By Rachel Looker

If you use your personal device for work-related business and think your information is safe, the outcome of a 2014 federal lawsuit in Texas may make you reconsider.

Saman Rajaee was hired to provide sales and marketing for Design Tech Homes, a custom builder in Houston, according to court documents.

The job required constant email access — and the company provided him with no smartphone. Rajaee used his personal device to connect to the company’s server. 

When Rajaee gave his two weeks’ notice, he was immediately terminated. Days later, his iPhone 4 was wiped remotely and reset to factory settings.

By Nora Macaluso

When Deutsche Bank, the global financial-services company, issued a recent report recommending that Big Tech invest $15 billion over five years to help bridge the racial technology gap, it included the finding that just one in 20 African Americans cited privacy as their primary concern relating to technology. 

Privacy, the September report suggested, might be a “luxury” in light of more pressing inequities keeping Blacks and Hispanics out of the workforce.

Researchers told Digital Privacy News that data was lacking on privacy and people of color.

“I’ve been doing a big literature review,” said Elissa Redmiles, research group leader at the Max Planck Institute for Software Systems in Germany.

By Robert Bateman

In a change of policy, Facebook will allow Australian users to view and share news content the platform, reversing a decision made last week in response to the country’s proposed News Media Bargaining Code.

The code, expected to pass into Australian law later this month, would require Facebook and Google to pay news media outlets whenever users shared links or snippets of content on the platforms.

In a news release Monday, Campbell Brown, Facebook’s vice president of global news partnerships, said the company had reached a deal with the Australian government that would allow it to “retain the ability to decide if news appears on Facebook,” and would no longer “automatically be subject to a forced negotiation.”

News-sharing capabilities would be resumed “in the coming days,” Brown said.

By Rob Sabo

In 2017, luxury retailer Neiman Marcus introduced smart-mirror technology to its makeup counters and fitting rooms, following a path blazed by Ralph Lauren and Mango and later joined by Macy’s, J.C. Penney and other industry leaders.

Smart-mirror technology provides consumers with 360-degree views of outfits or cosmetics without trying them on.

They also are a data-gathering bonanza, experts told Digital Privacy News.

“The retail sector, especially luxury brands, are investing in smart mirrors because they get direct access to a user’s body,” said Veronica Miller, cybersecurity expert at VPN Overview in the Netherlands.

COVID Pushes Up HIPAA Violations Last Year to Second-Straight Record

By Myrle Croasdale

U.S. health care data-privacy violations soared 26% last year, federal data show, setting a record high for the second-straight year.

Breaches involving 500 patient records or more reached 647 in 2020, versus 512 incidents in the year before, according to the U.S. Office for Civil Rights (OCR).

Year-over increases had been gradual until the past two years, the data showed. Hacking and IT incidents accounted for the majority of the reported violations, according to OCR.

Part of the U.S. Department of Health and Human Services, OCR enforces privacy rules created by the Health Insurance Portability and Accountability Act (HIPAA), which was enacted in 1996.   

By Patrick W. Dunne

Ransomware attacks were the most-observed cyberthreat last year — in part because of COVID-19 and more employees working from home — but many victims did not report the attacks to authorities, mostly out of fear of reprisal, experts told Digital Privacy News.

“We got about 2,700 ransomware cases in 2019,” said Keith Wojcieszek, a former U.S. Secret Service agent and managing director of the cyber risk practice at Kroll, the New York cybersecurity firm that recently released survey findings on the issue.

“That number increased by 100% in 2020,” he added. “COVID-19 and work-from-home orders played a huge role in ransomware’s prevalence.”

Ransomware attacks computer systems and locks data with encryption. Hackers then demand payments to release the information — often sending news releases to media outlets or stock exchanges, “shaming” victims should they not pay.

By Christopher Adams

The Federal Aviation Administration (FAA) recently announced final rules governing the use of unmanned aircraft systems (UAS), implementing changes to the agency’s Remote ID requirement and establishing policies regarding small, unmanned aircraft flying over people and operating at night.

