Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit.

Slides:



Advertisements
Similar presentations
H OGAN & H ARTSON, L.L.P.
Advertisements

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Trustwrap: The Importance of Legal Rules to E-Commerce and Internet Privacy Professor Peter P. Swire Moritz College of Law The Ohio State University Enforcing.
Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Would you be chosen to serve on a jury for a death penalty case?
Red Flag Rules: What they are? & What you need to do
Steps to Compliance: Managing Business Associates PRESENTED BY.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Legal and Ethical Issues. 1. Describe and explain legal and ethical issues. 2. Describe guidelines for avoiding legal action and list methods for protecting.
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
2010 Region II Conference Corporate Compliance Panel June 3, 2010
Q UINCY COLLEGE Paralegal Studies Program Paralegal Studies Program Interviewing & Investigation LAW-123 Introduction to Interviewing and Investigating.
Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
ICAICT202A - Work and communicate effectively in an IT environment
Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.
Data Protection Act. Lesson Objectives To understand the data protection act.
© 2004 West Legal Studies in Business A Division of Thomson Learning 1 Chapter 52 Liability of Accountants and Other Professionals Chapter 52 Liability.
Measure what matters – to build stronger financial performance and to achieve financial stability under OFR Peter Scott Peter Scott Consulting
Information Security Training for Management Complying with the HIPAA Security Law.
An Educational Computer Based Training Program CBTCBT.
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
HIPAA PRIVACY AND SECURITY AWARENESS.
Street Law JEOPARDY May 30, CONTRACTSCRIMINAL CIVIL WRONGS FIRST AMENDMENT EMPLOY- MENT GRAB BAG Street Law JEOPARDY.
Presentation to Senior Management MiFID for Senior Managers Introduction These slides introduce the big changes for senior management from MiFID.
Frequently Asked Questions about Strikes and Job Security If the union gets in here I can’t ever lose my job because the union will get it back for me.
Arkansas State Law Which Governs Sensitive Information…… Part 3B
LEGAL STUDIES Unit 4 AOS2 Overview U4.AOS2. Unit 4 Area of Study 2 Unit 4 Area of Study 2 Court processes and procedures, and engaging in justice 1. Elements.
Courts and the Case Process. I. The Two Systems of Criminal Courts A. Federal and state courts (more trials take place in state courts) B. Federal Courts.
CONDUCTING CYBERSECURITY RESEARCH LEGALLY AND ETHICALLY By Aaron J. Burstein; Presented by David Muchene.
Health Insurance Portability and Accountability Act of 1996 HIPAA Privacy Training for County Employees.
 Understand the four elements of the tort of negligence  Understand the reasonable person standard  Understand how foreseeability (ability to anticipate.
1 Privacy Plan of Action © HIPAA Pros 2002 All rights reserved.
Welcome….!!! CORPORATE COMPLIANCE PROGRAM Presented by The Office of Corporate Integrity 1.
Session III: Student Rights and Counselor Responsibilities: FERPA, IDEA, Negligence, 504, In loco parentis, confidentiality, records & record keeping.
HIPAA Training Workshop #1 Council of Community Clinics – San Diego February 7, 2003 by Kaye L. Rankin Rankin Healthcare Consultants, Inc.
Ann Marie Perez Professor CRIMINAL PROCEDURE WEEK 1 - UNIT 1.
Social Science.  The main purpose of civil law is to settle disagreements fairly  People file lawsuits, or cases in which a court is asked to settle.
TOP 10 DHS IT SECURITY & PRIVACY BEST PRACTICES #10 Contact The Office of Systems & Technology for appropriate ways to proceed if you need access to.
1 Privacy Lessons from Other Industries Chris Zoladz, CIPP, Vice President, Information Protection Marriott International, President, International Association.
Successful Fire Investigations From One Assistant Attorney General’s Perspective (Presented by: Mike Rollinger)
Legal, Regulations, Investigations, and Compliance Chapter 9 Part 2 Pages 1006 to 1022.
Welcome to PA310 Torts James D. Allen, JD - Instructor.
WHAT GUARDIANSHIP ATTORNEYS SHOULD KNOW BY RACHEL ANNE BROOKS MARCH 15, 2016 Health Care Privacy.
Health & Safety Management “and a few other things for your consideration”
Legal Considerations and Administration
Understanding Privacy An Overview of our Responsibilities.
PALSGRAF.
Chapter 11 Designing Inputs, Outputs, and Controls.
For Professor Ludlum UCO September 12, 2016
Negligence Mr. Lugo.
Privacy principles Individual written policies
HIPAA Administrative Simplification
Liability in negligence
How does a case move from local courts to the U.S. Supreme Court?
Managing the IT Function
Legal Considerations and Administration
Candor and Truthfulness in the Age of Fake News and Alternative Facts
Sue Cawthray, CEO/ Gill Thrush, Catering Manager
Disability Services Agencies Briefing On HIPAA
Fire Service Course Delivery Legal Issues
IMPLICATIONS OF GDPR ROBERT BELL.
HIPAA Overview.
Lesson 6-1 Civil Law (Tort Law).
Differences and similarities
Presentation transcript:

Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit Panel: Re-engineering Privacy Law March 8, 2013

Overview How lawyers make simple things complicated How engineers make simple things complicated Why it is reasonable to use the termreasonable in privacy rules How to achieve happiness when both lawyers and engineers are in the room

HOW LAWYERS MAKE SIMPLE THINGS COMPLICATED

First Year Torts Law: did defendant show reasonable care? Is defendant liable? What counts as an answer? Statute Custom Jurys view of a reasonable person in the community

Palsgraf Case Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station Railroad conductor assists man Man drops package tucked under arm Oops, firecrackers Knocks over scales at other end of platform Scales hit woman, causing injury Is the railroad liable?

Good Law Student Answer Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station (man negligent, moving train) Railroad conductor assists man (employee violates law) Man drops package tucked under arm Oops, firecrackers (foreseeable?) Knocks over scales at other end of platform (proximate cause) Scales hit woman, causing injury Is the railroad liable? (Close call)

Slightly Exaggerated Engineer Answer Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station Railroad conductor assists man Man drops package tucked under arm Oops, firecrackers Knocks over scales at other end of platform Scales hit woman, causing injury Is the railroad liable? (No)

What I Say to the Engineer (I) Its the journey, not the destination I cant give you credit unless you write it down Show your reasoning Persuade me, dont tell me the answer

What I Say to the Engineer (II) Your job is on the line You are the lawyer for the railroad Will cost railroad $$$ if liable You have to find every scenario or fact where we may be able to make an argument Spot every issue Delay if it helps our case – more discovery Argue for the client, not the right answer Did I say your job is on the line?

Right Answer & The Adversary System Beyond a reasonable doubt for criminal cases Defense lawyer just needs one gap in prosecutors argument The jury decides, so lawyer can try many arguments to make the weaker case appear the stronger The defendant wins if prosecutor is only probably correct

HOW ENGINEERS MAKE SIMPLE THINGS COMPLICATED

With Thanks to Stuart Shapiro Assignment: our company has to comply with new privacy rule Lawyers: We will apply the Fair Information Privacy Principles We know the rules: notice, choice, access, security, accountability Engineers: How do you write that in C++?

From Legal Rule to Getting it Built Privacy principles (legal rules) General privacy requirements Contextual privacy requirements Business process System development Operations System Detailed system requirements System tests

Data Minimization Example FIPP: data minimization Data minimization is in Do Not Track for how long keep data for a permitted use Security Anti-fraud Debugging Financial auditing

Data Minimization Lawyer: data minimization Shapiro as engineer: System requirements: 50 requirements 100 associated tests Input to our system is permitted only for pre-determined data elements When query an external database, only queries to the approved data fields Executable test – apply to test data and confirm under various scenarios

Why it is reasonable to use the term reasonable in privacy rules

Reasonable HIPAA Measures Security: reasonable and appropriate security measures Documentation: reasonable and appropriate polices and procedures Minimum necessary: reasonable efforts to limit … to the minimum necessary Domestic violence: reasonable belief and can disclose Business associate: reasonable steps to cure the breach And 30 more

The Lawyer & the Engineer Software engineer: how write in C++? Lawyer: The HIPAA rule lasts decade or more Hard to update and amend Technology neutrality Many use cases & business models FAQs and guidance over time If are more specific, then will be wrong, a lot No better alternative to sayingreasonable

HOW TO ACHIEVE HAPPINESS WHEN BOTH LAWYERS AND ENGINEERS ARE IN THE ROOM

HOW TO ACHIEVE HAPPINESS WHEN BOTH LAWYERS AND ENGINEERS ARE IN THE ROOM WHAT DO LAWYERS KNOW ABOUT HOW TO ACHIEVE HAPPINESS?

Lawyers and Engineers Similarities of lawyers & engineers Very analytic Can drill down and get very detailed (And each is glad when the other gets to do those details)

Lawyers & Engineers Differences in output Engineers build things Systems that work and can be tested The right answer Testable It works if it runs Lawyers build arguments A lot of words: brief Adversary system It works if it meets the clients goals

Conclusion In practice: Need a team To comply, need lawyers AND engineers Become aware of how create answers that count for both An optimistic note In privacy, legal and engineering systems come together Your own work improves if you become bilingual A challenge and reward if you can work together

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.