillians to help stop cybercrime and abuse and teach responsible Internet use
Internet Super HeroesAlthough the site doesn't officially launch until September 15th, the cyberbullying information is up in advance to deliver help in coordination with the NY Times piece today.
The New York Times > Education > Internet Gives Teenage Bullies Weapons to Wound From Afar
The New York Times > Education > Internet Gives Teenage Bullies Weapons to Wound From AfarCyberbullying is a bigger problem than most people realize. We spend so much time protecting children from predators online and forget we need to protect others from our kids at least as often.
Amy Harmon has written a great article about cyberbullying, how it works and how hurtful it can be.
We have received many e-mails from people who received notice of a class action settlement from PayPal. Many thought it was a scam, but it isn't. Several years ago, prior to eBay's purchase of PayPal, PayPal had frozen some of their customer's accounts.
The case was just settled and those who can prove their having been damaged can participate in the settlement. Don't expect to get rich from the settlement, but you may be entitled to some kind of recovery.
You can submit your claim entirely online, and I have included the link at the next posting in this blog.
Scams and fraud online...suspending all sense of reality
what is it about something typed into an e-mail or on a website that causes people to suspend all sense of reality and believe anything they read online?
Thousands of people have lost their life savings to the Nigerian scams, when they are promised a piece of the multi-million dollar action because a complete stranger tells them they were selected for their trustworthiness. I recently received an e-mail from a young woman in India who told me that a complete stranger contacted her to give her a piece of his business. She gave him lots of personal information about herself, believing that he was going to give her this business.
I think that when we are online, we forget that we don't really know those we read about, or hear from. And when something comes to us, and it touches us in some way...by telling us that our bank account has been compromised, or that we will lose our paypal privileges or no be able to bid on ebay anymore, we react before we think. We give out our passwords and logins by accessing the linked site, thinking we are logging into Citibank, or Paypal, or eBay. Instead we are giving away our information to scam artists and fraudsters.
And if someone posts something on a website that doesn't make sense, and the pieces of the puzzle don't fit together, if they say things that make us angry, or make us want to defend them, we forget to use our heads. Instead of reading things completely, we react. Insteading of questioning the credibility of someone you don't know, who hasn't earned the trust of others you trust, we entrust people who are not worthy of your trust.
The best way to protect yourself online is by using your head. If something appears too good to be true, it's not true. If something doesn't make sense, don't take it at face value. Good judgment should apply online as much as offline, perhaps even more so.
