01-14 February 2011

Biometrics 

AU – No Ad Hoc Biometrics Sharing: Privacy Chief

Australian Privacy Commissioner Timothy Pilgrim has warned pubs and clubs collecting biometric information from their patrons not to “automatically” share that information with other clubs unless they have notified their patrons. This week the news emerged that the collection of personal information such as biometrics and driver licence details by pubs and clubs has soared. Clubs and pubs use the information to reduce the risk of violence by pinpointing offenders and banning them from venues. “The office is aware of the use of this technology by some organisations. Any pubs and clubs using this technology should be aware that under the Privacy Act, organisations must provide individuals with notice of what will happen to the collected information,” Pilgrim said. “It cannot be automatically shared with other venues, even if the purpose for sharing it is the same across all the organisations.” Pilgrim also backs a voluntary privacy code created by the Biometrics Institute. Clubs NSW has agreed to sign onto the charter and will participate in upcoming biometric privacy discussions, but the reception from other states has been cold, according to Biometrics Institute head Isabelle Moeller. Interesting points in that code include that the venues have to provide individuals with access to the personal information stored, and if possible, be given the opportunity to have their information removed from the system. All biometric information should also be encrypted immediately after collection, according to the code, and third-party auditing of the system should be implemented. [Source

EU – Reding Investigating Passport Laws

The Dutch government is treating innocent citizens as potential criminals by storing their fingerprints for passports, according to MEP Sophie in’t Veld, who has incited a European Commission investigation into whether Dutch passport legislation breaches EU data protection rules. The government stores four fingerprints in a central database kept by local councils. European Justice Commissioner Viviane Reding is leading the commission’s investigation. In’t Veld says the Dutch practice is much more privacy-intrusive than other EU-member states’ practices and that the United Nations Human Rights Council is critical of the practice. [Radio Netherlands Worldwide]

Canada 

CA – Joint Border Plan Gets Green Light

Canada and the United States are poised to take a major step toward common border security controls that could lead to joint government facilities, sophisticated tracking of travellers, better cyber-security protection and improved oversight of overseas cargo shipped to both countries. Prime Minister Stephen Harper and U.S. President Barack Obama are expected to give the green light to a comprehensive shared review of border security aimed at tightening protection from terrorists and easing the flow of cross-border traffic. They are expected to assign a working group of government officials to study the issue and return back with an “action plan” within several months. On Parliament Hill, the Harper government came under attack again from the Liberals and New Democrats for negotiating the border security deal in secret – potentially putting Canadian sovereignty at risk. But business groups are welcoming the development. Several “principles” would buttress the Action plan: a “greater sharing of information” between the two nations; co-operation to develop and implement security initiatives and standards; respect for privacy and civil liberties; and recognition of the “sovereign right of each country to act independently in its own interest.” [Source

CA – Feds say Google Maps, Canpages Taking Right Steps to Protect Privacy

A House of Commons committee says the privacy of Canadians is being protected by online mapping applications like Google Maps. The committee has been examining efforts by companies that build online maps using real pictures of homes and streets, such as Google and Canpages, the report states, and says both companies’ policies about notifying individuals of filming and blurring identifying information are sufficient. Following Privacy Commissioner Jennifer Stoddart’s investigation and subsequent recommendations about Google Street View cars’ accidental collection of WiFi data, MPs now say they are “cautiously optimistic” that Google is taking privacy more seriously since it hired a privacy director and introduced employee training. Stoddart had said today was Google’s deadline for compliance. The committee, however, said it has concerns about companies not considering privacy in the development phase of new technologies. [Winnipeg Free Press] See also: [CA – Report: Lottery Site Privacy Problems Fixed] [Google adds optional two-step Gmail security]

Consumer 

US – Survey: Americans Worry About Online Privacy

Most Americans are worried about privacy and viruses when using social networking media. Seven out of 10 Facebook members surveyed said they are either “somewhat” or “very concerned” about their privacy on the site. In the same survey, 52% of Google users also said they are somewhat or very concerned about privacy while using the search engine. Privacy attorney Chris Wolf of Hogan Lovells says, however, that companies are increasingly paying attention to privacy concerns and that new services revolve around “ways to empower people to protect their information,” the report states. [Source] See also: [Did the Internet Kill Privacy?] 

UK – Wired UK Tries to Creep Out Readers With Invasive Personalized Covers

Some British subscribers to Wired Magazine are in for a surprise this month — a few select readers are receiving personalized versions of the magazine, with their personal details spilled across the cover. The first report of a “dossier issue” came from Benjamin Cohen, a technology reporter. Titled “Your Life Torn Open,” a paragraph on Cohen’s cover begins, “We mean you, Benjamin Cohen,” and then goes on to list his employer (Channel 4 News), that he will be 29 on August 14th, his address — current and former (not shocking that a magazine mailed to you would have that), his parents’ address, and that he had met up with his ex-boyfriend earlier this month. The only piece of information that seemed to really shock him was that last bit (Wired had mined his Twitter account).Condé Nast did not respond to a media request as to how many of these covers were printed. [Source]

E-Government 

US – Seattle Ramping Up Single Sign-On

Seattle launched a new website this week allowing citizens to customize Seattle.gov’s home page to display only the services relevant to them. On My.Seattle.Gov, users can add a widget to view crime stats for their neighborhoods, news feeds, events occurring in their communities and Seattle Channel Live videos. The customization functionality is modeled after Google’s customization tool iGoogle. Seattle’s Office of the Mayor used the launch as an occasion to announce Seattle.gov’s single sign-on function. Having been in place since 2009, the single sign-on is a work in progress. It aims to authenticate users with one sign-on to access the roughly 50 services on Seattle.gov that usually require individual registrations. So far, the single sign-on covers the following services: Residents can use the single sign-on to submit electronic Department of Planning and Development permits and watch their permits progress through the system. Police reports can be seen via the single sign-on, and Seattle Department of Transportation employees can use it to access a project management tool for interacting with vendors. [Source

CA – Tories Accused of Digging Up Dirt on ‘Liberal’ Profs

Two University of Ottawa professors, vocal critics of the federal Conservative government, say they have become targets of a new political intimidation tactic, aimed at using their private, personal information against them. Professors Errol Mendes and Amir Attaran, frequently castigated as Liberal sympathizers by the Conservatives, were notified in recent weeks of two unusually massive freedom-of-information requests at the U of Ottawa, demanding details of the professors’ employment, expenses and teaching records. The person (or persons) behind the requests remains anonymous under Ontario law, but Mendes and Attaran are convinced that it’s part of an academic witch hunt by the governing party – part of a wider campaign to silence university voices that may be critical of the Conservatives. This hyperpartisan chill descended on the federal bureaucracy years ago – now the concern is that it’s stretching into academia as well. “I was stunned,” said Mendes, who said the University of Ottawa does not intend to release much of the information requested, since most of it is personal and private and therefore exempt from the disclosure requirements in the legislation. [Source] See also: [Cat’s ‘privacy’ protected by BC Liberals

US – Oregon Prisons Hit by Worker Info Breach

The Oregon Department of Corrections (DOC) announced that a non-employee had access to a thumb drive that may have contained the payroll information of up to 550 staffers from at least three correctional facilities. The DOC and the state police are investigating the breach. An agency spokesperson said, “We do not believe the breach was malicious in intent, nor do we have any indication at this time that the personal information has been used or misused.” The DOC is offering free credit protection to those affected and is reviewing its internal security practices to prevent future breaches. [KTVZ

CA – Ontario Privacy Boss Slaps Vaughan, PowerStream

Ontario’s information and privacy commissioner has ruled that the way municipally owned energy company PowerStream and the City of Vaughan shared customer information in the past violates rules of the Municipal Freedom of Information and Protection of Privacy Act. Since 2005, PowerStream has shared customer information via electronic records with city staff. The information was then used periodically by the mayor and members of council to send a “welcome letter” to new city residents, according to the report. City hall watchdog Richard Lorello filed the complaint with the commissioner one year ago over concerns that residents’ personal information was being improperly used. The seven-page report written by assistant commissioner Brian Beamish does not make any recommendations because the sharing of information between the electricity company and the city stopped when the complaint was made. The commissioner’s office is satisfied the practice has stopped. [Source]

Electronic Records 

US – HHS Rule to be Reviewed

The Department of Health and Human Services’ Office of Civil Rights (OCR) is asking the White House Office of Management and Budget to review its new privacy rule that will provide “an expanded requirement that healthcare providers track and be able to report to patients any disclosures of their medical records.” The rule is aimed at improving patient privacy rights by building on provisions included in HIPAA. Meanwhile, a study is making headlines with findings that protected health information (PHI) breaches affecting more than 6 million individuals have been recorded since HITECH’S Breach Notification Rule was issued in August of 2009. [Modern Healthcare

US – Study: Medical Social Networks Lack Privacy Protections

A recent study of 10 medical condition-focused social networks revealed that privacy policies “significantly varied.” “Social but safe? Quality and safety of diabetes-related online social networks,” which was conducted by researchers from Children’s Hospital Boston, revealed a lack of safeguards for personal health information privacy protection, with only three sites providing member control for personal information and the vast majority using privacy policies that were difficult to read. Elissa Weitzman, the study’s lead author, voiced concerns about the implications for patient safety and said such sites need policies to protect members’ privacy. [InformationWeek] [US: Data Mining Technology Burns User Privacy Rights, Say Experts] SEE ALSO: [Most Americans favor electronic medical records: study] AND ALSO [CMA Revises Privacy Policy – strengthens pateint rights of access]

EU Developments

EU – PNR Data Could Be Required for EU Travel

Proposals set to come before the European Commission will require air travelers to have their passenger name record (PNR) data—such as home addresses, mobile phone numbers, credit card information and e-mail addresses—checked by authorities and shared with other member states if links to terrorism or serious crime are suspected. Negotiations between member states and the European Parliament on the plan are expected to last two years. “So far, the U.S. and other countries using the PNR system have failed to convince us about its necessity,” said German MEP Manfred Weber, adding, “There are deficits in the usage of current data. So why should we collect even more mass data?” [EUobserver] [OUT-LAW: EU Commission proposes new directive on storing air passenger details] [EU wants air-passenger data for probes of terrorism, crime

EU – German Justice Minister Focuses on Privacy Leadership

Justice Minister Sabine Leutheusser-Schnarrenberger’s comments that Germany should become a leader in international data protection standards. Urging the EU to include agreements on data protection standards with the U.S. in its revision of existing data protection laws, she spoke of the “different legal cultures” of data protection on both sides of the Atlantic, noting, “For this reason, I believe it is important that we strive to achieve basic ground rules of what constitutes data security.” Leutheusser-Schnarrenberger has announced the creation of a German foundation to explore such data security issues as developing technology to protect users’ privacy. [Source] [Source] See also: [UK Minister resigns after breaching data protection code

EU – Data Retention Implementation Faces More Delays

As Sweden prepares to implement the European Data Retention Directive, a parliamentary committee’s request for consultation may further delay such action. Sweden was to have implemented the directive in September 2007. The European Commission sued the country in 2010 for failing to do so. Now, the Parliamentary Constitutional Committee wants the government to consult parliament on details within the directive and “has sent its opinion to the Committee on Justice, which is currently hearing a report on how the directive is to be introduced in Sweden.” [Stockholm News]

EU – Privacy Watchdog Urges Stronger Data Protection in EU Law Review

Organisations which lose personal data should be forced to disclose the data security breach, the European Union’s privacy watchdog has said. Planned changes to EU privacy law do not go far enough, said the official. [OUTLAW] [EDPS Opinion] See also: [Communication to the European Parliament (20-page / 215KB PDF) outlining its proposals for reforming data protection law] 

EU – EC Publishes Israel’s Adequacy Status

The European Commission (EC) has published its opinion formalizing Israel’s status as “adequate” under the European Data Protection Directive. The decision, rendered in October 2010, follows the recommendation of the EC’s Article 29 Working Party. It allows for personal data transfers between EU countries and Israel. Israel is one of only a handful of countries to have obtained adequacy status. [Source

UK – Advocates Angered Over End of BT Investigation

Privacy groups are criticizing the Information Commissioner’s Office (ICO) for closing its investigation of a BT data breach. The ICO said BT cannot be held responsible for the incident in which a spreadsheet with such confidential information as customer names, addresses and telephone numbers was sent to a law firm by a BT employee, the report states. While the ICO closed its investigation after determining the company was not liable for a mistake committed by one of its employees, advocates contend such a move “appears to give the green light to companies like BT claiming to have a data protection policy but failing to adequately enforce it.” [The Guardian] [Crackdown on firms spying on internet users in bid to Tighten Data Privacy Rules] [BT Class Actions Abound

WW – G8 May Have Privacy Focus

Following up on its efforts in October to move toward the goal of adopting “an international binding legal instrument harmonizing the protection of privacy,” France has announced its intent to bring the world’s Internet leaders to the G8 Summit in May. An announcement from France’s Commission nationale de l’informatique et des libertés (CNIL) suggests that including privacy on the agenda for the G8 “would mark a critical milestone in the protection of privacy against the development of digital technologies.” Despite the continual exchange of data across borders and the prevalence of biometrics, geolocation and surveillance, the CNIL points out that “there is no globalized legal answer, and the levels of privacy protection are disparate.” [Source

EU – Berlusconi Probe Human Rights Violation of Privacy?