While unmanned aerial vehicle (UAV) commercial operators and hobbyists had been eager for these rules to become final — and the new ID regulation seems to be welcomed by the drone community — the changes have initiated some privacy concerns, experts told Digital Privacy News. 

The most alarming is the public availability of a drone operator’s location, which is under widespread attack by privacy advocates, as it could endanger the physical safety of UAV pilots.

“Now, the bigger implication for operators comes in the neighborhood of privacy — and this is a very serious concern,” said Ryan Latourette, director of regulatory affairs at Great Lakes Drone Co., based in Stevensville, Mich.

By Hamil R. Harris

Privacy advocates are praising a decision by Baltimore city officials to deny funding to a controversial police aerial surveillance program — effectively killing the alleged crime-fighting weapon — but a federal court will decide the ultimate fate of the effort next month.

The five-member Baltimore City Board of Estimates voted unanimously last Wednesday to not renew the city’s contract with Ohio-based Persistent Surveillance Systems (PSS) because Baltimore Police Department officials said it was not conclusive that the program was effective.

“There is no doubt that Baltimore continues to suffer from a violence epidemic,” Democratic Baltimore Mayor Brandon Scott told Digital Privacy News in a statement.

“However, unproven experiments and gimmicks designed to simply appease communities in the short term will not provide our residents with the coordinated strategy nor trauma-responsive care that they need and deserve.”

By Robert Bateman

Clearview AI’s biometric database was declared unlawful in Canada earlier this month, just a week after a similar decision by German regulators.

The New York-based tech firm has amassed a vast collection of more than three billion facial images by scraping publicly available data.

Clearview’s algorithmic software derives “faceprints” from these images, creating a trove of biometric information that is searchable by the company’s clients, including U.S. law-enforcement agencies.

In a Feb. 3 news release, announcing the outcome of a yearlong investigation, Canada’s Office of the Privacy Commissioner (OPC) concluded that Clearview’s practices represented “mass surveillance” and were “illegal.” 

By Robert Bateman

Penalties for breaching EU data-protection laws have increased by nearly 40% over the past 12 months, suggesting that the bloc is taking a tougher stance on privacy violations within its borders. 

But some experts told Digital Privacy News that the EU had some way to go before Europeans’ rights were protected adequately.

“Much of the talk before the General Data Protection Regulation (GDPR) took effect was about a penalty regime that allowed regulators to issue fines in the millions — and, in some cases, billions — of euros,” said Edward Machin, privacy and cybersecurity lawyer at Ropes and Gray in London.

“Those expecting large penalties straight out of the gate were disappointed, however, and the first 18 months of the GDPR’s life largely passed without event.

By Vaughn Cockayne

When Rafiq Kalam Id-Din II realized the extent of the use of proctoring technology at universities that he considered racially biased and invasive, he knew — as an educator, parent and person of color — he could no longer stay silent.

“This abrupt move to online caught everyone off guard,” Kalam Id-Din, who lives in Brooklyn, N.Y., told Digital Privacy News. “Because in the pursuit of efficiency, people gave up true efficacy and empathy.”

Kalam Id-Din is the founder and managing partner of the Ember Charter Schools for Mindful Education, Innovation and Transformation in Brooklyn.

He is among 2,000 parents who joined recently with Fight for the Future, a Boston nonprofit digital-rights activist group, to call on McGraw Hill to end its relationship with the software maker, Proctorio.

By Maria Marabito

Amazon has launched its online pharmacy, Amazon Pharmacy, but experts told Digital Privacy News that the service could jeopardize user privacy — as federal HIPAA protections might fall short in safeguarding sensitive health information.

“Nothing requires Amazon to keep medical information private in the true sense of the word, because HIPAA authorizes broad sharing of data between health care entities and their business associates,” said Twila Brase, a registered nurse who is president and cofounder of the Citizens’ Council for Health Freedom (CCHF) in St. Paul, Minn.

“Thus, the promise of HIPAA is security after and during the data transfer.”

But Amazon said in its privacy policy that it must comply with the Health Insurance Portability and Accountability Act because it involved protected health information.