Any law student or attorney cannot help but remember the seminal U.S. Constitutional law case of U.S. v. Katz. In Katz, the Supreme Court of the United States famously held the FBI could not bug a telephone booth (remember those?) in order to secure evidence.  In this case, the evidence comprised an audio recording one side of a telephone call in which Katz was placing a wager.  In holding the recording evidence inadmissible, Justice Stewart said, “The Government’s activities in electronically listening to and recording the petitioner’s words violated the privacy upon which he justifiably relied while using the telephone booth and thus constituted a ‘search and seizure’ within the meaning of the Fourth Amendment.” In short, the Court established that, regardless of the location, a conversation is protected under the Fourth if the conversation is carried out with a “reasonable expectation of privacy.” To establish a reasonable expectation of privacy, an individual must establish two things:

• That she had a subjective expectation of privacy; and
• That the subjective expectation of privacy is one that society is prepared to recognize as reasonable.

I recently had the privilege of moderating a privacy panel discussion at an unmanned aerial systems (“UAS”) conference.  UAS’s have been in the news lately, so you can imagine the interest and concern for privacy and this rapidly-evolving technology; concerns from both those working in the sector and those outside expressing concerns for their own privacy and security.  UAS’s are indeed a “hot topic” and the technology, in many ways, is “bleeding edge.”  Even so, the way to manage privacy concerns with unmanned aerial vehicle systems is hardly novel, as our panel reiterated throughout our discussion.  In short, addressing privacy in developing, implementing and managing this technology, to include oversight and compliance, begins with a time-tested, universal principled approach to privacy.

Whether your product offering is a newsletter, online retail business, smart phone or yes, even a UAS, properly accounting for the privacy choices of your customer or industry is just plain good business.  Furthermore, managing privacy does not need to be an onerous, overly burdensome process either.  You simply have to frame privacy in the fair information practice principles.  In various forms, these principles are not only the foundation for information management best practices, but they are often included in state, federal and even international regulations.  Even easier, you probably have already encountered them in your day-to-day activities as a consumer, whether going to the doctor or buying something online.

Cyber criminals have always targeted the financial services sector for private information, but the recent data breaches at Barnes & Noble, Yahoo, LinkedIn, government agencies, and the energy sector demonstrate the importance for all companies to implement an information security program in order to combat the threat.  Cyber criminals today are often well-funded, well-staffed, and very sophisticated, making it increasingly important for companies to have effective security controls and response programs in place.

While many companies implement security controls and firewalls in an attempt to limit external access to a company’s network, they oftentimes fail to recognize the additional risk of criminal or careless employees and other internal risks.  Information-sharing arrangements between companies also pose unique dangers and challenges.  Furthermore, the growing number of regional, state, federal, and international laws regarding data privacy and security have made it even more difficult for companies to implement the proper security measures for legal compliance.