Scholarly Articles & Institutional Publications

97 IOWA L. REV. 809, 822-24 (2012)   The full text is available at: http://www.uiowa…

(2012) 28(3) Computer Law and Security Review 296 ABSTRACT: Mandatory data breach notification laws have been a significant legislative reform regarding unauthorized disclosures of personal information by public and private sector organizations. These laws originated in the state-based legislatures of the United States during the last decade and have subsequently garnered worldwide legislative interest. We contend […]

30 Berkley J. INT’L L. 161, 164-68 (2012) The European Union is developing its “right to be forgotten”. According to the author, this right could prove particularly harmful toward United States Internet companies. The article outlines the practical implications of the European right to be forgotten, pointing out possibilities to reconcile American and European views […]

28 Berkeley Technology Law Journal 1333 (2013) Abstract Regulators here and abroad have embraced “privacy by design” as a critical element of their ongoing revision of current privacy laws. The underlying idea is to “build in” privacy (in the form of Fair Information Practices or FIPs) when creating software products and services. But FIPs are […]

“In this Opinion the Article 29 Working Party analyses all relevant issues for cloud computing service providers operating in the European Economic Area (EEA) and their clients specifying all applicable principles from the EU Data Protection Directive (95/46/EC) and the e-privacy Directive 2002/58/EC (as revised by 2009/136/EC) where relevant. … [T]his Opinion outlines how the […]

On June 14, 2012 the OPC, the Office of the Information and Privacy Commissioner of Alberta and the Office of the Information & Privacy Commissioner for British Columbia issued a joint Guidance Document called “Cloud Computing for Small and Medium-sized Enterprises: Privacy  Responsibilities and Considerations”. The focus of the OPC Guidance Document was to remind […]

From the Opinion’s introduction Article 5.3 of Directive 2002/58/EC, as amended by Directive 2009/136/EC has reinforced the protection of users of electronic communication networks and services by requiring informed consent before information is stored or accessed in the user’s (or subscriber’s) terminal device. The requirement applies to all types of information stored or accessed in […]

From the FTC report executive summary: “Based upon its analysis of the comments filed on the proposed privacy framework, as well as commercial and technological developments, the Commission is issuing this final Report. The final framework is intended to articulate best practices for companies that collect and use consumer data. These best practices can be […]

Notre Dame Law Review, Vol. 88, 2012 Brooklyn Law School, Legal Studies Paper No. 265   Abstract from the article: “The tort of intrusion upon seclusion offers the best theory to target legitimate privacy harms in the information age. This Article introduces a new taxonomy that organizes privacy regulations across four key stages of information […]

31 Mississippi College L. Rev. 227 (2012) Abstract: “This article, which largely tracks my remarks at Mississippi College’s Social Media Symposium, examines expectations of privacy in social media such as weblogs (blogs), Facebook pages, and Twitter tweets. Social media is diverse and ever-diversifying, and while I address some of that complexity, I focus on the […]