ANZ Dashboard Digest

Putting its regard for privacy compliance to the fore, the iappANZ Board has this week taken the decision to opt in to the obligations of the new privacy legislation. You will see our new privacy policy, and we welcome any comments as it has been a collaborative effort by some of Australia’s finest privacy minds. We understand that the privacy commissioner will be talking about ways to improve organisations’ privacy policies at the OAIC Privacy Awareness Week Breakfast, so if you are revising yours, it is an event not to be missed. In news this week you will also see that AMSRO has also applied to register a non-mandatory code of practice.

Now that 12 March is over, we are starting to see less of the doomsday reports and more of the innovation which the OAIC encourages. We expect plenty of new ideas in Privacy Awareness Week in May. We are delighted to confirm that the deputy chair of the ACMA will be joining the ALRC and OAIC representatives in our Great Debate on Australia’s direction on serious invasion of privacy in the digital age.

The article by Brenda Aynsley OAM this week, “Sharing the Values to match the technology,” presents a fascinating counterpoint to the call by Tim Berners-Lee and the World Wide Web consortium in their “Web We Want Campaign.” Aynsley examines the important distinction between “trusted” providers and “trustworthy” providers. Trustworthiness is critical because technology projects continue to have one of the highest rates of failure—failure to deliver on promises, on time, on budget—or all three. Risks such as those presented internationally by Heartbleed or the CDA security breach, which threatens the Personally Controlled Electronic Health Record, mean that the concept of trustworthy will become increasingly significant for privacy professionals that either develop or procure technology. Then, of course, as the story on the use of biometric facial recognition technology in Japan shows, trustworthiness in the party deploying the technology is vital. It will be interesting to hear from Tim Rains on trustworthy computing in Privacy Awareness Week. Hope to meet you there.

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

GENETIC PRIVACY

What To Ask Before You Give Away Your DNA (August 31, 2010)

When it comes to giving samples of your DNA, there are things you need to know. That's according to Marcy Darnovsky, head of the U.S.-based Center for Genetics and Society, who told The Wall Street Journal that while individuals may want to share their DNA to help scientific studies move forward, it must be done in a "responsible way" that does not put privacy at risk. Darnovsky recommends asking who will have access to the data, whether and how it will be anonymized, where it will be stored and how it will be analyzed, the report states. As Darnovsky put it, "once you give someone your genetic information, it doesn't matter if you destroy the sample" since the data will live on. (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY—HONG KONG

Survey: Banks Using Customer Data Improperly (August 31, 2010)

The Standard reports that many local banks have full power to do what they wish with personal information provided by credit card applicants. A recent New Forum survey, conducted in the wake of the Octopus Cards scandal in which the company admitted to selling the personal data of its customers, found that 10 local banks' credit card application forms have no "opt-in" or "out-out" clauses regarding privacy and that the banks acknowledge using personal data for purposes other than credit checks and debt collection, the report states. A New Forum spokesman said, "Banks are selling out customers," suggesting separate forms for credit card applications and authorization for use of personal data.
Full Story

DATA PROTECTION

Opinion: Ten Fallacies About Web Privacy (August 30, 2010)

In a column for The Wall Street Journal, Emory University economics Prof. Paul Rubin discusses 10 fallacies about Web privacy. Rubin asserts that despite privacy advocates' arguments otherwise, increased privacy online comes at a cost to the consumer. Information helps the economy to function, Rubin says, and less of it will result in less efficient markets. More information also means firms are able to better market to specific customers, meaning they receive information useful to them more quickly. Additionally, Rubin says, it's untrue that more privacy means more safety and less risk. For example, the more information available to firms for identity verification, the less risk of identity theft, he writes. (Registration may be required to access this story.)
Full Story

BEHAVIORAL TARGETING

Ads That Follow You on the Web (August 30, 2010)

The New York Times reports on an ad industry practice known as personalized retargeting or remarketing, where Internet users are followed from site to site by ads for items they've viewed online. With more retailers and Internet companies using it, the report states, retargeting, which relies on placing cookies on users' browsers, has reached a level of precision that is leaving consumers with the palpable feeling that they are being watched as they roam the virtual aisles of online stores." While the practice is raising privacy advocates' concerns, even some advertising and media experts suggest the practice is "bold," the report states, and many users may not like it. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—U.S.

Internet Reputation Managers Increasingly Popular (August 27, 2010)

The Boston Globe reports on the increasing prevalence of Internet reputation managers. The services aim to promote factual or neutral news on multiple social networking and profile pages so that those items appear ahead of "digital dirt." Harvard University Internet law professor Jonathan Zittrain says he's concerned with the idea "that people should have to buy their way to a better, or just accurate, reputation," and proposes people should be able to declare "reputation bankruptcy" every few years and start with a clean slate.
Full Story

SOCIAL NETWORKING—NEW ZEALAND

Putting Enthusiasm Before Judgment Online (August 27, 2010)

When it comes to social networking, the ability to share information online gives every user the chance to be a news publisher, The New Zealand Herald reports, but privacy experts point out the dangers in such trends. A recent survey for the Office of the Privacy Commissioner showed that while 83 percent of people are concerned about the security of their personal information on the Internet, 57 percent believe social networking sites are private spaces. As Privacy Commissioner Marie Shroff put it, "enthusiasm has gone ahead of good judgment" for social network users who do not realize their information is "out there and being used to build a network from which a big international corporation is making money. It's not a free space. It's not a playground."
Full Story

HEALTHCARE PRIVACY - AUSTRALIA

E-Health Support Grows As Privacy Concerns Linger (August 27, 2010)

While concerns about privacy persist, the Green Party has announced it will support government e-health initiatives as long as strong privacy and security protections are in place, The Australian reports. Sen. Rachel Siewert said there is support for the plan, but added there must be assurances "that sensitive medical information is protected and that individuals have control over decision-making." Concerns over health data privacy had emerged during debate over Healthcare Identifiers (Health ID) legislation that passed at the end of the last parliamentary session in June. Siewart noted that identifiers are likely to improve healthcare delivery and administration, but that privacy concerns remain. She said the Greens will work with the government "to ensure those safeguards are there."
Full Story

ONLINE PRIVACY—NEW ZEALAND

Expert: Text Messages Don’t Just Disappear (August 27, 2010)

In light of the Office of the Ombudsman's call for telecommunications companies to hold text messages for up to one year due to a growing number of Official Information Act requests, privacy expert Gehan Gunasekara of Auckland University is pointing to a global trend toward storing such information, TVNZ reports. "E-mails are already kept," he said. "Many people still believe e-mails are private, but they are not. Your employer and a whole lot of people could access your e-mail." When it comes to texts, he said, people need to realize that they are not like a phone conversation. "You hit the delete key and you think it's gone," Gunasekara said, "but it will stay there."
Full Story

ONLINE PRIVACY—AUSTRALASIA

Google Australasian Exec Discusses Privacy (August 27, 2010)

Karim Temsamani, Google's Australasian chief, who will head up the company's mobile sales operation, recently commented on privacy-related issues, The Australian reports. Privacy is likely to continue to be a key issue for the search giant when it comes to mobile technology, the report states, as "the company will have an enormous amount of data about anyone who uses a phone with Google's Android operating system, accesses its Gmail service from the device and conducts Google searches on it--information that is likely to be of considerable use to advertisers." For his part, Temsamani said, "Google only lives because of the user's trust...There's no specific information about any specific user."
Full Story

PRIVACY LAW—SINGAPORE

Data Protection System Review Continues (August 27, 2010)

ZDNet Asia reports on Singapore's ongoing review of its data protection system, which the government began four years ago in an effort to assess suitable frameworks. A spokeswoman for the Ministry for Information, Communications and the Arts (MICA) said the government has been reviewing the need for a general data protection law, its implications on consumers, businesses and the country's national interests, the report states, adding, "As the issues involved are multi-faceted with extensive impact on all stakeholders, the review is ongoing." One legal expert said an area of concern in determining an appropriate framework is the cost a data protection law would impose on organizations and businesses.
Full Story

SOCIAL MEDIA

Boyd: Privacy Is Not Dead (August 26, 2010)

In the MIT Technology Review, researcher Danah Boyd says that the way privacy is encoded into software doesn't match the way we handle it in real life and that, as social media mature, "we must rethink how we encode privacy into our systems." As social media become more embedded in everyday society, Boyd says, "the mismatch between the rule-based privacy that software offers and the subtler, intuitive ways that humans understand the concept will increasingly cause cultural collisions" and users will have to work harder to gain privacy. "Instead of forcing users to do that," Boyd asks, "why not make our social software support the way we naturally handle privacy?"
Full Story

GEO PRIVACY

Mixed Reactions to Social Network’s Location Feature (August 23, 2010)

The Wall Street Journal reports on reactions to Facebook's new location feature, "Places," which range from concerns about privacy to nods to the company for improvement over past privacy-related issues. Among those who are still concerned about the feature, which allows users to share their physical location and that of friends who have not opted out of Places, is Ireland's Data Protection Commissioner, which has announced it will be monitoring its privacy implications. Facebook has defended the new feature, stating it consulted numerous privacy and safety groups before it went live, the report states. However, advocacy groups including the Electronic Privacy Information Center have said the company has not given users adequate controls. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

The Failure of Anonymity (August 23, 2010)

In the August issue of the UCLA Law Review, Paul Ohm writes about the ways that advancing computer science has "undermined our faith in the privacy-protecting power of anonymization" in his article entitled, "Broken Promises of Privacy: Responding to the Surprising Failure of Anonymization." The article discusses how scientists have learned to "reidentify" or "deanonymize" data, revealing the individuals behind the "anonymous" information. "By understanding this research, we realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed," the paper's abstract notes, suggesting this error "pervades nearly every information privacy law, regulation and debate, yet regulators and legal scholars have paid it scant attention."
Full Story

DATA RETENTION—AUSTRALIA

Ombudsman: Retained Data Must Be Protected (August 20, 2010)

Incoming Commonwealth Ombudsman Allan Asher thinks there should be better public consultation when it comes to data retention. That's according to a report in ZDNet Australia on Asher's views as he prepares to take up his new role at a time when the Attorney-General's Department is considering implementing a data retention plan where ISPs would be responsible for logging users' Web histories. Asher, who is the former CEO of the Australian Communications Consumer Action Network, said, "The job of the ombudsman is to keep (government departments) honest across our jurisdiction," noting that any complaints relating to the collection and handling of personal data by a government department would fall under his jurisdiction.
Full Story

PRIVACY LAW—HONG KONG

New, Tougher Privacy Legislation to be Tabled Soon (August 20, 2010)

Hong Kong Chief Secretary Henry Tang says the government is working with the privacy commissioner on tougher privacy legislation that will be tabled soon, reports the Web site news.gov.hk. Tang said that recent privacy scandals involving mishandled customer data will help the government fine-tune the legislative proposal. Tang told reporters, "The recent incidents have aroused public awareness of privacy protection, which requires joint efforts by the government, the public and the trades. The government will put more effort in privacy protection and will give clear guidelines to various industries."
Full Story

DATA PROTECTION—NEW ZEALAND

Survey: Businesses Big on Security, Not on Encryption (August 20, 2010)

A recent Symantec survey found that New Zealand small and medium-sized businesses are protecting themselves against potential malicious attacks. Ninety percent of those polled said they had upgraded their security software within the last year, The New Zealand Herald reports, and 74 percent said their computers were password protected. Encryption is not as common, however, with 10 percent saying they encrypted confidential information in e-mails. "Businesses put themselves at significant risk if they don't ensure their IT policies keep abreast with the latest threats and continuously provide staff with the training they need to protect their critical business information," said a spokesman from The Employers & Manufacturers' Association.
Full Story

GEO PRIVACY

Facebook Launches Places (August 19, 2010)

Facebook yesterday introduced a new geolocation feature that lets users share their locations, The New York Times reports. Called Places, the service allows users to "check in" to a place, allowing friends to see where they are and letting them find nearby friends. Users can also tag friends as being at the place. "This is not a service to broadcast your location at all times," said Places product manager Michael Sharon, "but rather one to share where you are, who you are with, when you want to." Sharon said that users will be able to control who sees their check-ins and remove themselves after being tagged. According to analysts, the company must tread carefully. "Location-aware services, if misused, could...result in catastrophic events." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Google CEO Discusses Privacy Trends (August 19, 2010)

In an interview with The Wall Street Journal, Google CEO Eric Schmidt describes a future where the transition from childhood to adulthood could include an option where adults can change their names to protect their privacy later in life. CRN reports on his point of view that "as our private information becomes ubiquitous on the Internet due to postings on social media sites such as Facebook, young people should be entitled to automatically change their name on reaching adulthood." Schmidt also discussed Google's ongoing privacy-related issues across the globe, stating it will do what is "good for consumers" and "fair" to competitors.
Full Story

DATA PROTECTION—HONG KONG

Telecoms Investigated for Data Practices (August 18, 2010)

The Standard reports that three telecom operators are being investigated over the improper handling of customer data. Noting serious concerns, Privacy Commissioner Allan Chiang Yam-wang said a hearing is possible and that he has received 20 complaints regarding telecoms' handling of personal data over the last two years, the report states. Chiang has met with officials from the Office of the Telecommunications Authority to discuss ways the companies can improve data protection practices. The news follows last week's announcement that six retail banks sold the personal data of 600,000 credit card and savings account customers to third parties.
Full Story

SURVEILLANCE

With the Sky Watching, What Is and Is Not Private? (August 17, 2010)

A report published in the San Francisco Chronicle describes how "High-tech eyes in the sky--from satellite imagery to sophisticated aerial photography that maps entire communities--are being employed in creative new ways by government officials," which is raising concerns about the loss of privacy rights. From online services providing detailed views of locations across the planet to the use of such technology to monitor compliance with local, state and federal laws, Gregory Nojeim of the Washington, DC-based Center for Democracy and Technology, points out, "As technology advances, we have to revisit questions about what is and what is not private information."
Full Story

BIOMETRICS—AUSTRALIA & NEW ZEALAND

Countries Sharing Fingerprint Data (August 17, 2010)

The New Zealand Herald reports that New Zealand and Australian immigration officials have begun sharing fingerprint information in an effort to prevent immigrants carrying false identification papers from crossing the border. The measure is primarily aimed at those applying for refugee status, a New Zealand immigration official for identity and biometrics said, and would not require everyone entering the country to be fingerprinted. The program will expand to include checks with the UK, Canada and the United States under the Five Country Conference, which will match fingerprints of persons of interest. The official said the system includes privacy safeguards and will help immigration strengthen border security and combat fraud early in the immigration process.
Full Story

ONLINE PRIVACY

Advocates: Net Neutrality Is Necessary (August 16, 2010)

Privacy experts are questioning the impact that moving away from net neutrality, where ISPs are prohibited "from exploiting their role in delivering information to favor their own content or the content of the highest bidders," will have on online privacy. The New York Times reports on privacy advocates' concerns that in a non-neutral Web environment, "the Internet becomes more like a mall--where users are from the start viewed as consumers--and less like a public square." Cindy Cohn of the Electronic Frontier Foundation contends, "The people who are pushing for a non-neutral world are pushing it for monetary purposes," while Columbia Law School Prof. Eben Moglen believes such moves emphasize the business of the Internet at the expense of privacy. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Facebook Privacy Questions Remain (August 16, 2010)

Although Facebook has corrected a glitch that exposed user photos and screen names to anyone who supplied the site with a correct e-mail address but incorrect password, Bloomberg reports that the site continues to juggle users' privacy expectations with the needs of its advertising customers. Referencing the recent book, "The Facebook Effect: The Inside Story of the Company That Is Connecting the World," the report describes the conflict between Facebook's users and the advertisers who pay the site's bills. Recent issues include privacy advocates' concerns with changes in the site's policies and the results of the 2010 American Customer Satisfaction Index, which listed "privacy concerns...and commercialization and advertising" as having a negative effect on the site's users.
Full Story

PRIVACY LAW—AUSTRALIA

Investigation Launched Into Police Info Sharing (August 13, 2010)

A prior agreement with the Australian Football League (AFL) and Victoria police has prompted a formal investigation. Despite the agreement, police said they believe privacy laws prohibit law enforcement from "sharing sensitive information about players, coaches and officials" with the league. While a memorandum of understanding that was signed last September does indicate that "law enforcement data" can be handed over to the AFL, Inspector Richard Read said no such information has been exchanged under the agreement. Privacy Victoria Deputy Commissioner Anthony Bendall, meanwhile, announced his office had not been aware of the agreement, and met with police Thursday. Following that meeting, Victoria police announced they have launched an investigation into all such third-party agreements, Adelaide Now reports, and Federal Privacy Commissioner Timothy Pilgrim is determining whether to launch his own investigation.
Full Story

PRIVACY LAW—NEW ZEALAND

Court Sends Case Back To Commissioner (August 13, 2010)

The Supreme Court has dismissed an appeal by former Labour Justice Minister Bill Jeffries and referred it back to Privacy Commissioner Marie Shroff, Radio New Zealand News reports. The case hinges on Shroff's request that Jeffries reveal how he obtained personal information about two people who had complained to her about possible breaches of their privacy. The Supreme Court has ruled that the matter should be returned to the privacy commissioner's office in order to establish the context in which the information was obtained.
Full Story

SURVEILLANCE—VICTORIA

Commission Worries About Mobile Devices “Threat” (August 13, 2010)

The Law Reform Commission has released a report detailing concerns about the proliferation of surveillance devices with recommendations including new laws to control the use of mobile phones in restrooms and to film assaults "for entertainment." A report published in the Brisbane Times lists the commission's concerns about devices that capture "the public's every move," which has prompted 33 recommendations to improve legal protections for privacy. The commission's recommendations include broadening the role of the Victorian Privacy Commissioner to include regulation of surveillance in public places and giving people the right to sue for ''serious invasion of privacy'' through the publication of surveillance footage. According to Deputy Privacy Commissioner Anthony Bendall, ''the time has come to reform the regulatory framework governing surveillance in public places in Victoria.''
Full Story

DATA LOSS—AUSTRALIA

Credit Card Fraud Costs Merchants $89M (August 13, 2010)

The growth in the ability to use credit cards for "card-not-present" payment for goods and services via the Internet, phone or mail resulted in merchants losing about $89 million last year due to fraud, News.com.au reports. Australian Payments Clearing Association data indicates that such types of fraud occur once in about 3,000 transactions, compared with one in 6,000 in 2006, explained Phil Kernick of CQR Consulting. Businesses that comply with the Payment Card Industry Data Security Standard can better protect themselves from such fraud, the report states. For those that do comply, Kernick said, "the likelihood of losing credit card information is very small."
Full Story

PRIVACY LAW—AUSTRALIA

Political Reps Discuss Initiatives (August 13, 2010)

Political representatives from the nation's major parties were set to turn their focus to privacy at a conference in Canberra on Tuesday, The Australian reports. The "Technology--Powering our Economic Future" event was expected to feature such issues as online privacy protection and cybersecurity, the report states, referencing recent controversies that have prompted a senate inquiry into the adequacy of Australia's privacy laws. The task force in charge of the effort "is believed to be paying close attention to plans by the U.S. government to introduce a nationwide identity system that uses trusted digital identities to enable users and organisations to conduct online transactions securely and privately, while eliminating the need for user names and passwords," the report states.
Full Story

FINANCIAL PRIVACY—HONG KONG

Banks Sell 600,000 Clients’ Personal Data (August 13, 2010)

Six banks in Hong Kong have sold personal information belonging to more than 600,000 clients, RTHK reports. The Hong Kong Monetary Authority (HKMA) revealed the breach, noting the client data was sold to third parties for marketing purposes over the past five years, the report states. According to the HKMA announcement, some of the financial institutions involved only stopped selling such data last month following the public outcry over user privacy and Octopus Holdings, while two of the cases had been uncovered by the Privacy Commission two years ago. The banks involved cannot be named for legal reasons, the report states.
Full Story

ONLINE PRIVACY

Could Pixels Ease Street View Privacy Concerns? (August 13, 2010)

Privacy concerns over Google's Street View service prompted South Korean police to raid the company's offices, while privacy concerns persist in Germany despite the company's pledge to allow German's to opt out of the service before its coming launch. Meanwhile, two University of California researchers have come up with a way to ghost-out the images of pedestrians captured in street-level photography, InformationWeek reports. Arturo Flores and Serge Belongie described their method at the IEEE International Workshop on Mobile Vision in June, saying that it could be a way for Google to address the privacy issues associated with its Street View mapping application.
Full Story

GEO PRIVACY

There’s More to That Photo Than Meets the Eye (August 12, 2010)

Geotags embedded in photos and videos taken with GPS-equipped devices are invisible to the casual viewer, The New York Times reports, and that has experts concerned that many people are putting their privacy and security at risk. By looking at geotags and the text of posts, "you can easily find out where people live, what kind of things they have in their house and also when they are going to be away," said Robin Sommer, who authored the recent paper "Cybercasing the Joint: On the Privacy Implications of Geotagging" with Gerald Friedland. Peter Eckersley of the Electronic Frontier Foundation said he believes few people are aware of geotagging capabilities, "and consent is sort of a slippery slope" due to the complexities of disabling such functions. (Registration may be required to access this story.) Editor's Note: See our related story in this month's edition of Inside 1to1: Privacy.
Full Story

SOCIAL NETWORKING

Facebook Working To Fix Privacy Flaw (August 12, 2010)

Following a security researcher's announcement that entering an e-mail address into Facebook's login page with an incorrect password could result in access to the user's name and profile photo, the company has acknowledged it is working on fixing a bug that it says "temporarily prevented" its systems from working correctly. InformationWeek reports on Secfence Technologies CEO Atul Agarwal's discovery that such details could be exposed regardless of user privacy settings. Another researcher found that the site suggested valid user names, profile pictures and e-mail addresses when supplied with an incorrect e-mail address that was similar to a valid one, the report states. A Facebook spokesperson noted, "We are already working on a fix and expect to remedy the situation shortly."
Full Story

DATA PROTECTION

PCI DSS 2.0 Summary Unveiled (August 12, 2010)

The PCI Security Standards Council has released a summary of anticipated changes to the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA DSS), Bank Info Security reports. The 12 proposed changes are designed to clarify certain aspects of the standards and provide additional guidance, among other aims. There are no new requirements in version 2.0. "The relatively minor revisions are a testament to the maturity of the standards and their ability to protect sensitive data," said council General Manager Bob Russo. A more detailed summary of both will be released in September.
Full Story

ONLINE PRIVACY

Google Memo Details Privacy “Soul-Searching” (August 10, 2010)

The Wall Street Journal is reporting on a confidential Google vision statement drafted two years ago, describing the document as a glimpse into the company's "soul-searching" over the use of its "vast trove" of data. "Google is pushing into uncharted privacy territory," the report states, noting, "Until recently, it refrained from aggressively cashing in on its own data about Internet users." According to the report, several of the suggestions included in the "brainstorming document" have been implemented, such as collecting user data to track them for advertising purposes. The next step, the report states, could be for the company to become a clearinghouse for data, which "would put Google--already one of the biggest repositories of consumer data anywhere--at the center of the trade in other people's data as well." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Privacy Modes Aren’t Always Private (August 9, 2010)

"Don't do anything in privacy mode that you wouldn't do with the boss looking over your shoulder," PCWorld warns in an article examining the potential to discover users' online activities through Web browsers' privacy modes. According to the findings of a trio of researchers from Stanford and Carnegie Mellon, privacy modes used by major Web browsers to "cover a user's tracks" after an online browsing session fail to purge all traces of user activities. Browser add-ons and even secure certificates can undermine user privacy, the report states, "So anyone who knows where to look for it can find it and glimpse into a user's Internet travels."
Full Story

PERSONAL PRIVACY—QUEENSLAND

Commissioner Investigating Go Card Data Use (August 6, 2010)

Queensland Privacy Commissioner Linda Matthews has said she'll investigate whether adequate privacy safeguards are in place for Go Card data, reports The Sydney Morning Herald. Commissioner Matthews announced her investigation after reports about the Queensland police using Go Card data to assist in criminal investigations. Police Commissioner Bob Atkinson says the data is an important tool in investigations and that privacy is not something the police take lightly. "To my mind, what this is all about is...us being responsible in terms of when we use Go Cards for information." According to the report, the police will soon make a submission to the Privacy Commissioner.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Point and Click Property Values (August 6, 2010)

A new property app for the iPhone gives users detailed valuation information on houses by pointing their handsets at them, reports The Sydney Morning Herald. Designed by a bank, the software aims to help real estate agents, buyers and sellers make better business decisions, but it has also raised privacy concerns. Geordie Guy of Electronic Frontiers Australia says people may not be comfortable with augmented reality technology making previously difficult-to-access information readily available. "A long-held defence of carelessness with private information is that in order to access it, one has to know what sort of information it is and go looking," said Guy.
Full Story

ONLINE PRIVACY

Company: No Special Access to Blackberry User Data (August 6, 2010)

Research in Motion (RIM), the company behind BlackBerry smartphones, is rejecting reports that it would allow the Indian government access to user data shared via email and instant messaging. The Guardian reports that India, following bans by the United Arab Emirates and Saudi Arabia, had warned it could block some BlackBerry services based on concerns about encrypted e-mail. RIM has since issued a statement that suggestions it would allow governments to have special access to customers' data were "unfounded." The company has said that its services have been designed "to preclude RIM, or any third party, from reading encrypted information under any circumstances since RIM does not store or have access to the encrypted data."
Full Story

DATA PROTECTION—HONG KONG

Octopus CEO Resigns over Privacy Scandal (August 5, 2010)

Amid pressure over her handling of a data privacy scandal, the CEO of Octopus Holdings has resigned, The Wall Street Journal  reports. The company last week admitted to selling the personal data of nearly two million customers to third parties. In a statement Wednesday, Prudence Chan said that though she doesn't believe Octopus violated any laws or regulations under her watch, she decided to step down as the company works to regain public trust and confidence. "I believe the current issues could have been better handled and for that, I sincerely apologize to our customers and the community," Chan said. Meanwhile, the government has signaled that it will increase privacy protections. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

Keating: Protect Privacy in Info Age “Free-for-All” (August 5, 2010)

Former Australian Prime Minister Paul Keating is voicing his support for a proposal by the Australian Law Reform Commission to create national legislation that would punish businesses and organizations responsible for ''unwarranted and serious breaches of privacy'' with tough financial sanctions, The Age reports. Keating's comments follow on a push by Sen. Joe Ludwig for the Australian Privacy Act to be amended with "serious sanctions" to ensure individuals' privacy rights are protected. Speaking in support of tougher legislation, Keating said, "This is likely to concentrate minds on the importance of compliance with privacy principles a little more than hitherto."
Full Story

ONLINE PRIVACY

Google CEO Discusses Technology and Privacy (August 5, 2010)

Speaking at this week's Techonomy conference in the U.S., Google CEO Eric Schmidt discussed some of the privacy-related issues spurred by the advent of new and evolving technology. Schmidt's examples included the use of computers and artificial intelligence to identify people from their online photos, CNET News reports, as well as using data collected by location-based services not only to show where people are but to predict where they are going. Schmidt said that technology is good, but the only way to manage the challenges is "much greater transparency and no anonymity" as "true anonymity is too dangerous."
Full Story

ONLINE PRIVACY

Privacy Breaches in the Clouds? Blame the Customer (August 5, 2010)

When it comes to computing in the cloud, the default contract from many major cloud providers puts the onus for any privacy problems on the customer--even if the provider is at fault for the breach, Steven J. Vaughan-Nichols writes in a report published in the San Francisco Chronicle. "You should ask questions about data security and privacy during the preliminary stages, even before you get to the contract," warns Tanya Forsheit, CIPP, of Info Law Group. "You should ask them what kind of privacy and security controls they have, whether they'll let you audit their security and what they will agree to in regards to liability." Vaughan-Nichols notes that "when it comes to cloud computing, it's better to be safe than sorry regarding both the legal and technical issues." Editor's Note: This year's Privacy Academy will feature multiple breakout sessions related to cloud computing.
Full Story

ONLINE PRIVACY

Citizens, Activists Denounce Nations’ Internet Monitoring (August 4, 2010)

Across the globe, critics believe governments have been engaged in a "surveillance land-grab" when it comes to online information, The Christian Science Monitor reports. The article examines such recent developments as a lawsuit in Ireland challenging the EU's efforts to collect and store personal data, the UAE's plan to ban BlackBerry use unless it can monitor user information and a push in the U.S. to allow the government access to browser histories and e-mail addresses without judicial oversight. "Online privacy has become a key civil liberty battleground," the report states, noting that across Europe, for example, "a backlash against the storage of private data is growing."
Full Story

ONLINE PRIVACY

Researchers Propose “PseudoID” for Web Logins (August 4, 2010)

Google researchers are proposing using a system called "PseudoID" to protect the privacy of Internet users, InformationWeek reports. A paper presented at a conference in July describes how the system would use blind cryptographic signatures to generate pseudonyms that would allow the users to be authenticated to log into Web sites without being identified. Under current sign-on systems, the researchers note, user login information is passed through an identity provider, presenting privacy risks. Should PseudoID be adopted, the report notes, online identity providers would be prevented "from amassing information about Internet users that could harm user privacy if exposed."
Full Story

ONLINE PRIVACY

Did Last Week Mark the End of Privacy? (August 2, 2010)

CNET News reports on a conversation between media industry pundit Jeff Jarvis and Danah Boyd of Microsoft that took place at the Supernova conference in Philadelphia, PA, last week. Both speakers weighed in on privacy in the framework of social networking, the government and the media. Boyd noted security, protection of PII and avoiding embarrassment as reasons people tend to uphold privacy, while Jarvis warned that alarmism over privacy may cause people to miss "getting to the benefits of publicness that the Internet makes possible." Meanwhile, a Telegraph blogger writes about online data sharing, questioning whether the "end of privacy" has come.
Full Story