01-15 September 2012

 

Biometrics

US – FBI Begins Installation of $1 Billion Face Recognition System Across America

A move by the Federal Bureau of Investigation (FBI) to upgrade its biometric database has a number of privacy and civil liberties groups raising red flags over potential privacy intrusions. The Next Generation Identification program will update the FBI’s fingerprint database and will compile mugshots, DNA data, iris scans and voice recognition to help agents track down suspects. An FBI spokesman said the agency “is tentatively planning to host a meeting of federal law enforcement and national security agencies with privacy and civil liberties groups to discuss various aspects of federal government uses of facial recognition technology later this year.” Sen. Al Franken (D-MN) has expressed privacy concerns about the database. [CNET News] [Source]

US – Alabama First State to Scan Fingerprints of Prison Visitors

The Alabama Department of Corrections has enacted a first-in-the-nation policy requiring visitors at the state’s prisons to have their fingerprint scanned before they are allowed to enter the facilities. No other state prison system in the country has a similar requirement. The change, implemented in August, has its roots in the prison system getting a new computer program, said a spokesman for the Department of Corrections. The move is drawing some criticism. State Departments of Corrections routinely require that visitors be approved, and each visitor undergoes a criminal background check. However, the fingerprint requirement is “extreme” said David Fathi, director of the American Civil Liberties Union’s National Prison Project.” If showing a driver’s license is all that is required to get on an airplane that will fly you near the White House, it should be enough to get you inside a prison to visit someone,” he said. [Source 

WW – Devices Capture Increasing Amounts of Intimate Data

A growing number of products are capable of monitoring intimate biological data—devices like wireless health monitors and, soon, “stretchable electronics” capable of measuring heart rate, brain activity, body temperature and hydration levels. One company will soon pilot a “Digital Health Feedback System” that will capture biometric data using microchips embedded in a pill and using stomach fluids to emit signals to an external sensor. The ways companies may use or share the data collected by such devices is yet to be seen. One company says customers will own the data but requires customers to grant it permission to use data for “product development and the cultivation of its data sets,” the report states. [The New York Times]

 

Canada

CA – Stop Collecting Health Numbers, SaskTel Told

Saskatchewan’s privacy commissioner says SaskTel should stop collecting health card numbers from its customers. Gary Dickson also wants the Crown-owned phone company to stop gathering social insurance numbers and other unique identifiers whenever possible. The recommendations were part of a 58-page report Dickson released this week. [Source] [Source]

CA – Ontario Trial Hinging on Cellphone Search Warrant Raises Privacy Concerns in B.C.

David Eby of the B.C. Civil Liberties Association is concerned about the outcome of a court case in Ontario ruling on whether police can search a suspect’s cellphone without a warrant. A cellphone was found on an Ontario man after he had been arrested on suspicion of armed robbery in July 2009. On the phone were images and text messages that were used against him in his trial. A warrant to examine the phone was only obtained after the police found evidence on the phone. The cellphone information was ruled admissible as evidence but that decision has gone to the Ontario Court of Appeal for a ruling on whether it was a violation of Charter of Rights and Freedoms. Police can search a bag or briefcase when they arrest someone. They need a warrant to get into your house or the trunk of your car. But a phone can carry a lot more vital information these days than a briefcase. “The issue that the courts are grappling with now is the realities of new technologies,” said Eby. He believes police should get a warrant before accessing all that information. [Source 

CA – Growing Number of Stolen ID Cards Used to Obtain Passports: RCMP Report

Criminals are increasingly using stolen social insurance numbers and doctored birth certificates to obtain legitimate driver’s licences and passports, an internal RCMP report says. And by leveraging pilfered or forged identity markers into higher-value IDs, criminals can sidestep tough anti-counterfeiting features built into government-issued identity documents, including a pending upgrade of passports with biometric chips. “Identities are being overtaken, altered or created, facilitating a number of other crimes, including many variations of fraud, typically for financial gain or to conceal a true identity,” says the March 2011 report prepared by the RCMP’s criminal intelligence division. It points to a rising use of “breeder” documents — identity records such as social insurance numbers, birth or citizenship certificates — that are stolen, tampered with or falsified, then used to sign up for credit cards or valid forms of identity. The report suggests Ottawa’s recent move to stop issuing SIN cards, instead sending the information in a letter, may not hinder identity thieves who skim someone’s mail or pick through their garbage looking for the nine-digit number. The report says the failure of governments to cross-check the authenticity of personal documents used in applications allows fraudsters to stitch together a “synthetic” identity, often combining a stolen social insurance number or altered birth certificate with a made-up name and date of birth.That means a social insurance number can be successfully paired with an entirely different name on a government application form, since the two are not routinely checked for a match, it says. And online applications make it easier for criminals to avoid face-to-face interactions when committing identity fraud, the report notes. [Source 

CA – Privacy Goes Missing With Alberta’s New Missing Persons Act: Critics

A new law that came into effect this month giving Alberta police easier access to personal records when investigating missing persons cases is being touted as a potential lifesaver by the provincial government. But critics say that however well-intentioned the Missing Persons Act is, it presents real dangers to privacy and, possibly, personal safety. The legislation, introduced more than a year ago, allows police in a missing person case to seek an order from a justice of the peace to search personal information, such as cellphone and computer records, employment, education and health files, closed circuit television records and financial histories. In emergency situations, police can also make a written demand for information without going to the courts. Justice Minister Jonathan Denis said Friday the law’s major impact is that police can now access information even if there is no reason to think a crime has been committed. Denis said the legislation is the first of its kind in Canada. But Liberal MLA Laurie Blakeman said she’s horrified by how much personal information the government is allowing police to collect under the law. [Source 

CA – Commissioner Urges Orgs to Make Privacy Part of Their Corporate Culture

Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian, says it is not enough for organizations to have a privacy policy in place – they must take steps on an ongoing basis to make sure it is reflected in every aspect of their operations. A new paper, released today by the Commissioner at a meeting of the Privacy Section of the Canadian Bar Association, provides a 7-step action plan on how to effectively execute an appropriate privacy policy and embed it in the concrete practices of an organization. Paper: A Policy is Not Enough: It Must be Reflected in Concrete Practices [Source: Office of the Information & Privacy Commissioner of Ontario]

 

Cloud Privacy 

HK – Cloud Security Alliance Presents Privacy Level Agreement Initiative

The Cloud Security Alliance (CSA) has announced the launch of launched a Privacy Level Agreement (PLA) Working Group in the EU and a partnership with the Hong Kong Applied Science and Technology Research Institute (ASTRI) to advance cloud computing security and build capabilities that will accelerate the development of the cloud ecosystem in Hong Kong. The PLA Working Group is comprised of independent privacy and data protection subject matter experts, privacy officers, and representatives from data protection authorities. The group will work to define compliance baselines for data protection legislation and establish best practices for defining a standard for communicating the level of privacy measures such as data protection and data security that it agrees to maintain while hosting third-party data. [Source]

 

E-Government 

CA – BC: Coquitlam Rejects Plan to Publish Voters’ Names

Coun. Terry O’Neill’s plan to improve voter turnout was flatly rejected at a council meeting in Coquitlam this week. Introduced in July, O’Neill’s motion sought to publicize the names of those who vote in a civic election, a move he hoped would improve “abysmally low” voter turnout in recent years. But the key stumbling block among his council colleagues was the issue of privacy, and the motion was defeated 8-1. O’Neill was the lone councillor to vote in favour of the motion. “No idea is perfect,” he said. “But I think this is a good idea and it’s a good start.” O’Neill got the idea after reading an Atlantic magazine article entitled, “The Ideas Report.” The report cited a U.S. study that suggests “people are more likely to follow social norms when their behaviour is observed by others” – in other words, if their names are published, they are more likely to vote. Under current provincial legislation, municipalities are mandated to produce voter lists for eight weeks after an election, a point O’Neill used to counter claims his motion would undermine privacy concerns. He also argued publishing the names of those who vote in local newspapers would instill a sense of pride, while also exerting pressure on those who choose not to vote. Coun. Selina Robinson, however, said that tactic encouraged a form of public shaming rather than public engagement. [Source]

 

Electronic Records

US – New Texas Privacy Law Adds More Hassle, Expense

Texas physicians and certain other professionals who use electronic health records must comply with a new state privacy law beginning this month that imposes more stringent requirements than HIPAA. HB300, an omnibus health information technology privacy and security bill, covers meaningful use of electronic health records, the physician quality and reporting system, e-prescribing, translator availability, drug plan authorizations, and increased documentation and certification requirements. The changes begin with a broadened definition of “covered entities,” to include almost anyone who handles protected health information. This may include business associates, healthcare payers, government units, schools, healthcare facilities, providers, researchers and physicians. Covered entities are allowed to transmit protected health information for treatment, payment, health plan operations and insurance functions, and patients must be informed — through prominently displayed notices in public areas — that this disclosure may occur for authorized purposes. Other uses will require patient authorization. Patient requests for their electronic health records must be fulfilled within 15 business days of a written query, just as physicians have been required to do for paper records under state law. Health care workers also face stricter training requirements regarding privacy issues, and penalties for violations will be ramped up significantly under the new law.[Source 

US – ONC Shelves Voluntary “Rules of the Road” Draft Regs

The Office of the National Coordinator (ONC) for Health Information Technology has stepped away from plans to set voluntary “rules of the road” for health information exchanges—including guidelines for privacy and security. In a blog post about the shelving of a Nationwide Health Information Exchange Governance Rule, ONC head Farzad Mostashari wrote, “Based on what we heard and our analysis of alternatives, we’ve decided not to continue with the formal rulemaking process at this time and instead implement an approach that provides a means for defining and implementing nationwide trusted exchange with higher agility, and lower likelihood of regret.” [GovInfoSecurity]

 

Encryption 

UK – UK Limits Spyware That May Have Targeted Dissidents

The British government has imposed export controls on U.K.-based Gamma Group’s FinSpy surveillance tool, which can remotely take over computers and phones, following reports that the systems may have been used to target political dissidents. The U.K. Secretary of State for Business Innovation and Skills informed the company that existing export restrictions apply to FinSpy, requiring Gamma to obtain a license to sell the system outside the European Union, according to an Aug. 8 letter the government sent to lawyers for London-based Privacy International, which is pressing for such restrictions. [Source]

 

EU Developments

US – Privacy, Consumer Groups Back EU’s Proposed Privacy Rules

22 U.S. privacy and consumer groups have voiced support for a tough online privacy proposal being considered by the European Union, even though some U.S. businesses and government officials have described the proposal as too regulatory. The proposal “provides important new protections for the privacy and security of consumers,” the groups wrote in a letter sent to members of the European Parliament. “We believe that the promotion of stronger privacy standards in Europe will benefit consumers around the globe, as businesses improve their privacy practices and security standards.” The privacy and consumer groups, including Consumers Union, Privacy Rights Now, the Electronic Privacy Information Center and Public Citizen, called for the E.U. to strengthen the privacy protections in the proposal. The E.U. should limit the number of compliance exceptions in the proposed General Data Protection Regulation, promote greater transparency in data practices and strengthen the public’s right to data portability, the groups said. The proposal should also limit the scope of information online businesses can collect through “legitimate interests,” the groups said. [Source]

EU – Privacy Czar: Civil Rights at Stake in Asylum Database Proposal

European Commission proposals that would give the police access to a new EU-wide fingerprint database for asylum seekers – Eurodac – is a “serious intrusion” into the rights of a vulnerable group, the European Data Protection Supervisor (EDPS) says. The EDPS said that under Commission proposals, law enforcement authorities would have access to Eurodac data. While the EDPS understands that the availability of a database with fingerprints could be a useful additional tool in combating crime, EDPS views the Commission’s amendment “a serious intrusion into the rights of a vulnerable group of people in need of protection.” The EDPS said the access might not be really necessary. “Just because the data has already been collected, it should not be used for another purpose which may have a far-reaching negative impact on the lives of individuals,” said EDPS supervisor Peter Hustinx. “To intrude upon the privacy of individuals and risk stigmatising them requires strong justification and the Commission has simply not provided sufficient reason why asylum seekers should be singled out for such treatment,” he added. [Source]

UK – ICO: Cookie Compliance Deadline Set for Some

Information Commissioner’s Office (ICO) Group Manager for Business and Industry Dave Evans said Businesses should now “know they have to respond to the law,” said Evans. The comments come after one web software firm taunted the ICO about cookie compliance. For noncompliant businesses, Evans said, “It might be a law they wish didn’t exist, but the simple fact is that it is here to stay,” adding, “for example, some sites have failed to engage with us at all, and they’re now being set a deadline to take steps towards compliance, with formal enforcement action likely if they fail to meet this deadline.” [Out-law.com] [Privacy watchdog to issue massive fines for cookie law breaches]

UK – Web Software Firm Taunts UK Data Regulator Over Cookies

A software firm has challenged the UK’s Information Commissioner’s Office to punish it over its use of web cookies. Derby-based Silktide said it created http://nocookielaw.com to highlight the “ineffective” rules put in place in May to clamp down on websites using “tracking” cookies which log user data. The site says: “Dear ICO, sue us. Send in a team of balaclava-clad ninjas in black hawk helicopters to tickle us to death with feather dusters.” The ICO has defended its role. “We welcome any opportunity to help us draw attention to this matter, as a key part of our work in ensuring compliance with the cookie law has been making businesses aware of the regulations,” a spokesman said. [Source]

UK – Parliamentary Committee Hears Evidence on Proposed Framework

The UK Parliament’s Justice Select Committee has held its first evidence session on the EU’s proposed data protection framework. The Association of Chief Police Officers, the Federation of Small Businesses and the Information Commissioner’s Office were among those who provided their opinions. While many said the regulation brings welcome changes, “the overwhelming response was to criticize the overly-engineered text” of both the regulation and the Data Protection Directive, the report states, and a key “tension in the regulation exists between the drive toward harmonization and the consequent prescriptive practices and procedures that the commission’s version of harmonization requires.” [Source]

UK – British Funeral Director Puts QR Codes on Grave Stones

Visitors to graveyards in the UK may soon be able to learn much more about the people buried there, with the introduction of quick response (QR) codes on headstones. Chester Pearce in Poole is the first funeral director to offer families the option of interactive gravestones with embedded QR codes. The £300 QR codes are etched on to small granite or metal squares before being embedded or glued on to the gravestones. When scanned using a smartphone or tablet, the code launches a personalised web page dedicated to the deceased, complete with pictures, videos and contributions from family and friends. The QR codes can also be put on memorials and tribute plaques on benches. [Source]

EU – Working Party Releases Meeting Agenda

The Article 29 Working Party has released a draft agenda ahead of its next meeting. The meeting will take place September 25 and 26 in Brussels. It will discuss “the draft application form and cooperation procedure for Binding Corporate Rules (BCR) for processors,” the draft opinion on purpose limitation and “developments on the draft data protection regulation and directive.” [Source]

EU – Uruguay Declared Adequate by EU

The European Union has confirmed that Uruguay has achieved adequacy for personal data protection, according to the website of the nation’s data protection authority. “It is a recognition to the work of the regulatory unit and control of personal data,” the website states, “and a confidence in Uruguay as a country capable of assuming the challenge of taking care of the adequate controls that are required in the use and treatment of the personal data that has been provided.” [Source]

 

Facts & Stats

US – 94 Million Records Affected by Government Breaches, Sheriff Announces Breach

The government sector reported 268 incidents of data breaches from January 2009 to May 2012, reports Help Net Security. The breaches exposed a combined total of more than 94 million records. According to research by Rapid7, the number of PII records exposed from 2010 to 2011 increased by almost 170 percent. The leading causes of such losses were unintended disclosure, loss and theft of portable devices, physical loss and hacking, the report states. Meanwhile, a Maine sheriff’s office is warning approximately 180 people who were recently arrested to monitor their personal accounts after their Social Security numbers were inadvertently made public last week for “a fairly limited period of time.” [Help Net Security] 

WW – Data Breaches are Down but Hackers Are More Selective: Symantec

The latest data breach figures from Symantec present a ‘good news, bad news’ scenario. Symantec’s August 2012 Intelligence Report compares the number of breaches for the first eight months of this year with the same period of 2011. There were an average of 14 data breaches per month so far in 2012, down from 16.5 from January to August of 2011. And the average number of identities stolen during those incidents was cut in half from 2011 to 2012 during the months of January to August. Sounds like good news. But the bad news is that, as Symantec cautions, hackers may just be getting smarter and more strategic. And although hackers are still to blame for most of the breaches (40%) the rest of us can bear some responsibility too: 21% of breaches result from data being made public accidentally and 19% are due to theft or loss. [Source]

 

Finance

CH – Banks to Notify Employees of Data Transfers

In the wake of concerns surrounding the transfer of bank data to other countries, Swiss banks have agreed to inform employees before data is sent to foreign tax investigators. Data Protection Commissioner Hanspeter Thür said five banks have “signed on to notify employees after Thür threatened to ask the Federal Administrative Court to force banks to protect employee data,” the report states, noting Thür met with bank officials to promote “a transparent process for employees” and that he has “doubts data handovers to the U.S. are legal.” [World Radio Switzerland]

AR – Argentina Government Tracking All Credit Card Purchases

The Argentina government has begun mandating banks to report credit card purchases to national tax authorities and is adding a 15% surcharge on purchases made outside the country using Argentinian bank-issued credit cards,. The changes are an effort to combat tax evasion and close off ways for people to convert pesos to U.S. dollars at the official rate—which is lower than the black market rate. The author states this is an example of how a “cashless society… has actually advanced the cause of financial repression,” adding, they are “important lessons in why a cashless society should not strip everyone of their transactional and financial privacy.” [Forbes] 

US – Bank Fraud Ringleader Sentenced

The leader of a bank fraud and identity theft scheme in Pennsylvania that targeted top-tier financial institutions and their customers has been sentenced to more than eight years in prison for his crimes. Although that sentence is steeper than in many similar ID theft cases, one legal expert says the case merited an even harsher sentence. [Source]

 

Health / Medical 

CA – Manitoba Ombudsman Wants Tougher Penalties for Snooping by Health Workers

Manitoba’s acting ombudsman says penalties for nosiness should be strengthened now that technology is making it easier for health-care workers to snoop into the private information of patients they have a grudge against. “In the old days, three people had access to your record — your doctor, his or her nurse and his or her receptionist. Now, you can have thousands of people with access to your records,” Mel Holley said. Holley has concluded an investigation into a case last year in which a worker at CancerCare Manitoba, the province’s prime centre for cancer treatment, got into the electronic patient files of a neighbour’s child who was undergoing treatment. The worker, whom Holley did not identify, did not need to see the child’s file for any work-related purpose, but did so because of a personal conflict with the youngster’s mother. [Source]

 

Horror Stories 

US – App Company Admits to Being the Source of Apple UDID leak

A Florida-based app publishing company called BlueToad has claimed it was the source of the Apple UDID leak, contradicting claims from Anonymous that it hacked them from an FBI laptop. Speaking to NBC News, BlueToad CEO Paul DeHart said data released by Anonymous closely matched data held on one of the company’s databases. DeHart believes Blue Toad was hacked several weeks ago. He apologised to those whose data was stolen, adding that an investigation is underway into the exact circumstances. Earlier this month Anonymous leaked one million UDIDs out of about 12 million it claimed to posses. It said it had hacked the data from a laptop belonging to an FBI agent as it wanted to publicly expose the monitoring and tracking by US government agencies such as the FBI. However the FBI was quick to deny it was the source of the data, saying in a statement that it could find, “no evidence indicating that an FBI laptop was compromised or that the FBI either sought or obtained this data.” Apple also denied handing over the information to the FBI. It is also phasing out the use of UDIDs, partly. There has been no response yet from the usual Twitter accounts connected to Anonymous. However one thing is clear: the dates do not match up. Anonymous said the information was hacked back in March but BlueToad believes its data breach occurred within the last two weeks. DeHart admitted that it is possible the data had been shared by whoever stolen it from BlueToad and found its way onto an FBI laptop. Web pages have been set up to check whether IDs have been compromised and Apple users can look up an UDID using a confidential partial search at http://pastehtml.com/udid [Source] [FBI Disputes Claims of Hackers’ Apple Data Breach] [Alleged FBI Hack: Much Ado about Nothing?] [Hacker group claims FBI tracking Apple users] 

US – Officials Alert Patients: Breached Data May Have Been Sold

University of Miami officials are warning patients affected by a July breach that two university employees may have sold their data. The employees accessed information including names, dates of birth, insurance policy numbers, partial Social Security numbers and some clinical information. In some cases, Social Security numbers may have been viewed in full. The university is providing two years of identity protection services, the report states. “We continue to review and refine our physical and electronic safeguards to enhance protection of all patient data,” university officials wrote in a letter. [Healthcare IT News] [Miami hospital data breach due to employee offense] 

CA – B.C. Health Ministry Suspends Workers Over Privacy Breach

Seven employees have been suspended without pay from the B.C. Ministry of Health over allegations of inappropriate access to medical information. The employees in question worked in the area of research and evidence development, which awards drug research contracts on behalf of the ministry. Government has also terminated agreements with two research contractors until after the investigation is complete. It is believed both government workers and research contractors had inappropriate access to health data. It is not clear what information, if any, has been compromised. Both the RCMP and B.C.’s Office of the Information and Privacy Commissioner have been notified about the allegations. [Source] See also: [NL: Eastern Health announces more privacy breaches] Update: [BC: McInnes: Alleged data breach a body blow to health research expansion] and [Alaska’s Health and Social Services CSO Offers Lessons Learned from a Breach] 

US – Judge Consolidates Four Breach Class Actions

A U.S. District Court Judge yesterday consolidated four proposed class-action lawsuits against LinkedIn Corp. The suits were filed in California’s Northern District in response to a June security breach and claimed $5 million in damages after hackers stole 6.5 million user passwords from the site and posted them online, the report states. The suits claim that although LinkedIn’s privacy policy says it will protect user data with “industry standards and technology,” the company used “a weak encryption format that failed to comply with basic industry standards…without implementing other crucial security measures.” [The Recorder] 

US – Judge Throws Out Consumer Complaint

A federal judge has dismissed a consumer lawsuit against 17 tech companies. U.S. District Court Judge Sam Sparks found the consumers’ written complaint is “too unwieldy” for the lawsuit to proceed, the report states. The suit was filed against the tech companies for allegedly collecting or storing users’ address books without their consent, the report states. Complaints are required to make allegations in a “short and plain statement.” Sparks said the consumers’ complaint was not “written with an eye toward this court’s busy docket” and is instead aimed at the “court of public opinion.” The consumers have until September 12 to amend the complaint. [MediaPost]

 

Identity Issues 

CA – Tighter Air Security Rules Leads To New Canadian Passports With Electronic Chip

Starting next spring, Canadian passports will be valid for up to 10 years. But it will also feature a new electronic chip on which vast amounts of data can be stored. Not that it will, insists Passport Canada. But it could – including personal commercial information like cars you’ve rented, hotel reservations made or your frequent flyer programs. Eleven years after 9/11, the new passport is part of a global tightening of air travel security that is the subject of a three-day conference starting this week at Montreal’s International Civil Aviation Organization (ICAO). [Source]

WW – Research Paper Reexamines Reidentification

Columbia University’s Daniel Barth-Jones has released a paper reexamining Latanya Sweeney’s 1997 analysis of reidentification vulnerabilities. With a “profound impact on the development of de-identification provisions” within HIPAA, Sweeney’s study has been “frequently cited as an example” of the “astonishing ease” with which medical data can be reidentified. According to Barth-Jones, this reexamination “exposes an important systemic barrier to accurate reidentification known as ‘the myth of the perfect population register.’” The author provides “recommendations for enhancements to existing HIPAA de-identification policy” and commentary on “balancing the competing goals of protection patient privacy and preserving the accuracy of scientific research and statistical analyses conducted with de-identified data.” [Source] 

US – University Decides Sex Tracking Smartphone App May Not Be Such a Great Idea

Earlier this summer, researchers from Indiana University and the Kinsey Institute launched the ultimate app for the TMI crowd: the Kinsey Reporter, which “crowdsources sexual behavior.” It works how you would expect it to work. The app acts as a digital Dr. Alfred Kinsey — the pioneering sex researcher, a.k.a. Liam Neeson — for those willing to spill their sexual secrets, asking them for reports on their flirting, kissing, cuddling, self-loving time, fetishes, use of birth control, and all other aspects of body-rubbing activity. The app managed to attract a national pool of willing guinea pigs in just over three months time, judging from this recent report: The researchers’ pitch was to share your sexy times for science to allow them to get better insight into “issues that have been challenging to study until now.” (Thanks to those pesky Peeping Tom laws.) The app assured users that all reports would be anonymous, tied solely to the participants’ geolocation, which would be tagged when they uploaded their reports. Then it would be used for research and to generate nifty reports. Though originally released in May, the app got media attention just this week after the university issued a press release. Those reports, of course, involved the word “creepy.” A few hours after the release was issued, the University’s general counsel got wind of the app’s existence, apparently for the first time, and made the decision to disable the Kinsey Reporter app and an accompanying website for further study after concerns were voiced concerns about potential privacy issues and data protection. [Source]

 

Intellectual Property 

US – Federal Appeals Court Restores Initial US $222,000 Verdict in Filesharing Case

The 8th US Circuit Court of Appeals in Missouri has reinstated the original verdict against Jammie Thomas-Rasset, the Minnesota woman who since 2006 has been challenging an illegal file-sharing lawsuit brought by the Recording Industry Association of America (RIAA). Thomas-Rasset was initially ordered to pay US $222,000 for illegally downloading and sharing 24 songs through Kazaa. The RIAA says it found more than 1,700 songs on Thomas-Rasset’s computer but for the court case, it focused on just 24. After the first trial, the judge declared a mistrial after he decided that he had given the jury inaccurate instructions. The subsequent trial also found Thomas-Rasset guilty and the jury gave a verdict of US $1.92 million, which the judge reduced to UD $54,000.  The companies went to third trial on damages, which awarded the RIAA US $1.5 million, but that was reduced to US $54,000 as well. The appeals court ruled that the US $222,000 verdict should stand. Thomas-Rasset’s lawyer says his client plans to appeal to the US Supreme Court. The RIAA no longer pursues action against individual file-sharers; instead, it is focused on working with service providers to help identify and punish those who persist in illegal downloading. [WIRED] [Ars Technica] [BBC] [Opinion]

 

Law Enforcement 

WW – Infrared-Camera Algorithm Could Scan for Drunks in Public

Computer scientists have published a paper detailing how two algorithms could be used in conjunction with thermal imaging to scan for inebriated people in public places. The paper, published in the International Journal of Electronic Security and Digital Forensics, details two different algorithms that focus on data gathered from a subject’s face — alcohol causes blood-vessel dilation at the skin’s surface, so by using this principle as a starting point the two began to compare data gathered from thermal-imaging scans. One algorithm compares a database of these facial scans of drunk and sober individuals against pixel values from different sites on a subject’s face. A similar method has been used in the past to detect infections, such as SARS, at airports — though a study carried out at the time of the 2003 outbreak warned, “although the use of infrared instruments to measure body surface temperatures has many advantages, there are human, environmental, and equipment variables that can affect the accuracy of collected data.” A second algorithm is used to map out the different areas of the face. The pair found that, when inebriated, an individual’s nose tends to become warmer while their forehead remains far cooler. To use this information against the database with the first algorithm, a second algorithm was necessary to identify and differentiate between features. The system could, the paper argues, be used to avoid embarrassing and unfounded reproaches by police officers and officials, who generally make assumptions based on behaviour and appearances alone. [Source] See also: [New Mexico: Eddy County Sheriff’s office uses tech to fight child porn]

 

Location 

US – Feds: No Constitutional Protections for Location Data

Wired reports on court arguments made by the Obama administration claiming there is “no expectation of privacy” in cellphone location data, meaning law enforcement should not need to obtain a warrant to track a suspect’s movements. Citing a 1976 Supreme Court case, the administration said data such as bank records gleaned from cellphone providers are “third-party records.” The arguments come as the government prepares for a retrial in the United States v. Jones case. The administration’s court filing states, “When a cellphone user transmits a signal to a cell tower for his call to be connected, he thereby assumes the risk that the cellphone provider will create its own internal record.” [Source]

US – FTC Issues Guidance to Promote Secure Mobile Apps

The Federal Trade Commission has just published a guide to help mobile application developers observe truth-in-advertising and basic privacy principles when marketing new mobile apps. The FTC’s new publication, Marketing Your Mobile App: Get It Right from the Start, notes that there are eight general guidelines that all app developers should consider. The FTIC guidelines are:

  1. Tell the truth about what the app can do.
  2. Disclose key information clearly and conspicuously..
  3. Build privacy considerations in from the start.
  4. Offer choices that are easy to find and easy to use.
  5. Honor privacy promises.
  6. Protect children’s privacy.
  7. Collect sensitive information only with consent.
  8. Keep user data secure. .

Berger says the FTC has no plans to ask Congress to give it more authority to deal specifically with mobile-app privacy matters, but is asking lawmakers to enact legislation to require businesses to assure the online privacy of consumers through its privacy framework. [Source]

Mobile Privacy 

US – Mobile Users Avoid, Uninstall Apps Over Privacy Concerns: Pew Report

About six in 10 mobile phone users said they have decided against downloading certain apps over privacy concerns, a new survey finds. And in many cases, they have uninstalled apps that collected too much personal information about them. According to the survey on mobile privacy released this month by the Pew Internet & American Life Project, users made those decisions when they learned how much personal information they would share by using the apps. The findings, in a survey of 2,254 adults, show that “many cell phone users take steps to manage, control or protect the personal data on their mobile devices,” according to the report’s authors. Among the findings:

—  88% of adults said they own some sort of a mobile phone, and 43% of that group downloaded applications to their phone. That’s up from 31% in 2011.

— 30% of smartphone owners said they turned off their phone’s location tracking feature because they were worried about people or companies accessing this information. That compares with just 7% for those with regular, basic cellphones.

— 41% of all cellphone owners said they backed up data on their phone, such as photos or contacts.

— Men were more likely than women to delete an app because of privacy concerns. But there was no gender difference among people who decided not to install apps in the first place due to privacy concerns.

— Those with BlackBerrys were the most likely to say they’ve lost their phone or had it stolen: 45% compared with 30% of iPhone owners and 36% of Android owners. In all, nearly one-third of all mobile phone owners said they have had their phone lost or stolen.

— People who have had their phone lost or stolen were no more likely to back up the information on their phones afterward. . [Source] 

US – Smartphone Apps Track Users Even When Shut Down

Some smartphone apps collect and transmit sensitive information stored on a phone, including location, contacts, and Web browsing histories, even when the apps are not being used by the phone’s owner, according to two researchers at the Massachusetts Institute of Technology. The popular game Angry Birds uses the phone’s GPS and Wi-Fi wireless networking features to track the owner’s location, even when he’s not playing the game, for example. Another game, Bowman, collects information from the phone’s Internet browser, including what websites the owner has been visiting. And WhatsApp, a popular text-messaging program, scans the user’s address book when it is seemingly idle. What is not known is whether apps that run on Apple Inc.’s iPhone and iPad tablet computer collect information in similar ways. The researchers only tested 36 apps written for the Android operating system, which is “open source” software. There are logical reasons for some apps to collect such data, researchers said. Rovio Entertainment Ltd., the maker of Angry Birds, makes money from the free version of the game by displaying ads on the screen. It uses location data from the phone to point players to local advertisers. But researchers questioned the need to keep tracking user locations even when the game is shut down. And there is no apparent reason a video game like Bowman needs to know about the player’s Web-surfing habits. The developers of Angry Birds and Bowman did not respond to requests for comment. WhatsApp cited its privacy policy, which says its app scans address books for phone numbers only to see if any of the user’s friends are also WhatsApp users. According to the policy statement, WhatsApp does not copy names, addresses, or e-mail­ addresses from the phone’s address book. The researchers have applied for a patent on their research, which they hope to turn into a rating system to help consumers quickly understand privacy policies for thousands of apps. They used the results of their tests to calculate an “intrusiveness score” for each app, rating the amounts of personal data it collects while in use and when idle. But they can test only a handful of the more than half a million Android apps, so they hope to develop a separate app that would “crowdsource” the process. Owners of Android phones could install the app, use it to test other apps, then publish the results on a website. Consumers could check an app’s intrusiveness score before deciding whether to install it. [Source 

US – NTIA Cancels Mobile App Privacy Meeting to Allow for Fact Gathering

The National Telecommunications and Information Administration (NTIA) has cancelled its September 19 stakeholder meeting to allow stakeholders to meet with app developers for informal briefings first. One such briefing will occur September 19. At the NTIA’s August 29 meeting, the second of a series of three, participants said they needed more information on the mobile app sphere before making decisions. As a result, such briefings have been scheduled for September 13, 14, 19 and 28. The NTIA meetings aim to establish a code of conduct framework, called for under the Obama administration’s Privacy Bill of Rights. [Broadcasting & Cable reports] 

US – Justice Dept. Says Counterterrorism Apps Pose Privacy and Security Concerns

The US Department of Justice (DOJ) is discouraging people from reporting suspicious activity through smartphone apps due to privacy concerns. Normally, information about potential threats reported by citizens is sent to regional analysis centers. Some of those centers are now allowing the reports to come to them through iPhone, iPad and other mobile device apps. The WVa app was introduced in February. The devices have the advantage of sending location information and pictures quickly, but there is concern that the apps could be misused and that they might flood emergency centers with unverified information. [NextGov] [WV]

 

Offshore 

WW – Study Says Data Privacy #1 Obstacle in Multinational Probes

Data privacy is the biggest challenge for lawyers and accountants conducting multinational investigations or cross-border litigation, according to a study released this month. The study found that 54% of those questioned said that data privacy was the greatest obstacle when handling these types of investigations or engagements. The study, published by business advisory firm FTI Consulting Inc., surveyed 114 legal and accounting professionals who have handled e-discovery matters for either multinational investigations or cross-border litigation. Respondents also said that multinational investigations were costly enterprises with 48% reporting they had spent more than $500,000 on such matters, and, most thought things would only get tougher with 76% predicting an increase in data privacy requirements in the coming years. [The Wall Street Journal 

CY – Cayman Islands: Proposed New Privacy Law Open for Comment

The Cayman public now has two months to examine and review critical draft legislation regulating the collection and use of personal data by all businesses, organisations and government entities. The new bill also deals with the individual right of people to access their own personal information and have more control over how it is used. The draft Data Protection Bill 2012 aims to provide legal protection of individual rights without being overly-bureaucratic, officials said this week, as the long awaited proposed law was published for public review. David Archbold, of the Information and Communications Technology Authority, said the bill will have tangible benefits for the Cayman Islands and be an effective tool to advance the right to privacy. “The scope of the draft Bill is quite broad, with exemptions in the public interest or for the protection of other rights and freedoms,” government officials said. The 69 page draft Data Protection Bill 2012 and the accompanying consultation papers are available at http://www.dataprotection.ky [Source]

Online Privacy

WW – Apache Web Software Overrides IE10 Do-Not-Track Setting

Apache has announced it will override Microsoft’s default do-not-track (DNT) setting. One of the authors of the DNT standard, Roy Fielding, wrote a patch for Apache that will disable Microsoft’s DNT setting. As a result, web servers using Apache software—the most commonly used software to house websites—will ignore IE10 DNT settings, the report states. Fielding said, “The only reason DNT exists is to express a non-default option,” adding, “It does not protect anyone’s privacy unless the recipients believe it was set by a real human being, with a real preference for privacy over personalization.” [CNET News] [PCMag] [Microsoft: DNT Default Not an Antidote to Advertising]

WW – Study: File Sharers Heavily Monitored

A study conducted by researchers at the University of Birmingham in the UK reveals that nearly all files shared via torrent sites are monitored by large Internet service companies that are possibly acting on behalf of copyright enforcers. In their study, the researchers noticed that IP addresses of file sharers were being tracked by several monitors acting as file sharers, the report states. One of the researchers said, “In the EU, there are quite strong data protection laws, and people who store personal data have to fulfill a lot of criteria, and this could definitely be looked on as personal data about the people being monitored.” [CBC News] 

US – Big Data: Which Websites Respect Your Privacy Rights the Least?

One lawyer’s has published analysis of how 25 major websites handle customer data. Andrew Nichol’s ClickWrapped.com evaluates sites on four categories, including how user data is used and when it can be disclosed. The evaluations are based on a 100-point scale, and points can be gained based on whether the site’s policy is consumer-friendly. [TIME 

US – Judge: Twitter Must Produce Posts or Face Fines

A judge has ruled that Twitter must disclose an Occupy Wall Street protester’s tweets or face a fine. New York State Supreme Court Judge Matthew A. Sciarrino Jr. has said the company must either turn over the posts or provide its earning statements from the previous two quarters so the judge can assess a fine. “I can’t put Twitter or the little blue bird in jail, so the only way to punish is monetarily,” Sciarrino said. In an exclusive for The Privacy Advisor, Mathew Schwartz asks, “Can service providers be held liable for what their users post, tweet or upload, including what others may deem to be offensive communications?” [Bloomberg]

 

Other Jurisdictions 

AU – Data Retention Laws Risky, Canberra told

The government was warned early this year that proposed new data retention laws would put Australians at higher risk of privacy breaches. The controversial proposal, which could see internet companies store up to two years’ worth of data on subscribers and users, is part of a package of legislative changes to overhaul the telecommunications interceptions regime currently before a joint parliamentary intelligence and security committee. It has come to light that last December privacy consultants Information Integrity Solutions (IIS) advised Attorney-General cola Roxon that some internet companies subject to the new laws may not have the capability to adequately protect the data. Some may also struggle to understand their obligations to protect it under the proposed laws, it warned. In a report obtained under Freedom of Information, IIS advised the government to limit the data retention period to a maximum of six months in order to mitigate the risk of privacy breaches. Under the current proposal before the committee, the legislation anticipates retaining the data for up to two years. [Source] See also: [Ukraine: New Liability For Company Officials]                                   

SA – Personal Information Bill Referred Back to Parliament

The Protection of Personal Information Bill has been referred back to Parliament for a second reading and further debate. A portfolio committee on justice and constitutional development ruled unanimously in favor of the bill, which would provide a regulatory framework for the ways in which personal data may be processed. The bill is “expected to have a significant impact on the manner in which private and public bodies process personal or identifying information as it aims to protect the free flow of information” and information access while protecting privacy, the report states. One expert advised organizations to look at the bill’s various requirements and consider steps toward compliance. [Business Report 

IS – Israeli Court Upholds DPA’s Authority to Issue Market Instructions

In a detailed, 27-page decision (Admin. App. 24867-02-11 IDI Insurance v. Database Registrar), the Tel Aviv District Court recently upheld the validity of an instruction issued by the data protection regulator restricting financial institutions from using information about a third party’s attachment of their client’s account for the financial institution’s own purposes. The court held that the regulator is authorized to issue market instructions interpreting the law. The decision is likely to have far-reaching effects on the validity and weight given to a series of detailed guidance documents and market instructions published by the Israeli Law, Information and Technology Authority (“ILITA”) over the past two years. These include instructions regarding:

  •  outsourcing data processing operations;
  • requirements for user authentication when providing remote access to personal data;
  • employee screening and employment recruitment agencies; and
  • allocation of responsibility for databases between health insurers and primary health care providers

In addition, ILITA issued a draft instruction concerning the collection of data from minors; draft guidance concerning privacy in the workplace; and, perhaps most importantly, draft data security regulations which are intended to replace the currently applicable regulations that date back to 1986 (the Privacy Protection Regulations (Conditions for Data Storage and Security and Public Sector Data Sharing), 1986).

 

Privacy (US) 

US – FTC Finalizes Myspace Settlement

The Federal Trade Commission (FTC) has finalized a settlement reached in May with Myspace. The settlement requires the company to develop a data privacy program and undergo privacy audits for two decades, the report states. The FTC found that Myspace violated its privacy policy by sharing users’ personal information with third parties without first obtaining their consent. [The Hill] 

US – Next President, Congress Face Privacy Challenges: Report

Among the top technology hurdles facing the next U.S. president and Congress is consumer privacy, according to a new report. With the FTC constrained in its regulatory power and given the nation’s “patchwork of inconsistent, sector-specific laws protecting certain categories of sensitive data…the opportunity for abuse of consumer privacy is growing every day,” the report states. Advances in technology including the increasing use of facial recognition, license plate scanners and drones all present privacy challenges. In the meantime, “Congress has been dragging its feet on a baseline consumer privacy law for over a decade.” [ABC News] 

US – Domestic Surveillance During Divorce Results In Federal Privacy Lawsuits

Dan Horn reports on a case of domestic surveillance that is noteworthy for the issues it raises. If you have a right to install surveillance systems – including audio recording and monitoring online activity – in your own home and on your own devices, what rights do your spouse and visitors to your home have with respect to their privacy? Although a Cincinnati couple’s divorce is finalized, the surveillance uncovered during their divorce proceedings resulted in two federal court lawsuits involving friends and relatives, the husband’s defense attorney, and a company that manufactures the computer monitoring software. One of those suing is a man whose e-mail communications with the wife were recorded without his knowledge or consent. [Source 

US – Obama Nominates Joshua Wright to FTC

President Obama yesterday announced the nomination of George Mason University School of Law Prof. Joshua Right to the Federal Trade Commission (FTC). If confirmed, Wright will replace Commissioner J. Thomas Rosch. Wright served as the scholar-in-residence at the FTC’s Bureau of Competition from 2007 to 2008. Wright’s academic work has focused on antitrust law, economics, consumer protection, intellectual property and contracts, the report states. The post will now require Senate confirmation. [The Hill]

 

Privacy Enhancing Technologies (PETs) 

WW – Cloudnymous Launches Cloud-Based Privacy Cloak

Startup Cloudnymous has launched a new cloud-based anonymous VPN service which lets users access any restricted or censored website. As customer data is spread evenly across the cloud, even if a server is brought down, customer data cannot easily be retrieved. The cloud-based VPN service offers “true” anonymity and protection of the user’s data through strong encryption protocols, according to the firm — and may be of particular interest to those trying to circumvent location-based restrictions online. “Cloudnymous is perfect for U.S. visitors who want to watch Hulu or listen Pandora overseas, to Asian users wanting to open public sites restricted by local laws and simply for those who want to keep privacy while surfing the Internet”, said the company. The service is based on a ‘pay per use’ system. There are no contracts; instead, users can pay $0.15 for daily paid servers, $4.95 for monthly paid servers and $0.15 per GB for traffic paid servers. Users can choose the point where the traffic “originates” from — for example, an American or European address, which would in theory circumvent blocks on services including Facebook, Skype and Pandora. According to Cloudnymous, the only logs kept on traffic flow are connection start and end times, and the amount of traffic. Names or addresses are not required to sign up — and all website, VPN traffic and internal communication is encrypted. [Source]

 

Security

UK – GCHQ Chooses Top 20 Security Controls for Businesses

The UK’s GCHQ is introducing a new program to help British businesses protect their computer systems from attacks. The program is called Cyber Security for Business and was launched on Wednesday, September 5. This marks the first time that intelligence services in the UK will be working directly with private sector organizations to help better their cybersecurity stance. GCHQ has created a guide titled Top 20 Critical Controls for Effective Cyber Defence, which is aimed at helping organizations reduce the risk of cyberthreats and prevent or deter most attacks. GCHQ director Iain Lobban says the approach will “make the bad guys’ job harder and won’t cost a fortune.” [v3] [Telegraph] [The Independent] [The Register] [SCMagazine] 

WW – Cyber Security Budgets Grow While IT Budgets Stagnate

Security budgets appear to be comparatively safeguarded, growing 8% to $60 billion in 2012, reaching $86bn by 2016.  At the same time IT budgets are relatively flat, according to Gartner. [SecurityWeek] [The Register]

 

Smart Cards 

UK – Researchers Find Flaw in Chip-and-PIN

Researchers at Cambridge University say that criminals have been exploiting certain flaws in the chip-and-pin system meant to prevent payment card fraud at ATMs and point-of-sale terminals. Chip-and-PIN, also known as EMV, relies in an embedded chip that encodes card information; payment cards are authenticated by ATMs or payment devices computing several pieces of data, including an “unpredictable number.” But the researchers have found that certain ATMs and payment terminals use incremental numbers rather than random ones. The research was prompted by a rash of reported thefts from European bank card users; the banks refused to refund their losses because they maintained that EMV made the type of fraud they were talking about impossible. The researchers suspected that the thieves had devised a way to predict the “unpredictable” numbers. [Krebs] [Research Paper]

 

Surveillance

US – Gov’t Report Questions How Privacy Applies to Drones

A report released by the Congressional Research Service last week questions government use of drones for surveillance. The Federal Aviation Administration anticipates 30,000 commercial and government drones flying U.S. skies within the next 20 years. The Supreme Court has ruled police may gather surveillance by flying planes and helicopters over homes because the areas are in public view. But the researchers say courts could decide drones are more privacy invasive; their ability to hover and remain in the air longer “may sway a court’s determination of whether certain types of warrantless drone surveillance are compatible with the Fourth Amendment,” the report states. Several lawmakers have introduced drone bills. [The Hill] [CRS Report: Drones in Domestic Surveillance Operations: Fourth Amendment Implications and Legislative Responses] [Congress report warns: drones will track faces from the sky]

 

US Government Programs 

White House Circulating Draft Cybersecurity Executive Order

A draft executive order on cybersecurity is being circulated by the Obama administration. The draft has been sent to various federal agencies for feedback and would formulate a voluntary system for firms operating critical infrastructure to adhere to government-backed cybersecurity best practices and standards, the report states. The executive order builds off part of Sen. Joe Lieberman’s (I-CT) cybersecurity legislation from earlier this year. According to the report, the order is also subject to change, and it is not yet clear if it will get final approval from the president. [The Hill] [White House draft cyber order promotes voluntary critical infrastructure protections] 

US – ‘Zombies Are Coming!’ U.S. Homeland Security Department Warns

Tongue firmly in cheek, the government urged citizens to prepare for a zombie apocalypse, part of a public health campaign to encourage better preparation for genuine disasters and emergencies. The theory: If you’re prepared for a zombie attack, the same preparations will help you during a hurricane, pandemic, earthquake or terrorist attack. The federal Centers for Disease Control and Prevention last year first launched a zombie apocalypse social media campaign for the same purposes. Among the government’s recommendations were having an emergency evacuation plan and a change of clothes, plus keeping on hand fresh water, extra medications and emergency flashlights. A few suggestions tracked closely with some of the 33 rules for dealing with zombies popularized in the 2009 movie Zombieland, which included “always carry a change of underwear” and “when in doubt, know your way out.” [Source]

 

US Legislation

US – House Approves Reauthorization of FISA Amendments Act

The US House of Representatives has voted to reauthorize the 2008 FISA Amendments Act, a law that “allows a secret national security court to approve the interception of communications in and out of the US among groups of people of interest to intelligence agencies.” While the law requires that any data collected “incidentally” are subject to rules that hides the individual’s identity and limits the use of the information, one congressman observed, “the enforcement of this provision is itself shrouded in secrecy, making the potential for abuse substantial and any remedy unlikely.” And Cato Institute analyst Julian Sanchez notes that the breadth of power that FISA allows is similar to the “general warrants” used by agents of the crown in the colonial era, prompting the adoption of the Fourth Amendment rights against unlawful search and seizure. The bill now goes to the Senate. [Washington Post] [WIRED] [Ars Technica] [NextGov] [The Washington Post]  

US – Markey Introduces Mobile Device Privacy Act

A new bill has been proposed by Rep. Ed Markey (D-MA) to “require mobile phone makers, network providers and application developers to disclose to customers any monitoring software installed on their mobile devices.” The Mobile Device Privacy Act, which Markey introduced this week, would also require permission from customers before their mobile devices could be monitored. “Apps very commonly access our sensitive information—our location, our photos, web browsing, history. Apps often do this without prior notice and even when the app isn’t actively being used,” Markey said, adding reports of such tracking have created a “significant societal issue that has to be discussed.” Software and technology groups, meanwhile, are saying legislation is not the answer, the report states. [IDG News] 

US – Senate Judiciary Geared to Revamp ECPA, VPPA

The Senate Judiciary Committee has said it will work on an update of the Video Privacy Protection Act and attach provisions to amend portions of the Electronic Communications Privacy Act. Judiciary Committee Chairman Patrick Leahy (D-VT) said in a statement, “When Congress first enacted these laws almost three decades ago, e-mail was still a novelty and most Americans viewed movies at home on VHS tapes rented at their local video store,” adding, “The explosion of cloud computing, social networking sites, video streaming and other new technologies in the years since require that Congress take action to bring our privacy laws into the digital age.” [NationalJournal]

US – FTC Extends Comment Deadline for COPPA Reforms

The Federal Trade Commission has extended to Sept. 24 the deadline to comment on proposed modifications to the Children’s Online Privacy Protection Rule, which gives parents control over what information Web sites and online services may collect from children under 12. Go to: https://ftcpublic comments

 

Workplace Privacy

IS – Draft Guidance Issued on Personal Data Protection in the Workplace

The data protection authority in Israel (ILITA) has provided draft guidance on privacy in the workplace (April 2012). Summary: Employers’ increasing collection of employee personal information throughout employment requires the application of information privacy principles in the workplace; informed consent, specified purpose, proportionality, transparency, purpose limitation, confidentiality and security, obligations related to outsourcing, and access and correction. [Source] 

US – Plaintiff Has to Turn Over Emotional Social Media Content In Employment Lawsuit

“Plaintiff sued her former employer for discrimination and emotional distress. In discovery, defendant employer sought from plaintiff all of her social media content that revealed her “emotion, feeling, or mental state,” or related to “events that could be reasonably expected to produce a significant emotion, feeling, or mental state.”“ The case is Robinson v. Jones Lang LaSalle Americas, Inc., 2012 WL 3763545 (D.Or. August 29, 2012), and the outcome is no surprise at this point. If you make a claim in court, expect the defendant’s lawyers to seek your social media content in discovery. Read more on InternetCases [Source]

 

+++

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: