Archive for the ‘policy and law’ Category.
Workplace Surveillance Project
Privacy Foundation (Report): Workplace Surveillance Project. The Extent of Systematic Monitoring of Employee E-mail and Internet Use
- Introduction
- Growing Business
- Table: Some major customers of employee-monitoring companies
- Monitoring Grows Despite Slowdown
- General Methodology
- Table: Employees monitored worldwide by individual software products
- Table: Internet vs. e-mail monitoring
- Vendor Response
- Conclusion
- Appendix C: E-mail Monitoring
Guidelines for Academic Medical Centers on Security and Privacy
Guidelines for Academic Medical Centers on Security and Privacy:
Practical Strategies for Addressing the
Health Insurance Portability and Accountability Act (HIPAA)
The privacy and security regulations stemming from the Health
Insurance Portability and Accountability Act of 1996 (HIPAA) have
captured the attention of the healthcare community. The cumulative cost
of compliance with these regulations is variously estimated to cost from
somewhere between the equivalent of Y2K preparation for the community
to many times that amount. A recent study commissioned by the American
Hospital Association placed costs at $22.5 billion over the next five
years. To assist medical schools and teaching hospitals in addressing
the new regulations, The National Library
of Medicine (NLM) funded a series of workshops engaging the membership
of several organizations: AAMC’s Group on Information
Resources, Internet 2, Object
Management Group, and Workgroup on Electronic
Data Interchange. The workshop participants analyzed current health
information security and privacy polices, made recommendations, and developed
this resource of best practices for healthcare security and privacy. The
Guidelines for Academic Medical Centers on Security and Privacy: Practical
Strategies for Addressing the Health Insurance Portability and Accountability
Act (HIPAA) addresses the unique concerns of academic medical centers.The traditional tripartite mission – patient care, education, and research
– distinguishes academic medical centers (AMC) from their peer institutions,
which focus primarily on patient care services. In the past two decades
the ability of academic medical centers to balance and sustain these multiple
missions has been severely tested by changes in health care financing
and regulation. The implementation of the HIPAA regulations will create
barriers unique to these environments. Because of their multiple missions
and collegial concerns, AMCs have come together in an effort to create
the guidelines – to ensure the privacy, security and confidentiality of
patient information.
Law Review Article Says Port Scanning Illegal
Law Review Article Says Port Scanning Illegal
Anonymous Coward writes: “The Journal of Technology Law and Policy has a good article on computer security and privacy. If you ignore the more metaphorical crap at the beginning of the article, the author marches through some laws that apply to the Internet and shows how they apply and why his way of deciding what kind of access to a computer breaks the law and what kinds don’t is better. (Its based on property and expectations of privacy.) It’s interesting to see the computer security from a lawyer’s point of view. Especially interesting are his claims that using nmap is illegal, despite the VC3 v. Moulton case. I’m not sure I agree with him, but he definitely makes a pretty sobering case.” Actually, I think the metaphors throughout this piece (not just at the beginning) are what make it interesting, and a big component of law is dealing with metaphors. This piece also collects in one place a lot of the cases dealing with computer law.
Say Ahh, Then Remain Silent
Privacy News from Wired News – Say Ahh, Then Remain Silent. A little-noticed loophole in new medical privacy regulations allows law enforcement access to medical records without the patient’s consent. Will doctors soon be reading you your rights?
[ … ]
But there remains what appears to be a broad loophole in the regulations for state and federal law enforcement officials.
The regulations state that the only thing police or other law enforcement agents need to do to obtain medical records is assert their request for the records is necessary and relevant to specific investigations.
The rules don’t require permission from a judge, or even notification to the patient that medical records have been turned over to the police.
“Any cop can walk into any hospital, wave a badge and get records,” said a former congressional staffer named Bob Gellman, who has been involved in drafting medical privacy legislation for over 20 years.
“We’re in a position where your doctor may have to give you a Miranda Warning,” he said.
Libraries and smut
Libraries and smut:
NY Times: “Computer printouts of sexually explicit pictures littered the library, Adamson said. She said she saw some men at computer terminals engage in what appeared to her to be masturbation and that computer users would verbally abuse her when she tried to enforce time limits.” [via Scripting News]
Proposed Pennsylvania Bill To Control E-Mail Monitoring in the Workplace
BusinessWire: Proposed Pennsylvania Bill To Control E-Mail Monitoring in the Workplace
drafted by a content filtering company,
mandates employee notification,
“controlling monitoring” = writing a memo saying employees have no expectation of privacy.
[via The Register]
Social Security numbers at risk on the Net
Social Security numbers at risk on the Net. CNET May 23 2001 12:50PM ET [Computer security news]
Use and Misuse of the Social Security Number
EPIC – Use and Misuse of the Social Security Number. Testimony and Statement for the Record of Marc Rotenberg Executive Director, Electronic Privacy Information Center Adjunct Professor, Georgetown University Law Center Hearing on the Use and Misuse of the Social Security Number [Privacy Digest]
Architecting Innovation (Lessig)
Duke University School of Law: Architecting Innovation.
In this lecture, Professor Lawrence Lessig (Stanford Law School, Author, Code and Other Laws of Cyberspace) will discuss the effects of changes in the architecture of the Internet on creativity and innovation, and will suggest the adverse consequences that in turn seem likely unless the issues raised by these changes are satisfactorily addressed:
The architecture of the Internet as it was originally designed created an innovation commons, out of which the extraordinary creativity of the early net was born.
Now this architecture is being changed. The technical and legal context within which the net exists is becoming radically different.
In turn these changes threaten to undermine the opportunities for innovation inherent in the original net.
The talk itself is available in RealVideo. Click Here
