Free Snowmobile Bill of Sale Form by mid20180

VIEWS: 1,488 PAGES: 51

More Info
									Fall 2010
2
What information about yourself do you really
own?

What does it mean to own information?

Consider
 Name & address
 Phone number
 Signature
 DNA & body parts

                                                3
Reality
 A great deal of information that we consider to be
 highly personal is now sold on the open market to
 anyone who believes they might be able to use the
 information for profit.
 This is done without our knowledge or consent.

Types of information sold
 name & address
 phone numbers
 medical records
 other . . .

                                                      4
Your name is really owned by several
different private companies

It is sold to other companies along with
other names to be used for mailing lists.
 This forms the basis of the $600 billion dollar direct
 mail marketing business




                                                          5
Historically, phone companies have
viewed the telephone number as
belonging to them
 they assign them
 they publish them

Should they own your number?

What about Caller ID - is it an invasion of
privacy?
                                              6
When you place an order over the phone you
are often asked for your phone number “…just
in case we need to call you about your order”
 Real reason: phone numbers are used as I.D.s so the
 next time you call, your file is referenced by the
 phone number

Move to use phone numbers in a universal I.D.
system
 assigned at birth
 used as part of a Personal Communication System
 (PCS)
                                                       7
If you use a cordless or cell phone you should be
concerned about privacy

  In most cases, your cordless or cellular phone
  conversations are probably overheard only briefly and
  accidentally. But there are people who make it a hobby to
  listen to cordless and cellular phone calls by using radio
  scanners.

  Since others may be listening to your conversations, avoid
  discussing financial or other sensitive personal
  information on a cordless or cellular phone. For example,
  if you buy something over the phone and give your credit
  card number and expiration date, your cordless or
  cellular call could be monitored and you might end up
  the victim of credit card fraud.
                                                               8
We are poised on the edge of a new
frontier in personal data commerce--
signature databases.
 We all sign many documents in the course of daily
 living and it's generally assumed that signatures
 have some validity as an identifier
 And we also usually implicitly assume that our
 signatures won't be made available to third parties
 on any kind of routine basis.
 the computerized boxes that UPS delivery persons
 want you to sign when a package is delivered
 capture your signature electronically, and it’s fed
 back to UPS headquarters.

                                                       9
Consider this case
 In 1976, John Moore had his cancerous spleen removed at
 UCLA Med Center
 In 1983 he received a call from UCLA asking him to sign a
 consent form that he had failed to fill out correctly at the
 time of the surgery allowing UCLA to use his tumor
   It turns out that his tumor cells had been used to create a
    “cell line”
   This was a unique cell line because it produced a powerful
    antibacterial and cancer fighting protein called GM-CSF
   UCLA wanted to patent the cell
   John Moore refused to sign the consent form and filed a
    lawsuit seeking all profits from his tumor cells

What did the courts decide?
                                                                  10
He lost his case in the trial court

It was overturned by the appellate court

The final decision by the California Supreme
Court went against Mr. Moore
  The court ruled saying it was not prepared to create
  a new property right to our own cells




                                                         11
There are several other cases which addressed
this same issue
  Greenberg v. Miami Children’s Hospital
  Washington University v. Catalona

In both cases the courts ruled that patients had
no property rights to their tissues or what was
derived from them



                                                   12
Companies have a less than stellar record
when it comes to handling data gathered
about consumers
 In mid-2000, Toysmart.com, a web-based retailer,
 went out of business
 Among the assess the company tried to sell was the
 names, email and mailing addresses and shopping
 histories of 250,000 Toysmart customers
 They did this despite an online privacy policy that
 explicitly stated that the company would never share
 customer data with any third party
                                                    13
Who has heard of a company called
ChoicePoint?
 Well, they have heard of you
 ChoicePoint maintains personal profiles of nearly
 every US consumer – its databases contain 19 billion
 public records including driving records
 It sells this data to employers, landlords, marketing
 companies, and government agencies
 In Feb 2005, criminals posing as legitimate
 businesses bought the personal records of 250,000
 consumers.
                                                         14
Why do companies promise to protect consumer
data and yet do a lousy job?
First, the cost of losing data is smaller than the cost
of protecting data
  A recent study of 14 lost-data incidents found that the
  average cost of a data breach is about $75 per lost
  customer record

Second, companies can easily avoid legal penalties
for a data breach
  There are nearly 36 states laws that require companies to
  notify consumers if their private information has been
  leaked and a risk of identity theft exists.
  As long as these procedures are followed, companies are
  free from criminal liability for the leak itself

                                                              15
16
An Ohio video surveillance company,
CityWatcher.com, has embedded silicon chips into
two of its employees.
  The chips are planted in the person's upper right arm and
  "read" by a device similar to a card reader.
  The company says it is testing the technology as a way to
  limit access to a security area.