An ally of Silvio Berlusconi says the Italian government might appeal before Europe’s human rights court, alleging that a prostitution probe targeting the premier is a violation of his privacy. Italian prosecutors want to put Berlusconi on trial on charges he had sex with a 17-year-old and tried to cover it up by using his power. Berlusconi has dismissed the allegations as a smear campaign. Franco Frattini, foreign minister and close Berlusconi ally, said that on the privacy-violation issue “there is rich jurisprudence” at the European Court of Human Rights in Strasbourg, France, according to LaPresse news agency. He reportedly said “the privacy-violation is a theme that can be brought forward not just in Italy but before the Strasbourg court.” [Source]

Facts & Stats 

US – Study: Compliance Saves Money

A benchmark study conducted by the Ponemon Institute and sponsored by Tripwire has shown that investing in IT and security compliance can save companies money over time. Through interviews with 160 IT practitioners across a broad range of industries, the study found that companies that review and maintain compliance with security standards spend an average of $3.5 million yearly, while the cost of noncompliance came in at $9.4 million—due mostly to business disruption and loss of productivity, according to the researchers. Tripwire’s Rekha Shenoy noted that, in terms of compliance reviews, “PCI was the one that was top of mind across all industries, because they all take card payments.” [Bank Info Security]

Finance 

US – FTC Settles Credit Report Complaints

The FTC has approved proposed settlements of complaints against three credit report resellers for lax security practices that resulted in hackers accessing more than 1,800 credit reports without authorization between October 2006 and June 2008. The settlements require each company to create comprehensive cybersecurity programs and obtain independent audits of the programs every other year for the next two decades. “These cases should send a strong message that companies giving their clients online access to sensitive consumer information must have reasonable procedures to secure it,” said FTC Consumer Protection Bureau Director David Vladeck. The agreements will be available for public comment through March 7. [CIO] [FTC Press Release

US – Financial Industry Asks to Opt Out of FTC Rules

With the FTC deadline for public comment on its recent privacy rules recommendations just two days away, industry and individuals are weighing in on all sides of the issue. The Securities Industry and Financial Markets Association (SIFMA), which represents large banks and investment firms, has asked “to not be regulated by any FTC privacy rules at all,” citing sector-specific privacy regulations that already apply. SIFMA wrote, “financial services firms appreciate more than almost any sector of the economy the importance of maintaining the confidentiality of customer information.” The FTC, meanwhile, has suggested that certain types of information–including financial, health and geolocation data–require “special protection.” [paidContent

US – State Settles Online Privacy Dispute

The Seattle Times reports that the American Civil Liberties Union (ACLU) and the North Carolina Department of Revenue have settled their dispute over the state’s efforts to collect personal information about e-commerce customers for tax purposes. The ACLU and online retailer Amazon filed a federal privacy lawsuit against North Carolina last year. As part of the settlement, the state has agreed not to ask for information that could link consumers to the products they purchase online. The agreement “will go a long way toward protecting the privacy and free speech rights of online customers in North Carolina and hopefully elsewhere,” said ACLU attorney Aden Fine. [Source]

FOI 

CA – Canada Kept U.S. Border Talks Under Wraps: Document

The federal government deliberately kept negotiations on a border deal with Washington secret while it planned ways to massage public opinion in favour of the pact, according to a confidential communications strategy. The 14-page public relations document recommended that talks keep a “low public profile” in the months leading up to the announcement by Prime Minister Stephen Harper and U.S. President Barack Obama. At the same time, the government would secretly engage “stakeholders” — interested parties such as big business groups and others — in a way that respected “the confidentiality of the announcement.” In advance, the government departments involved — including industry, foreign affairs, international trade and citizenship and immigration — were to “align supportive stakeholders to speak positively about the announcement,” according to the strategy prepared by Public Safety Minister Vic Toews’ officials. On Friday, Harper and Obama signed off on a plan that for the first time envisions throwing up a single security ring around the perimeter of Canada and the U.S. The wide-ranging blueprint calls for increased cooperation between the two countries’ police, border and intelligence agencies; an integrated Canada-U.S. exit-entry system using high-tech identification techniques and more sharing of information about Canadians with U.S. authorities. At least three major business organizations — the Canadian Chamber of Commerce, the Canadian Council of Chief Executives and the Canadian Trucking Alliance — quickly issued statements praising the framework agreement Friday. The document was prepared last fall, when the Canada-U.S. talks were being conducted without any public notice. [Source] [Harper and Obama eye sweeping change in border security] See also: [Public salaries not so public in Quebec]

Health / Medical 

US – FTC Releases Medical Identity Theft Guide

The FTC has released information for healthcare providers and health insurers about how to help patients minimize the risk of medical identity theft and deal with the consequences if it occurs. The Medical Identity Theft FAQs for Health Care Providers and Health Plans publication says indications that medical identity theft has occurred include health plan statements that benefit limits have been reached or insurance claim denials due to medical conditions the patient doesn’t have. Healthcare providers and insurers should advise victims to notify health plans, file complaints with police and the FTC and review credit reports, the report states. [Source

US – Hospital Breaches Require Credit Protection

Two U.S. health plans are providing credit protection to patients and employees after data breaches potentially exposed Social Security numbers (SSNs) and other personal details. Oklahoma’s Saint Francis Health System is notifying 84,000 affected employees and patients that their personal information may have been compromised after a laptop was stolen containing names, dates of birth, mailing addresses, SSNs and diagnostic codes about patients treated prior to 2004. Meanwhile, New York City Health and Hospitals Corp. has filed a lawsuit against a data storage and transport vendor to recover breach notification costs after files on 1.7 million patients and employees were stolen. [Health Data Management

US – Survey: Privacy, Accountability Lead Health IT Concerns

Doctors and patients agree on the way health IT should be used in modern healthcare, according to a Markle Foundation survey. The Markle Survey of Health in a Networked Life interviewed 1,582 members of the public and 779 physicians. It found that respondents are accepting of technology’s increasing role in healthcare, but both groups want privacy and accountability provisions. A majority of both groups support allowing individuals to know who has accessed their records and the controls to change incorrect data. The majority also supports breach notifications and a policy against government collection of PII for quality improvement programs, the report states. [InformationWeek

US – Survey: Despite Privacy Concerns, Many Want EHRs

Despite privacy concerns, researchers from the University of Chicago have found that most Americans surveyed support a move to electronic health records (EHRs). “Our core finding is that a large majority of Americans support use of health IT to improve healthcare and safety and reduce costs,” said Daniel Gaylin of the University of Chicago National Opinion Research Center. The survey of 1,000 people found that while nearly half said they had worries about the privacy of EHRs, 64% thought the benefits of being able to access their records online outweighed those concerns, the report states. [Reuters

CA – Dickson: Breaches Need Stiffer Penalties

Saskatchewan Privacy Commissioner Gary Dickson said that the province needs to dole out stiffer penalties to individuals and organizations responsible for data breaches. The comments came on the heels of a breach at the Sun Country Health Region where an employee inappropriately accessed patient prescription data. Dickson said he was “impressed” with the investigation but noted privacy breaches involving electronic health records are serious matters and risk undermining public confidence in the system. “In a number of cases, termination would be the appropriate response,” Dickson said, adding, “A minor fine or a suspension of a couple weeks without pay in my mind really minimizes what I think is a much more serious matter.” [Source] See also: [University Hospital Fires Three After Breach] and [Universities Suffer Medical Record Breaches]

Horror Stories 

US – Millions Affected by PHI Theft

Confidential information on about 1.7 million New York City hospital patients and employees dating back as far as 20 years was stolen in December. The New York City Health and Hospitals Corporation (HHC) reported the breach on Friday. While a recent study indicates that well over half—61%—of such breaches are the result of malicious intent, HHC President Alan D. Aviles noted, “The loss of this data occurred through the negligence of a contracted firm that specializes in the secure transport and storage of sensitive data.” HHC will provide credit monitoring to potentially affected individuals as the stolen data included names, addresses, Social Security numbers and medical information. [The Wall Street Journal

US – Dating Site Hacked, Names and Passwords Exposed

The online dating site eHarmony has announced that a hacker used a vulnerability to access the usernames, e-mail addresses and passwords of users of its informational site eHarmony Advice. The Krebs on Security blog first reported the vulnerability and soon after found eHarmony data offered for sale on an online marketplace for hacked data. The company says it has fixed the vulnerability and is notifying affected customers and suggesting that they change their passwords. “At no point during this attack did the hacker successfully get inside our eHarmony network,” the company said in a blog post. The company has not released the number of users affected, but says it represents less than .05 percent of eHarmony’s 33 million users. [CNET News] [Source] SEE ALSO: [‘Dating’ Site Imports 250,000 Facebook Profiles, Without Permission

US – Sensitive E-mail Affects 2,400

A data breach at California’s Medicaid program has affected about 2,400 beneficiaries. The Human Services Agency of San Francisco says a former employee e-mailed records to her personal computer, two attorneys and two union representatives, the report states, in an effort to demonstrate that she was responsible for a disproportionately high caseload. The agency’s director says that though the records included Social Security numbers and names, they did not include medical or benefits information. The agency is mailing letters to those affected. [CaliforniaHealthline

US – Councils Fined £150,000 After Laptop Theft

The Information Commissioner’s Office (ICO) has fined two councils a combined total of £150,000 after two laptops were stolen. Ealing Council used the laptops to provide a service for itself and Hounslow Council. The laptops contained data on more than 1,700 individuals and were not encrypted. Ealing Council has been fined £80,000 for the breach, and Hounslow Council has been fined £70,000 for failing to have a written contract in place with Ealing and not monitoring its operational procedures. Deputy Commissioner David Smith said the Hounslow Council fine makes clear that organizations can’t outsource services “unless they ensure that the information is properly protected.” [ComputerWeekly

EU – Job Recruiting Site Breached

Ireland’s Gardaí are investigating a data breach on the job recruitment Web site recruitireland.com. The data protection commissioner has also been informed of the breach, which the company says exposed the names and e-mail addresses of its users. According to a message posted to the site’s homepage, no other data has been compromised, but the company is recommending that once the site is back online, users change their usernames and passwords. “We have a process in place for eventualities such as this; when we were notified, we shut down the server and the database to prevent any access,” the message says. [Silicon Republic

US – SSNs on Envelopes in Ohio

A company hired by the Ohio Department of Job and Family Services mailed 8,000 letters to day care providers with member numbers–which in some cases are the providers’ Social Security numbers–printed on the outside of the envelopes. The breach affected the at-home child care providers paid by the state; child care centers are given random six-digit numbers. A Department of Job and Family Services spokesman said the department is “extremely disappointed” by the breach, and it will be offering identity theft protection services to those affected. [The Chronicle-Telegram]

Identity Issues 

JP – Gov’t to Implement National ID System

Privacy concerns have arisen about recently announced government plans for a comprehensive identification system to be implemented in 2015. The Council for a Number System for Social Security and Taxation drafted the plan, which would assign each citizen a unique number. The system would store such personal information as name, gender, annual income and number of dependents, the report states. But the plan calls for a third party to monitor the stored data, and it has yet to be determined what information could be used for business purposes, prompting concerns about data protection and privacy. A bill pertaining to the ID system is expected this fall. [Source] See also: [US – Schmidt Discusses Trusted Identity Program] See also: [After Octopus Breach, Concerns Persist]

Internet / WWW 

US – NIST Releases Cloud Guidelines, Definitions

The National Institute of Standards and Technology (NIST) released guidance on cloud computing, Gov Info Security reports. Two drafts, “Guidelines on Security and Privacy in Public Cloud” and “The NIST Definition of Cloud Computing,” seek public comments until February 28. The guidelines include such provisions as ensuring security and privacy in cloud solutions before deployment, ensuring cloud providers meet organizations’ privacy and security guidelines and maintaining data protection accountability, the report states. The definitions provided are the result of NIST putting its “ear to the ground and listening to what the public and private sectors are saying,” a NIST co-author said. [Source

EU – Commissioner: EU Should Guide Cloud Deployment

The European Union is set to introduce a set of cloud computing guidelines that will address data protection, privacy regulations and common approaches to cloud deployment. At the World Economic Forum in Davos, European Digital Agenda Commissioner Neelie Kroes said the EU can help the transition to the cloud run “smoother and faster,” and should take care that data protection achievements do not clash with the cloud. The three areas the EU should get involved in are the cloud’s legal framework around data protection and privacy, technical and commercial fundamentals and supporting pilot projects towards cloud deployment, the report states. A document containing plans for such action should be released by 2012, Kroes said. [Computerworld]

Law Enforcement 

US – Legislators Question Facebook on Privacy

As privacy legislation discussions continue at the federal level, Reps. Edward Markey (D-MA) and Joe Barton (R-TX) of the House Energy and Commerce Committee have again sent a letter to Facebook CEO Mark Zuckerberg about privacy concerns. Writing to Zuckerberg, the legislators requested answers to questions prompted by changes the social network outlined last month about sharing such user data as mobile phone numbers and addresses with third parties, nextgov reports. Markey said the goal is “to better understand Facebook’s practices regarding possible access to users’ personal information by third parties. This is sensitive data and needs to be protected.” [Source

UK – ICO Approves Crime Maps But Warns of Possible Privacy Dangers

Privacy watchdog the Information Commissioner’s Office (ICO) has said that police must take care to ensure that the localised crime maps launched today in England and Wales do not breach privacy laws. Information Commissioner Christopher Graham was consulted over the new maps and said that in their current state they do not breach the privacy of individuals involved in or affected by crime. He said, though, that there is a danger of that happening and that reviews will be necessary to check that current protections are adequate. The ICO helped police and the Government to put in place measures to ensure the privacy of individuals, he said. The maps allow users of the police website to see the details of what crimes and incidences of antisocial behaviour have happened on their, or any other, streets. [OUT-LAW

CA – New Alberta Police Database Allows Officers to Share Real Time Information

The Alberta government is quietly building a $65 million police information database that will allow officers across the province to share details about proven and suspected criminal activity in real time. The Alberta Law Officers’ Network, or Talon, is meant to help police catch increasingly sophisticated criminals, but civil liberties groups and academics worry it unnecessarily invades citizens’ privacy and will be open to abuse. “The concept is that we will have a single source of the truth,” said Ayaaz Janmohamed, executive director of the solicitor general’s information technology branch. “It is going to create this information repository, which will allow for a master index of any person who comes into contact with any police agency in Alberta.” The program has been in the works for more than five years. The servers are now online, the top-secret office building that houses the servers is nearly complete and pilot projects are slated to begin in Calgary this fall. Every police service in the province is expected to be online by 2013. Janmohamed said the information in the massive databases will be used to varying degrees by police, crown prosecutors and sheriffs who work on Alberta highways and in provincial jails. Talon will allow them to quickly access information about a person of interest, just as the Canadian Police Information Centre does, though the databases contain different kinds of information. CPIC contains details about pending charges and a permanent record of convictions, as well as information about recent acquittals and discharges. Talon contains much more sensitive and personal information, including speculations, unproven allegations, investigation theories, details of 911 calls – virtually any record of a citizen’s contacts with the police. Unlike CPIC, officers will not have to provide a reason for accessing the information. Information and Privacy Commissioner Frank Work has been involved in the planning process and the government is following his recommendations. A privacy impact assessment is expected to be finished by early March, and it will review rules about who can access the information, who has custody of it and who ultimately controls it. The assessment will not be made public. [Source

US – Police Test App that Instantly Reveals Criminal Records

A new iPhone app will give California Police the ability to instantly see what’s been previously reported to have happened inside a home and who with a criminal record has lived there. The SafetyNet Mobile Insight app enables an officer to point an iPhone’s camera at a location, and using the phone’s GPS to bring up the address, check the law enforcement history or officer safety hazard information of the location in question – within seconds of getting a 911 call. The app can also track police units to determine how far away an officer is from a crime scene. Hoss said as newer versions come out, he’d like to see more querying functionality and license plate recognition incorporated. When the trial began, 70 percent of San Mateo’s and Burlingame’s officers already owned a personal iPhone, Hoss said, which they were allowed to use during the testing phase. However, he isn’t sure he wants officers using their personal phones on the job, partly for security reasons. The system feeding data into SafetyNet Mobile Insight is encrypted through a virtual private network and data isn’t stored on the phone. If an officer loses the phone, the device would be remotely wiped of data. For now, the app only searches within the participating city’s database of criminal records, so an officer in another part of the state wouldn’t have access to San Mateo’s database. [Source] See also: [US: Catholic Church gives blessing to app that helps people confess

CA – Strip-Searched Woman Sues U.S. Border Guards

A woman from Stratford, Ont., has launched a $500,000 lawsuit in a U.S. federal court against two female U.S. border guards in Detroit. In March 2010, Loretta Van Beek was pulled over by customs agents and sent to secondary inspection when customs officers found a few raspberries in her car that she’d forgotten to declare. After more than an hour of questions, Van Beek was told she was being denied entry on suspicion that she was living illegally in the U.S. Van Beek said she was marched into a holding cell by two female agents and ordered to remove her shirt and stand spread-eagled against the wall, and subsequently strip-searched in an invasive way. She said they photographed her and took her fingerprints, then sent her back to Canada. U.S. Customs and Border Protection wouldn’t comment on Van Beek’s case but said the rules state: “We rely upon the judgment of our individual CBP officers to use their discretion as to the extent of examination necessary. However, CBP officers are expected to conduct their duties in a professional manner and to treat each traveller with dignity and respect.” A spokesperson said a strip-search is allowed when there is reason to believe someone is hiding something on his or her body, and the person has to be told the reason. Van Beek said she wasn’t given a reason. The lawsuit documents were filed on Feb. 9, 2011. [Source]

Offshore 

IN – State of Data Security and Privacy in Banking Industry

After releasing the annual security surveys on the IT & BPO industry in past few years, the Data Security Council of India (DSCI) in association with KPMG under the aegis of CERT-In released first report on the State of Data Security and Privacy in the Indian Banking Industry. The report deals with the state of data security and privacy concerns and offers insight into banking industry’s capability for data protection. G Gopalakrishnan, Reserve Bank of India’s executive director, released the survey report. The survey covered some 20 banks and interviewed chief information security officers (CISOs). Asper the findings of the report, customer awareness on information security along with insecure customer end points is one of the most significant challenges faced by banks. External threats and the increasing usage of online and mobile channels along with regulatory equipment are driving banks in India to invest in information security. Managing security is more challenging in online banking and phone (IVR) banking as compared to other service delivery channels, the report states. [Source

PH – Data Privacy Law Moves On

The Philippines House of Representatives last week passed a second reading of the proposed Data Privacy Act, which aims to set regulations for the processing of personal information. The bill recently received the endorsement of both the committee on information and communications technology and the committee on government reorganization and has the backing of the business process outsourcing sector. Chief author of the bill Roman Romulo says, “The bill is quite strong…you are expected to adopt adequate organizational, physical and technical measures to protect your electronic files.” Meanwhile, a proposed cybercrime bill that seeks international cooperation in fighting cybercrime is also in congress. [Newsbytes.ph]

Online Privacy 

US – Study: “Flash Cookie” Tracking Persists

A Carnegie Mellon University study suggests that about 10% of popular Web sites may be using so-called “Flash cookies” to track users. The study, commissioned by Adobe, tested the 100 most popular Web sites and 500 others that were randomly selected, finding “none of the 500 random sites engaged in re-spawning, and only two of the 100 most-popular sites engaged in re-spawning,” the report states. However, a significant number of Web publishers “still won’t say if they’re using Flash cookies for tracking.” Adobe, the creator of Flash Player, has condemned the use of its local storage objects for tracking purposes and recently introduced changes to simplify Flash’s privacy options. [paidContent] See also: [US: History Sniffing Code Collides With Privacy Concerns] [The Dirty Little Secrets of Search

EU – Reding: Tracking Technologies Highly Intrusive

European Union regulators are concerned that mobile phone and computer technologies that monitor online activities threaten individual privacy rights. “I am concerned about the use of highly privacy-intrusive tracking technologies,” EU Justice Commissioner Viviane Reding said in a speech in Brussels yesterday. “Mobile phones and computers have become tracking devices.” She added that tracking technologies can have serious consequences for people and can lead to criminal penalties. Reding’s concerns come as the European Commission reviews the EU’s data protection law with plans to update it to reflect new technologies that have emerged since the law passed nearly 16 years ago. [Bloomberg] [Internet Tracking May Threaten Privacy Rights, EU’s Reding Says

US – Judge: Juror Must Turn Over Online Posts

A California judge has ordered a juror to turn over social networking posts he made during the trial of several gang members or face possible jail time. The juror’s attorney has called the order an invasion of privacy and plans to appeal, while defense counsel for the alleged gang members have suggested the posts will help determine whether the juror was influenced by communications outside of the courtroom. The juror had “allegedly characterized the evidence as ‘boring’ in one posting and revealed he was on the jury in another,” the report states. [Mercury News] [Juror Appealing Social Network Order] [Juror: Social Network Posts Are Private

