In the absence of compulsory vaccination, some employers have decided to ensure herd immunity among their employees by requiring a vaccination to work. In December, the federal Equal Employment Opportunity Commission issued guidance that employers are able to require employee vaccination, so long as reasonable accommodations are provided if possible where the Americans with Disabilities Act applies.
Read moreData Privacy and Census Tech
The first official tally of American households was recorded in the 1790 Census. Every ten years since, the Census Bureau has collected data about the number of people living in the United States. Once again, the Census Bureau is asking all people who live in the United States to stand and be counted.
The 2020 Census questionnaire, distributed in mid-March, asks questions about who resides in a particular household, the type of dwelling they occupy, and the relationships that link them as members of a household unit. Obtaining accurate data is essential to ensuring the most equitable distribution of government funds as well as political representation at every level of the government. Demographers and statisticians, concerned about low compliance and, therefore, inaccuracy in the official count, are especially concerned about this census for two reasons: the increasing mistrust of government among some people living in the United States and the coronavirus pandemic. These factors may impact the willingness and/or ability of people to complete the questionnaire, forcing reliance on other federal government data to supplement the Census and provide a more realistic picture of the population as a whole.
The Census Bureau is trying to mitigate the fears of government data misuse and reassure people that personal data will be keep confidential. Protecting privacy in the age of big data is a monumental challenge. When so much of our personal identification information is already in the hands of Silicon Valley leviathans less concerned with privacy than profits, and data breaches are increasingly common, it’s not difficult to see why people might question the government’s promise to maintain confidentiality. Moreover, in the age of big data, it is increasingly easy to identify an individual person with just a few demographic facts since so many other data points already exist to flesh out exactly who someone may be. This “mosaic effect” allows savvy data miners to combine existing open data sets with, for instance, the 2020 census data to identify specific individuals. To combat this, the government builds various disclosure avoidance methods into their calculations. For the 2020 Census, the method of choice is called “differential privacy,” a strategy that has both adherents and skeptics, but that, for now, many experts claim, is the best option for balancing risk of disclosure and accuracy of data. To learn more about this approach to data management and the Census Bureau’s “privacy loss budget,” see the following:
Differential Privacy for Census Data Explained (National Conference of State Legislatures)
Will the Census Improve Open Data Privacy Protections? (Government Tech)
Can a Set of Equations Keep U.S. Census Data Private? (Science)
Census 2020 Will Protect Your Privacy More than Ever – But at the Risk of Accuracy (The Conversation)
Google, Privacy, and You
The subject of a recent opinion piece in the New York Times discusses the “privacy paradox,” a sort of cognitive dissonance that compels us to share information about ourselves on every available platform while simultaneously cursing the technology that makes our compulsive sharing habits so addictive. That paradox can have wide-ranging implications for the legal community, which now has an ethical obligation to “remain competent in the practice of law, including the benefits and risks associated with relevant technology.” The ubiquity of Google makes it necessary for lawyers to understand the impact it can have on the clients being served. For example, when Google periodically pings your device to track your location even when your device-location feature is turned off , it might implicate jurisdictionally-specific privacy rights or contract law, as a recent investigation by the attorney general of Arizona suggests.
Mapping a device’s location is only one tracking method commonly employed by prominent tech companies. Google tracks you in all sorts of ways through apps, it’s Chrome browser, and more. The information is used to facilitate marketing efforts, including sales to third-party marketing firms, and to integrate your online experience. A recent New York Times op-ed by Google’s CEO provides the company’s view on protecting data privacy while using the data collected to create a more customized economy. At its annual developer conference just weeks ago, Google reinforced its commitment to privacy with the launch of two new efforts — better cookie controls and guards against fingerprinting. Additional trust-building measures are likely in the works (including security features in the redesign of Gmail), especially as increasing numbers of users defect from Google to alternative browsers like Brave and Vivaldi.
The takeaway for legal professionals: Follow news about Google and keep reminding clients who find themselves in a privacy paradox about how information is used in the information economy.
New On-Demand Video CLE: Practical Cybersecurity for Lawyers
The Legal Tech Institute at the Harris County Law Library has just released a new video CLE. Practical Cybersecurity for Lawyers is the latest addition to our Learning On-Demand CLE library, where you can earn CLE credit in Texas while staying up to date on legal tech. Visit the Law Library's Legal Tech Institute page for more on our legal tech learning opportunities.
WannaCry and the Risks of Not Protecting Client Data
Friday's massive cyber attack exposed the fragility of our IT infrastructure and reminded us to aggressively fortify our digital vaults. The WannaCry ransomware that has taken down computers across the globe is causing perhaps the most prolific cyber attack to date, and it is expected to get worse.
Protecting your personal data is important, but securing the privileged information entrusted by clients is absolutely essential. From solo and small firm practitioners to large legal and business institutions, the need for data protection is a real concern. According to BakerHostetler's second annual Data Security Incident Response Report, phishing/hacking/malware accounted for 43% of all 2016 cybersecurity events at the more than 450 institutions they examined. Ransomware was the biggest development of last year accounting for 23% of all network intrusion incidents at the companies represented in the study, and the attacks show no sign of abating. Last week's WannaCry incursion is just one example of this growing threat.
Fortunately, the BakerHostetler report provides a broad range of lessons for identifying threats and mitigating risks. It advises firms to establish best practices for "compromise readiness."
- Focus on the basics.
- Develop education and awareness programs.
- Implement data inventory and risk assessment procedures.
- Share threat warnings with those in your firm.
Suggested further reading:
- Law Firm Cybersecurity (2017) -- ABA Book Publishing / Solo, Small Firm and General Practice Division
- Will Ransomware Attack Make Law Firms ‘WannaCry’? (May 15, 2017) -- The American Lawyer
- Law Firms Must Manage Cybersecurity Risks (May 2, 2017) -- ABA Journal
- Preparing for Ransomware Attacks: Your Company is a Target (April 3, 2017) -- Nine steps to getting prepared
- The Ransomware Epidemic in Law Firms (February 10, 2017) -- Legal Technology Today podcast
- Protecting Yourself from Ransomware and Cyber-attacks (Sep/Oct 2016) -- ABA GPSOLO