In 2004, the Food and Drug Administration
approved the use of an implantable computer chip
for health care information applications.
  Called the VeriChip, it is a radio frequency identification
  (RFID) device about the size of a grain of rice.

              Any comments??
                                                                17
A national system of electronic medical records could easily save your life.
   Let’s say you have a heart attack. You could be swooshing down the water slide at
   Walt Disney World’s Typhoon Lagoon, teeing off at the 16th hole at Pebble Beach, or
   raking leaves in your backyard.
   Your odds of survival would soar because the emergency-room computer would let
   the doctor on duty connect to the Internet, type in a password, and with a few clicks,
   view your medical history. He could see your most recent test and lab results, a list
   of your allergies, and all your medications. With all that information, he could begin
   treating you immediately.

The federal government, states, HMOs, and PPOs are developing a system to
store and link the medical records of every American.
   The network would allow medical providers and insurers, among others, to view
   records and enter information. The ramifications: •Doctors could provide better care
   by instantly viewing medical histories.
   The network could save money by eliminating duplicate tests.•Health officials could
   quickly spot adverse drug reactions and epidemics.
   But marketers could target patients with specific diseases to sell them drugs or to
   solicit for related charities.
   In the absence of safeguards, lenders and employers could use medical records to
   disqualify people with health problems from obtaining loans and jobs.


                                                                                      18
Health Insurance Portability and
Accountability Act of 1996
  aka the Kennedy-Kassebaum bill

To assure health insurance after leaving job
(“insurance portability”)

Congress added “Administrative
Simplification”
  This resulted in privacy rules

                                               19
Goal: Save money

Means: Standard electronic transactions
 Standard record formats, code sets, and identifiers
 For common transactions such as enrollment, claims,
 remittance, eligibility, and referrals
 The law was passed in 1996 but set a compliance
 date of October 2002




                                                   20
Increased risk to information security
and patient privacy

So Congress added HIPAA requirements
 US Dept. of Health and Human Services (HHS) to
 develop security regulations




                                                  21
Rules apply directly to health care plans,
providers, and clearinghouses - called “covered
entities”

Rules apply only indirectly to “business
associates” of those covered (until a broader
privacy law is passed)

Rules do not apply to life insurers, workers
comp, etc. (until a broader privacy law is
passed)

                                                22
Civil penalty for “failure to comply”: up to
$100/person/violation; maximum of
$25,000/person/violation/year (can add up!)

Criminal penalties for “wrongful disclosure”
“knowingly and in violation of HIPAA”
  up to $50,000 and/or 1 year prison for knowing misuse
  up to $100,000 and/or 5 years prison when under false
  pretenses
  up to $250,000 and/or 10 years prison when intent to sell,
  use for personal gain or commercial advantage, malicious
  harm


                                                           23
Receive copy of own record
Request record amendment/correction
Voluntarily authorize and revoke secondary
uses of own data
Receive report of certain disclosures
Receive Notice of Privacy Practices
File complaint of non-compliance



                                             24
HIPAA also allows health-care providers to share
information with health-care business associates.
 So notes from your psychotherapy session may be given
 to your insurers’ employees for “training purposes.”
 Information can also be used for fund-raisers.
 For example, the agreement of Michael Bermant, a plastic
 surgeon in Chester, Va., says, “We may use or disclose
 your demographic information and the dates that you
 received treatment from us in order to contact you for
 fund-raising activities supported by our office.“




                                                            25
Thousands of doctors have stopped sending out
appointment-reminder postcards, figuring the cards
could be read by someone other than the patient.

Some doctors have stopped leaving messages on
patients' telephone answering machines, fearing that
other family members might listen to them.

Wives have been told they no longer could verify
dental appointments for their husbands.

Yet, such postcards, phone calls and spousal
verifications are allowed under the law

                                                       26
Some hospitals stopped providing information to
patients' family members and clergy.

Some weekly newspapers stopped publishing
birth announcements because hospitals stopped
providing the names.

In a few cases, new privacy policies at hospitals
have stymied police trying to investigate crimes.
  Dean Akings, the police chief in Great Bend, Kan., could
  not get information about the medical condition of two
  murder suspects who were wounded in a shootout May
  9. The hospital, 120 miles away in Wichita, also refused to
  say when the suspects might be discharged

                                                            27
Dr. Salem, a cardiologist at Tufts-New England
Medical Center, was treating a heart-transplant
patient when he was told that the donor had
bacteria in his blood.

Dr. Salem needed to know what type of antibiotic
to prescribe to the heart recipient. But the hospital
that supplied the heart refused to identify the
bacteria, saying that would violate the donor's
privacy.

As a result, Dr. Salem treated his patient with
several antibiotics.

                                                        28
Volunteer groups bringing holiday toys, teddy
bears, and brownies to Quad Cities hospital wards
are sometimes being told to leave the items with
hospital staffs rather than visit the wards
  Santa Claus can make an appearance only if a separate
  guardian's consent is obtained for each hospitalized child
  And after Joynal Abedin became a victim of a fatal hit-
  and-run in the Washington, D.C. suburb of Adelphi, Md.,
  his family did not learn of his fate for two weeks until it
  received a $17,000 bill from Washington Hospital Center
  in the mail; the hospital's fear of medical privacy breaches
  was one factor contributing to the delay.

                                                             29
doctors who believe their elderly patients
should not be driving anymore are less likely
to pass on the word to family members.

'We're [also] seeing more medication errors in
older patients because of this,' says John
Riesch, a vascular surgeon
  The patients, who were used to having family
  members or companions help them figure out their
  medications, are now fending for themselves and
  sometimes taking the wrong dosage,
                                                     30
The Medical Information Bureau of Weston,
Massachusetts serves as a nonprofit centralized
collection agency for 750 insurance companies,
providing access to the medical records of 15
million Americans
     Medical records held by insurance companies are unregulated


          patients can be denied access to their own records


     third parties with no role in the medical care of a patient
     may freely access these records

                                                                   31
Hackers could still gain
access to your records




                           32
33
We must balance the right of the government
to control crime with the right of individuals to
privacy

this is the concern of which amendment?

the government can not conduct an “unreasonable” search

the government must have a warrant based on
“probable cause”
                    So, how does this work . . .

                                                    34
The police have a right to demand a strip search (body
cavity search) of anyone arrested.

Consider this case:
  In Denver in 1984 a man was arrested for failing to appear in
  court regarding a speeding ticket (it turns out he had paid
  the ticket). He was taken to the police station and strip
  searched in the lobby.

       Was this a violation of the 4th amendment?

                    the District Court said no
                    But the 10th Circuit Court of Appeals said yes

       Why are strip searches conducted and when are they justified?
       What is reasonable?                                           35
The Sioux Falls police now routinely arrests teens
breaking the 11 p.m. curfew law. They are brought to
the Minnehaha County Juvenile Detention Center and
strip searched for weapons and illegal paraphernalia.

On December 4, in People v. Mitchell, an appellate
court in New York held that NYPD officers violated
the Fourth Amendment right against unreasonable
searches and seizures when they stripped a suspect in
the street, in front of a church, in the absence of
"circumstances that pose potentially serious risks to
the arresting officer or others in the vicinity." In other
words, according to the court, the simple fact that
police had probable cause to arrest a suspect did not
alone authorize them to perform a public strip search.

                                                         36
The police have a right to search the property of a
suspect if they have a warrant or permission

Consider this case:
  An undercover police officer at a New York bus station noticed
  nervous, agitated man standing in a bus line. He approached
  the man, identified himself as a police office and asked, twice,
  if he could look in the man’s bag. The man said yes both
  times. Thirty-eight vials of cocaine were found in the bag.


     Was the man convicted?
           no - the court ruled that the office did not have enough suspicion
           to allow a search of the bag even if the search was consented to. . .
     Exclusionary rule is not in the 4th amendment but the
     courts enforce it. Is it fair to society?
                                                                            37
Perhaps the greatest problem is the
nature and use of law enforcement
databases

There are a wide range of local, state
and national databases that now
communication with each other

                                         38
NLETS is a nationwide network that links all states and
many federal agencies together for the exchange of a
criminal justice information.
  Through those connections, any criminal justice agency on a
  state law enforcement telecommunications systems in one state
  can communicate with any criminal justice agency on a law
  enforcement telecommunications system in any other state.
  This includes all major police agencies and most smaller ones.
  In addition, many prosecutors, probation departments, parole
  offices, etc. communicate with each other and with local, state
  and federal law enforcement agencies through these systems.
  Law enforcement and criminal justice agencies use NLETS
  more than 1,000,000 times everyday via nearly 327,000
  terminals.


                                                                    39
INFORMATION AVAILABLE FROM OTHER STATES VIA
NLETS
  Vehicle Registration Information
  Drivers License Information
  Criminal History Records
  Boat and Snowmobile Registration
  Parole and Probation Information
  Corrections Information
  Sex Offender Registration Information

NATIONAL FILES AVAILABLE TO NLETS USERS
  ATF Gun Tracking Data
  FAA Tracking Information
  FAA Aircraft Registration Data
  National Impound Vehicle File
  National Drug Pointer Index
  Hazardous Material information
  INS’s Law Enforcement Support Center


                                              40
Each state law enforcement telecommunications
system connects its users to the NCIC network.
  The system has been in operation since its inception in
  1967. Its current enhanced version, NCIC 2000, came on-
  line in July 1999.
  NCIC is a national index of theft reports, warrants and
  other criminal justice information submitted by law
  enforcement agencies across the country.
  It provides real-time (end-to-end 12 second response time
  required) notification of information regarding persons
  and property to police officers by the side of the road, case
  investigators, booking personnel, prosecutors, probation
  and parole officers and others.
  Through NCIC, almost all police departments in the
  country share their theft reports, warrants, missing person
  reports, etc. with each other in an on-line, real-time mode.
  At present, users generate more than 2,000,000 transactions
  per day.
                                                             41
CODIS-Combined DNA Index System, a national index of DNA
profiles, limited to convicted offenders and crime scene evidence
NIBIN-National Integrated Ballistics Information Network-an
attempt to unify BATF and FBI firearms databases
 NDPIX-National Drug Pointer Index, a pointer system that allows
state, local and Federal agencies to determine if a suspect is under
investigation by any other participating agency
 UCR/NIBRS-National Uniform Crime Reporting System, a
statistical system based on crime reporting by state and local
police agencies, not intended to include personally identifying
information
 NICS-National Instant Criminal Background Check System for
pre-sale firearm background searches by licensed firearms dealers
(est. 7,000,000 checks to be performed in 2000)



                                                                    42
The RISS network is under
development as a national internet
database of law enforcement

It involves three different types of
networks:
 RISSNET
 RISSGangs
 RISSLeads

                                       43
RISSNET is a law enforcement criminal intelligence database. It
   includes information on a subject, criminal activity,
   addresses, telephone numbers, vehicles, weapons, and other
   identifying information.
RISSGang is a law enforcement criminal database. It includes
   information on street gangs and prison gangs. The subjects
   are entered by member agencies who are actively involved
   in investigations of street gangs and security threat groups
   (gangs) in the correctional institutions.
RISSLeads is essentially the same as the newsgroup function on
   the Internet, except that it is totally secure within the RISS
   Intranet. Users can post messages and receive replies. They
   will be able to post specific criminal activity in their area, or
   search for specific criminal activity in other jurisdictions.

                                                                       44
                                 NESPIN



                              MAGLOCLEN

WSIN
              MOCIC



       RMIN           ROCIC




                                      45 45
Intentional Misuses:
 Disclosing information to private
 investigators in exchange for money, deleting
 or altering information in records


Unintentional Misuses:
 Background investigation on applicants for
 non-criminal justice employment


                                              46
December 1991 20 individuals in New Jersey
and Florida indicted under federal bribery,
theft of government property, and computer
fraud statutes for selling criminal history
information obtained from NCIC.

A former law enforcement officer used
information obtained illegally from NCIC to
find his ex-girlfriend and murder her.


                                              47
Should employers have access to the criminal
history (CH) of potential employees?

What about employees that will work with
children?

What about employees whose offense was
minor and occurred a long time ago?



                                               48
Social consensus: Certain CH is clearly relevant to
selection decisions for certain jobs, and should be
available to employers
Factors entering into relevancy:
  Type of criminal offenses in the CH
  Recency of the CH
  Criminal offender's age at the time
  Patterns of criminal offenses
  Job responsibilities

Is certain CH relevant for all jobs?
  Violent crimes against individuals?
  Will negligent hiring suits create a category of
  unemployable criminals?

                                                      49
With exception of some clear cut “no brainers”,
relevancy is difficult to determine in many, many
cases

Lack of guidelines for determining relevancy

Relevancy determinations complicated by gap
between CH and CH record
  Conviction information without arrest and charge
  information
  Plea bargaining
  CH record, even if complete, may not tell “the full story”
  of what happened
  What does a conviction for criminal trespass signify?
                                                               50
Mis-matches are not impossible when the basis of
identification of an individual is name, date of
birth, etc., as opposed to fingerprints
Congress recognized this in the 1997 FCRA
amendments by expanding employer
responsibilities in the area of candidate access
Completeness of a record is another significant
dimension of accuracy
Congress also improved accuracy by eliminating
the restriction to seven years of CH, unless the
salary exceeds $75,000


                                                   51

								
To top