US – WikiLeaks Supporters Trying to Prevent U.S. Access to Their Twitter Accounts

Three people involved with WikiLeaks are trying to bar a federal judge in Alexandria, Va. from gaining access to information about their Twitter accounts. According to a Washington Post report, the individuals are challenging a December 14 court filing that would force Twitter to disclose private information about their accounts. The court documents were unsealed at the request of lawyers from the American Civil Liberties Union (ACLU) and the Electronic Frontier Foundation (EEF). These organizations are also trying to get other court filings related to WikiLeaks unsealed. EEF legal director Cindy Cohn said that the government’s request for access to these Twitter accounts “raises serious First and Fourth Amendment concerns.” “It is especially troubling since the request seeks information about all statements made by these people, regardless of whether their speech relates to WikiLeaks,” she said. The effort is part of the Department of Justice’s ongoing investigation into whistle-blowing organization WikiLeaks. A hearing to unseal further court proceedings is scheduled for February 15 at the U.S. District Court in Alexandria, Va. [Source] See also: [Anonymous Hacks Security Firm Investigating It; Releases E-mail

UK – ‘Twitter Messages Not Private’ Rules PCC

Material that is published on Twitter should be considered public and can be published, the Press Complaints Commission (PCC) has ruled. The decision follows a complaint by a Department of Transport official that the use of her tweets by newspapers constituted an invasion of privacy. Sarah Baskerville complained to the PCC about articles in the Daily Mail and Independent on Sunday. The messages included remarks about being hungover at work. She complained that this information was private and was only meant to be seen by her 700 followers. Ms Baskerville said she had a clear disclaimer that the views expressed by her on Twitter were personal and not representative of her employer. Ms Baskerville complained to the press regulator, arguing that she could have a “reasonable expectation” of privacy and that the reporting was misleading. But the PCC said the potential audience for Ms Baskerville’s tweets was much wider than her followers, because each message could be forwarded by others, known as retweeting. It also agreed with the newspapers’ argument that Twitter was publicly accessible and that the complainant had not taken steps to restrict access to her messages and was not publishing material anonymously. As a result, the commission ruled that the articles did not constitute a breach of privacy. [Source

US – Analysts Support Code of Ethics

The Web Analytics Association is supporting an online code of ethics in the midst of increasing scrutiny of the Internet data industry to allow consumers to opt out of online tracking and offer clear privacy policies explaining data collection and usage. However, questions remain about how such a self-regulatory approach would be enforced, the report states. “We have to trust that this is a community of professionals and that putting your name and city–and behind the scenes your e-mail address–means you’re actually committed to following through,” said one of the Web analytics experts behind the effort, adding, “it’s about the long-term health of our sector.” [The Wall Street Journal]

Other Jurisdictions 

AU – Vodafone Investigation Concludes: Act Breach

After an investigation, Privacy Commissioner Timothy Pilgrim has found that Vodafone breached the Privacy Act by failing to take reasonable steps to protect its customers’ information, but the commissioner dismissed claims that information was made public. The company had been accused of allowing billing and call records to be stored on a public Web site with only a password to protect them. Pilgrim found that some staff may have breached company login and password policies, and that “Vodafone did not have the appropriate level of security measures in place to adequately protect their customers’ personal information.” [ABC News

IS – Israeli Bill Aims to Ban Media Images of Victims Without Consent

The Knesset Law Committee held a third and final debate on an amendment to the Protection of Privacy law that would prohibit the publication of images of injured or deceased persons without their consent or the consent of their family members. The bill, which is sponsored by United Torah Judaism MKs Uri Maklev and Moshe Gafni, aims to protect the privacy of victims of terrorist attacks, violent crimes or accidents, by prohibiting the media from displaying images in which the victims can be identified. Opponents of the bill said it was an attempt to limit freedom of the press and would harm the public’s right to information. They urged that a solution be found by increasing self-regulation by the media rather than by legislation. Maklev said that though he respected and cherished the work of the media, the amendment would strike a balance between the public’s right to information and the individual’s right to privacy. He said that the amendment would strengthen media ethics, prevent outlets from competing with each other over who has a more bloody photo and present guiding principles to unregulated online news distributors. [Source]

Privacy (US) 

US – CA Court: ZIP Codes Are Personal Information

The California Supreme Court has ruled that merchants may not collect ZIP Codes from credit card customers. In a unanimous decision, the justices deemed that ZIP Codes are part of a person’s address and are therefore covered by the state’s 1971 Credit Card Act, the report states. “The legislature intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction,” Justice Carlos R. Moreno wrote. [Los Angeles Times

US – Report: Companies Will Hire More Privacy Pros

Ernst & Young has released its new report “Privacy Trends 2011: Challenges to Privacy Programs in a Borderless World,” and the findings include expectations that organizations will invest more in the protection of personal information. Accounting Today reports that the study indicates organizations will allocate more funding in the year ahead toward hiring “highly skilled certified privacy professionals and invest in technical controls that monitor and manage external attacks and internal leaks from within the organization.” The report suggests that beyond privacy professionals, many positions that impact the use of personal information—such as IT, audit, legal and marketing–will become increasingly focused on privacy risk and compliance. “In an increasingly borderless business environment, protecting personal and professional information is a paramount concern,” says Sagi Leizerov, CIPP, executive director and leader of privacy advisory services for Ernst & Young. “New technologies associated with mobile communication, social networking and cloud computing have erased the boundaries of how we do business today, but while these new technologies provide tremendous opportunities, they also present new privacy risks for organizations and employees alike.” [Source

US – Industry Opposes FIPPs-Based Regulations

A coalition of advertising, media and business organizations has submitted comments to the Department of Commerce arguing that while Fair Information Practice Principles (FIPPs) are a “useful tool” when analyzing online privacy, they should not be codified in new laws. The comments were submitted in response to calls for industry and advocacy groups to develop enforceable, self-regulatory privacy policies. A FIPPs-based framework for online privacy “would reduce industry’s ability to respond to changes in consumer preferences and would hinder advancements in technology,” according to the coalition, which includes such groups as the Interactive Advertising Bureau and Newspaper Association of America. Some privacy advocates, meanwhile, have submitted comments that government regulation is needed to protect consumers. [Source]

US – DMA to Enforce Self-Regulation Initiative

The Direct Marketing Association (DMA) has announced enforcement plans for its online data collection self-regulatory program. The DMA is requiring members to place the “Advertising Option Icon” on ads, linking to pages that educate consumers about data collection and offer opt outs from online tracking and will investigate consumer complaints about noncompliance. For members that do not comply, “the ultimate sanction is that you are thrown out of the association. If a non-member is persistently noncompliant, we will refer them to the FTC,” said Linda Woolley of the DMA, who stressed that, “the goal is not to rat people out. The goal is to make companies comply.” [Direct Marketing News

