Supreme Court, Employees, Email Hosting, and Smartphone data ownership

Started by Ben Thoele, September 26, 2011, 11:09:41 AM

Previous topic - Next topic

0 Members and 2 Guests are viewing this topic.

Ben Thoele

Last week at TENCON there were a few references made to Supreme Court and other court decisions referenced in a few IT clases.  If you referenced one of those cases or know of an article you read would you please post it here?  The cases I'm most interested in are having to do with hosted email and employees and if a wire tap or warrant is needed for "Cloud" computing, and third any article about about who owns data on an employees owned device such as a smartphone.



Ben Thoele, I.T. Coordinator
TAM 12.2
33 Users
Mahowald Insurance
Saint Cloud, MN

Jim Jensen

Jim Jensen
CIC, CEO, CIO, COO, CFO, Producer, CSR, Claims Handler, janitor....whatever else.
Jensen Ford Insurance
Indianapolis

Ben Thoele

Looking through my notes I found the following. 

-The EEOC- Employees own data on their phones.   Something to that effect...
-Infoweek had something about hosted email and employee relations.

I didn't have any luck with either of these with some Google searches.

I anyone else has read these please post URLs to their articles.
Ben Thoele, I.T. Coordinator
TAM 12.2
33 Users
Mahowald Insurance
Saint Cloud, MN

Lance Bateman

One thing you must consider - if there is info regarding a customer or processing, it's subject to any requirement for "disclosure" in case of suit.  Look into "e-discovery".  All emails, voice mail, systems records, etc. are subject.

Todd Arnold

I would very much like to get more info on the case name or number for this.  I didn't think that any cases specific to cloud computing have made it that far yet.  And the cases from 2010 that did make it to the supreme court dealt with government employees, not private ones.  Since the employers were governmental entities, it brought into play 4th amendment protections that are not applicable for non-governmental employers.   And the City prevaled in that case against the plantiff employee anyway.
Todd Arnold
AB Solutions, Inc.
800-753-7785 x111

Jeff Golas

FINALLY I was looking for this thread...came across this looking for something else, and its kinda along the lines of what's being requested here...

http://luxsci.com/blog/gmail-not-hipaa-compliant-email.html
Jeff Golas
Johnson, Kendall & Johnson, Inc. :: Newtown, PA
Epic Online w/CSR24
http://www.jkj.com

Lance Bateman

Thanks Jeff - good reminder regarding HIPAA, besides the fact that even if not dealing much with HIPAA, you still have privacy issues on information regarding your personal lines clients by law.

Interesting addition on HIPAA, which caught me a bit by surprise.  Yes, certain P/C lines such as WC and Personal Auto are excluded.  HOWEVER, there is an exception to the exclusion that many aren't handling - on WC.

If sending a loss run on WC losses to carriers other than the one currently writing it, it apparently falls into the marketing exception to the exclusion - and you have to either use a scrubbed version of the loss run, black out certain identifying info, or get "opt ins" from anyone that may be on the list.  Things you can't include of course are names, employee numbers, claim numbers, etc - but also have to remove month and date of the injury, though you can leave the year.

One good thing - suits on this are civil, not criminal, and I've not heard of any coming up yet.  Bad thing - the amount anyone that feels you have violated the law can sue for, not only your company but you personally.

Jan Regnier

Quote from: Lance Bateman on October 07, 2011, 03:05:01 PM
Bad thing - the amount anyone that feels you have violated the law can sue for, not only your company but you personally.

Yep...everyone feels entitled to winning the "lottery".... :(
Jan Regnier
jan.regnier@meyersglaros.com
Meyers Glaros Group, Merrillville, IN 26 Users
EPIC 2020, Office 365, Indio

Ben Thoele

Ben Thoele, I.T. Coordinator
TAM 12.2
33 Users
Mahowald Insurance
Saint Cloud, MN

Hans Manhave

Very thought provoking article.  Many things mentioned while there are still many more things and what-ifs to consider.  A real headache. 

Just where an employee might live or travel would also affect the carrier choice and thereby the unit that is used.
Fantasy is more important than knowledge, because knowledge has its boundaries - Albert Einstein

Jim Jensen

Yes, very interesting - thanks Ben. This seems to support my theory of expanding computer-use agreements to include phones, regardless of who owns them.
Jim Jensen
CIC, CEO, CIO, COO, CFO, Producer, CSR, Claims Handler, janitor....whatever else.
Jensen Ford Insurance
Indianapolis

Jeff Zylstra

+1. Great post on the article, Ben.  It's really eye opening for us Americans to see some of the laws of other countries.  Especially the EU.  It was eye opening to see the 1995 Data Directive law from the EU about requiring websites to allow people to change online information about themselves.  I also wonder how RIM being in Canada affects data access and privacy rights.   I'm sure that some lawyer somewhere is just waiting for the right case to test it out.


Quote
International issues also pop up, Vogel notes: "Generally in the U.S. emails are private to employers, while in the E.U., Canada, and Japan emails are private to employees. Furthermore, in the E.U. there are data privacy laws for individuals called the 1995 Data Directive that permits citizens of the E.U. to access any computer that contains data about them and change that data. The U.S. has nothing like this at all, and when there is communications between the E.U. and U.S., determining which law applies gets very complicated."
"We hang the petty thieves, and appoint the great ones to public office"  -  Aesop

brinkerdana

"Furthermore, in the E.U. there are data privacy laws for individuals called the 1995 Data Directive that permits citizens of the E.U. to access any computer that contains data about them and change that data. The U.S. has nothing like this at all,"

I just spent some time trying to get my personal data removed from various websites.  Many require snail-mail requests on their forms, other just respond via email.  It's a real PITA!
Dana Brinkerhoff
Retired