ANZ Dashboard Digest

Putting its regard for privacy compliance to the fore, the iappANZ Board has this week taken the decision to opt in to the obligations of the new privacy legislation. You will see our new privacy policy, and we welcome any comments as it has been a collaborative effort by some of Australia’s finest privacy minds. We understand that the privacy commissioner will be talking about ways to improve organisations’ privacy policies at the OAIC Privacy Awareness Week Breakfast, so if you are revising yours, it is an event not to be missed. In news this week you will also see that AMSRO has also applied to register a non-mandatory code of practice.

Now that 12 March is over, we are starting to see less of the doomsday reports and more of the innovation which the OAIC encourages. We expect plenty of new ideas in Privacy Awareness Week in May. We are delighted to confirm that the deputy chair of the ACMA will be joining the ALRC and OAIC representatives in our Great Debate on Australia’s direction on serious invasion of privacy in the digital age.

The article by Brenda Aynsley OAM this week, “Sharing the Values to match the technology,” presents a fascinating counterpoint to the call by Tim Berners-Lee and the World Wide Web consortium in their “Web We Want Campaign.” Aynsley examines the important distinction between “trusted” providers and “trustworthy” providers. Trustworthiness is critical because technology projects continue to have one of the highest rates of failure—failure to deliver on promises, on time, on budget—or all three. Risks such as those presented internationally by Heartbleed or the CDA security breach, which threatens the Personally Controlled Electronic Health Record, mean that the concept of trustworthy will become increasingly significant for privacy professionals that either develop or procure technology. Then, of course, as the story on the use of biometric facial recognition technology in Japan shows, trustworthiness in the party deploying the technology is vital. It will be interesting to hear from Tim Rains on trustworthy computing in Privacy Awareness Week. Hope to meet you there.

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PERSONAL PRIVACY—AUSTRALIA

Reverse Directory Web Site Under Investigation (December 23, 2010)

Privacy experts are investigating a new Web site that allows people to look up the names and addresses attached to landline and mobile phone numbers to determine whether it breaks any privacy or communications laws, reports The Sydney Morning Herald. The Australian Communications and Media Authority (ACMA) claims the site breaks the Telecommunications Act, but the U.S. developer disagrees and has plans to release a smartphone app in the coming months. David Vaile of UNSW's Cyberspace Law and Policy Centre and vice-chair of the Australian Privacy Foundation says the service carries potential criminal risks and has concerns about the requirement that database users log in with their Facebook account information.
Full Story

DATA LOSS

Business Cloud Service Breached (December 23, 2010)

Computerworld reports a breach of address book data belonging to customers of Microsoft's Business Productivity Online Suite (BPOS) Standard occurred in the company's data centers in North America, Europe and Asia. The company has stated that the issue was resolved within two hours of being discovered, noting that "a very small number" of illegitimate downloads occurred and it is "working with those few customers to remove the files." A configuration issue made it possible for other customers in the service to download "Offline Address Book information...in a very specific circumstance," Director of BPOS Communication Clint Patterson said.
Full Story

ONLINE PRIVACY

EFF Co-Founder on Privacy in the Internet Age (December 22, 2010)

On the heels of recent privacy efforts by the U.S. Federal Trade Commission, Commerce Department and technology companies from across the globe, the BBC has published a dialogue with Electronic Frontier Foundation (EFF) Co-founder John Perry Barlow on changes to privacy in this online age and the battle between what governments and organizations know about individuals. Perry Barlow also weighs in with thoughts on how several global corporations do business with regard to privacy and transparency. Individual privacy is eroding, he suggests, adding that it is not "safe to have a world where the individual has no privacy and the institutions go on being private."
Full Story

PERSONAL PRIVACY

Study: Education Lacking on Smart Meters (December 21, 2010)

When it comes to smart meters, consumers are not being adequately informed about their capabilities and the way they will affect privacy. That's according to a new Ponemon study, "Perceptions about Privacy on the Smart Grid," which polled 509 U.S.-based adults and found that 54 percent of those surveyed did not receive information about or know they had a smart meter until after installation. Smart meters will measure home energy usage, in some cases down to the appliance level. The privacy concerns consumers noted were misuse of personal information by the government (53 percent) and failure to protect personal information.
Full Story

ONLINE PRIVACY

Internet Identities Have Nowhere To Hide (December 21, 2010)

In a report for The New York Times, Jenna Wortham retells a personal experience where a stranger tracked her online using her various Internet profiles to ask the question, "As digital identities become increasingly persistent across the Web, is it still possible to reinvent oneself online?" As one expert points out in the report, "As we casually go about our business, we are leaking all kinds of data that someone can piece back together." The report looks at entrepreneurs trying to build "some layers of anonymity back into the Web" and suggests the possibility that "the demands of a digital lifestyle have set a larger cultural transition into motion." (Registration may be required to access this story.)
Full Story

PRIVACY—HONG KONG

Commissioner: Privacy Office Should Prosecute (December 20, 2010)
Privacy Commissioner Allan Chiang feels that privacy-related prosecutions should be left to his office, reports rthk.hk. Speaking at an RTHK program, Chiang said that resource limitations prevent the police from making privacy offenses a high priority. This, and the fact his office has the expertise means that his office should be given the power to prosecute, he said.

ONLINE PRIVACY

Some Apps Are Watching You (December 20, 2010)

Your smartphone may be intelligent--knowing all about your contacts, locations and other information--but it is not good about keeping that knowledge to itself. That's according to a report in The Wall Street Journal that found about half of smartphone apps studied share users' personal information "widely and regularly." The investigation determined that apps share such information as unique IDs, phone location and even gender or other personal details without users' knowledge or consent, the report states. "In the world of mobile, there is no anonymity," a Mobile Marketing Association spokesman said, noting that when it comes to a smartphone, it is "always with us. It's always on." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Navigating Permission Requirements Across Borders (December 20, 2010)

"Privacy and data protection have been major talking points throughout 2010," The Next Web reports in a review of data protection issues of the past year and the ongoing struggles of aligning privacy and permission with regulations that vary from state to state, nation to nation and continent to continent. The report looks at differences in privacy regulation from the U.S. to the EU and beyond. For social networks and online companies, one of the key challenges is "there is no global privacy law," and even with privacy policies "already longer than the U.S. Constitution," the report questions, can such sites "cater to the hundreds of different laws across the lands?"
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Changes to Credit Reporting Regulation Include Privacy Controls (December 16, 2010)

New Zealand Privacy Commissioner Marie Shroff has announced key changes to credit reporting regulation. The changes brought by Amendment No. 4 will let credit reporters collect and use more information about people and will allow for the use of consumers' driver's license numbers for credit matching purposes. Privacy Commissioner Marie Shroff thinks the changes will "bring substantial benefits to individuals," but notes that the more comprehensive reporting also means more intrusion into people's financial lives. "Given the substantial increase in sensitive financial information that will become available to third parties...Amendment No. 4 also has strong new controls to protect privacy," Commissioner Shroff said in a press release.
Full Story

ONLINE PRIVACY—NEW ZEALAND

NZ Commissioner Concludes WiFi Investigation (December 16, 2010)

The Privacy Commissioner of New Zealand has concluded her investigation into Google's collection of data from WiFi networks while photographing cities for its Street View feature, The New Zealand Herald reports. Privacy Commissioner Marie Shroff said that the company breached New Zealand privacy law when it collected the content of people's communications, but she is "pleased that Google has taken full responsibility for the mistakes it made here and that it has improved its practices to prevent future privacy breaches. This includes training their staff better and checking new products carefully before they're released."
Full Story

DATA LOSS—NEW ZEALAND

Travel Company Warns Survey Takers of Breach (December 16, 2010)

A travel insurance company is warning those who participated in a recent survey that their personal information may have been exposed to hackers, The New Zealand Herald reports. AA Travel New Zealand is sending e-mails to nearly 30,000 individuals who participated in its "101 Must Dos for Kiwis" and "Great Kiwi Road Trips" campaigns. "Our site has been accessed by an unauthorized user from outside New Zealand and we have carried out a forensic investigation," said AA Travel marketing manager Rebecca Cherry. "We have given (those affected) the opportunity to completely unsubscribe from our database...and have strongly suggested they change their password," she added.
Full Story

SOCIAL NETWORKING

Sharing Is “The Whole Point” (December 16, 2010)

From a privacy perspective, it would appear to have been a tumultuous year for Facebook. But that's not evident when considering the popularity of the site. The company "continues to add a million-plus new users a day," according to Facebook advisor Mozelle Thompson, who was in Auckland last week for the Asia Pacific Privacy Authorities forum. Thompson said that people join Facebook to share information and that "to create a situation where the default choice is not sharing information would seem to defeat the purpose of the Web site."
Full Story

PERSONAL PRIVACY

Opinion: Four Perspectives on Privacy (December 16, 2010)

The Sydney Morning Herald asked four figures whether personal privacy is a "lost cause." Author and Professor Barbara McDonald said that it is not a lost cause "as far as the law is concerned," while lawyer Bill Orme agreed that personal privacy is not a lost cause but warned that we must figure out how to protect it. "If we are to remain a vibrant society of confident individuals, personal privacy is fundamental," Orme said. Consultant Anna Johnston said the "protection of privacy is often essential to securing other public benefits," and Woman's Day Editor Fiona Connelly said, "If we want the best of the world's communications, we can wave goodbye to privacy."
Full Story

SOCIAL NETWORKING

Facial Recognition Coming to Facebook (December 16, 2010)

Facebook in the coming weeks will release a "tag suggestion" feature that uses facial recognition software to let users automatically identify friends in photos, The Sydney Morning Herald reports. The feature will be rolled out to U.S. users first. In describing the new offering on the company's blog, Facebook engineer Justin Mitchell said, "If for any reason you don't want your name to be suggested, you will be able to disable suggested tags in your privacy settings."
Full Story

DATA THEFT

Feds Find Common Link in McDonald’s Data Theft (December 16, 2010)

More details have emerged in the theft of McDonald's customer data. The Register reports that U.S. Federal Bureau of Investigation (FBI) agents are looking into similar events that may have originated with a marketing services provider based in Atlanta, GA. FBI special agent Stephen Emmett said, "The breach is with Silverpop (Systems), an e-mail service provider that has over 105 customers." Emmett added that the breach "appears to be emanating from an overseas location."
Full Story

PRIVACY—HONG KONG

Commissioner Under Fire for PR Spending (December 15, 2010)

Privacy Commissioner Allan Chiang Yam-wang is facing criticism for spending up to HK$250,000 to hire a public relations firm, the South China Morning Post reports. "This is totally unnecessary and a waste of money," said the vice-chairwoman of the Democratic Party. Chiang said he commissioned the firm's services "to provide strategic input and execution support for the exercise (of the consultation of privacy law), from November 1 to December 31, 2010. The firm has been contacting lawmakers and rights groups on behalf of the commissioner's office to arrange meetings to review the Personal Data (Privacy) Ordinance, the report states. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—PHILIPPINES

Bill To “Sharpen the Country’s Competitive Edge” (December 14, 2010)

The author of data protection legislation is confident that its passage will help solidify the Philippines' position as a global leader in business process outsourcing, a sector that is expected to produce hundreds of thousands of new jobs in the region over the next five years, Inquirer.net reports. "We are absolutely confident that more companies around the world will subcontract their business support jobs to Philippine providers once the proposed Act Protecting Individual Personal Data in Information and Communications Systems is decreed," said House Deputy Majority Leader Roman Romulo. "This will sharpen the country's competitive edge in BPO activities, besides reinforcing consumer trust and user confidence in electronic commerce," he said.
Full Story

PRIVACY LAW—AUSTRALIA

Privacy Act Doesn’t Cover Biometric Data (December 10, 2010)

The Australian government is discussing the possibility of curbing poker machine use using biometric technology, ZDNet reports. But, Isabelle Moeller, general manager of the Biometrics Institute, said that biometric data is not included in the Privacy Act, and she's concerned about what club and casino owners will do with the users' data they collect. "Who ensures how data is collected and when it is destroyed? The [Privacy] Act is not specific enough," Moeller said. The government is reviewing the Privacy Act to make it more responsive to changing technologies, the report states.
Full Story

PRIVACY LAW—NEW ZEALAND

Surveillance Bill Passes First Reading (December 10, 2010)

A bill that would give the Security Intelligence Service stronger surveillance powers has passed its first reading in parliament, The New Zealand Herald reports. While supporting the bill, Labour Party deputy leader Annette King voiced that there needs to be a balance between national security and the right to privacy. Hone Harawira of the Maori Party expressed "grave doubts" about the potential for inappropriate surveillance. The bill passed by a margin of 111 to 9 and now heads to the Intelligence and Security Committee where public submissions will be solicited.
Full Story

ONLINE PRIVACY

Ad Industry Reacts to Do Not Track (December 10, 2010)

The Australian reports that certain aspects of a report released by the U.S. Federal Trade Commission last week have sent the online advertising industry into confusion. Specifically, the industry is concerned about the potential for a do-not-track system that would let Internet users opt out of having data about their online activities collected and used for advertising purposes. Although one advertising industry insider said it's too early to determine whether Australian lawmakers would pursue such a system, a Queensland University of Technology lecturer predicts that Australian consumers would widely support it. Australian advertising bodies are developing industry standards for online behavioural advertising.
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

TestSafe Opens Records to Pharmacists (December 10, 2010)

TestSafe, the healthcare network 1.1 million Aucklanders use to share medical lab results and prescription information with practitioners, has given community pharmacists access to drug dispensing reports, New Zealand Herald reports. Pharmacy Guild President Ian Johnson said the change is an improvement to patient safety, while Auckland Women's Health Council Coordinator Linda Williams voiced patient privacy concerns. "There have to be education campaigns to inform the public of who is sharing their information," she said. A TestSafe spokesman said that in four years, 96 people have opted out of the network. "I think most people want their medical information available to the clinicians looking after them," he said.
Full Story

PRIVACY—ASIA PACIFIC

APPA Forum Ends, New Members Welcomed (December 9, 2010)

The Asia Pacific Privacy Authorities (APPA) forum concluded on Wednesday in Auckland, New Zealand, with members affirming their commitment to continued collaboration on international data protection issues. According to the Office of the New Zealand Privacy Commissioner, this year's meeting was one of the largest so far, and Privacy Commissioner Marie Shroff said, "it was pleasing to welcome three new members: Mexico, the United States and Queensland." Shroff added that continued collaboration "will strengthen our ability to get the best possible outcome for the public's privacy rights." The APPA has also established a working group on technology issues.
Full Story

PRIVACY LAW—SOUTH KOREA

Regulator: Social Network Violates Privacy Protections (December 8, 2010)

A South Korean regulator has announced that Facebook has breached the country's data privacy laws, IDG News reports. The Korea Communications Commission (KCC) has also criticized the social network's handling of personal information as well as its privacy policy, stating that the company needs to improve how it acquires user consent. "Facebook violates the regulations on protection of privacy in information networks," according to the KCC, which has said Facebook now has 30 days to respond to the complaint.
Full Story

DATA LOSS—JAPAN

Leak Exposes Foreign Residents’ Personal Information (December 8, 2010)

The Hunton & Williams Privacy and Information Security Law Blog reports on the release of a book containing Tokyo Metropolitan Police Department anti-terrorism documents leaked on the Internet in October. The 469-page book contains the unedited personal information of foreign residents being monitored by Japanese authorities, the report states, and also includes names of police officers involved in the cases as well as individuals who are cooperating with police investigations. A court has halted sales of the book after several affected individuals demanded legal action to prevent further damage.
Full Story

ONLINE PRIVACY

Study: Popular Sites “Sniffing” Web Histories (December 7, 2010)

While a recent lawsuit accuses an adult Web site of computer fraud for allegedly "history sniffing" its users' Web activity, researchers at the University of California, San Diego, are spotlighting the use of "history sniffing" to track user activity online, eWeek reports. In an analysis of 50,000 popular Web sites, the researchers found that 485 "are capable of inferring browser history data, 63 of which are transferring that data to their network. In addition, 46 sites were actively participating in history sniffing," the report states. One of the report's authors suggests that "the bigger surprise was that there is an entire industry that has grown around this practice--behavioral analytics."
Full Story

PRIVACY LAW—AUSTRALIA

Police: No Charges for WiFi Collection (December 6, 2010)

Australia Federal Police (AFP) has concluded its investigation into Google's collection of payload data off of unsecured WiFi networks, determining that the company may have breached the Telecommunications (Interception and Access) Act (TIA) but "evidence exists to suggest that the potential breach of the TIA by Google was inadvertent." The Age reports that the AFP will not bring criminal charges against the company given the inadvertent nature of the breach and "the difficulty of gathering sufficient evidence required for an examination of potential breaches." In announcing the decision on Friday, the AFP said that it was satisfied in the undertakings the company gave following the privacy commissioner's investigation of the activity earlier this year.
Full Story

ONLINE PRIVACY

Data Miners To Tell Customers What They Know (December 3, 2010)

A group of online tracking companies is building a service set to launch in January that will let consumers see what they know about them, The Wall Street Journal reports. The Open Data Partnership "is the first of its kind in the fast-growing business of tracking Internet users and selling personal details about their lives," the report states, and "will allow consumers to edit the interests, demographics and other profile information collected about them" or choose not to be tracked at all. "The government has told us that we have to do better as an industry to be more transparent and give consumers more control," said a spokesman for the initiative. "This is a huge step in that direction." (Registration may be required to access this story.)
Full Story

PRIVACY—NEW ZEALAND

Annual Report Finds Complaints on the Rise (December 3, 2010)

The number of complaints Privacy Commissioner Marie Shroff's office received increased by 172 from the previous year. That's according to the office's annual report, released this week, which also found that the main areas of concern were Google's collection of data for its Street View feature and competitions and surveys by New Zealand Post, Stuff.co.nz reports, and that more than 7,000 enquiries were made by the public seeking privacy advice. There continue to be concerns surrounding electronic health records and the collection of health information in addition to New Zealanders' use of social networking sites. Other challenges to privacy involving government information sharing are being addressed, the report states. 
Full Story

PRIVACY—AUSTRALIA

Commissioner Warns of Present Risks (December 3, 2010)

Addressing attendees at the iappANZ annual conference, Privacy Commissioner Timothy Pilgrim warned against the dangers of cloud computing as the volume of business information stored there is expected to continue rising in the next few years, Australian Financial Review reports. "All organisations need to focus on the impact to their reputation if something goes wrong and the potential for them to lose the trust of customers if information is lost or misused," Pilgrim said in an interview. Pilgrim also discussed at the event the importance of educating young people about using social media responsibly and of encrypting smart phones so personal data cannot be retrieved in cases of theft or loss. (Registration may be required to access this story.)
Full Story

PRIVACY—NEW ZEALAND

Leaders To Meet This Month (December 3, 2010)

Privacy Commissioner Marie Shroff will next week host privacy leaders from the Asia-Pacific region to discuss the latest international data protection issues. The Asia Pacific Privacy Authorities (APPA) Forum on 6 December will, for the first time, include representatives from the U.S. Federal Trade Commission and Mexico. The forum will look at Web 2.0 technologies and privacy regulation; direct marketing and privacy; credit reporting and privacy, and international cross-border privacy enforcement. Shroff said that having the forum, including its new members, together in New Zealand for the first time "should generate some interesting discussions." Before the APPA forum meets, representatives from the recently established APEC Cross-Border Privacy Enforcement Arrangement will meet.
Full Story

PRIVACY—AUSTRALIA

Report Finds Private Records Access at Top of Misconduct (December 3, 2010)

A report released last week shows that 600 federal bureaucrats breached their professional code of conduct last year, the majority of those involving misuse of the Internet and improperly accessing private records, Canberra Times reports. Of 970 government investigations in 2009-2010, three out of five found a breach had taken place, the report states. However, examples of misconduct tended to be isolated examples where individuals exercised poor judgment.
Full Story

PRIVACY LAW—AUSTRALIA

Tax Law Passes, Aims To Protect Confidentiality (December 3, 2010)

The Tax Laws Amendment Bill 2010 passed through both houses of parliament this week, The Gov Monitor reports. The bill aims to improve the confidentiality of taxpayer information collected by the Australian Taxation Office (ATO), the report states, and consolidates 18 existing disclosure provisions into a single framework while removing inconsistencies. New disclosure provisions were added to address law enforcement agencies and courts. "Taxpayers provide personal information to the tax office expecting it to be kept confidential. This legislation, therefore, balances this protection of taxpayer information and the value of using this information for other appropriate purposes," said the assistant treasurer and minister for financial services and superannuation.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Poker Player Registry Plan Raises Concerns (December 3, 2010)

The Sydney Morning Herald reports that the clubs industry is attacking a recommendation by Families Minister Jenny Macklin to require poker players to register their identities. She has suggested that a swipe card for poker machines, similar to what is used in casinos, may be the answer, the report states. ''This would require players to register, just like they do now for loyalty programs in gaming venues,'' Macklin said, reportedly downplaying privacy concerns by pointing out that, ''People have cards for all sorts of things, including their club membership, or to borrow a book from the library or rent a DVD from the video store.''
Full Story

PRIVACY LAW—AUSTRALIA

ACMA: Spam Still a Problem Internationally (December 3, 2010)

The Spam Act 2003 has been successful in thwarting unwanted e-mails in Australia but has had limited effect on preventing international spam, according to the Australian Communications and Media Authority (ACMA). Computerworld reports that at a recent senate hearing on the adequacy of online protections, ACMA spokeswoman Nerida O'Loughlin said that while the act has given the ACMA some great powers domestically, material emanating from outside of the country continues to present "a problem for us jurisdictionally as well as practically." O'Loughlin added that the ACMA collected $22.25 million in the last financial year for violations of the Spam Act, and that 5.04 million people are now on the Do Not Call Register.
Full Story

BEHAVIOURAL ADVERTISING—AUSTRALIA

Coalition Formed To Allay Consumer Concern (December 3, 2010)

Six advertising industry bodies have come together to form a coalition that will develop voluntary guidelines for online behavioural advertising (OBA) and a campaign to educate consumers on the practice, reports The Sydney Morning Herald. Scott McClellan of the Australian Association of National Advertisers--one of the organisations in the coalition-- said there are misunderstandings about OBA's impact on privacy. "OBA does not involve the collection of personal information...There is this perception that it does, and we're trying to develop a set of guidelines that will address the concerns that the community has." The group aims to have its guidelines finalised early next year.
Full Story

PRIVACY LAW—NEW ZEALAND

Doctor’s Human Rights Hearing Begins (December 3, 2010)

An Invercargill physician appeared before the Invercargill District Court this week based on a privacy complaint. Dr. Robert Henderson had been accused of violating the privacy of a nursing home employee when he notified her employer that she had asked for opiates at his office. Privacy Commissioner Marie Shroff, with whom the employee filed a complaint, ruled that Henderson should have only told the nursing home's manager. However, the High Court of Wellington overturned that ruling earlier this year. The matter was referred to the Office of Human Rights Proceedings, which urged Henderson to settle, but he says to do so would be "moral cowardice."
Full Story

PRIVACY—NEW ZEALAND

Opinion: Do We Care About Privacy Anymore? (December 3, 2010)

Somewhere in the core of each of us, there are levels of privacy that we all care about. But those need to be identified and protected, opines Leon Gettler in a Stuff.co.nz article about whether or not individuals care about our privacy anymore. "No one wants their credit card company to track purchases of certain magazines and access to Web sites, or jewelry for a woman who is not your wife, and then send suggestions for similar magazines, Web sites and jewelry purchases," Gettler says of online behavioral targeting. Privacy is being challenged, which will change our lives at home and work, he says.
Full Story

DATA PROTECTION—AUSTRALIA

People Pose Big Threat (December 3, 2010)

When it comes to gaining access to valuable data, smart attackers "don't hack software and hardware, they hack people," says a cybercrime expert at Macquarie University. Milton Baar says employees are the biggest threat to sensitive business information, The Sydney Morning Herald reports. "At the corporate level [we can expect to see] more e-mails, more Web links and more enticements to link that appear to come from legitimate sites," Baar said. The report explores other areas where security vulnerabilities are emerging, such as the mobile phone and cloud computing environments.
Full Story

PRIVACY LAW—AUSTRALIA

Executive: Breach Legislation Unnecessary (December 3, 2010)

Mandatory data breach notification legislation will not reduce the number of data breaches, according to a Verizon executive speaking at a recent information security event. Similar laws introduced in the U.S. simply triggered headlines, he said, and may have a similar effect in Australia. A more efficient way to reduce data breaches would be to improve slack security standards, which are the reason that data breaches continue to occur using decade-old methods, the executive said in a ZDNet report, adding that log reviews would prevent 85 percent of breaches. Attackers usually watch the network for vulnerabilities or valuable data for up to a year, which can typically be detected by reviewing logs, the report states.
Full Story

ONLINE PRIVACY—U.S.

U.S. FTC Releases Privacy Report (December 3, 2010)

The U.S. Federal Trade Commission has released its long-anticipated staff report on consumer privacy, The New Zealand Herald reports. The report, "Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers," released Wednesday, includes preliminary recommendations. It calls for increased transparency and simplified consumer choice and endorses the creation of a do-not-track mechanism that would let consumers opt out of targeted advertising and data collection. FTC Chairman Jon Leibowitz said the report makes recommendations for best practices and is "not a template for enforcement." Early reaction to the report runs the gamut--from praise to rejection to additional questions, according to a Wall Street Journal report. The FTC will accept comments on the report through January 31, 2011.
Full Story