ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

ONLINE PRIVACY—AUSTRALIA

Could the Cloud Enhance Privacy? (November 30, 2010)
Collaboration across borders is vital to reduce cloud computing risks, Minister for Privacy and Freedom of Information Brendan O'Connor said at the annual iappANZ conference this week. Privacy Commissioner Timothy Pilgrim, meanwhile, noted at the event, "Cloud computing has the potential to be privacy enhancing," but added, new laws will require organizations to take more responsibility for the information they collect. O'Connor said privacy laws are being reviewed so that "a robust privacy framework" is developed in Australia, Computerworld reports, but he also stressed that it will be "collaborative efforts between government and organizations that will create the tools to protect us all."

PRIVACY LAW—PHILIPPINES

Commission Optimistic About Data Privacy Act (November 30, 2010)

The Commission on Information and Communications Technology (CICT) chairman is optimistic that legislators will pass the Philippine Data Privacy Act before the Christmas recess, Inquirer.net reports. Chairman Ivan Uy says he hopes House Bill 3828, now pending in congress, will be submitted by the end of the year, adding that it's important the bill is passed because of increases in data processing outsourcing. "We are seeing that a lot of personal information and info that need to be secured are coming onto our shores from all over the world," Uy said. "Those countries are becoming concerned that their data in the Philippines might not be secure, that it could be stolen; it could be compromised." The act would criminalize unauthorized personal data processing, punishable with fines and jail time.
Full Story

DATA PROTECTION—AUSTRALIA

Smart Meters Begin Rolling Out (November 25, 2010)

The Australian reports on EnergyAustralia's plan to deploy 15,000 smart meters in New South Wales in preparation for the first national smart grid. The utility will conduct a privacy impact assessment in response to concerns that smart meters could be accessed by thieves or marketing companies in order to gain information about consumer energy usage. The utility will also meet with Privacy Commissioner Timothy Pilgrim and the federal government to discuss privacy concerns. Pilgrim said Australian privacy laws should be extended to protect households and shared concerns that the data smart meters collect could reveal private details of residents' lives, including whether their homes are alarmed or which appliances they use.
Full Story

PRIVACY LAW—QUEENSLAND

Commissioner: Transit Authority Breached Privacy Act (November 25, 2010)

Privacy Commissioner Linda Matthews has found that the South-East Queensland Transit Authority provided information to police in contravention of the Privacy Act, ABC News reports. The commissioner launched an investigation earlier this year after media reports that police were using travel records captured by the electronic Go Card ticketing system to track potential witnesses and suspects in criminal cases. The commissioner's review of about 50 police investigations that sought Go Card data, which has been tabled in the Queensland Parliament, says that in most cases TransLink did not have enough details of the police investigation to satisfy that such disclosure was necessary.
Full Story

DATA LOSS—AUSTRALIA

Telstra Acknowledges Second Privacy Breach (November 25, 2010)

Approximately 3,000 Telstra customers may have had their privacy breached while using the company's Tribe service, The Sydney Morning Herald reports. The service aggregates social media sites, the report states, and some customers' social networking sites that were accessed using Tribe could be accessed by other Tribe customers. "Most, if not all, affected customers have been rung over the past week or so," a Telstra spokesman said. The latest breach follows a recent report of a Telstra incident where 220,000 letters containing account information were sent to the wrong customers.
Full Story

ONLINE PRIVACY—SOUTH AUSTRALIA

Advocates: Privacy Law Reforms Needed (November 25, 2010)

The Independent Weekly reports on the call to reform privacy laws across Australia and the lack of state privacy legislation in South Australia. State Guardian for Children Pam Simmons is among those suggesting the 1988 Privacy Act is outdated, noting the South Australian government is rolling out information-sharing guidelines she believes should be replicated nationally. Australian Privacy Commissioner Timothy Pilgrim said proposed reforms to the Privacy Act will reduce complexity around sharing information, but noted the act "in no way stops information being shared where a duty of care exists to protect children from harm."
Full Story

PERSONAL PRIVACY—VICTORIA

Database Raises Advocates’ Concerns (November 25, 2010)

AAP reports that Victoria's major political parties have compiled "vast dossiers of personal information on voters," raising concerns among privacy advocates. News reports state the database includes personal information on tens of thousands of Victorians, including health and financial data. Political parties are exempt from privacy laws that might prevent other entities from collecting similar data, the report states. "If a state or federal department or a business with turnover of $3 million or more did that, they would be in breach of either the state or federal privacy acts," said Michael Pearce of Liberty Victoria.
Full Story

TRAVELLERS’ PRIVACY

Scanner Privacy Fears Persist (November 25, 2010)

While a U.S. privacy expert has voiced concerns about the Transportation Safety Administration's policies and use of airport scanners to federal officials in that country, News.com.au reports on lingering concerns about the scanners due to be rolled out in Australian airports next year. Pointing to an incident where scans from a similar device at a U.S. courthouse were shared online, the report points to advocates who believe continued privacy concerns are warranted when it comes to use of the scanners.
Full Story

ONLINE PRIVACY

Profiling Technology Making a Comeback (November 24, 2010)

Two years after an outcry by privacy advocates in the U.S. and UK appeared to squelch its use, deep packet inspection is on the verge of a comeback, The Wall Street Journal reports. Deep packet inspection is more powerful than other tracking techniques "because it can be used to monitor all online activity, not just Web browsing," the report states. Two U.S.-based companies now pitching use of such services have said they protect user privacy with such steps as user consent. The FTC has stated providers "should, at a minimum, notify consumers that the ISP was mining the information and obtain clear consumer consent." (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Smartphones in the Workplace: A Problem? (November 23, 2010)

A recent survey found that eight out of 10 CIOs rank data breaches as their top security concern and think that using smartphones in the workplace increases their vulnerability to attack, InformationWeek reports. Market researcher Ovum and the European Association for e-identity and Security released the survey's report this week, which also found that half of organizations fail to authenticate employees' mobile devices but that 48 percent of employees are allowed to use personal mobile devices to connect to corporate systems. "Employees will want to use their devices, no matter who owns them, for both their work and personal lives," said an Ovum spokesman, adding that it's unrealistic to delineate between those uses.
Full Story

PRIVACY LAW—NEW ZEALAND

Article 29 Party to Eye New Zealand Adequacy (November 19, 2010)

At its December 7-8 meetings in Brussels, the European Union Article 29 Working Party will consider whether New Zealand's data protection regime provides adequate privacy protection for EU citizens' personal data, according to a draft agenda released this week by the working party, which is comprised of data protection officials from the 27 EU member states. The commissioners will also discuss the European Commission's recently released outline of proposals for amending the EU Data Protection Directive (95/46/EC).
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Correction: Privacy Commissioner Considering Amendment (November 19, 2010)

Last week's ANZ Dashboard Digest erroneously reported that the privacy commissioner of New Zealand had released a new credit reporting privacy code. In actuality, the privacy commissioner is considering a proposed amendment to the Credit Reporting Privacy Code that was released for public comment in June of this year. The commissioner's office accepted public comments on the proposed changes through August and is today "continuing to consider" the amendment, according to Assistant Commissioner Blair Stewart. "The amendment proposes some changes to New Zealand credit reporting law, including a move to more comprehensive credit reporting," Stewart said, noting that the privacy commissioner "will issue the amendment, possibly with some changes as a result of submissions, in the coming months. Any changes to the code would come into force in 2011 or 2012."
Full Story

DATA LOSS—VICTORIA

Union’s Tax File Numbers Breached (November 19, 2010)

The Australian reports on alleged privacy breaches at Victoria's largest infrastructure project, including unauthorised access to the tax file numbers of union members and delegates and the use of a software program to source, collate, data-match and link employee information. Victoria Privacy Commissioner Helen Versey said the project would be bound by the Information Privacy Act because it was contracted to perform work by the state, which means only information relevant to employees' performance of their job duties could be gathered and no information could be shared with third parties. Privacy law experts noted that courts could fine employers up to $100,000 for improperly gathering information about employees.
Full Story

ONLINE PRIVACY—AUSTRALIA

Storm Brewing on Cloud Computing (November 19, 2010)

The Sydney Morning Herald examines the "next big thing" in the IT world--cloud computing. By some estimates, 20 percent of organizations will have moved to the cloud by 2012. The article looks at the main privacy and security concerns associated with the cloud, such as the potential for breaching data privacy legislation, cross-border data transfer requirements and other compliance challenges. "It is no wonder, then, that the CIOs of many financial services businesses, in particular, are proceeding with caution," the report states. The author goes on to describe ways to navigate a move to the cloud. Editor's note: Learn more about cloud computing at the upcoming "Silver Lining: The Privacy Umbrella of Cloud Computing."
Full Story

ONLINE PRIVACY—AUSTRALIA

Large-Scale Mining Powers Are Biggest Threat (November 19, 2010)

This week, ZDNet's program "Patch Monday" featured iappANZ President Kevin Shaw, who discussed the privacy challenges that come with online technological advances. Shaw said that perhaps more threatening to privacy than social networking or tracking cookies is large-scale data mining by corporations and the risk that the profiles they create will be misused. Shaw also discussed the combination of cookies, social networking and cloud computing, saying regulators and businesses are just beginning to understand the privacy implications and the right questions are beginning to be asked. Editor's note: Hear more from Kevin Shaw at the iappANZ's annual conference "Silver Lining: The Privacy Umbrella of Cloud Computing" in Sydney, on 30 November.
Full Story

ONLINE PRIVACY—NEW ZEALAND

Voyeurism Stilted on Shopping Site (November 19, 2010)

The online shopping site 1Day has altered its "watch people shop live" feature--which displays an interactive graphic with the first names and purchases of customers--after blog posts called out the feature for privacy violations. The National Business Review reports that the site now allows customers to opt in to the feature using an alias. A blog post this week called the feature "clearly in breach of the Privacy Act," adding, "It may be fine to show John from Waikato, or Tim from Auckland, but I suspect there is not more than one Kanwalpreet in Upper Hutt." A 1Day representative said that the company is "very mindful" of customers' privacy and it made the changes "as a direct result" to comments on the blog.
Full Story

PRIVACY LAW—NEW ZEALAND

Doctor to Face Human Rights Tribunal for Disclosure (November 19, 2010)

An Invercargill doctor says settling out of court over a privacy complaint lodged against him would be "moral cowardice." Robert Henderson is due to appear before the Human Rights Tribunal on 30 November, TVNZ reports, for calling a nursing home to tell the charge nurse that one of the home's employees asked for opiates at his office. Privacy Commissioner Marie Shroff, with whom the employee filed a complaint, ruled that Henderson should have only told the nursing home's manager. However, the High Court of Wellington overturned that ruling earlier this year. The Office of Human Rights Proceedings has urged Henderson to settle.
Full Story

PRIVACY LAW—HONG KONG

Commissioner Serves Enforcement Notice on Telecomm (November 19, 2010)

Privacy Commissioner for Personal Data Allan Chiang has served an enforcement notice to a telecommunications company after a customer complained that his "do not call" request had been ignored. The incident involved a call to the customer by a direct marketing agency affiliated with the telecommunications company and using its call list. Chiang has ordered the telecommunications company to enhance its protocols for adhering to opt-out requests and to conduct random compliance checks.
Full Story

PRIVACY LAW—HONG KONG

Chiang Calls for Do-Not-Call List (November 17, 2010)

Hong Kong Privacy Commissioner for Personal Data Allan Chiang Yam-wang has recommended the creation of a do-not-call register and a law requiring telemarketers to make known to recipients the source of their personal information, reports the South China Morning Post. While citizens have the ability to opt out of electronically generated calls and faxes through an Office of the Telecommunications Authority (OFTA) registry, the report states, there is currently no opting out of telemarketer calls. Chiang suggests that the OFTA regulate the do-not-call list, which he says would give the public a "one-stop service." Meanwhile, Chiang continues to push for the right to carry out criminal investigations and impose fines for severe breaches.
Full Story

ONLINE PRIVACY

Analysts, Others React to New Messaging System (November 17, 2010)

Analysts and others are reacting to news that Facebook has launched a messaging system, Computerworld reports. Company founder Mark Zuckerberg introduced Facebook Messages at a press conference earlier this week. The system will enable e-mail, instant messaging, SMS and Facebook messages, and the company will archive conversation histories, according to a Deutsche Welle report. "The more Facebook puts itself in a position to receive, store and safeguard the most private communications we have, the more Facebook will need to be vigilant to protect privacy and guard against hacking and theft," said Forrester Research analyst Augie Ray. 
Full Story

ONLINE PRIVACY

Studies Point to Benefits of Privacy Icons (November 16, 2010)

Two recent studies indicate that privacy icons are effective, The New York Times reports. The first study, conducted by TRUSTe and Publishers Clearing House over six months, allowed users to click on an icon to learn about interest-based ads, provide feedback and opt out. Only 1.1 percent chose to opt out of all advertising networks. A study by Better Advertising and Dynamic Logic analyzed reactions to the Digital Advertising Alliance's icon, finding that 67 percent preferred brands that gave them more control, including opt-out provisions. "The level of transparency and control accrues really positive benefits to the brands that take this extra step," said Scott Meyer of Better Advertising. (Registration may be required to access this story.)
Full Story

BIOMETRICS—AUSTRALIA

International Students Subject to Scanning (November 12, 2010)

The president of the Council of International Students Australia has called for clear rules to protect privacy within the Immigration Department's plan to administer biometric tests, including fingerprints and facial recognition, on foreign students in the country, The Australian reports. The anti-terrorism measure follows a report the department received last year that assessed Australia's student visa program and raised concerns about identity fraud in higher and vocational education visas, the report states. The executive director of the International Education Association of Australia said the fight against identity theft involves potential students, too.
Full Story

EMPLOYEE PRIVACY—VICTORIA

Commissioner Advises on Workplace Privacy (November 12, 2010)

Victoria Privacy Commissioner Helen Versey yesterday released guidance to Victorian public-sector organizations about employee monitoring practices. The information sheet advises employers to be mindful of responsibilities under the Information Privacy Act when collecting employee information, conducting video surveillance and monitoring online and e-mail transactions. Versey reminds employers that video surveillance may be used in public places for safety or security, but monitoring employees beyond those purposes requires that the employer notify employees that the taping is occurring and the reasons why. "Having clear and accessible policies protects both the organization and its employees and can prevent the misuse of e-mail and the Internet," she said.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Opinion: EHR Privacy Could Mean Inaccuracy (November 12, 2010)

Though ensuring accurate information and privacy protections are central to Australia's plans to implement electronic health records, the two may not sit well together, opines an ethicist at Murdoch Children's Research Institute in The Sydney Morning Herald. Consumers' ability to control what healthcare providers can view may have unintended consequences, Merle Spriggs writes, such as incomplete health records due to patients' fears they may be discriminated against or stigmatized if sensitive information is disclosed. "We will need to understand the implications of witholding information," he said, adding that questions remain about the plan's logistics.
Full Story

PRIVACY LAW—SOUTH AUSTRALIA

Guardian for Children Calls for Privacy Rule Reform (November 12, 2010)

State Guardian for Children Pam Simmons is calling for changes to privacy rules that prevent government agencies from sharing information about abused and neglected children, Adelaide Now reports. Simmons, whose calls for changes are echoed by Child Death and Serious Injury Review Committee chair Deej Eszenyi, has released examples of instances where abuse, neglect or death occurred because of a lack of intergovernmental information sharing amidst an ongoing debate about the privacy rules. "At the moment, if a (federally funded) health centre, for example, knows a child is at risk of suicide or serious harm from abuse or neglect, they can't immediately warn a state school without the individual's consent," Simmons said.
Full Story

BEHAVIORAL TARGETING—AUSTRALIA

Political Parties Milking Use of Cookies? (November 12, 2010)

The Sydney Morning Herald reports that the Web sites of several political figures commonly plant cookies on visitors' computers in order to track Internet movement and serve more targeted ads. The Web sites of two political candidates and one political party planted Flash cookies that are capable of storing more data than typical cookies, have no expiration date and are stored on an external server, which makes them difficult to delete, the report states. Privacy Commissioner Timothy Pilgrim said aggregated data might enable user identification. "Unless you've got a detector or know what you're looking for, you won't know they're there," said one expert.
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner: Telco Bill Requires Guidelines (November 11, 2010)

The Office of the Australian Information Commissioner has warned that privacy gaps exist in the government's proposed Telecommunications Interception and Intelligence Services Legislation Amendment Bill 2010, Computerworld reports. Privacy Commissioner Timothy Pilgrim has called for the creation of guidelines and binding rules to balance the country's security and privacy needs. Pilgrim has specifically suggested guidelines on law enforcement agencies' handling of personal information, rules for telecommunications organizations on disclosing data in cases of missing persons and for a framework to support privacy in the sharing of data between intelligence agencies. Pilgrim's recommendations follow those of the Australian Privacy Foundation, which said in October it had "most serious concerns" about the bill.
Full Story

PRIVACY LAW—THAILAND

Law or Commission Needed To Protect Citizens (November 10, 2010)

While Thailand's lower house considers a Data Protection Act draft, Surankana Wayuparb of the Electronic Transaction Commission suggests that an independent commission is needed to protect citizens' privacy rights, reports the Bangkok Post. Wayuparb said of utmost concern is the growing use of technology such as the Internet and wireless networks. She stressed that the commission be made up of experts from private organizations and human rights bodies who are fully versed in these technologies, the report states. Meanwhile, the deputy commander at the Technology Crime Suppression Division said the problem lies with people using this technology inappropriately.
Full Story

SOCIAL NETWORKING

Web Company: Put Privacy Before Ads (November 9, 2010)

Founders of a new browser aimed at social network users are not planning on selling ads, The Wall Street Journal reports, because they believe it will be a conflict of interest with user privacy. RockMelt made its public debut in a test version Monday, the report states, and while it has some big-name investors, the company has said that when it comes to making money, an ad network is not part of the plan. The focus, said co-founder Tim Howes, is on improved Web browsing, and "you can't have a good user experience if somebody is (taking) your data and using it to sell ads." (Registration may be required to access this story.)
Full Story

DATA RETENTION—AUSTRALIA

Opinion: Data Retention Plan Wide Open to Abuse (November 9, 2010)

The Australian Federal Police (AFP) says the government's proposal for a new data retention plan aims to maintain the status quo, which AFP assistant commissioner Neil Gaughan says is problematic, as illustrated by the Office of the Commonwealth Ombudsman's recent report findings. The report, released last week, found continued disagreement on data storage requirements between government agencies and telecommunications carriers, "compounded by a lack of record keeping." In a ZDNet editorial, Josh Taylor writes that the system would be wide open to abuse and that the possibility exists that the plan would give police "unprecedented and undocumented access to every move we make online." Privacy Commissioner Timothy Pilgrim has also expressed concern.
Full Story

GEO PRIVACY

Location-Based Services See Success Ahead (November 8, 2010)

The location-based services industry has had no problem finding investors. That's because of how valuable the currency that is personal data is to marketing, The New York Times reports. Advertisers plan to spend $1.8 billion on location-based marketing in 2015, according to ABI Research. And users are happy to give up their personal data for a service they find useful, the report states, even despite concerns about their privacy. "Many people are in a more 'transactional' frame of mind" when it comes to their personal information, said the director of the Internet and American Life Project. "They will share information if they think they can get something of value for it." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Somebody’s Camera Is Watching You (November 8, 2010)

They are tiny, lightweight and can even be worn tucked into your hair accessory or just above your ear as they record everything that's going on around you. The New York Times reports on these "wearable" cameras that have the ability to "record life's memorable moments as they unfold" and the privacy questions they raise. Harvard Prof. Jonathan Zittrain suggests that with proper procedures in place, the cameras could help future historians, noting, "We have painstakingly reconstructed ancient civilizations based on pottery and a few tablets... I would love to leave this legacy instead." However, he also acknowledges that as photos and video of unsuspecting individuals show up on the Internet, the devices are likely to raise privacy concerns. (Registration may be required to access this story.) Editor's note: Read more about the practice of recording every moment in the feature, "Valuing, protecting and commoditizing your personal information: Is 'data banking' the answer?" from the June edition of Inside 1to1: Privacy.
Full Story

DATA LOSS—AUSTRALIA

Commissioner, ACMA Investigating Mailing Breach (November 5, 2010)

PSnews reports that the Australian Communications and Media Authority (ACMA) and the Office of the Privacy Commissioner will work together to investigate a breach that resulted in 220,000 Telstra customers receiving letters that included other customers' names, phone numbers and telephone plans. Telstra, which has taken responsibility for the breach, has promised to cooperate fully with ACMA and the commissioner's office. "While I welcome Telstra's prompt advice that this incident occurred and that it has taken steps to contact affected customers, I am concerned about the amount of personal information that has been disclosed," said Privacy Commissioner Timothy Pilgrim. "Customers expect their personal data to be protected by organisations and incidents such as this are very serious."
Full Story

PRIVACY LAW—HONG KONG

Data Protection Concerns Grow (November 5, 2010)

Concerns about data protection have grown after the revelation that Octopus Holdings Ltd. shared the personal data of about two million customers, according to the firm Angela Wang & Co., which says an appeals board's recent ruling should serve as a "useful insight" as to how banks handle customer data. In Wing Lung Bank Limited vs. Privacy Commissioner for Personal Data (PCPD), the bank entered into an agreement with a third-party insurance company that used customer contact information to promote insurance products over the telephone. After an individual complained about her personal data being transferred without consent, the PCPD issued an enforcement notice to the bank, which appealed the notice but lost.
Full Story

ONLINE PRIVACY—UK & AUSTRALIA

In UK, WiFi Collection Violated Law (November 5, 2010)

UK Information Commissioner Christopher Graham has determined Google's inadvertent collection of personal data through its Street View vehicles was a "significant breach" of the Data Protection Act, BBC reports. Google must now sign an undertaking to ensure data protection breaches do not happen again and delete the data it collected. "We are profoundly sorry for mistakenly collecting payload data in the UK from unencrypted wireless networks," said Peter Fleischer, Google's global privacy counsel, noting, "We are in the process of confirming that there are no outstanding legal obligations upon us to retain the data and will then ensure that it is quickly and safely deleted." Meanwhile, the Australia Privacy Foundation is criticizing Australia's former privacy commissioner for her handling of the Street View incident.
Full Story

CCTV—AUSTRALIA

The Art of Surveillance (November 5, 2010)

ZDNet reports on an effort by university students to draw attention to the presence of video surveillance in public spaces. While CCTV cameras are growing in number and may now incorporate such features as higher resolution and facial and behavioural recognition, "not everyone is aware of the capabilities or prevalence of surveillance, a fact that has made many privacy advocates jittery," the report states. Enter University of Technology students Audrey Ano, Claudia Muscardo and Stephanie Shehata, who are using art installations to spread the word about CCTV cameras in Sydney. "We want the public to be informed about the surveillance in operation," Muscardo said.
Full Story

ONLINE PRIVACY—AUSTRALIA

Web Company Fined for Spam Act Violation (November 5, 2010)

Web design company Bunology has been fined $11,000 following an investigation by the Australian Communications and Media Authority (ACMA) into an e-mail marketing campaign using addresses downloaded from the Internet. ACMA has announced the fine followed the determination that the e-mails violated the Spam Act 2003. "Downloading an e-mail list from an unknown Internet source is asking for trouble, as you almost certainly will not have consent to promote your business to the e-mail addresses on the list," said ACMA Chairman Chris Chapman. "Consent is key to the operation of the Spam Act."
Full Story

CHILDREN’S PRIVACY

Eye-Spy Barbie? (November 4, 2010)

The Sydney Morning Herald reports that Barbie may be getting older, but she is certainly keeping up with new technology--with her most recent iteration, complete with a built-in camera, raising privacy concerns. The Barbie Video Girl doll comes equipped with the ability to record up to 30 minutes of video and a color LCD screen in her back. The doll is being criticized for enabling children to film themselves and others using the hidden camera in the doll's necklace, creating videos that can then be transferred to a computer. Some experts suggest better privacy laws are needed to protect children against the potential inappropriate use of technology.
Full Story

PERSONAL PRIVACY—CHINA

Citizens Reluctant to Reveal Personal Info (November 2, 2010)

The Chinese government is acknowledging that citizens' reluctance to offer up personal information to census takers may hamper efforts to get an accurate read on how the country has changed over the past 10 years. The Christian Science Monitor reports that a pre-census poll revealed "more refusals to cooperate with the census," according to the deputy head of the census project. In an effort to quell concern, the deputy premier went on television asking citizens to provide accurate data and warning enumerators to keep personal information confidential, the report states. Meanwhile, a long-distance running program at about 100 universities throughout the country is drawing complaints from students over its requirement that they provide fingerprints in order to participate.
Full Story

ONLINE PRIVACY

Rethinking Privacy in the Cloud (November 2, 2010)

With privacy concerns abounding when it comes to Internet use and cloud computing, eSecurityPlanet explores the idea of rethinking privacy in the cloud. "To gain some clarity on the cloud privacy issue, it is helpful to break down the exposure use cases into three categories," the report states, focusing on the issues of unintentional user-driven data leaks, lack of provider protections and intentional breaches perpetrated for monetary gain. When it comes to cloud computing, the report suggests, "providers have a responsibility to let users and enterprises know when they're using our information to hop on the marketing gravy train and selling sensitive information to other vendors and advertisers." Editor's Note: The upcoming IAPP Practical Privacy Series will feature a session on cloud computing issues entitled "Cutting Through the Cloud Computing Fog: Evaluation, Adoption, Privacy and Security."
Full Story

SOCIAL NETWORKING

Facebook Suspends Apps for Sharing User Data (November 1, 2010)

The Wall Street Journal reports that Facebook has announced a data broker paid application developers for users' information, prompting the world's largest social networking site to place some of its app developers on a six-month suspension. In its announcement, Facebook wrote that it has a "zero tolerance" policy for data brokers "because they undermine the value that users have come to expect from Facebook," the report states. The company has said the apps in question were not providing data that users had set as private, but wrote that "this violation of our policy is something we take seriously." Facebook has not named the app developers or data broker involved, the report states. (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY

PCI DSS Changes Welcomed (November 1, 2010)

Although the PCI Security Standards Council (PCI SSC) revisions to the PCI data security standard (PCI DSS) and payment application data security standard (PA DSS) have been described as minor, the response so far has been positive, SC Magazine reports. The new version, which will go into effect on Jan. 1, "does not introduce any new major requirements, and the majority of changes are modifications to the language, which clarify the meaning of the requirements and make understanding and adoption easier for merchants," the report states. The report highlights the positive responses by several organizations and data protection professionals to the changes announced last week.
Full Story

DATA RETENTION—AUSTRALIA

Senate Inquiry on Retention Regime (November 1, 2010)

According to the Australian Attorney General's Department, the government has proposed a new data retention plan because of fleeting data records kept by voice over Internet protocol (VoIP) communications, Computerworld reports. At a senate inquiry into the plan, the Australian Federal Police assistant commissioner referred to the plan as maintaining the "status quo" and said only the time, cost, location and persons involved in a communication would be retained under the proposed plan. Greens Sen. Scott Ludlam criticized the department for not consulting the public about the proposal "I would have thought in the light of this expansion of data to be retained you would be talking to civil libertarians, privacy activists, take your pick," he said.
Full Story

SOCIAL NETWORKING

Filling Privacy’s Generation Gap (November 1, 2010)

Michael Geist writes of this past week's 32nd Annual Data Protection and Privacy Commissioner Conference and the focus on the perception of "a growing privacy divide between generations, with older and younger demographics seemingly adopting sharply different views on the importance of privacy." In this Toronto Star report, he writes that "longstanding privacy norms are being increasingly challenged by the massive popularity of social networks that encourage users to share information," citing strategies to balance openness and personal privacy while ensuring companies "understand the legal limits on collecting, using and disclosing personal information and for users to know that the law stands ready to assist them if those rules are violated."
Full Story

PRIVACY LAW—AUSTRALIA

Office of Information Commissioner Launched (November 1, 2010)

The Office of the Australian Information Commissioner (OAIC) has been officially launched with the mission of championing open government, Computerworld reports. The office, headed by Information Commissioner John McMillan, will include Australian Privacy Commissioner Timothy Pilgrim and was officially launched by Minister for Privacy and Freedom of Information Brendan O'Connor. They will be joined by Australia's first freedom of information commissioner, James Popple, an adjunct lecturer in the school of computer science at Australian National University. Popple, appointed on October 29, will be responsible for freedom of information requests. The OAIC "fills a major gap in the system," McMillan said, adding it aims to promote better information management by government.
Full Story