This week I am writing a letter from America—apologies Alistair Cooke—but know the links can speak for themselves this once. The IAPP Global Privacy Summit 2014, “Changing Times, Engaging Minds” opened Wednesday night and the programme is a “who’s who” of privacy, with topics covering every facet, including a discussion on dystopian futures with authors David Brin and Alex Irvine. The corridors are buzzing with discussion on the future of notice and consent and modifications to Privacy by Design and at least one of our iappANZ directors is in heaven—not often you can discuss these subjects with the likes of Omer Tene, Marty Abrams, Professor Fred Cate and a cast of 70 other privacy stars, including our keynote speakers from 2013, Danny Weitzner and Richard Thomas. The companies represented here include all the usual suspects from software, health, law, advisory, insurance as well as car manufacturing, energy and retail and also a vast array of thought leadership tanks. Organisations like the Information Accountability Foundation, World Privacy Forum and Centre for Democracy and Technology, which celebrated its 20th anniversary last night at the famous CDT #techprom—a great night at Washington Convention Centre where our founding President Malcolm Crompton cut a fine figure on the dance floor with everyone’s favourite commissioner, María Elena Pérez-Jaén Zermeño.
Spoilt for choice and keen to bring back as much fresh and useful information as possible, today my pick will include “Thinking Ahead Vs. Keeping Up: The Challenge To Think Strategically” with chiefs from Panacea and GEC and moderated by Prof. Fred Cate. Like many of the sessions, the focus is past mere compliance and promises advice on how to move beyond reactive firefighting and start thinking strategically about privacy innovations for business. And how to implement them. International perspectives and experience on the issues, which next week’s privacy laws will highlight in Australia, is timely, and Directors Peter Leonard, Julie Inman-Grant, Malcolm Crompton and I look forward to providing you all with a flight through the programme in next month’s Privacy Unbound.
Back to business in Washington.
Top Australia and New Zealand Privacy News
China Mobile Assures Subscribers of Privacy (January 26, 2010)
China Mobile, China's largest mobile communications service provider, is responding to allegations that it is filtering subscriber text messages in search of pornographic content by assuring the public that their privacy is safe, the Web site CIOL.com
reports. Concerns over filtering and surveillance arose after China Mobile installed a filtering system designed as a hedge against "unhealthy" Web content. "The freedom and privacy of individual users enjoys legal protection," said Li Kang of China Mobile. "China Mobile will do its best to protect consumers' rights and interests strictly in line with the relevant laws and regulations."
IAPP Announces New Board Members (January 22, 2010)
The International Association of Privacy Professionals has announced new appointments to its 2010 Board of Directors. Five new members have joined the board and three existing members have moved into leadership roles. Incoming board members hail from Microsoft, Hewlett-Packard, Siemens, Hunton & Williams LLP and the Graduate Management Admissions Council. New board president Nuala O'Connor Kelly, CIPP, CIPP/G, said, "I'm extremely pleased to welcome these distinguished privacy professionals to our board. Their vision and experience will be invaluable in leading the IAPP and the privacy profession into the next decade."
UN Official Calls for Int’l Declaration on Data Protection (January 22, 2010)
A UN official has called for a new international agreement on privacy, reports The Register
. In a report to the UN Human Rights Council, special rapporteur Martin Scheinin said "a global declaration on data protection and data privacy" is necessary to stopgap what he describes as the loss of basic privacy protections in the wake of expanded counter-terrorism efforts. European Data Protection Supervisor Peter Hustinx told the IAPP Daily Dashboard
newsletter that he considers this "a very welcome call for action that should be considered very carefully." Hustinx said that global standards and global safeguards are required to limit increasing surveillance activities and to ensure a legitimate global use of new technologies. However, Martin Abrams, executive director of the Hunton & Williams Centre for Information Policy Leadership, said that until UN member states can find the balance between physical security and data protection within their own borders, it is unlikely they will be able to move forward with an international agreement.
Advocates Say Full-Body Scanners Need More Scrutiny (January 22, 2010)
Four civil liberties groups and the Australian Privacy Foundation are asking Transport Minister Anthony Albanese not to introduce full-body scanners at Australia's airports without first developing a Privacy Impact Assessment, Civil Liberties Australia
reports. The five groups have drafted a letter
urging Albanese to weigh the effectiveness of the scanners with the potential for privacy violations. In a letter sent to CLA last year, transport officials wrote that further consultation with members of the public and interest groups would be held prior to any decision on implementation. The advocates' letter asks the department to look at the effectiveness of the technology not only in terms of safety, but also with regard to protecting individual privacy.
PRIVACY LAW—NEW ZEALAND
CEO Says Breach Notification Laws Coming (January 22, 2010)
New Zealand businesses will soon face laws forcing them to disclose any loss of personal information to cyber-criminals. That's according to the CEO of a computer security company-- Enrique Salem--who told the New Zealand Herald
, "they will happen, and they will--absolutely--be enforced." Salem said that laws currently being developed in Australia and New Zealand "will absolutely push the notion that if data is stolen, you'll have to say." He said his company is lobbying for provisions in the new laws to protect against unnecessary notifications in cases where it can be proven data was not compromised despite a breach.
E-Health Safeguards Fall Short, Opponents Say (January 22, 2010)
Though additional privacy safeguards for Australia's proposed national e-health bill have been suggested, opponents to the plan say they fall short, reports Computerworld
. The bill would assign patients a health ID number, linked to their Medicare number, which is intended to streamline healthcare delivery and reduce errors. But opponents to the bill, including health IT consultant Dr. David More, say its safety provisions fall short. "Those involved do not have a clue what they are doing and more than that are not telling the public--in other than carefully spun press releases," More says.
ONLINE PRIVACY—NEW SOUTH WALES
Macquarie Moves to Cloud, Despite Concerns (January 22, 2010)
Google has agreed to house Macquarie's data in the European Union as part of its hosting agreement with the university, The Australian reports
. The arrangement stems from the university's fears that data hosted in the U.S. would be subject to the USA Patriot Act, which would potentially allow security agencies to override privacy restrictions in order to combat terrorism. The university is the first in Australia to move staff e-mail to the so-called cloud. Macquarie Chief Information Officer Marc Bailey dismissed concerns about the security of intellectual property and academic privacy on the cloud, saying that storing data with companies such as Google and Microsoft provides significantly more security than a university.
Microsoft Reduces Search Data Storage Limit (January 20, 2010)
Microsoft has announced that it will further reduce the length of time it holds data entered into its Bing search engine, the New York Times
reports. The decision comes in response to criticism related to search data management from within the European Union and will be implemented over the next 18 months for users everywhere, not just in the EU. Professor Hendrik Speck of the University of Applied Sciences in Kaiserslautern, Germany predicts that the move will prompt Bing competitors to follow suit, saying, "Google and other engines are starting to realize that consumers around the world are placing an increasing value on privacy and that can have business consequences." (Registration may be required to view story.)
Philippines Courts to Transportation Office: No RFID (January 13, 2010)
The Philippines Supreme Court has ordered the country's Land Transportation Office (LTO) to halt its plan to require motor vehicles to be equipped with radio frequency identification (RFID) systems, The Inquirer
reports. The order came in response to petitions filed against the LTO by political and transportation trade organizations opposed to the plan on privacy grounds. The order will remain in effect until a decision is made in the case. Court spokesman Jose Midas Marquez said, "[The status quo ante order] means that the prevailing situation prior to the implementation of the RFID would be implemented in the meantime until further orders from the court."
China Passes Privacy Protections Law (January 13, 2010)
A Hunton and Williams Client Alert
reports that the Chinese government has enacted a sweeping tort liability law--the PRC Tort Liability Law--that includes provisions specific to the protection of personal privacy. The law, passed on December 26 and expected to take effect on July 1, covers not only privacy, but also environmental damage and animal bites while establishing parameters for liability in cases where organizations are found to have mishandled personal information. For the first time, PRC Tort Liability Law creates specific private rights of action for citizens in cases where they believe their privacy has been violated.
Charity Accused of Abusing Trust (January 12, 2010)
The Australia Privacy Foundation has accused the St. Vincent de Paul Society of betraying donor trust by allowing a data broker to help develop a survey mailed to donors over the Christmas season, and then sharing the information with the company, The Age reports
New Law Oks Research Access to Public Data (January 11, 2010)
Following a change to its Statistics Act earlier this month, Singapore's Department of Statistics will allow researchers to access data collected by public agencies, provided the information contains no personal identifiers, reports ChannelNewsAsia.com
. Parliament made the change despite lingering privacy and ethics concerns. West Coast GRC MP Ho Geok Choo says, "There is a concern of accidentally revealing the identity or sensitive information. It is imperative that Singapore safeguards the data obtained and ensures that it does not fall into unauthorised hands."
USB Sticks Recalled (January 8, 2010)
At least three vendors have recalled hardware-encrypted USB memory sticks after penetration testers discovered a vulnerability that could allow hackers access to the data contained on the devices, reports CSO. According to one of the USB vendors affected by the flaw, "a skilled person with the proper tools and physical access to the drives may be able to gain unauthorized access to data..." The flaw pertains to the drives' access-control mechanisms.
20-Somethings and Privacy (January 8, 2010)
A Curtin University of Technology researcher has published a paper on how certain Facebook users understand and navigate privacy concerns. The paper, which appears on the peer-reviewed journal site First Monday, builds upon a Canadian ethnographic study about the privacy concerns of younger users. Specifically, the research explores how a 20-something community of Facebook users perceives privacy and how the users' privacy concerns differ from those of others. The paper also explores ways that users attempt to enhance their social privacy and why users remain active on the site despite their privacy concerns.
Government Assures Motorists of RFID Safety in Philippines (January 7, 2010)
In response to privacy concerns voiced by the Commission on Human Rights (CHR), the Philippines Land Transportation Office (LTO) has moved to assure motorists in that country that a new RFID motor vehicle tagging technology does not have the capability to allow tracking of vehicles, and that its staff will be properly trained in using the new system, reports the Manila Bulletin. LTO Chief Arturo Lomibao told the CHR that the tags do not function as a global positioning system and cannot be tracked, nor will the tags contain a driver's personally identifiable information. Further, Lomibao said the tags can only be read from a distance of 10 - 12 meters.
Marianas Call For Alien Registry (January 6, 2010)
The Fitial Administration of the Commonwealth of the Northern Mariana Islands (CNMI) has called for a mandatory national registry for any aliens who remain in the islands for more than 90 days, reports the Saipan Tribune. The registry has been proposed in response to a change in U.S. law that places CNMI immigration under the direct control of the U.S. federal government and was drafted in cooperation with the U.S. Department of Homeland Security. Registration would likely include biometric data, such as fingerprints, photographs and other personal information. The public comment period for the policy ends on January 8.
Profile Purgers Come Under Fire (January 5, 2010)
Services that help social networkers expunge their accounts have come under the scrutiny of Facebook, reports MediaPost. According to the report, last month the company sent a cease-and-desist letter to Les Liens Invisibles, the company behind the Seppukoo.com platform that assists users in committing "Facebook suicide." A Facebook spokesperson said the service causes users to violate Facebook terms of service and breaks anti-hacking and spam laws, among others. The Los Angeles Times reports that Facebook is also blocking the IP address of Web 2.0 Suicide Machine, another deactivation platform, and has filed a lawsuit against social networking data aggregator, Power.com.
Travelers’ Privacy (January 4, 2010)
Revived Interest in Full-Body Scanners
The thwarted Christmas Day terrorist attack on a Detroit-bound plane has prompted a new interest in bringing full-body imaging scanners to airports worldwide, the Washington Post reports. The U.S. Transportation Security Administration (TSA) has ordered 150 scanners to add to its complement of 40 already in place at American airports, and has received funding approval for an additional 300. Leaders in Britain, Germany and elsewhere have signaled that they will install the scanners despite concerns about the revealing images produced by the scans, and Dutch officials will now require all U.S.-bound passengers to pass through the machines. U.S. lawmakers are expected to debate the issue upon reconvening this month.
Revived Interest in Full-Body Scanners (January 4, 2010)
The thwarted Christmas Day terrorist attack on a Detroit-bound plane has prompted a new interest in bringing full-body imaging scanners to airports worldwide, the Washington Post
reports. The U.S. Transportation Security Administration (TSA) has ordered 150 scanners to add to its complement of 40 already in place at American airports, and has received funding approval for an additional 300. Leaders in Britain, Germany and elsewhere have signaled that they will install the scanners despite concerns about the revealing images produced by the scans, and Dutch officials will now require all U.S.-bound passengers to pass through the machines. U.S. lawmakers are expected to debate the issue upon reconvening this month.