25 June – 04 July 2016

Big Data

WW – Perspectives on Big Data, Ethics, and Society

A white paper has been published from the Council for Big Data, Ethics, and Society. The paper consolidates conversations and ideas from two years of meetings and discussions and identifies policy changes that would encourage greater engagement and reflection on ethics topics. It also indicates a number of pedagogical needs for data science instructors; explores cultural and institutional barriers to collaboration between ethicists, social scientists and data scientists in academia and industry around ethics challenges; and offers recommendations geared toward those who are invested in a future for data science, big data analytics, and artificial intelligence guided by ethical considerations along with technical merit. [Full Story]

US – What Algorithmic Injustice Looks Like in Real Life

Courtrooms across the nation are using computer programs to predict who will be a future criminal. The programs help inform decisions on everything from bail to sentencing. They are meant to make the criminal justice system fairer — and to weed out human biases. ProPublica tested one such program and found that it’s often wrong — and biased against blacks. (Read our story.) We looked at the risk scores the program spit out for more than 7,000 people arrested in Broward County, Florida in 2013 and 2014. We checked to see how many defendants were charged with new crimes over the next two years — the same benchmark used by the creators of the algorithm. Our analysis showed:

  • The formula was particularly likely to falsely flag black defendants as future criminals, wrongly labeling them this way at almost twice the rate as white defendants.
  • White defendants were mislabeled as low risk more often than black defendants. [Source]

Canada

CA – Ontario IPC Releases 2015 Annual Report

The Information and Privacy Commissioner of Ontario has published his 2015 annual report. Commissioner Brian Beamish has made four overarching suggestions for the year ahead. They include expanding the jurisdiction of established privacy laws, creating order-making power for privacy complaints, review address changing technologies, and enacting “mandatory proactive disclosure of identified categories of records.” He also recommended updating FIPPA and MFIPPA. “A public review and update of the acts will ensure greater transparency and accountability of government institutions, meet the growing expectations of the public and ensure that Ontarians benefit from the same access and privacy rights as other Canadians.” [IPC]

CA – Nova Scotia Still Missing Key Privacy Protections Says Annual Report

Nova Scotia’s information and privacy commissioner says the province needs a statutory duty to report breaches of individual privacy. Commissioner Catherine Tully published her office’s annual report on Nova Scotia’s access to information and protection of privacy laws. It found that personal information held by public bodies was “likely breached between 10 and 154 times” over the last year. Tully writes that her office is notified of minor breaches of privacy, but not major ones, and she’s “increasingly concerned” about those breaches that go unreported. The privacy office claims the number of minor breaches of private health information increased 75% this past year. It’s currently impossible to determine if there was an equal increase in major breaches. According to the annual report, there was also a 41% increase in new cases for the OIPC over this past year, along with a jump of 569% (from four to 58) in external consultations about file requests. Despite the heavier workload, the office boasts that it’s resolved 10% more complaints than 2014/15, with an average turnaround time of 65 days. [The Coast] [Global News] [Nova Scotians need better notification of privacy breaches, report says]

CA – PC Says Saskatchewan Health Care Laws Need Revisions: Annual Report

The Office of the Saskatchewan Information and Privacy Commissioner released its 2015-2016 Annual Report “Striking a Balance“. Saskatchewan Privacy Commissioner Ronald Kruzeniski recommended updates to the province’s 2003 Health Information Privacy Act in his 2015-2016 annual report. The health care law currently does not regulate post-breach patient notification, an omission Kruzeniski finds problematic. He further emphasized that “the act should also specify how long personal health information should be retained.” [Global News] [Sask. health minister considering beefing up privacy rules]

CA – Manitoba OIPC Releases Annual Report

Manitoba’s Ombudsman issued its 2015 Annual Report relating to the Freedom of Information and Protection of Privacy Act, the Personal Health Information Act, and the Public Interest Disclosure (Whistleblower Protection) Act. [Source]

CA – Drew McArthur Named British Columbia’s Acting Commissioner

Drew McArthur has been named acting information and privacy commissioner for British Columbia. McArthur will be taking the role vacated by Elizabeth Denham, who will be taking over the role of U.K. Information Commissioner from Christopher Graham. McArthur had served for six years on the Office of the Information and Privacy Commissioner’s external advisory board, while helping develop and install the privacy policy for Telus as its chief compliance officer. [Castanet]

E-Government

UK – Government Websites Must Switch to HTTPS with HSTS

All UK Government Digital Services websites will be required to adopt HTTPS encryption by October 1, 2016. The sites will also be required to use HTTP Strict Transport Security (HSTS) to protect them from downgrade attacks, and to publish a Domain-based Message Authentication, Reporting, and Conformance (DMARC) policy for email systems. [V3: GDS to demand that all government websites go HTTPS from 1 October | Tom’s Hardware: UK Government Websites To Be Secured By HTTPS, HSTS, DMARC By October 2016 | GDS Guidance (February 2016): Domain-based Message Authentication, Reporting and Conformance (DMARC)]

Encryption

US – House Encryption Report Says No Current Bills Appropriate Solution

The House Subcommittee on Homeland Security released a report that states no current bills in Congress appropriately address the current encryption-government access issue. The report was based on “more than a hundred meetings” with privacy advocates, technologists, cryptographers and law enforcement. Though it does not present a way forward, it does reject the viability of all current bills, including the controversial Burr-Feinstein bill. The Subcommittee published a “primer” regarding the encryption debate in the legislature. The paper is based on “extensive discussions with stakeholders,” and says that no legislation yet proposed adequately addresses the issue, noting that “Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix,” the report states. [Wired] [Wired: Even Congress Is Slamming That Crummy Crypto Bill | US House: Going Dark, Going Forward: A Primer on the Encryption Debate] See also: [Pending Russian Legislation Would Require Companies to Decrypt Communications]

EU Developments

EU – New US-EU Data Transfer Agreement Expected to Win Approval

The New York Times reports that the EU is expected to approve the new draft of the US-EU Privacy Shield data transfer agreement. The new framework, developed to replace the Safe Harbor agreement that the European Court of Justice struck down last year, “protects the fundamental rights of Europeans and ensures legal certainty for businesses,” according to European Commission spokesman Christian Wigand. The absence of an agreement has left US companies in limbo regarding European customer data. In early June, the Hamburg (Germany) Data Commissioner fined three companies for using the defunct Safe Harbor agreement to transfer European customer data to the US. While agreement may have been reached, a number of hurdles stand in the way of passage. The first is that each of the member states of the EU have to pass the agreement. From there it will then be passed on to the College of Commissioners who will then validate the adequacy of the agreement. [New York Times: Europe Is Expected to Approve E.U.-U.S. Data Transfer Pact | Reuters: German privacy regulator fines three firms over U.S. data transfers] and European Commission sends new Shield to Article 31, vote expected this week.

EU – Belgian DPA Loses Privacy Case Against Facebook

The data protection authority in Belgium has said it lost its privacy case against Facebook. The Belgian DPA wanted the social network to stop tracking non-users of Facebook in Belgium who go to Facebook pages. Facebook has argued the so-called datr cookie is a security measure. A spokeswoman for the Belgian Privacy Commission said the case was dismissed by the Brussels Appeals Court because the regulator does not have jurisdiction over Facebook. The company’s European headquarters is located in Ireland. [Reuters]

UK – Christopher Graham Says Goodbye to ICO in Final Annual Report

Outgoing U.K. Information Commissioner Christopher Graham spoke highly of the agency in the last year as its head in his final annual report. “We have delivered on our objectives, responded to new challenges and prepared for big changes, particularly in the data protection and privacy field,” said Graham, who also discussed the agency’s work handling data breaches and other privacy violations. “The ICO also took part in the debate on surveillance and security and the Investigatory Powers Bill. And, in its responses following the Schrems judgment, with all the implications for trans-Atlantic data flows, the ICO’s influential counsel helped to avert a meltdown,” said Graham. The departing information commissioner also bid farewell on the ICO’s YouTube page, while calling the upcoming months and years ahead an exciting time for his successor, Elizabeth Denham. [Computer Weekly]

Facts & Stats

WW – Study: More Than 50% of SMBs Suffered Breaches Within Last Year

Security organization Keeper Security released the results of a study it conducted with Ponemon Institute on the rate small- and medium-sized businesses are hit with data breaches. The survey found more than 50% of SMBs suffered a breach within the last 12 months, and only 14% of the organizations polled felt their ability to stop attacks are highly effective. Phishing and social engineering attacks were the most common types of incidents, and while anti-virus software was deemed useful, companies felt they could not count on them to stop breaches. “Cyberattack prevention is now everyone’s responsibility,” said CEO of Keeper Security. “As both frequency and size of data breaches increases, SMBs must face the reality that a material adverse financial impact on their business is a real possibility.” [Market Wired]

Finance

WW – World-Check Terrorism Database Leaks Online

A financial crime database used by banks has been leaked on to the net. World-Check Risk Screening contains details about people and organisations suspected of being involved in terrorism, organised crime and money laundering, among other offences. Access is supposed to be restricted under European privacy laws. But the database’s creator, Thomson Reuters, has confirmed an unnamed third-party has exposed an “out of date” version online. The leak was discovered by security researcher Chris Vickery and made public by the Register, which reported it contained more than two million records and was two years old. “There was no protection at all. No username or password required to see the records,” Mr Vickery told the BBC. [BBC News]

FOI

CA – Ontario Doctors Challenge Ruling That Would Identify Top OHIP Billers

The Ontario Medical Association (OMA) is seeking to overturn a landmark decision by the province’s privacy commissioner to release the names of top-billing doctors. In addition, a group of about 40 doctors and one physician acting alone who are on the list have made separate applications for a judicial review of an order from the privacy commissioner to release to the Toronto Star the identities of the top 100 billers. The three parties filed applications this week with the province’s divisional court to quash the ruling made June 1 by the Information and Privacy Commissioner of Ontario. In seeking a judicial review of Higgins’ decision, the OMA, which represents the province’s 29,000 doctors, is arguing that it is not in keeping with previous rulings by the commissioner. “We continue to advocate that this is personal information and, without the proper context, OHIP billings will be misconstrued as income, which is false,” OMA president Dr. Virginia Walley said in a written statement. “OHIP billings do not provide insight into the number of hours doctors work, the complexity of care they provide to patients, or the overhead costs they bear in order to staff, equip and run their clinics.” Among the organization’s other arguments: the ruling is incorrect and/or unreasonable, the adjudicator failed to consider submissions from doctors, and the ruling was made without proper legal or factual bases. The two other physician parties are making similar arguments. They are asking the courts for a special order permitting them to proceed with the judicial review without their identities being made public. The physician acting alone, described only as “Dr. A.B.,” also argues that he was never informed about the case by the privacy commissioner even though he is among the top billers. He was never given the opportunity to argue his case, unlike other affected doctors, his application states. [Toronto Star]

CA – OIPC BC Finds Public Body Must Disclose Internal Investigative Information

The Office of the BC Information and Privacy Commissioner reviewed a decision by the Independent Investigations Office to deny access to records requested pursuant to the Freedom of Information and Protection of Privacy Act. Disclosure of the information would not harm the effectiveness of investigative techniques and procedures used; techniques used are obvious and clearly known to the general public (employee interviews and examining electronic equipment), and other information withheld was administrative (e.g. details about scheduling, general protocol and procedures, non-sensitive information about investigations the requestor was working on when employed by the public body). [OIPC BC – Order F16-28 – Independent Investigations Office]

Health / Medical

CA – Education Key to Preventing Medical Record Snooping: Commissioner

The latest case of medical record snooping uncovered in Ontario — in which at least six Mississauga patients had their files probed — highlights the ongoing challenge to protect patient privacy in the digital age, the province’s privacy commissioner says. Since formally assuming the role in 2015 — in the midst of controversies over a spate of snooping incidents of patient record across the province — Ontario privacy commissioner Brian Beamish has emphasized stiffer punishments for what he calls “higher-end cases.” That’s why five of the six snooping cases that have ever been referred to the attorney general for breaking the province’s health privacy legislation have occurred on Beamish’s watch, he said. “Snooping was a continuing, recurring problem, and we started to think: what else can we do to reinforce that this is unacceptable?” Beamish told the Star in an interview. On Monday, the College of Physicians and Surgeons of Ontario held its first-ever disciplinary hearing for one of its members accused of snooping. Dr. Douglas Brooks, a general practice physician in Sault Ste. Marie, was found to have improperly probed the electronic medical records of two non-patients several times, college spokesperson Kathryn Clarke said in an emailed statement. Brooks had his college certification suspended for five months, must participate in medical ethics training, and was ordered to pay $5,000 in costs for the hearing, Clarke said. There are three more discipline hearings scheduled in the coming months for alleged snooping by other doctors. [The Star]

US – States Pass Laws Requiring Dependents’ Care Remain Confidential

Several states have passed laws and regulations ensuring medical communications for dependents remain confidential. With the Affordable Care Act allowing young adults to remain on their parents’ insurance until they are 26, policyholders can receive notices from insurers every time their child gets medical care. California, Colorado and other states are starting to fill in gaps not covered by HIPAA requiring insurers to keep those encounters private for the patients’ safety. “There’s a longstanding awareness that disclosures by insurers could create dangers for individuals,” said Center for Adolescent Health and the Law Director Abigail English. “But there was an added impetus to concerns about the confidentiality of insurance information with the dramatic increase in the number of young adults staying on their parents’ plan until age 26.” [Kaiser Health News] [US: States Offer Privacy Protection For Young Adults On Parent’s Health Plan]

Horror Stories

WW – List of ‘Heightened-Risk Individuals’ Not Secure Enough, Researcher Says

Security researcher Chris Vickery has discovered a global terror watchlist containing more than 2.7 million entries of “heightened-risk individuals.” Vickery found the list on a server “configured for public access,” making the sensitive information too easy to investigate, he said. “If governments and banks are going to alter lives based upon information in a database like this, then there needs to be some sort of oversight,” Vickery added. There’s also the issue of data revision or deletion. “Those who are named in the database have little or no recourse to have their data corrected or removed,” the report adds. [ZDNet] [ZDNet: A massive financial crime and terrorism database has leaked]

Identity Issues

CA – Trudeau Says Canada Will Explore Gender-Neutral ID Cards

Canada is exploring the use of gender-neutral options on identity cards, Justin Trudeau told a television station as he became the first Canadian prime minister to march in a gay pride parade. Trudeau, who participated in the downtown Toronto parade along with other politicians, did not give details, saying only the government was exploring the “best way” and studying other jurisdictions. Last week, the Canadian province of Ontario said it would allow the use of a third gender indicator, X, for driver’s licenses, which are commonly used in North America to provide identification. Countries including Australia, New Zealand and Nepal already allow the use of the X gender indicator. [Source] [Fake fingerprints: The latest tactic for protecting privacy]

US – FOIA Improvement Act Becomes Law

President Obama has signed the Freedom of Information Act Improvement Act into law. It “codifies a statutory presumption of openness,” clarifying the need for agencies to justify their decision to withhold information rather than placing the burden of justification on the entity making the request. The bill also places a 25-year limit on the length of time agencies may keep internal deliberations confidential, and it requires the Office of Management and Budget (OMB) to create a single-access website for making FOIA requests. [SC Magazine: Obama signs FOIA reform bill into law | Federal News Radio: Obama celebrates 50th anniversary of FOIA by signing update into law | White House: Fact Sheet: New Steps Toward Ensuring Openness and Transparency in Government]

Law Enforcement

EU – Disgruntled Ex-Employee Leaks Info On 112,000 Police Officers

A file containing the home addresses and telephone numbers of 112,000 French police officers was uploaded to Google Drive with minimal protection. The data’s only means of protection was a “simple password,” and an investigation has been launched to determine if the compromised data was accessed. The data reportedly originated from a health and benefit insurance firm tied to the police and was uploaded by a disgruntled ex-employee in what is described as “an act of revenge.” The situation comes after French police work to implement extra privacy measures for their officers following the murder of a police officer by an ISIS jihadi in early June. [International Business Times]

Location

WW – Location Data Can Help Facebook Make Friend Suggestions

Facebook’s “People You May Know” feature now uses location data in addition to other features to suggest potential connections on its mobile app. If users have their Facebook app location settings switched to “always have access,” the company’s algorithms can identify and suggest users who have shared GPS and network connections as potential friends. Not everyone is comfortable with the practice. “Using location data this way is dangerous,” said Samford University’s Woodrow Hartzog. “People need to keep their visits to places like doctor’s offices, rehab and support centers discreet.” Facebook countered that location isn’t the sole factor in its suggestion process. “That’s why location is only one of the factors we use to suggest people you may know,” a Facebook representative said. [Fusion] [Facebook admits to using your location to suggest friends]

Online Privacy

US – Google Beats Children’s Web Privacy Appeal, Viacom to Face One Claim

Google and Viacom defeated an appeal in a nationwide class action lawsuit by parents who claimed the companies illegally tracked the online activity of children under the age of 13 who watched videos and played video games on Nickelodeon’s website. By a 3-0 vote, the 3rd U.S. Circuit Court of Appeals said Google, a unit of Alphabet, and Viacom were not liable under several federal and state laws for planting “cookies” on boys’ and girls’ computers, to gather data that advertisers could use to send targeted ads. The court also revived one state law privacy claim against Viacom, claiming that it promised on the Nick.com website not to collect children’s personal information, but did so anyway. Monday’s decision largely upheld a January 2015 ruling by U.S. District Judge Stanley Chesler in Newark, New Jersey. It returned the surviving claim to him. [Source]

US – Browse Free or Die? New Hampshire Library Is at Privacy Fore

A small library in New Hampshire sits at the forefront of global efforts to promote privacy and fight government surveillance—to the consternation of law enforcement. The Kilton Public Library in Lebanon, a city of 13,000, last year became the nation’s first library to use Tor, software that masks the location and identity of internet users, in a pilot project initiated by the Cambridge, Massachusetts-based Library Freedom Project. Users the world over can—and do—have their searches randomly routed through the library. [Source]

Other Jurisdictions

AU – Victorian Watchdog Develops Protocols for Agencies

Victorian Commissioner for Data and Privacy Protection David Watts has established regulations that would require agency heads to adhere to a minimum standard of data protection principles. The rules, dubbed the Victorian Protective Data Security Framework require agencies to have “a formal incident management plan; an organization-specific security management framework; and an access management regime,” among others. The rules also give the commissioner’s office “free and full access to data or data systems when requested.” [iTnews]

Privacy (US)

US – ACLU Files Legal Challenge to Computer Fraud and Abuse Act

The ACLU has filed a lawsuit challenging the Computer Fraud and Abuse Act (CFAA) on behalf of journalists, computer scientists, and academic researchers investigating online discrimination. The lawsuit focuses on a problematic CFAA provision: the prohibition against “exceeding authorized access” has often been interpreted to include violations of websites’ terms of service. [Washington Post: Does this cybercrime law actually keep us from fighting discrimination? | Computerworld: ACLU lawsuit challenges U.S. computer hacking law | Wired: Researchers Sue the Government Over Computer Hacking Law | CNET: ACLU sues to kill decades-old hacking law | SC Magazine: ACLU suit challenges CFAA for thwarting studies on discrimination | ACLU: ACLU Challenges Law Preventing Studies on ‘Big Data’ Discrimination | ACLU: SANDVIG V. LYNCH – COMPLAINT]

US – CDT Criticizes DHS’ Cyber-Threat Sharing Model

The Center for Democracy and Technology criticized the Department of Homeland Security’s cyber-threat sharing model. “The guidance fails to address many of the foundational issues in the law itself, and we remain concerned that [the Cybersecurity Information Sharing Act] will result in the sharing of sensitive personal information [that] could then be used for purposes that go far beyond ‘cybersecurity,’” the CDT said in a report. The CDT was highly critical of the four DHS guidelines for private organizations to share cyber-threat indicators with the government and amongst themselves. “None of the guidelines address one baseline issue — the overly permissive ‘use’ provision that allows cybersecurity information to be shared and then used for non-cybersecurity purposes,” the CDT said. [The Hill]

Privacy Enhancing Technologies (PETs)

WW – $6.1M Raised to Fund Data Startup

Data-sharing startup Digi.me has received $6.1 million in funding from its Series A push, most of which came from global re-insurer Swiss Re. The move is “is one key plank of a strategy for bagging the critical mass of users needed to deliver on a radical rethink of how personal data is collected and shared online,” the report states. For Digi.me founder Julian Ranger, the service is about empowering each user. Digi.me is “bringing data together for the individual and we were doing it on the individual’s own devices — which is the key thing for Digi.me is that we don’t see, touch, nor hold any data ever; it’s all only held by the individual — and that’s when the whole idea for [the current business vision] came about,” he said. [TechCrunch]

RFID / IoT

US – Broadband Advisory Group to Study Privacy, Security of IoT

The Broadband Internet Technical Advisory Group has announced a study on the technical aspects to the Internet of Things industry’s privacy and security. The multistakeholder nonprofit will study mobile phones, computers, tablets and other devices. “To address the technical issues underlying these security- and privacy-related concerns, BITAG’s technical working group will analyze this topic and issue a report that will describe the issue in-depth, highlight technical observations, and suggest appropriate best practices,” the group said in a statement. The BITAG aims to release the results of the study in the fall, the report states. [Broadcasting & Cable]

Security

WW – 67% of Drives for Sale Still Contain Sensitive Data: Study

Security organization Blancco Technology Group (BTG) found that 67% of 200 analyzed hard drives purchased from eBay and Craigslist still contained previous users’ personally identifiable information. An additional 11% contained “sensitive corporate data.” Companies must “test that [their] deletion methods are adequate,” said BTG. “Remaining data can still be accessed and recovered unless the data is securely and permanently erased.” This can lead to data breaches, loss of consumer trust, and even enforcement action. The U.K. ICO fined the Brighton and Sussex University Hospitals NHS Trust 325,000 GBP in 2012 for selling unclean drives online. [InfoSecurity]

Surveillance

US – Courts 2015 Wiretap Report

According to the US Courts 2015 Wiretap Report, the total number of federal and state wiretaps issued in 2015 was 4,148, a 17% increase from the number granted in 2014. No requests were reported as denied in 2015. While law enforcement encountered encryption in just 13 of those cases, the FBI indicated that it does not seek wiretap orders in cases where it knows it will encounter encryption. The report does not include wiretap requests made to the Foreign Intelligence Surveillance Court. [Encryption, wiretaps and the Feds: THE TRUTH | US courts didn’t reject a single wiretap request in 2015, says report | Wiretaps harvest fewer encrypted communications | Wiretap Report 2015]

UK – Surveillance Bill Web Activity Logging a Huge Risk to Privacy, Peers Warn

A former senior chief in the U.K.’s Met Police and now a Lib Dem peer in the House of Lords has warned about major risks to the privacy of web users’ personal data from a provision in the Investigatory Powers bill that would require ISPs to retain information on the websites and services accessed by their users for a full 12 months — so called Internet Connection Records (ICRs). Lord Paddick noted that the provision is not being requested by the security services, who have additional investigatory tools to obtain the data they need, so is purely a power on the police’s wish-list — going on to argue that the catch-all nature of ICRs is disproportionate given the warrantless access the bill affords police to this personal data on all U.K. web users. Any “reasonably high-profile individual” could be at risk of being accused of a crime they did not commit — resulting in their entire personal web access history being handed over to the police, Paddick argued. The draft bill has still to go through committee and report stages, so is certain to be subject to further amendments. Lib Dem peers are certainly mounting a concerted effort to tackle some of the more controversial elements of the bill, with Lord Strasburger also speaking out against ICRs, noting that a similar move was abandoned in Denmark in 2014 and warning the bill creates a “new theft risk” for internet users. Other elements concerning the Lib Dem peers at this stage include threats to privileged communications, such as between lawyers and their clients; so-called “request filters,” which imply a behind the scenes attempt by the government to build a searchable database of citizen data (including pulling in data from ICRs); the “vexed question” (as Strasburger put it) of bulk powers — currently under independent review by QC David Anderson, which was another concession pushed for by the Labour party; inconsistencies in authorization mechanisms for intercept warrants; and the need to ensure judicial commissioners, who are set to approve and review warrants, are rigorously independent of the government that appoints them. Strasburger also pointed to the current turmoil in the U.K. political landscape following the Brexit vote, noting “how quickly ruthless politicians can replace leaders” and warning of associated risks to freedom and democracy if such intrusive legislation passes onto the statute books unamended. “In the hands of an extreme government the IP bill is a toolkit for tyranny,” he warned. [techcrunch.com]

Telecom / TV

CA – 911 System Framework Should Limit Info Required for Communications

The OPC comments on the CRTC’s Notice of Consultation regarding a regulatory framework for next-generation 911. Existing policy states that individuals’ name, location, telephone number, and service class are provided for responding to calls; however other information will likely be collected (e.g. health information, voice and location information, personal medical alert systems, and intelligent transportation systems), and there should be boundaries to limit information required, and how the information is accessed. [OPC Canada – Establishment of a Regulatory Framework for Next-Generation 911 in Canada – Submission to the CRTC]

WW – Norton Releases New App Protecting Data Over Public Wi-Fi Networks

FREE Wi-Fi is no different to a filthy public toilet, water fountain or payphone. That’s according to antivirus firm Norton, which has released a new app designed to stop hackers from stealing users’ private information over unsecured Wi-Fi. According to Norton, more than one quarter of Australians have accessed banking or financial information while using public Wi-Fi — but most people can’t tell the difference between a secure and unsecure connection. The firm says hackers are eavesdropping and intercepting consumer information regularly, but 63% of Australians think their data is protected. Commonly available tools can easily see traffic, potentially exposing passwords, emails, social media accounts, photos, videos and financial information. The Norton Wi-Fi Privacy app, launched globally this week for iOS and Android, is designed to protect that data by routing all traffic through a virtual private network (VPN). It will also block advertisers from placing tracking cookies on your device. [news.com.au] [Yahoo] [Norton launches privacy app to combat hackers]

US Government Programs

US – FTC Closes 70% of Its Security Investigations

During a Heritage Foundation discussion on federal online data security regulations, Federal Trade Commission Commissioner Maureen Ohlhausen said her agency closes approximately 70% of the security investigations it opens. “The touchstone of our data security is reasonableness,” Ohlhausen said. “A company’s data security measures must be reasonable, in light of the sensitivity and volume of the consumer information it holds, the size and complexity of its data operations, and the cost of the available tools to improve security and reduce vulnerabilities.” Ohlhausen said the FTC doesn’t investigate companies over a single flaw, but rather, it investigates companies that have major issues with their overall security programs. If a company’s security is “reasonable, or even good,” she said, the investigation can be wrapped up quickly if the company resolves the issue in a timely manner. [FedScoop]

 

 

Advertisements
Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: