Presentation is loading. Please wait.

Presentation is loading. Please wait.

Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit.

Published byDominick Sutterfield Modified over 10 years ago

Similar presentations

Presentation on theme: "Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit."— Presentation transcript:

1 Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit Panel: Re-engineering Privacy Law March 8, 2013

2 Overview How lawyers make simple things complicated How engineers make simple things complicated Why it is reasonable to use the termreasonable in privacy rules How to achieve happiness when both lawyers and engineers are in the room

3 HOW LAWYERS MAKE SIMPLE THINGS COMPLICATED

4 First Year Torts Law: did defendant show reasonable care? Is defendant liable? What counts as an answer? Statute Custom Jurys view of a reasonable person in the community

5 Palsgraf Case Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station Railroad conductor assists man Man drops package tucked under arm Oops, firecrackers Knocks over scales at other end of platform Scales hit woman, causing injury Is the railroad liable?

6 Good Law Student Answer Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station (man negligent, moving train) Railroad conductor assists man (employee violates law) Man drops package tucked under arm Oops, firecrackers (foreseeable?) Knocks over scales at other end of platform (proximate cause) Scales hit woman, causing injury Is the railroad liable? (Close call)

7 Slightly Exaggerated Engineer Answer Exam answer for the famous Palsgraf case Man climbs on a train pulling out of the station Railroad conductor assists man Man drops package tucked under arm Oops, firecrackers Knocks over scales at other end of platform Scales hit woman, causing injury Is the railroad liable? (No)

8 What I Say to the Engineer (I) Its the journey, not the destination I cant give you credit unless you write it down Show your reasoning Persuade me, dont tell me the answer

9 What I Say to the Engineer (II) Your job is on the line You are the lawyer for the railroad Will cost railroad $$$ if liable You have to find every scenario or fact where we may be able to make an argument Spot every issue Delay if it helps our case – more discovery Argue for the client, not the right answer Did I say your job is on the line?

10 Right Answer & The Adversary System Beyond a reasonable doubt for criminal cases Defense lawyer just needs one gap in prosecutors argument The jury decides, so lawyer can try many arguments to make the weaker case appear the stronger The defendant wins if prosecutor is only probably correct

11 HOW ENGINEERS MAKE SIMPLE THINGS COMPLICATED

12 With Thanks to Stuart Shapiro Assignment: our company has to comply with new privacy rule Lawyers: We will apply the Fair Information Privacy Principles We know the rules: notice, choice, access, security, accountability Engineers: How do you write that in C++?

13 From Legal Rule to Getting it Built Privacy principles (legal rules) General privacy requirements Contextual privacy requirements Business process System development Operations System Detailed system requirements System tests

14 Data Minimization Example FIPP: data minimization Data minimization is in Do Not Track for how long keep data for a permitted use Security Anti-fraud Debugging Financial auditing

15 Data Minimization Lawyer: data minimization Shapiro as engineer: System requirements: 50 requirements 100 associated tests Input to our system is permitted only for pre-determined data elements When query an external database, only queries to the approved data fields Executable test – apply to test data and confirm under various scenarios

16 Why it is reasonable to use the term reasonable in privacy rules

17 Reasonable HIPAA Measures Security: reasonable and appropriate security measures Documentation: reasonable and appropriate polices and procedures Minimum necessary: reasonable efforts to limit … to the minimum necessary Domestic violence: reasonable belief and can disclose Business associate: reasonable steps to cure the breach And 30 more

18 The Lawyer & the Engineer Software engineer: how write in C++? Lawyer: The HIPAA rule lasts decade or more Hard to update and amend Technology neutrality Many use cases & business models FAQs and guidance over time If are more specific, then will be wrong, a lot No better alternative to sayingreasonable

19 HOW TO ACHIEVE HAPPINESS WHEN BOTH LAWYERS AND ENGINEERS ARE IN THE ROOM

20 HOW TO ACHIEVE HAPPINESS WHEN BOTH LAWYERS AND ENGINEERS ARE IN THE ROOM WHAT DO LAWYERS KNOW ABOUT HOW TO ACHIEVE HAPPINESS?

21 Lawyers and Engineers Similarities of lawyers & engineers Very analytic Can drill down and get very detailed (And each is glad when the other gets to do those details)

22 Lawyers & Engineers Differences in output Engineers build things Systems that work and can be tested The right answer Testable It works if it runs Lawyers build arguments A lot of words: brief Adversary system It works if it meets the clients goals

23 Conclusion In practice: Need a team To comply, need lawyers AND engineers Become aware of how create answers that count for both An optimistic note In privacy, legal and engineering systems come together Your own work improves if you become bilingual A challenge and reward if you can work together

Download ppt "Engineers and Lawyers in Privacy Protection Peter Swire Professor, Moritz College of Law Visiting Professor, Georgia Institute of Technology IAPP Summit."

Similar presentations

H OGAN & H ARTSON, L.L.P.

H OGAN & H ARTSON, L.L.P.
HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.

HIPAA In Relation to Other Federal Laws Professor Peter P. Swire Ohio State University Consultant, Morrison & Foerster LLP Glasser LegalWorks/HIPAA Conference.
Trustwrap: The Importance of Legal Rules to E-Commerce and Internet Privacy Professor Peter P. Swire Moritz College of Law The Ohio State University Enforcing.

Trustwrap: The Importance of Legal Rules to E-Commerce and Internet Privacy Professor Peter P. Swire Moritz College of Law The Ohio State University Enforcing.
Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.

Privacy Today Privacy Day January 28, 2008 International Association of Privacy Professionals.
HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.

HIPAA Privacy Practices. Notice A copy of the current DMH Notice must be posted at each service site where persons seeking DMH services will be able to.
Would you be chosen to serve on a jury for a death penalty case?

Would you be chosen to serve on a jury for a death penalty case?
Red Flag Rules: What they are? & What you need to do

Red Flag Rules: What they are? & What you need to do
Steps to Compliance: Managing Business Associates PRESENTED BY.

Steps to Compliance: Managing Business Associates PRESENTED BY.
HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.

HIPAA. What Why Who How When What Is HIPAA? Health Insurance Portability & Accountability Act of 1996.
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/2009 0.

1 Louisiana Department of Health and Hospitals Basic HIPAA Privacy Training: Policies and Procedures 01/09/
© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.

© 2009 The McGraw-Hill Companies, Inc. All rights reserved 3-1 LEGAL AND ETHICAL ISSUES in Medical Practice, Including HIPAA PowerPoint® presentation.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Legal and Ethical Issues. 1. Describe and explain legal and ethical issues. 2. Describe guidelines for avoiding legal action and list methods for protecting.

Legal and Ethical Issues. 1. Describe and explain legal and ethical issues. 2. Describe guidelines for avoiding legal action and list methods for protecting.
Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida

Information Sharing and Cross-System Collaboration John Petrila, J.D., LL.M. Professor, University of South Florida
2010 Region II Conference Corporate Compliance Panel June 3, 2010

2010 Region II Conference Corporate Compliance Panel June 3, 2010
Q UINCY COLLEGE Paralegal Studies Program Paralegal Studies Program Interviewing & Investigation LAW-123 Introduction to Interviewing and Investigating.

Q UINCY COLLEGE Paralegal Studies Program Paralegal Studies Program Interviewing & Investigation LAW-123 Introduction to Interviewing and Investigating.
Version 6.0 Approved by HIPAA Implementation Team April 14, 2003 1 HIPAA Learning Module The following is an educational Powerpoint presentation on the.

Version 6.0 Approved by HIPAA Implementation Team April 14, HIPAA Learning Module The following is an educational Powerpoint presentation on the.
ICAICT202A - Work and communicate effectively in an IT environment

ICAICT202A - Work and communicate effectively in an IT environment
Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.

Peter Swire Computing Community Consortium/CRA Workshop On Privacy By Design Berkeley February 6, 2015 Privacy by Design: More than Compliance with the.

Similar presentations

Ads by Google