US – Swire: Federal Privacy Office Needed

Peter Swire writes in support of a proposal in the Department of Commerce’s new green paper to create a federal privacy policy office. Swire disagrees with comments by some privacy advocates that the creation of such an office would weaken the Federal Trade Commission’s privacy efforts. “I believe there is an extremely strong case in favor of developing an ongoing privacy policy capability in the executive branch,” Swire writes. “Privacy policy requires familiarity with a complex set of legal, technological, market and consumer considerations. Good government thus calls for creating an institutional memory and a group of civil servants experienced in privacy policy.” [Center for American Progress] [Memo

US – Franken Named Head of New Privacy Committee

Sen. Al Franken (D-MN) has been selected to chair the new Senate Judiciary Subcommittee for Privacy, Technology and the Law. Franken said his goal will be to “make sure that we can reap the rewards of new technology while also protecting Americans’ right to privacy.” The new committee was created by Senate Judiciary Committee Chairman Patrick Leahy (D-VT) to “oversee laws and policies governing the collection, protection, use and dissemination of commercial information by the private sector,” the report states. Leahy said the new committee will focus on how new technology has “unleashed new questions about how to protect Americans’ privacy in the digital age.” [The Washington Post] [Committee Gives Online Privacy a Higher Profile

US – Apple Hit With Another Suit Alleging Privacy Violations

A lawsuit has been filed in federal court alleging privacy violations in the way Apple shares information collected from iPhone, iPad and iPod Touch users with advertisers. The suit, which seeks class-action status, states that the company shares information about browsing history, application use and other personal details without user consent, alleging the result is that application developers can “put a name to highly personal and in many cases embarrassing information derived from app downloading activity and usage, and Internet browsing history, that would otherwise be anonymous.” The company previously stated its apps are not supposed to transmit user data without prior permission, the report states. [PC World

US – Court: No Common Law Duty to Protect PII

An Illinois appellate court case–”the first that we are aware of in the United States”—is focusing on the question of “whether common law duty exists to safeguard personal information.” An Illinois appellate court upheld the dismissal of a suit over the unauthorized disclosure of such sensitive personal information as names, addresses and Social Security numbers, finding that no such duty to protect personal information exists for purposes of a negligence claim. Speculating that the case could be appealed to the Illinois Supreme Court, the report suggests, “Based on the strong dissent, it appears as if the majority opinion may be at risk for an overturn.” [Information Law Group

US – Judge Dismisses Data Aggregator Lawsuit

A U.S. District Court judge has dismissed one of two lawsuits filed against an online data aggregator after determining the plaintiff did not “allege he had been injured by Spokeo.” Privacy advocates are concerned about the information the company makes available, noting that although this case has been dismissed, the questions it poses “will almost certainly reappear in other litigation–especially given the wave of recent privacy lawsuits.” The report also highlights a complaint brought before the FTC alleging that Spokeo “violates federal law by offering information about users’ financial status and credit ratings without giving consumers the protections required by the federal Fair Credit Reporting Act.” [Source]

Privacy Enhancing Technologies (PETs) 

US – ACLU Launches Privacy Mobile App Contest

Branches of the American Civil Liberties Union (ACLU) and others are launching a contest challenging mobile application developers to address privacy concerns for mobile phones and other portable devices. The 2011 Develop for Privacy Challenge aims to encourage developers to build open-source tools for mobile devices to help users understand and address privacy threats, the report states. Brian Alseth, technology and liberty director at the ACLU of Washington, said the contest’s goal is to show developers that “privacy doesn’t need to be an afterthought in new technologies. Rather, privacy can and should be a fundamental building block.” Contest submissions may be made at the Develop for Privacy Web site until May 31. [InfoWorld] [IPC Press Release] See also: [Privacy as Competitive Edge: Can A Start-Up Search Engine Compete On Privacy?]

RFID 

EU – Art 29 WP Posts Opinion on Revised RFID PIA

This opinion is a follow-up to opinion 5/2010 (WP 175) on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications.. [Opinion 9/2011 on the revised Industry Proposal for a Privacy & Data Protection Impact Assessment Framework for RFID Applications -11 Feb 2011] [Privacy & Data Protection Impact Assessment Framework for RFID Applications 12 January 2011] See also: [ENISA Opinion on the Industry Proposal for a Privacy and Data Protection Impact Assessment Framework for RFID Applications [March 31, 2010]

Security 

US – TSA Deploys New Body Scanners

The Transportation Security Administration this week debuted software designed to make airport body scanners less invasive. The software creates generic body images and displays any detected anomalies in a red outlined box around the specific area of concern. The software will be incorporated at Reagan National Airport in Washington, DC, and in Atlanta, the report states, and could eventually land at all 78 airports currently using body scanning technology. “We believe it addresses the privacy issues that have been raised,” said TSA Chief John Pistole. [The Washington Post] [Source

US – Nasdaq Suffers Security Breach

Nasdaq OMX Group says it found suspicious files on its U.S. computer servers. Nasdaq says it found malware at the end of last year and alerted forensic groups and U.S. law officials and that the FBI and Department of Justice are now investigating. The malware was pointed at Nasdaq’s Web-based program, where about 5,000 companies store documents for board members, the report states. Nasdaq deleted the malware and says no customer information appears to have been compromised as a result of the security breach. Law enforcement officials have not yet issued a statement on the case. [Banking Business Review] [NASDAQ Breach: You Should be Concerned]

Surveillance 

US – ACLU Calls for Moratorium on City Cameras

The American Civil Liberties Union (ACLU) is calling for a moratorium on installations of surveillance cameras in Chicago and new policies to prevent their misuse. The city has more than 10,000 surveillance cameras, capable of tracking people or vehicles, searching for images of interest and reading license plates, the report states. “Our city needs to change course before we awake to find that we cannot walk into a bookstore or a doctor’s office free from the government’s watchful eye,” an ACLU spokesman said. A spokeswoman for the Chicago Police Department said it is committed to “safeguarding the civil liberties of city residents” and “upholding the constitutional rights of all.” [Source] See also: [US: Female hostellers damage CCTV cameras to protect privacy] [UK: Coventry’s Stoke Park School has 112 CCTV cameras] [US: Supermarket camera suspect charged with privacy violation] and [US: Red-Light Cameras Lower Traffic Deaths, Agency Claims – NYT

AU – Vehicle Tracking Devices Could Be Used to…Track

A private car-for-hire company in Australia has announced it will install GPS devices in up to 30% of its fleet. The company said the devices will allow them to know if the cars are driven out of the contracted range or on dirt roads, which would breach contract. But Civil Liberties Australia calls the move an “excessive invasion of privacy.” Meanwhile, the U.S. National Highway Transportation Administration will consider new rulemaking that would require event data recorders to be installed in passenger vehicles, according to a press conference announcement. The announcement has some privacy advocates concerned that the recorders could be used to track Americans’ movements. [News.com.au] [Source

US – Smart Meters Face Resistance

The New York Times reports on the growing opposition to smart meter installations at homes in Maine and California. The wireless meters report hourly home energy usage back to the utility. Some Maine residents have launched e-mail campaigns, and some municipalities in both states have adopted moratoriums on meter installation. A group of Californians has launched a “Stop Smart Meters” campaign, and four protesters have been arrested for blocking trucks delivering meters to homes. In response to privacy concerns, the vice president of Edison Electric Institute, the national association of utilities, said, “We’ve always gotten information about customers’ usage and always kept it confidential. We’re going to honor their privacy.” [Source 

CA – Cavoukian Releases Smart Grid Study

Ontario Privacy Commissioner Ann Cavoukian released a study on an Ontario utility’s approach to smart meter deployment, which she says should serve as the model for all future smart grid investment. Released at a California event, Operationalizing Privacy by Design: The Ontario Smart Grid Case Study is the third in a suite of papers on smart grid deployment. It describes the utility’s policy to only include customer identification information in the company’s own billing records and not share it with third parties unless consent is acquired for service offers. “Smart grid technologies have the potential to collect extremely detailed information about energy consumption in the home, which can lead to the unwelcome profiling of individuals,” Cavoukian said. [The Globe and Mail] [Utilities work to prevent privacy backlash over smart grid]

Telecom / TV 

US – Obama Touts Plan to Get Wireless Internet to 98% of U.S.

President Obama has outlined a plan to expand super-fast wireless Internet connections. Speaking at Northern Michigan University, Obama said he would use $18 billion in federal funds to get 98% of the nation connected to the Internet on smartphones and tablet computers in five years. To get there, the federal government will try to bring more radio waves into the hands of wireless carriers to bolster the nation’s networks and prevent a jam of Internet traffic. He said he hoped to raise about $27.8 billion by auctioning airwaves now in the hands of television stations and government agencies. And with that auction money, the government would fund new rural 4G wireless networks and a mobile communications system for fire, police and emergency responders. [Source]

US Legislation 

US – Speier Introduces Financial Privacy Bill

The former California lawmaker who sponsored some of the nation’s strongest financial privacy protections during her time as a state senator has dropped a new federal law. Now in the U.S. Congress, Rep. Jackie Speier (D-CA) introduced the Do Not Track Me Online Act of 2011. The bill has elicited support from privacy advocates and warnings from the online advertising industry. It would let consumers opt out of having their online activities tracked through the creation of a do-not-track system such as the one called for in the Federal Trade Commission’s recent report on Internet privacy. Also, Speier introduced the Financial Information Privacy Act of 2011. [MediaPost News

US – Speier to Introduce Do-Not-Track Bill

Rep. Jackie Speier (D-CA) plans to introduce an online privacy bill next week directing the FTC to begin a do-not-track program for online advertisers. The program would enable consumers to opt out of behavioral advertisers’ tracking. The bill is meant to provide a floor rather than a ceiling, according to the report. Speier worked with Consumer Watchdog, Consumer Federation of America, Consumers Union and the Electronic Frontier Foundation on the bill. Meanwhile, Rep. Bobby Rush (D-IL) is expected to re-introduce his online privacy bill next week. [The Hill] See also: [Online Privacy Legislation Expected To Abound] [National Journal] See also: [Wyden Discusses Mobile Privacy Bill

US – Senators Propose Body Scanner Legislation

U.S. Senators Charles Schumer (D-NY) and Ben Nelson (D-NE) proposed legislation that would make the misuse of airport body scan images a federal crime, Computerworld reports. The Security Screening Confidential Data Privacy Act would prohibit the dissemination or photographing of scanned body images, punishable by up to one year in prison and a $100,000 fine per violation. The bill follows advocates’ and passengers’ concerns about privacy as the machines are increasingly implemented at U.S. airports. Marc Rotenberg of the Electronic Privacy Information Center is pleased with the legislation and said, “Obviously, there are no circumstances under which anyone should be able to take an image generated by one of these devices and circulate it to others.” [Source

US – Legislators Introduce Breach Bills

Hawaii legislators have introduced several bills to amend the state’s data breach notice law. Among those, security breach bill S.B. 728 and its house companion would require more specific notification in security breach cases, would eliminate the harm trigger in state law and would apply to any disclosure of records. It also would list the plaintiffs’ rights of action and would state that any person at risk for identity theft as a result of a data breach may sue for damages sustained. S.B. 796 would widen the definition of a security breach and would require three years of credit monitoring service by the responsible party to those affected. [Covington & Burling’s Inside Privacy

US – Bill Banning Texting While Driving Concerns Some

A bill headed to the Mississippi House of Representatives that would ban texting while driving is raising privacy concerns. The bill passed the senate last week with only two lawmakers voting against it. It would extend Mississippi’s ban on texting while driving from young drivers to all drivers, carrying a misdemeanor charge and a $500-$1,000 fine, depending on whether an accident occurred as a result. Sen. Terry Brown (R-Columbus) is concerned about privacy, however. “A law officer could read a person’s text message after an individual was pulled over. Are they going to confiscate your cell phone for evidence?” Brown questioned. [Justice News Flash] [Source]

Workplace Privacy 

IS – Court Restricts Monitoring of Employee E-mail

Israel’s National Labor Court has set out rules for employers’ monitoring of workers’ e-mails. Dan Or-Hof of Pearl Cohen Zedek Latzer, writes that “The rules impose severe restrictions…and employers should consider reforming their workplace policies accordingly.” The rules state that employers must establish policies on e-mail monitoring and must inform employees of the policies. They also establish clear guidelines on when and how e-mail monitoring is permitted. “Employers should carefully study the opinion and make all necessary adjustments to comply with its requirements,” Or-Hof writes. “Specific attention should be given to…harmonizing the corporate information security system and policies with a new pro-privacy workplace environment.” [Source] See also: [US: Facebook Firing Case Is Settled

AU – Employers to be Banned from Monitoring Staff’s Email, Facebook, Internet Use

SNEAKY bosses who spy on personal emails are facing D-Day as state and federal politicians move to protect workers’ privacy. Queensland Attorney-General Cameron Dick said it was time to safeguard workers who unknowingly had their emails read and internet use monitored by unreasonable bosses. Companies are also monitoring social network sites and using information to sack staff even if they are posting messages at home and don’t mention their employer. Lawmakers say they are determined to stop any such abuse. The state and federal attorneys-general have been working on a set of workplace privacy guidelines since 2009 but Mr Dick said he would introduce his own code, regulations or law if national progress was not made soon. [Source] See also: [Who’s the Boss, You or Your Gadget?] and [CA – Privacy rights at work? Not so much

IN – India Service Book of Govt Servant Not Personal: CIC

In a major decision that could spark privacy versus transparency debate, the Central Information Commission (CIC) has said the service details of a public servant are not confidential and can be provided to an RTI applicant. The country’s top watchdog had earlier taken out property details and income tax returns of public servants from the ambit of confidentiality which has been challenged in the Delhi High Court. [Source

+++

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: