09-15 January 2016

 

Biometrics

CA – Candid Facial-Recognition Cameras to Watch for Terrorists at Border

Canada’s border agency plans to compare images of people arriving in the country with photographs of suspects on watchlists to keep out alleged terrorists and other criminals. In his recently released annual report, privacy commissioner Daniel Therrien says his office provided advice on the potential pitfalls, including the possibility of “false positives” that could result in unnecessary secondary screening for travellers. The office also urged the border agency to assess the risks of using such technology, including issues that might arise during testing phases. [Source]

US – Court rules Shutterfly May Have Violated Privacy by Scanning Face Photos

A US federal judge has denied a motion to dismiss a civil case against photo-sharing site Shutterfly that claims the company violated users’ privacy by collecting and scanning face geometries from uploaded images without consent. The first of its kind ruling could open the door to future class-action lawsuits against Shutterfly and other social networks that use facial recognition technology without an opt-in policy. [Source] [Court Ruling on Shutterfly Face Scans Could Spell Trouble for Facebook]

Canada

CA – Ontario Court Provides Clear Guidance on Privacy and “Tower Dumps”

The Ontario Superior Court released an important decision in R. v. Rogers & Telus, 2016 ONSC 70 which provides police and prosecutors with clear guidance on when and how they can obtain telco customer information through “tower dumps”. Tower dumps are the production of all the records of a cell phone tower at a particular time. Since your mobile phone is always communicating with at least one tower, tower dumps can tell the police who is in the vicinity of a particular location at a particular time. They are really troubling or problematic because the records overwhelmingly contain information about people who have nothing to do with the underlying investigation. [David Fraser blog] See also: [Rogers, Telus Await Landmark Ruling on Cellphone Privacy] See also: [Police sweeps of cellphone records violate privacy rights, judge rules] [Ontario court rules police orders breached cellphone users’ Charter rights] and [Why Canada’s Telecom Regulator Is Suddenly Acting More Like the Cops]

CA – Thousands Flagged by Canada’s New Air Passenger Screening System

Canada’s new security system for scrutinizing people who arrive by airplane singled out more than 2,300 passengers for closer examination during a recent three-month period, the federal border agency says. The CBSA says the travellers – flagged for possible links to terrorism or serious crime – represented a tiny fraction of the millions who flew into the country. Still, privacy and civil liberties watchdogs want to know more about the border agency’s so-called scenario-based targeting system to ensure individual rights are not being trampled. The agency has implemented the targeting system, already used by the United States, as part of Canada’s commitment to co-operate with Washington under the 2011 continental security pact known as the Beyond the Border initiative. Privacy Commissioner Daniel Therrien is pressing the border agency to explain the program’s rationale and build in safeguards to protect individual liberties. Travellers may be targeted if they fit the general attributes of a group due to traits they cannot change such as age, gender, nationality, birthplace, or racial or ethnic origin, he warns. [Source]

CA – Canada’s Military Plans to Monitor the World’s Social Media

Canada’s military wants to monitor and analyze the world’s social media streams, with 24/7 access to real-time and historical posts on websites like Twitter, Facebook, and Instagram. And they don’t want anyone knowing it’s them doing the monitoring, either. The Department of National Defence and its research wing, Defence Research and Development Canada, are in the market for a new Internet monitoring platform that can analyze and filter the daily firehose of social media posts. The platform envisioned by the military will pull from the most popular social media sites — Twitter, Facebook, YouTube, Instagram — but will also track data from a much broader range of websites. Blogs, message boards, Reddit, even the comment sections on news sites will be brought in for review and analysis by as many as 40 intelligence officers. A spokesman for DND said the platform is not intended to be directed at Canadians’ online activity, and will comply with Canadian privacy laws. [The Star]

CA – Greg Clark Demands Fresh Probe into Alberta Shred-Gate Scandal

Nearly 350 boxes of documents destroyed improperly by outgoing PC government, privacy commissioner says Calgary MLA Greg Clark says the NDP must bring in new rules and penalties. “What’s important is that the rules are clear about what can be destroyed, and when it’s destroyed and why it’s destroyed and that we have a record of it having been destroyed and what it was before it was destroyed.” [CBC News]

CA – MP McGuinty to Chair Parliamentary Committee to Monitor Spying, Security

The Liberals are planning to table legislation by June creating the first all-party committee of parliamentarians to monitor the top-secret operations of Canada’s expanding national security establishment. public opinion polling shows many Canadians want a tighter watch over spy agencies and other federal intelligence gatherers, commensurate with their extended powers under C-51. [Source] [Canada campaigners to demand public debate on controversial anti-terror law ]

CA – Goodale says Canada Must Be ‘World Leader’ in Tackling Radicalization

Public safety minister promises more money for RCMP to fight home-grown extremism Responding to questions about recent media reports about children and others erroneously tagged on the no-fly list and flagged as national security risks, Goodale said existing regulations do not require secondary screening for children under 18 years of age. Airlines may be “going beyond what they are required to do,” he said. “They may have been misinformed or confused about the application of the rules.” Goodale also provided more details on ways the government could strengthen the no-fly list to ensure children aren’t erroneously barred from flights or subject to secondary screening. [Source] [Government may take extra steps to examine security agencies: Goodale]

CA – Pilot Project Has Victoria Buses Equipped With Audio Security

B.C. Transit has added audio security equipment to 109 buses already equipped with security cameras, all part of a pilot project to see how much the safety of operators and passengers can be improved by such devices. As of Monday, the audio will always be on in the operator’s compartment, at least until April, when the one-year $400,000 pilot project concludes. All but 25 of the buses are in Victoria; the remainder are in Kamloops. The change means that Transit conversations between the operator and a passenger will be recorded. “The audio recording is always on, just like the camera system, from the time the bus turns on until it is off. If there is an incident, the operators push a ‘tag’ button, which allow us to find it and download it after an incident.” As well as audio coming onstream, Monday marked the activation of two external side-mounted cameras on 13 buses in the Victoria fleet. Officials from the BC OIPC have talked to Transit security staff about surveillance concerns, but nothing has changed since commissioner Elizabeth Denham raised concerns in April. [Times Colonist] See also: [CA – The thorny issue of retention periods – Insurers Beware]

Consumer

US – Majority of Parents Monitor Their Teens’ Digital Activity

The Pew Research Center surveyed parents of 13 to 17-year-olds and found that they’re taking a range of steps to keep track of their kids’ online lives and to encourage them to use technology appropriately and responsibly. [Source]

US – Americans Would Trade Privacy for Safety: Pew Study

When it comes to coaxing personal information out of Americans, a Pew Research Center report found certain factors, like safety, lead to greater acceptance than cost savings can. It turns out that the tipping-point issues in balancing these privacy concerns include: how valuable the benefit survey participants will receive is in return for their personal information, how they view the company or organization that is collecting the data, the length of time that the data is retained, and what is done with this data once it is collected. [Source]

WW – Lack of Trust Deters More Than a Third of Mobile Users From App Use

AVG Technologies and MEF’s global 2016 MEF Global Consumer Trust Report found that more than 36% of consumers have either procrastinated or eschewed some mobile apps altogether due to the privacy concerns the tools raise. This is the fourth consecutive year that concerns of this nature took the study’s top spot. “The data confirms what we know to be true: lack of trust is increasingly becoming a barrier to the use and proliferation of mobile apps,” said AVG’s Harvey Anderson. “One of the most interesting findings was that almost half of the consumers surveyed worldwide were willing to pay more for privacy-friendly apps that ensure that the data collected is not shared with third parties,” he added. [eWeek]

E-Government

US – Contractors Must Ensure Adherence to DoD Interim Order on Cloud Computing and Sub-contracting

Government contractors must undertake to comply with the Department of Defense’s interim rules from August 2015 (cloud computing) and October 2015 (supply chain). Government contractors should ensure that the physical storage location of cloud services is within the United States or outlying areas of the United States, its employees, as well as employees of subcontractors, are aware of and bound by appropriate confidentiality obligations, implement a reasoned process to establish and verify suppliers under covered contracts as “trusted suppliers” (take steps to replace those that are unable to qualify). [Security Developments for Government Contractors – Squire Patton Boggs] See also: [Amazon Will Open First Cloud Data Storage Centers in Canada]

E-Mail

US – Yahoo Agrees to Settle Email Privacy Suit

Yahoo! has agreed to settle a class action challenging the way the company analyzes email messages to serve targeted ads to users of its popular Yahoo Mail service. The deal would settle claims brought on behalf of non-Yahoo subscribers who claimed their messages were intercepted, scanned and stored as part of communications with Yahoo Mail users. The settlement is subject to approval from U.S. District Court Judge Lucy Koh who has been overseeing In re Yahoo Mail Litigation, 13-4980. The proposed settlement doesn’t include a cash payout to class members. However, the company has pledged to make changes to its privacy disclosures and the architecture of its email system. [The Recorder]

Electronic Records

WW – Survey: Credential Theft, Alert Volumes Top List of Concerns

A survey from Rapid7 asked nearly 300 security professionals worldwide to list their top security concerns. 90% of respondents said they are worried about compromised credentials; 60% said they are unable to detect such attacks. 62% of respondents said that their organizations receive more security alerts than they can manage. [The 2015 Incident Detection and Response Survey] [CSO Online] [eWeek]

Encryption

WW – 200 Experts Oppose Backdoors for Encryption

A group of 200 experts have urged the world’s governments not to introduce backdoors into encryption products in an open letter posted this week. echoing sentiments expressed by the Dutch government in a formal position on encryption that was published last week,. The letter addresses itself to “the leaders of the world’s governments” and urges them to support encryption as a way to “protect the security of your citizens, your economy, and your government.” The letter ends with a five-point argument that government should:

  • Not limit access to encryption
  • Not mandate backdoors
  • Not require that third parties have access to encryption keys
  • Not try to weaken encryption standards

Not pressure companies into breaking any of the previous four points [The Register] See also: [French government rejects crypto backdoors as “the wrong solution” ]

US – Juniper Networks Will Replace Questionable Components from its Products

Juniper Networks says it will remove code developed by the NSA from its firewall products. The code was found to silently decrypt traffic sent through virtual private networks. Juniper plans to replace a cryptography component in its ScreenOS operating system. [ArsTechnica] [Wired] [eWeek] [Juniper.net]

US – FTC Fines Encryption Software Company $250,000

Henry Schein Practices Solutions, Inc. has agreed to settle FTC charges that it misled customers about encryption of patient data. An FTC agreement (in effect for 20 years) resolves complaints that a software company deceptively claimed that its product provided industry-standard encryption of sensitive patient information as required by the Health Insurance Portability and Accountability Act; the company is required to notify all affected customers within 60 days, establish a toll free number and email address to respond to inquiries, and provide customer information to enable the FTC to administer consumer redress. [FTC In the Matter of Henry Schein Practices Solutions Inc – Agreement Containing Consent Order]

US – Interior Department IG Finds Laptop Encryption Ineffective

According to an advisory from the US Interior Department’s Deputy Inspector General, misconfigured software on nearly 15,000 department laptops could lead to data theft. Although the full-disk encryption software was initially configured to run pre-boot authentication, settings have been altered so the computers run post-boot authentication, making the data on the systems vulnerable to a specific attack. The advisory recommends that Interior’s CIO “mandate the use of pre-boot authentication on all laptops and implement a monitoring and enforcement program that mitigates noncompliant systems.” [Desert News] [FedScoop] [DOI IG Report] See also: [Ransomware Evolution: Another Brick in the CryptoWall]

EU Developments

UK – Tougher Sentencing Powers Needed to Deter Data Thieves, Says ICO

The UK information commissioner Christopher Graham has called for stronger sentencing powers for people convicted of stealing personal data, after a woman who sold 28,000 pieces of sensitive driver data was fined just £1,000. [The Guardian] [UK privacy watchdog wants to be able to send data thieves to prison: Resumes campaign for new powers] SEE ALSO: [Journalists warned that ‘snoopers’ charter’ bill is part of ‘no privacy for us, no scrutiny for them’ Government strategy] [“UK doesn’t do mass surveillance,” claims Theresa May in bid for new Snooper’s Charter. End-to-end crypto is fine, apparently, but information must be “readable.“ Hmm] [ICO Questions Data Retention Plans Under Snoopers’ Charter Draft] [Here are the warnings from Facebook, Google, other firms about Britain’s proposed “mass surveillance” law] [U.S. Tech Giants Join Forces Against U.K. Spying Plans] [Tech giants call on UK government to ensure new surveillance laws are ‘jurisdictionally bounded’]

EU – EDPS Issues Recommendations for EU Communications Data

The European Data Protection Supervisor has issued guidelines for processing of the following categories of electronic communications data (“eCommunications) for EU Institutions: telephone; email; and internet. Key recommendations include defining the content and conservation period of security logs, ensuring generated statistics are anonymous, informing staff and callers of possible recordings before they happen; ensure covert monitoring of employees undergoes a prior check, has a compelling justification and includes a register of all authorisations and instances of monitoring. [EDPS – Guidelines on Personal Data and Electronic Communications in EU Institutions]

FOI

US – The NSA Said It Needs 4 Years to Answer a FOIA About a Coloring Book

Since at least 2005, the NSA has employed a cast of cartoon cats, squirrels, turtles, and other woodland creatures who like to encourage children to pursue the politically important subject of cryptography and perhaps eventually a job in national security. Crypto Cat and crew espouse many virtues, but “transparency” and “timeliness,” do not appear to be among them. [Source]

CA – BC Judge rules to Open Secret Terror Hearing

B.C. Supreme Court Justice Catherine Bruce ruled that it is possible to protect the privacy and safety of a Canadian Security Intelligence Service source without the need to keep a hearing entirely confidential in connection to the investigation of John Nuttall and Amanda Korody. The fundamental principle of open court means that in-camera hearings should only be used as a last resort when other security measures won’t work, Bruce said in her ruling. “I find there is scope for a more limited order than was originally proposed.” [Source]

US – Librarians Purge User Data to Protect Privacy

US libraries are doing something even the most security-conscious private firm would never dream of: deleting sensitive information in order to protect users. Multiple librarians have pushed back against “national security letters” that would do just that in the name of public safety – a dangerous order to resist, since those letters include a gag order. But in 2005, when the FBI served a national security letter to Connecticut’s Library Connection demanding reading records and hard drives, the librarians resisted with such force that the government capitulated. The American Library Association had their backs, resolving unanimously to “condemn the use of National Security Letters to demand any library records”. [Source]

Health / Medical

US – HHS Unveils New Tools to Help Patients Understand HIPPA Privacy Rules

Federal agency says people too often face obstacles to accessing their health information. “Unfortunately, based on recent studies and our own enforcement experience, far too often individuals face obstacles to accessing their health information, even from entities required to comply with the HIPAA Privacy Rule,” Jocelyn Samuels, HHS director of the Office for Civil Rights wrote. “This must change.” [Source]

UK – NHS-Backed Health Apps ‘Riddled With Security Flaws’

All of the NHS-approved apps audited by a private firm lacked binary protection against code tampering, and most also lacked adequate protection in the transport layer. Flaws also emerged in FDA-approved health apps in use in the US. Arxan found at least two of the Open Web Application Security Project (OWASP) Mobile Top 10 Risks in 90 per cent of the 126 apps investigated. More than 80% of the health apps tested that were approved by the US FDA or the UK NHS were also found to have at least two of the OWASP Mobile Top 10 Risks. The findings are part of Arxan’s 5th Annual State of Application Security Report, which this year focused on healthcare and finance apps. The upshot is that mobile health apps approved by regulatory/governing bodies are nearly as vulnerable as other mobile apps. [Source]

Horror Stories

CA – Halifax Man Finds Apparent Military Hard Drive at Recycling Depot

A 30 G hard drive found at a recycling depot that a Halifax man says contains personal information including the names and numbers of defence personnel has been taken by the military. Pete Stevens said he recovered about 10 G of data from the 30 G hard drive, including 6,000 photos, spreadsheets with the names and numbers of military personnel and their families, and completed applications for security clearance. [CTV News] [CBC: Canadian military investigating after hard drive found at recycling depot]

CA – Sask RN in Deep Over Facebook Posts About Her Granddad

A Prince Albert nurse could be disciplined for writing a Facebook post about the “subpar care” her grandfather received in a Macklin hospital. A registered nurse at St. Joseph’s reported the comments to the Saskatchewan Registered Nurses’ Association (SRNA), the provincial body that regulates nurses. The SRNA charged Strom with professional misconduct. It’s the first time the association has laid such charges against a member for comments made on social media. The SRNA argues Strom violated the provincial Health Information Protection Act by disclosing her grandfather’s confidential health information online, failed to raise her concerns with the appropriate people and tarnished the reputations of St. Joseph’s and its staff. Because Strom identified herself as a registered nurse in her post, she “engage(d) the professional image of registered nurses in general as well as (her) personal professional obligations,” SRNA said in the hearing notice. Strom said she was “shocked” by the charges. “What worries me about this is: Is this going to hinder future family members, who just happen to be health-care workers, from advocating for their family members for fear of retribution from the SRNA?” she asked. “It bothers me.” [Saskatoon StarPhoenix] [Editorial: Questionable case of misconduct] [CBC: Facebook post leaves Prince Albert, Sask. nurse charged with professional misconduct]

Identity Issues

CA – Manitoba Government Approves All-In-One Personal Identification Card

Manitobans will soon have access to an all-in-one personal identification card (PIC). The PIC will integrate a person’s health identification number (PHIN) onto the back of driver’s licences and photo identification cards, which are expected to be issued starting in the fall of 2017, and will be authenticated using industry-proven policies, procedures and practices currently in place at Manitoba Public Insurance. Manitoba Public Insurance already issues photo identification to approximately 92% of health card holders. Anyone who requires a Manitoba Health Card will transition to a new PIC at no charge. Manitoba Public Insurance launched a comprehensive, five-week public and stakeholder consultation process last August. More than 4,000 Manitobans and 29 stakeholder organizations provided input. The full consultation report is available for viewing on the MPI website at www.mpi.mb.ca. [Source]

Online Privacy

EU – German Court Calls Facebook’s Find-a-Friend Function Illegal

A German court has ruled that Facebook Inc.’s current find-a-friend function is illegal, labeling it an unacceptable and intrusive form of advertising. The decision by the Federal Court of Justice this week upholds a previous ruling by a lower court against Facebook, which has faced a number of legal disputes in Europe regarding privacy protection. Facebook’s find-a-friend function accesses users’ email address books and sends invitations to contacts who aren’t yet members of the social-network site. [WSJ]

Privacy (US)

US – Patients Can Sue for Data Breach Based on Data Exposure Alone: Court

A Massachusetts Superior Court judge held that a plaintiff has standing to sue for money damages based on the mere exposure of plaintiff’s private information in an alleged data breach. The court concluded that the plaintiff had pleaded a “real and immediate risk” of injury despite failing to allege that any unauthorized persons had even seen or accessed that information.  This decision is significant for several reasons. First, the case represents a comparatively lax approach to standing, in which alleging the mere exposure of information with the potential for access and misuse by unauthorized persons pleads sufficient injury to establish standing and survive a motion to dismiss. In contrast, in Clapper, the U.S. Supreme Court held that plaintiffs who alleged that the NSA actually had access to their private telephone and email conversations through its surveillance program still lacked Article III standing to sue based on the theory that their communications would be obtained at some future point. In other words, the threat of future injury was insufficient to support Article III standing even where access, not just exposure, to private information was actually alleged. 113 S. Ct. 1138, 1143 (2013). [Source] See also: [US – The new way police are surveilling citizens: Calculating their threat ‘score’]

Security

EU – Companies Unprepared for EU GDPR: Study

IT governance & technology deficiencies impede organizations from complying with “Right to be Forgotten” & EU GDPR By 2018. Although 46% of global organizations received customer requests to remove data in last 12 months, 41% lack defined processes, documentation and technology, according to Blancco Technology Group study. Key corporate security trends that surfaced from the study include: Awareness of GDPR is high (48%) among global IT professionals, but their level of preparation is much lower. 40% admit to being less than fully prepared – with 16% still needing to find the right data removal software, 9% uncertain of how and where to start, and finally, 15% not even knowing if they are prepared. Lack of documentation, processes and tools increases the likelihood of GDPR violations. 60% of the surveyed IT professionals stated that it would take their organisation up to 12 months to implement the necessary IT processes and tools to pass a “right to be forgotten” audit, while 25% do not know how long it would take. Data erasure software (48%) tops the list of the most valuable type of technology to ensure GDPR compliance, followed by encryption key removal tools (26%) and malware removal tools (10%). IT professionals inside and outside of Europe (65%) are keen to implement data protection laws similar to the framework of EU GDPR. [Security News]

US – PCI SSC Explains How to Respond to a Data Breach

Recently, the Payment Card Industry Security Standards Council (PCI SSC) published a three-page guide titled “Responding to a Data Breach” that articulates its position on the correct response to a security incident at a merchant location where the attack exposed cardholder data. The guidance also highlights some of the difficulties in developing proper response procedures, specifically the challenges in mapping out complete, thorough procedures that actually hold up under the stress of an actual incident. [Privacy Advisor]

WW – Known Vulnerabilities Cause 44% of All Data Breaches: Study

Most IT experts are well aware of the need to patch vulnerabilities in their systems as soon as possible, but despite this, known security issues remain the leading cause of corporate data loss and production downtime in the enterprise. That’s the biggest finding of BMC Software Inc.’s latest security survey, The Game Plan for Closing the SecondOps Gap. The report, which was conducted by Forbes Insights on behalf of BMC and surveyed more than 300 C-level executives from U.S. and European firms, found that known vulnerabilities are the leading cause of data breaches, accounting for 44 percent of all such incidents. [Source]

Surveillance

US – New York to Appoint Civilian to Monitor Police’s Counterterrorism Activity

The NY City mayor will appoint an independent civilian to monitor the New York Police Department’s counterterrorism activities, as they moved to settle a pair of lawsuits over surveillance targeting Muslims in the decade after the Sept. 11 attacks. With the settlement, the surveillance of Muslims becomes a chapter in the long history of controversial police tactics in New York. [New York Times]

EU – Belgian DPA Requests Opinion of US Surveillance Laws Under Schrems

The European Court of Justice (ECJ) failed to take into account numerous changes in U.S. surveillance practices when it invalidated the Safe Harbor program in the Schrems case, according to a report by Prof. Peter Swire. The Schrems decision reflected a “serious misunderstanding of U.S. national security law,” the report concluded. Swire finds that the U.S. legal order as related to privacy and surveillance is:

  • “essentially equivalent” to the EU’s,
  • that the ECJ came to the wrong conclusion regarding section 702 of the PRISM program, and
  • that the decision neglected the two dozen significant reforms the U.S. has made to its surveillance practice since 2013.

The Belgian Privacy Authority requested that the report answer two questions for a forum on the Schrems decision that it hosted:

  1. Is U.S. surveillance law fundamentally compatible with EU data protection law?
  2. What actions and reforms has the U.S. taken since Edward Snowden’s revelations of U.S. government surveillance began in June 2013? [More at BNA.com]

US – Why the Non-Malicious Insider Is Quickly Becoming a Huge Threat

Despite the steadily increasing number of enterprises adopting security software, which has proved important in enabling companies to more successfully secure and track sensitive data, there is a big missing link to tie all of these efforts together: employee education. According to a recent survey we conducted with CoSoSys customers, 35% of enterprise employees think that data security is not their responsibility. This is a serious issue when you consider that 70% of these employees have access to and use confidential company files. Additionally, 60% don’t even know which files are confidential or not. When you add disgruntled or recently fired employees whose system access had not yet been revoked to the mix, companies are leaving themselves open to a potentially devastating breach. [Source]

US Government Programs

US – New Student Database Slammed by Privacy Experts

The U.S. Education Department’s new planned system of records that will collect detailed data on thousands of students — and transfer records to private contractors — is being slammed by experts who say there are not adequate privacy safeguards embedded in the project. The non-profit Electronic Privacy Information Center, or EPIC, told the department in a January 2016 formal complaint that its new system of records for the “Impact Evaluation of Data-Driven Instruction Professional Development for Teachers” violates the Privacy Act by: (1) collecting irrelevant and unnecessary information and (2) not clearly stating the purpose of the proposed routine use disclosures. [Washington Post] [The astonishing amount of data being collected about your children]

US – Report: Feds Leave 42% of Cybersecurity Recommendations Undone

The Government Accountability Office discovered that out of its 2,000 recommendations on cybersecurity for federal agencies in the past six years, 840 remain undone, for a completion rate of 58%. This number contrasts greatly with the average completion rate for general recommendations of 80%. “Implementing this and other outstanding recommendations could better protect federal data and federal agencies’ responses to cyberattacks and data breaches,” the agency wrote in a blog post. [FedTech]

US Legislation

US – House Passes Substantial FOIA Reforms

Congress has passed the FOIA Oversight and Implementation Act, H.R. 653, which would limit exemptions that allow agencies to withhold public records, create an online portal for FOIA requests, and require agencies to post frequently requested documents. Open government advocates and members of Congress have criticized federal agencies for lax compliance with the Freedom of Information Act. The House Oversight Committee concluded that “[e]xcessive delays and redactions” have undermined the Act.” The FOIA Ombudsman criticized the Transportation Security Administration for its “weak management” and lack of a “FOIA tracking system.” EPIC has pursued many FOIA cases.EPIC and a coalition previously urged President Obama to strengthen the FOIA by committing to a “presumption of openness” and narrowing the use of FOIA exemptions. [Source]

Workplace Privacy

EU – EDPS Issues Guidelines on Work-Related Use of Mobile Devices

The European Data Protection Supervisor issues guidelines on protection of personal data in mobile devices (“devices”). The guideline examines risks for personal data processed on mobile devices (leakage of personal data and compromised credentials), applicable procedures for lifecycle management of devices (i.e. mobile device inventory and asset disposal), and necessary security measures, such as remote wipe and lock, user and application access restriction, secure logs and audit trails, full disk encryption, and application whitelists and blacklists. [EDPS – Guidelines on the Protection of Personal Data in Mobile Devices Used by European Institutions]

 

+++

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: