19-26 May 2016


WW – Google’s Biometric Tool Aims to Kill Password Logins

A new Google feature could spell the end for password logins. Trust API will be tested at “several very large financial institutions” in June, said Google’s Daniel Kaufman. Google’s new service looks to use multiple indicators to create one viable identifier. Trust API will use biometrics in its mission to eliminate passwords, including shaping a user’s face and voice patterns, to how a user moves and types and how they swipe on the screen. “Biometric authentication is a powerful enabler, allowing businesses smart enough to deploy it to significantly increase rates of registration, gaining data and insight about their customers, while also increasing customer security,” said Richard Lack from customer identity management firm Gigya. “This is a win-win scenario which sounds the death-knell for awkward and insecure passwords sooner than we may imagine.” [The Guardian] [Can Google replace passwords by tracking you more thoroughly?]

WW – ‘Faception’ Tech Can Determine Terrorists from Just a Face Scan

Israeli startup and facial recognition company Faception says a homeland security agency has hired it to help discover terrorists. The company says its technology is so precise it can identify “great poker players to extroverts, pedophiles, geniuses and white collar-criminals,” just from a face scan. The tech is not without critics. “Can I predict that you’re an ax murderer by looking at your face and therefore should I arrest you?” said the University of Washington’s Pedro Domingos. “You can see how this would be controversial.” Meanwhile, advertising company Mattersight Corporation will start using publicly available facial data from avenues like YouTube and Vine to gather personality profiles. [Washington Post] [ComputerWorld]

Big Data

US – Big Data: White House Issues Report on Primary Challenges and Opportunities

The Executive Office of the President has issued a report on Big Data that examines:

  • instances where big data methods and systems are being used in the public and private sectors in order to illustrate the potential for positive and negative outcomes; and
  • the extent to which “equal opportunity by design” safeguards may help address harms.

The primary challenges of Big Data are inputs to an algorithm (e.g. poorly selected data, incomplete/incorrect or outdated data, selection bias, and unintentional perpetuation/promotion of historical biases), and the design of algorithmic systems and machine learning (e.g. poorly designed matching systems, personalization and recommendation services that narrow user options, decision-making systems that assume correlation implies causation, and data sets that lack information or disproportionately represent certain populations). [Big Data: A Report on Algorithmic Systems, Opportunity, and Civil Rights – Executive Office of the President: Press Release | Report]


CA – New Recommendations for British Columbia’s FIPPA

Timothy Banks writes about the report tabled this month by the special committee appointed to review the B.C. Freedom of Information and Protection of Privacy Act. The committee made 39 recommendations to the legislature, several of which, if accepted, “would provide needed updates to improve public sector transparency. Regrettably, however, the committee has recommended that the legislature retain the controversial data sovereignty provisions of FIPPA that preclude transfers of personal information outside of Canada.” In this post, Banks examines four interesting recommendations made by the committee dealing with mandatory breach reporting, duty to document, data destruction, and data sovereignty. [Full Story] See also: Timothy Banks offers an analysis of Ontario’s new Health Information Protection Act and the ways it has amended the Ontario Personal Health Information Protection Act, 2004]

CA – Alberta Premier Rebuts Privacy Concerns Over Carbon Tax Law

Premier Rachel Notley is dismissing opposition accusations that her NDP government’s carbon tax bill contains invasive and arbitrary rules on search and seizure. …Under Bill 20, officials who believe there are breaches of the levy can get a search warrant to go on properties, check fuel tanks, vehicles, buildings and computer hard drives. If they feel that someone is at immediate risk of harm or evidence might be destroyed they can proceed without a search warrant, but a search warrant or the owner’s permission is needed to get into someone’s home. [The Canadian Press]

CA – NS Government to Consider Mental Health Care Improvements

Premier Stephen McNeil and other Nova Scotian liberal politicians will investigate whether the province’s privacy laws are preventing youths with mental illnesses from receiving proper care. During a recent news conference on the matter, Carolyn Fox described how health care privacy laws prevented doctors from alerting her about her daughter’s three hospital visits, knowledge of which she felt could have prevented her daughter’s January suicide. “Because of the privacy law I was not contacted,” Fox said. There were “no red flags as to say this girl has been here three times, released, and told she was fine. This is not acceptable.” McNeil agreed. He acknowledged, however, that there was “a whole host of issues” accompanying revisiting notification protocol, “not the least of which is the breaching of someone’s privacy,” he said. [CBC News]

CA – Newfoundland Supreme Court Finds General Warrant Can Be Used to Retrieve Historical Text Messages

The Supreme Court of Newfoundland and Labrador considers whether authorisation under the Criminal Code is necessary prior to search of a cellphone’s historical data. An individual argued that police unlawfully searched his mobile phone because a general warrant was obtained for the search (which does not authorize interception of private communications); although his text messages qualify as a private communication, retrieval of prior stored messages does not qualify as an interception (messages would not be retrieved in the course of the communication process). [Her Majesty the Queen v. Rex Rideout – Supreme Court of Newfoundland and Labrador – 2016 CanLII 24896]

CA – Courts & Privacy Issues Around Production of Text Messages

There can be no doubt that text messages are normally producible under any rules of civil procedure, if they are relevant to the issues set out in the pleadings of an action and are only between the parties in the litigation. But in any number of types of civil proceedings there are surely many other relevant texts in which either the sender or receiver are not a party to the litigation, or are texts that have been intercepted by someone not a sender, or receiver, of that text. Whether production of those texts is subject to some scrutiny regarding privacy rights is an open question. While production of some of these types of texts might be sanctioned by way of a motion for third-party production, the more immediate question for a plaintiff, or defendant, in a civil proceeding is whether or not to initially produce such a text without breaching an expectation of privacy and privacy rights of a non-party. [The Lawyers Weekly Canada]


UK – Two-Thirds of Brits think Snooper’s Charter Extracts Are from Dystopian Fiction: Research

Research from popular VPN service, HideMyAss, has revealed that when presented with extracts from the [Investigatory Power Bill, also known as the Snooper’s Charter], two-thirds of Brits thought it was from dystopian fiction …On average, one in five of those (20%) suspected the quotes derived from George Orwell’s 1984, one in ten (10%) thought they were from Enemy of the State, and 7% believed the quotes were from The Hunger Games. What’s more, 8% of those polled even believed the quotes were from North Korean propaganda. [Source]

NO – Consumer Council Hosting Live-Streamed Reading of Privacy Policies

The Norwegian Consumer Council will livestream a reading of the terms of service and privacy policies from apps on an average mobile phone. The NCC predicts the event, featuring 33 apps in total, will take more than 24 hours, “as the combined texts are longer than the New Testament,” the report states. “The current state of terms and conditions for digital services is bordering on the absurd,” said Norwegian Consumer Council Digital Policy Director Finn Myrstad. “Their scope, length and complexity mean it is virtually impossible to make good and informed decisions.” The agency hopes the event will highlight the inapproachability of long policies, the report states. [Fortune]


US – Tech Companies Urge Senate to Pass Email Privacy Act Without Changes

As the Senate Judiciary Committee plans to examine, and possibly change, the Email Privacy Act, a group of 70 major tech companies are asking senators to approve the bill without any alterations. The organizations sent a letter to the Senate urging it to ratify the “carefully negotiated compromise” immediately, without any amendments added to “weaken” the bill. Signatories of the letter include Adobe, Amazon, Apple, Facebook, Google, IBM, Microsoft, and Yahoo. Despite questions about what version of the Email Privacy Act will be examined by the panel, the Senate Judiciary Committee will vote on the exact same text as the one unanimously passed by the House of Representatives. [The Hill] See also: [Email Privacy Act could face changes]


EU – Cybersecurity and Police Chiefs Reach Breakthrough Agreement on Encryption

Leaders from the EU Agency for Network and Information Security (ENISA) and Europol have reached an agreement about the legal lengths to which law enforcement groups may go to access personal information. The move is what the report calls a “surprise turn” in discussions between cybersecurity group ENISA’s Udo Helmbrecht and Europol Director Rob Wainwright. Both spoke in favor of strong encryption and stated their dual opposition to back-door encryption. “While this would give investigators lawful access in the event of serious crimes or terrorist threats, it would also increase the attack surface for malicious abuse, which, consequently, would have much wider implications for society,” they said in a statement. [EurActiv]

EU Developments

EU – Parliament Finds Privacy Shield Does Not Provide Substantial Improvements to Safe Harbour

The European Parliament issued its opinion on the EU-US Privacy Shield. The Shield does not provide an equivalent set of principles (there are no requirements for consent or data minimisation, processing for incompatible purposes is allowed, and blanket permission is given for all types of processing), allows for bulk collection of EU citizens’ personal data and communications (in breach of CJEU and ECHR judgments), and supervisory powers of the Department of Commerce, FTC and the Ombudsperson are not comparable to EU supervisory authorities. [EU Parliament – Motion for a Resolution on Transatlantic Data Flows]

EU – Privacy Seal Schemes Gradually Taking Shape in Europe

The EU is moving ever closer to having a widely recognized privacy seal scheme — or rather, several of them — for Web services. EuroPriSe is a company that spun out of the data protection authority of Germany’s Schleswig-Holstein state a few years back, with funding from the European Commission. It’s pushing to expand its scope across the EU and beyond, and last month it started offering website operators a privacy seal indicating to the world that they stick to EU data protection law. And it’s not the only player in the game. “Europe’s privacy kitemark scene may be fragmented and in its early stages, but at least the many players are talking to one another. [Full Story] See also: [Op-ed: UL certification program for IoT devices a ‘step in the right direction’ ]


US – Campaign Hopes to Inspire Congress to Better Protect Financial Data

A group of seven trade organizations have banded together to create a Stop the Data Breaches campaign. The group wants to publicize the costs of breaches for financial institutions in an effort to garner attention and legislative support from Congress, the report states. “Credit unions and other financial institutions are continuing to pay the tab for retailer data breaches, and consumers’ data remains vulnerable,” said the National Association of Federal Credit Unions’ Brad Thaler. “It’s long overdue for Congress to pass legislation ensuring that everyone has a similar mandate to keep customer data safe,” added Financial Services Roundtable’s Jason Kratovil. [Associations Now]


CA – Rogers Releases New Transparency Report

In its third annual transparency report, Rogers Communications revealed that, of the more than 86,000 requests, it refused to hand over consumer data to law enforcement 3% of the time. This is the first time one of the “Big Three” telecoms has disclosed how many times it has refused government requests for data. “It’s so that people understand that we do not just accept requests at face value,” said Rogers Chief Privacy Officer Dave Watt. “We really feel strongly about protecting customer information.” Open Media’s Laura Tribe said the report could improve, but said Rogers’ more detailed report is a “positive example,” adding, “This type of reporting is essential if we are to shed light on the government’s attempts to obtain our private information.” [Financial Post]

CA – Alberta OIPC Finds FOIP and HIA Do Not Apply When Information is Collected in an Employee’s Personal Capacity

The Office of the Alberta Information and Privacy Commissioner reviewed a decision made by a health organization to deny access to personal information. The letters collected by the employee were written specifically for her, discussed incidents that took place in the health clinic, and had a very personal tone; the applicant purposefully provided the letters in the parking lot of the clinic so he would not be handing over information as a patient to a health facility and specifically requested that the employee destroy them immediately after reading them. [OIPC Alberta – Order H2016-05/F2016-13 – Alberta Health Services]

CA – Federal Interim Directive Commits to More Open and Transparent Government

The federal government issued a request for feedback on its proposals to improve the Access to Information Act. Effective May 5, 2016, all non-application fees are waived, and requesters must generally receive information in a computer-readable format; a full review of the Act, scheduled for 2018, would incorporate these changes, ensure the Act applies to the office of Ministers and the Prime Minister, and permit the refusal of frivolous/vexatious requests. [Government Proposals to Revitalize Access to Information – Government of Canada Consultation | Interim Directive | Additional Information ]


US – Myriad Genetics Hit with ACLU Complaint to HHS

A complaint has been filed against genetic testing company Myriad Genetics, Inc. for not adhering to the requests of four patients wishing to view personal genetic information. The ACLU filed the complaint to the U.S. Department of Health and Human Services’ Office for Civil Rights, saying Myriad’s refusal to provide the information was a HIPAA violation. Despite Myriad providing the information to the patients at a later date, the ACLU will still go forward with the complaint. Myriad spokesman Ron Rogers said delivering the information was not done to prevent an ACLU complaint, and the company promises to honor future requests. “As far as we’re concerned, the matter is resolved,” Rogers said. “We think the ACLU’s claim is without merit.” [Reuters]

US – Final Rule Prohibits Employer Wellness Programs from Collecting Employee and Spousal Health Data Unless Prescribed Standards Are Met

The Equal Employment Opportunity Commission has issued final rules amending the Regulations Under the Americans With Disabilities Act (“Part 1630”), and the Genetic Information Nondiscrimination Act (“Part 1635”) – the rules are:

  • effective July 18, 2016; and
  • applicable beginning January 1, 2017.

Employers are subject to incentive limits in regards to encouraging employee participation in wellness programs (which include medical exams); no incentives are permitted in exchange for the current/past health status information of employees’ children or for specified genetic information of an employee, and an employee’s spouse and/or children.[Equal Employment Opportunity Commission – Final Rules 29 CFR Parts 1630 and 1635 – Employer Wellness Programs – Regulations Under the Americans Disabilities Act; Genetic Information Nondiscrimination Act | Press Release ] Federal Register (Regulations Under the Americans Disabilities Act; Genetic Information Nondiscrimination Act)

Health / Medical

WW – Google Health App Halted as Enforcement Agencies Examine Data Use

Streams, the health data app borne of a controversial alliance between Google’s DeepMind and the NHS Royal Free Trust, is not currently active. The app served to discover hospital patients in danger from acute kidney disease, but critics took umbrage with the amount of data the app used to deliver so specific a diagnosis, the report states. As a result, the Medicines & Healthcare Products Regulatory Agency is “in discussions” with the organizations to determine whether the app needs to be registered as a medical device, the report states. This announcement comes on the heels of the decision by the U.K. Information Commissioner’s Office to investigate a “small number of complaints” about Streams’ data use. [TechCrunch]

Horror Stories

WW – Database of 2M Mexicans’ Voter Data Found Online

A data breach researcher discovered a database of the personal information of more than 2 million Mexicans posted online. MacKeeper’s Chris Vickery, who discovered the breach, is the same researcher who recently found a similar database of 93.4 million Mexican voting records leaked online. This time, he found the new database by conducting a “random search,” the report states. After an investigation, Mexico’s voting authority confirmed the information was voting data from Sinaloa, and the data has since been taken down. “I think the sudden appearance of multiple [voter registry] databases is a symptom of giving out too many copies,” said Vickery. “I think the [voting authority] is making good changes in the future by not allowing so much information to be so widespread.” [Fortune]

Identity Issues

WW – Hartzog: ‘Public’ Data Sets Are Not Fair Game

In the wake of research that published a data set on 70,000 users of OKCupid, professor Woodrow Hartzog argues that traditional notions of “public” data are now misguided and outdated. Justifying the release of data because it’s considered public “is fundamentally wrong,” he writes. “Not just because we should be able to expect a certain amount of privacy in public, but because, despite frequency of use and seeming self-evidence, we actually don’t even know what the term public even means.” He warns that the public data argument is “gaining steam” in policy discussions, but adds, “The ‘public information’ justification is a simple way to avoid answering hard questions about the privacy interests in data.” [Slate] See also: [Published personal data on 70,000 OkCupid users taken down after DMCA order]

EU – EU Advocate General Opinion States IP Addresses Are Personal Data

Manuel Campus Sanchez-Bordona, the EU advocate general, has determined that dynamic IP addresses qualify as personal data, according to a blog post from Covington. Sanchez-Bordona’s opinion is in relation to Patrick Breyer v. Germany, a case currently pending in the EU Court of Justice. The advocate general’s opinion details how even if a website operator cannot determine the user behind an IP address, Internet service providers have data that, when connected with an IP address, can identify the individual. The opinion also covered how the collection and use of IP address data, when used to ensure a website is functioning, could be acceptable on the basis of the “balancing of legitimate interests” test in the GDPR. While the court doesn’t have to follow the advocate general’s opinion, it could have broad implications for the EU if followed by the Court of Justice. [Full Story] [Review of Opinion]

Law Enforcement

CA – RCMP Under Fire for ‘Misrepresenting’ Stingray Use

Recently disclosed court documents indicate that the Royal Canadian Mounted Police used Stingray devices during two 2014 criminal investigations, but the defendants’ lawyers in the cases argue that the RCMP allegedly “misrepresented” how they would use the tools. The undisclosed details include the Stingrays’ range, phone location pinpointing abilities, and their “potential for interference with 911 calls,” the lawyers argue. However, RCMP lawyers countered that nondisclosure agreements keep the law enforcement agency from elaborating on the Stingrays’ capabilities, among other details. A hearing on the matter was postponed from May 17 to a later date, at which time the defense will seek more information on the RCMP’s precise use of the tools, the report states. [Vice News]

US – Commentary: FBI, Locals Team Up to Invade Citizens’ Privacy

StingRay deployments have been confirmed in at least 24 states and the District of Columbia, and there is every reason to believe many of the remaining states possess them and simply haven’t been forced to disclose it. Different departments have different deployment policies, but cities such as Baltimore have admitted to deploying the devices in thousands of investigations. Given such widespread use, and such obvious and troubling privacy implications, one would expect to find a large body of court rulings on the constitutionality of warrantless StingRay surveillance. One would be mistaken. [Source]

US – New System Would Give Law Enforcement Access to Public Cameras

Computer scientists at Purdue University have developed tools allowing law enforcement to access cameras that aren’t password protected to help determine the best way to respond to a crime. While in proof of concept form, the Visual Analytics Law Enforcement Toolkit overlays the rate and location of crimes to the location of police surveillance cameras, while CAM2 reveals the locations and positions of public network cameras. Registered users only have limited access. The terms of service state, “you agree not to use the platform to determine the identity of any specific individuals contained in any video or video stream,” but those safeguards aren’t enough to quell privacy advocates’ concerns. “I can certainly see the utility for first responders,” says EFF investigative researcher Dave Maass. “But it does open up the potential for some unseemly surveillance.” [Wired]

CA – Mounties Wearing Video Cameras Told to Record Use of Force

Mounties wearing tiny video cameras must hit the record button when there is “a high likelihood” they’ll use force against someone, says an interim RCMP policy on use of the devices. …RCMP detachments in Wood Buffalo, Alta., and Windsor and Indian Head, N.S., took part in the 2015 tests. In addition, the Mounties have advised the federal privacy commissioner of ad-hoc evaluations of the technology. “For example, they have used the cameras at protests in New Brunswick and in Burnaby, B.C.,” said Tobi Cohen, a spokeswoman for the privacy commissioner. [Source]

Online Privacy

WW – Default Settings Criticized in New Google Messaging App

Last week, Google unveiled a number of new products, one being a new messaging app called Allo. The app features strong, end-to-end encryption, but it’s not the default setting. Users have to turn it on, and that has some privacy advocates up in arms. Edward Snowden tweeted that not having it on by default “is dangerous, and makes it unsafe.” New America’s Open Technology Institute Director Kevin Bankston, however, said, “I, too, would prefer that Allo be encrypted by default,” but added, “all in all, this is going to be a net increase in the amount of encrypted messaging out in the world. And that is ultimately a good thing.” [The Washington Post] [Allo Chat Privacy Concerns Are Way Overblown] See also: [This Fitness App Tracks You Too Much, Consumer Advocates Claim [ Runkeeper in Hot Water] and [Grindr users can have location tracked, even with adjusted settings]

Other Jurisdictions

WW – Global Guide to Data Breach Notifications 2016

A new guide from World Law Group provides information organizations need to know when facing a data breach in one or more countries. Produced by the WLG’s Privacy & Data Protection Group, it provides summaries of relevant law, data breach reporting requirements, contact information for relevant data protection authorities and more for 60 countries. [Read Now] [Full Story]

AU – Victoria to Create Info Commissioner Role to Oversee Privacy and FOI

The new body will be created as part of an overhaul of the state’s FOI regime, which will also include introducing the ability to review ministerial and departmental FOI decisions including under Cabinet exemptions; reducing the time to respond to an FOI request from 45 days to 30 days; and reducing the time that agencies have to seek a review by the Victorian Civil and Administrative Tribunal from 60 days to 14 days. [Source]

Privacy (US)

 FTC to Host Disclosure Workshop

The Federal Trade Commission will host “Putting Disclosures to the Test“ on Sept. 15 a free, public workshop that will evaluate companies’ claims and privacy practice disclosures, according to a press release. The event will “explore how to test the effectiveness of these disclosures to ensure consumers notice them, understand them, and can use them in their decision-making,” the report states. Interested parties may submit proposals for the event to disclosuretesting@ftc.gov. [FTC Press Release]

US – Educator’s Guide Takes the Mystery Out of Student Data Privacy

Now that technology is an imperative in our personal and professional lives, it is also a necessary part of education. More than that, technology is making it possible for more students and teachers across the country to collaborate, create, and get access to high quality resources. At the same time parents and policymakers are increasingly concerned about the student data those tools create and track. How can a classroom teacher or a building level administrator who knows and loves education technology balance student privacy with powerful student learning? ConnectSafely and the Future of Privacy Forum have partnered to write The Educator’s Guide to Student Data Privacy. The authors wanted to create an easily accessible resource that teachers and administrators could use right away. Using an online collaborative document, the authors integrated varied perspectives from classroom education, media, policy, connected technologies, and parenting. This guide includes a ten question checklist to help educators as they consider using a new tool with students, will make managing privacy manageable for educators. [Education Week] [PDF of Guide]

US – Federal Procurement Regs Adopt Simple Security Controls

This week the Federal Acquisition Regulations were updated to focus on basic security hygiene. [Source] [Pescatore blog]


WW – Survey: Baby Boomers Better at Password Security than Millennials

According to survey results, Baby Boomers – people aged 51-69 – are the demographic most likely to use the security best practice of having a unique password for each and every online account: 65% of respondents said they have 5 or more passwords across their online accounts, compared with just 44% of millennials (ages 18-34). The report didn’t give the figures on people ages 35-50, but it did say that only 16% of people follow best practices overall. [Source]

Smart Cars

CA – Tighter Rules Needed for Police Access to Event Data Recorders

Are tighter rules needed on recording devices in cars? ‘I think if a device is surveilling you … that there have to be restrictions on it’ Most vehicles built since the early 2000s contain event data recorders that silently log everything, such as braking, speed, steering and whether a seatbelt is buckled. …However, that constant data collection is raising questions. Both the Canadian Automobile Association and the Automobile Protection Association are asking for clearer rules on how that data is obtained and used by police, car manufacturers and insurance companies. [Source]


UK – 22 BILLION Police ANPR Photos Stored, 34 Million Added Daily

A police network of ‘Big Brother’ spy cameras takes photos of about 34million number plates each day, new figures have revealed. Around 9,000 surveillance cameras have been placed along Britain’s roads and senior officers claim they are invaluable in preventing and solving serious crimes and terrorist attacks. The Automatic Number Plate Recognition (ANPR) technology is also fitted to police vehicles, and is used to find stolen cars and tackle uninsured drivers. But privacy campaigners have argued that the system, which allows officers to access 22 BILLION records held for up to two years, is intrusive and heightens fears of an Orwellian surveillance state. Searches of the database by police officers have soared by more than 50% in just two years – from 194,317 in 2012 to 300,758 in 2014. In the last 12 months, evidence from ANPR cameras has been used in more than 200 court cases to secure convictions for a offences including robbery, kidnapping, drugs and murder. Information Commissioner raised questions about the scale of surveillance – But police forces say it is critical to monitor criminal activity on the roads [The Daily Mail]

EU – German Court Accepts Footage from Single Dashcam to Convict Driver

A decision by a German court to accept footage from a dashcam as the sole evidence to convict a driver who drove through a red light sparked a debate in the media on Friday about privacy and surveillance. …”After the court decision, might amateur ‘sheriffs’ now feel empowered to film and report people behaving badly?” the Sueddeutsche Zeitung wrote in a front page article on Friday. [Source]

CA – Winnipeg to Expand Back-Lane Cameras to Private Property

City administrators want permission to set up motion-activated cameras on private property to catch illegal garbage dumping. The city launched a pilot program last month in which cameras were set up on city property. So far, two cameras have been placed at dumping hot spots. Now, the administration wants the ability to place cameras on private property. Six mobile, high-definition cameras were purchased at a cost of $54,000. Images from the cameras can be downloaded remotely. The manufacturer states the cameras can capture clear images from up to 30 metres, even at night. The administration wants council to give its chief administrative officer the authority to approve legal agreements with private property owners. …Winnipeg lawyer Andrew Buck, who specializes in privacy law, said concerns about privacy violations need to be considered within the context of the neighbourhood concerns and the problems tied to illegal dumping. [City wants to boost effort to catch illegal dumping]

US Government Programs

US – OMB Helping Privacy Professionals Become More Tech Savvy

The Office of Management and Budget has been working to help privacy and security pros work together. OMB Senior Privacy Advisor Marc Groman said privacy and security can work “perfectly in concert” if professionals from both fields work on projects from their genesis. The OMB has started offering technical training to help privacy professionals have more meaningful roles in discussions. “It is my personal belief that you cannot be a privacy professional in 2016 and not understand tech,” Groman said. “And so we are building a technology curriculum for federal government privacy professionals so that when they sit across the table from all of you, as you’re building a new system or discussing enterprise architecture, they have a baseline understanding of tech, just like I hope you all will have a baseline understanding of privacy.” [FCW]

US Legislation

US – Federal Bill Proposed to Limit Use of Stingays

The federal bill requires State and local law enforcement agencies to conform to federal guidelines when using cell simulator devices H.R. Bill 5154 – Fourth Amendment Integrity Restoration (“F.A.I.R.”) in Surveillance Act 2016 was

  • introduced in the House of Representatives:
  • the bill was referred to the Committee on the Judiciary.

Any coordination or agreement between a Federal and State or local law enforcement agency, pertaining to the acquisition or use by that agency of any cell simulator device, must require that the use will conform to the guidance and policies that apply to the Federal agency on the use of such devices. [H.R.5154 – F.A.I.R. Surveillance Act of 2016]




Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: