From healthcare apps, to mobile devices, to utilities, services are collecting and aggregating customer data across many different types of connected devices. As more everyday objects connect to the Internet to send and receive data, the FTC, legislators, privacy advocates, and others have identified location information as a particularly sensitive category of data because the types of data collected and real risks to people, systems and privacy. This presentation covers the latest issues in location and security, privacy laws and regulations, with an eye toward developers and IT managers. RSAC 2016
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Where You Are Is Who You Are: Legal Trends in Geolocation Data Privacy & Security
1. SESSION ID:
#RSAC
Davi M. Adler
Where You Are Is Who You Are:
Legal Trends in Geolocation
Privacy & Security
LAW-T11
Attorney/Founder
Adler Law Group
@adlerlaw
2. Adler Law Group
#RSAC
Introduction
2
Does sharing geolocation info
protect us?
What? Who? Why?
Risk avoidance =
Reviewing/updating Policies &
Contracts & Training
U.S. v. Global Laws
3. Adler Law Group
#RSAC
Internet use is changing!
3
40% Gov’t Services
43% Job info
18% Submit Job App
44% Real Estate
57% Online Banking
62% Research Health
Condition
Mobile Devices & Major Life
Events/Experiences
4. Adler Law Group
#RSAC
How Smartphone Owners Share Location
4
0%
20%
40%
60%
80%
67% Get
Directions
Public
Transport
Post
Location
"Check in" Taxi
Serivce
Location Relevant Data
Percentage of Users
7. Adler Law Group
#RSAC
Location Data = Sensitive Data
7
Sensitive Data
Legal Duty to Protect
Use Increasing
Disclosures Opaque
06/04/14 FTC Dir. Rich Testifies before Congress:
“Geolocation information divulges
intimately personal details of an
Individual”
8. Adler Law Group
#RSAC
Complicated & Confusing
8
US: No uniform privacy laws.
Enforcement is “ad-hoc.”
FTC: enforcing privacy policies & security
procedures.
Sensitive Info: Employment, Medical,
Sexual Orientation, Financial.
Trend:
Greater State & Federal Legislative &
Regulatory Involvement
9. Adler Law Group
#RSAC
Trends: Federal Legislation
9
White
House
Privacy Bill
of Rights
Act of
2015
Federal Geolocation Privacy
Legislation
Consolidated
Appropriation
s Act, 2015
Enacted
(Sec. 417 of
Div. K)
GPS Act
(S. 237)
(H.R. 491)
Online
Communications
& Geolocation
Protection Act
(H.R. 983)
Location Privacy
Protection Act of
2014
(S. 2171)
10. Adler Law Group
#RSAC
Trends: State Location Privacy Initiatives
10
Legislation
CA Senate Bill 576
State AGs
CA: State AG sued Delta
over failure to post
Privacy Policy in Mobile
App (CalOPPA)
11. Adler Law Group
#RSAC
Trends: Regulatory Enforcement
11
FTC
Retail In-store Tracking (NOMI)
Geolocation Sharing (Snapchat)
Address Book Access/ Sharing (Path)
Flashlight (Goldenshores)
FCC
AT&T: April 8, 2015 call center data data breach
Net Neutrality: New rule-making authority over internet
access
13. Adler Law Group
#RSAC
Nest Steps: Risk Mitigation & Avoidance
13
Update Policies & Contracts:
Notice & Meaningful Choice
Transparency
3d Party Access to Location
Info?
14. Adler Law Group
#RSAC
Thank You!
14
David M. Adler | Adler Law Group
Safeguarding Ideas, Relationships & Talent ®
300 Saunders Road, Suite 100
Riverwoods, Illinois 60015
Direct: (866) 734-2568
Email: David@Adler-Law.com
Web: www.adler-law.com
Blog: Adlerlaw.wordpress.com
Twitter: @adlerlaw
LinkedIn: https://www.linkedin.com/in/adlerlaw
Ping® Newsletter
Editor's Notes
Intro:
My background:
I’m a lawyer, but not YOUR lawyer
If you are running out of this room calling your lawyer the minute I’m finished, I haven’t done my job.
J/K…
Collecting and Aggregating Location Data
Use of Location Information has opportunities and challenges for consumer Privacy.
What, Who, Why?
-Healthcare Apps, Mobile Devices, & Utilities
-FTC, Legislators, Privacy advocates say location information “particularly sensitive category of data.”
-Real threats to people, systems & privacy when Misused
The mobile marketplace is the fastest growing segment of commerce. Mobile digital media time in the US is now significantly higher at 51% v desktop (42%). http://www.smartinsights.com/mobile-marketing/mobile-marketing-analytics/mobile-marketing-statistics/
Innovative services rely on a consumer’s location information. High-quality customer engagement.
Increasing number of state & federal legal and regulatory requirements.
RISK AVOIDANCE: we will discuss tips and best practices
US LAW only: not talking about EU/Safe Harbor
Mobile Devices Are Used to Navigate Major Life Events/Experiences
Pew Internet Study: U.S. Smartphone Use in 2015
BY AARON SMITH (APRIL 1, 2015) http://www.pewinternet.org/2015/04/01/us-smartphone-use-in-2015/
Mobile Phone key entry point
lower income and “smartphone-dependent” users are especially likely to use for job /employment
67% use phone for turn-by-turn, 31% do this “frequently.”
25% use phone public transit information
11% use phone reserve a taxi or car service
Location tracking of mobile device users can compromise security. Most companies have information they don't want publicly available. In addition to proprietary data on processes and production, companies keep a lot of basic information confidential. Examples are the identities of bidders on a project, sources of key materials and customer lists. When it's easy to track the movements of employees, the security of such information may be compromised.
3d Parties are gathering way more through basic device operations:
>WiFi Hotspots: range is limited to a 100 meters
>Cell tower triangulation yields results within 50 meters
>GPS: compile the precise locations of these signals into large databases
>Crowdsourcing: cell tower + Wi-Fi access point data = precise locations - compiled & then licensed to 3d parties.
>Foursquare knows building and Floor
Surprisingly Rich sources of Info available to ALL Apps:
Keyboard Cache
SIM Card Serial #
IMSI ID (Cell phone equivalent of email address; can tell a service if an App is installed reinstalled)
Phone #
Email account settings
WiFI Network history & Time stamps
USE:
Employers: 62% of employers track employees using GPS, according to a 2012 study
Law Enforcement: 1) 1.3M Requests according to 2012 congressional inquiry, 2) Both GPS devices & Cell phones
TRUST:
20% of mobile phone users have turned off location services
80% of shoppers say they do not want in-store movements tracked
GPS technology is making it easier for companies with just a few dozen employees to roll out such tracking. A 2012 study by technology research firm Aberdeen Group found that 62 percent of companies with so-called "field employees” https://www.washingtonpost.com/news/the-switch/wp/2015/05/14/some-companies-are-tracking-workers-with-smartphone-apps-what-could-possibly-go-wrong/
Sensitive Data
Location Data increasingly subject to legal duty to protect
Use of Location Info by Apps, Devices & Platforms Increasing
Consumer Disclosures Increasingly Opaque
Legislators & Privacy Advocates Increasingly Vocal
Consolidated and Further Continuing Appropriations Act, 2015: language applicable to the Department of Transportation – No $ for GPS tracking in private vehicles w/o full consideration of privacy concerns
GPS Act: 1) Legal Framework for Access/Use of Location Info, 2) Consent required for disclosure of Location Info to 3d Parties
Online Comms & Geolocation Protection Act: Same as GPS but + safeguards for online communications
Location Privacy Protection Act of 2014: 1) Prohibits collection/disclosure of Location info from an electronic communications device w/o consent, 2) exceptions for parents, emergency services, law enforcement, and 3) prohibit development and distribution of "stalking apps,"
CA Senate Bill 576: Requires that consumers get:
Clear notice explaining how location information will be used and shared when App installed.
Ensures App users give express consent before geolocation data can be collected and shared.
FTC
NOMI: Retail In-store Tracking & Opt-out (04/23/15)
Snapchat: Transmission of Geolocation
Path: Address Book info
Goldenshores: Flashlight App (Location)
FCC
AT&T: April 8, 2015 - paid $25M to settle charges that It failed to properly protect confidentiality of ~280k customers in connection with call center data breaches; employees sold info to 3d party
I&L:
Identify & Locate: 1) data collected, 2) by whom, 3) how stored, and 4) how shared
Biggest risk to companies: don’t know what they have, where it is, or who controls.
R&R: Review & Revise Privacy Policies & Contracts w/ Vendors & Service Providers
Update Policies & Contracts:
Notice & Transparency
Meaningful Choice
3d Party Access to Location Info?
MC:
challenge of ensuring opportunity to exercise meaningful choice with respect to the collection and use
“choice=tell a company what it can and cannot do
“opt-out,” or “opt-in,”
challenge of “tension between granularity and simplicity” —meaningful real-time and seamless user experience (Result ignored)
3d Party: Once an application has access to a user’s data, there are usually no rules governing its disclosure, and no controls available to consumers to regain control of it.
N&T:
One of the most important aspects of companies’ approaches to privacy is that they provide transparent notice to consumers regarding the company’s privacy practices, informing the consumer as to what the company is doing with the personal information it collects. Such notice to consumers should be clear, concise, and an accurate reflection of the privacy practices of the company.
providing accurate notice and transparency of privacy practices to customers remains an important challenge
limited real estate” on mobile phones, and thus they are not receptive to long, involved privacy notices
MC:
challenge of ensuring opportunity to exercise meaningful choice with respect to the collection and use
“choice=tell a company what it can and cannot do
“opt-out,” or “opt-in,”
challenge of “tension between granularity and simplicity” —meaningful real-time and seamless user experience (Result ignored)
TP
Once an application has access to a user’s data, there are usually no rules governing its disclosure, and no controls available to consumers to regain control of it.