ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

FINANCIAL PRIVACY

Study: Hackers Outpacing Bank Security (June 30, 2011)

Evidence in a recent study suggests that large credit card-issuing banks are not keeping up with the technological sophistication of hackers, TIME reports. One research firm analyzed and graded the online security practices of the financial sector's 23 largest card-issuing institutions. Based on a 100-point scale, the average score was a 59. "The good news is issuers are doing a better job overall of resolution, but that's the easiest thing to do," says the study's lead author. "Prevention is the hardest to do, but it's got the biggest payback." The study also noted that banks have a strong record of eliminating fraudulent charges from individuals' bank accounts.
Full Story

SOCIAL NETWORKING

Privacy Emphasized in New Google Network (June 29, 2011)

Google has introduced a new social networking service that will allow users to communicate status updates, photos and links, The New York Times reports. The Google+ project will initially be available to a "select group" of Google users, according to the article, who will then be able to extend the network by inviting friends and groups into the network. Though many of the features will be similar to Facebook, Google's site is engineered to allow small groups to share information without sharing updates with all of an individual's friends. "In real life, we have walls and windows, and I can speak to you knowing who's in the room," says a Google representative, "but in the online world, you get to a 'Share' box and you share with the whole world...We have a different model." (Registration may be required to access this story.)
Full Story

DATA LOSS

More Companies Train and Prepare for Breaches (June 27, 2011)

Business Insurance reports on the growing concern businesses have in the face of increased hacker attacks and cybersecurity risks. The report notes that breach preparation will place a business in a better position to appropriately respond to an event and, subsequently, improve its ability to receive cyber risk coverage from insurers. Vinny Sakore, CIPP/IT, of Immersion Ltd. says, "With data breaches, experience is critical," adding that it's important for consultants to improve client awareness of data breach issues. Rick Prendergast at Kroll Fraud Solutions says that breach costs have risen 22 percent since 2009, prompting more companies to take breaches more seriously and "to certify that breach training has taken place across the enterprise."
Full Story

PERSONAL PRIVACY

Companies Help Individuals Control Personal Data (June 27, 2011)

In light of the vast amount of information that is collected online, companies are emerging with an alternative business model that allows consumers to control their personal data, The Mercury News reports. Instead of cookies that track consumers online, some companies are attempting to create a new model where individuals could access and track their personal information and refute false personal information that might exist on the Web. Additionally, Google has launched "Me on the Web" to help individuals monitor their personal data. One startup's CEO says, "We felt like there was a huge opportunity to turn the consumer model upside-down--to help people manage, create and grant access to the best data about themselves."
Full Story

ONLINE PRIVACY

Opinion: Biggest Problem is Policies (June 24, 2011)

In an op-ed for ITWorld, Dan Tynan writes that while online privacy is based on a clear concept--people should have control over their personal information--the average privacy policy is not. "If you want people to understand privacy--and maybe not be either so blasé or so paranoid about how their data is being used--we need privacy policies that human beings can understand," he writes. Using real-life examples of how confusing policies can be, Tynan outlines his suggestion for a pop-up box with four bullet points outlining simple facts about websites' collection and use practices and ways to opt out.
Full Story

PRIVACY LAW—AUSTRALIA

Authorities Given Power To Combat Cyber Crime (June 24, 2011)

Attorney-General Robert McClelland will introduce amendments giving law enforcement and intelligence agencies the power to declare a "non-destruction" order for cyber and telecommunications companies, the Daily Telegraph reports. The amendments would preserve records of suspects prior to the issue of a warrant. The news comes after the Computer Emergency Response Team detected approximately 250,000 "hacking crimes" against financial, government and business organisations across Australia. "As we exchange more information online," McClelland said, "cyber crime is becoming a growing threat to individuals, businesses and governments."
Full Story
 

PERSONAL PRIVACY—NEW ZEALAND

Pilots Claim CAA Violated Their Privacy (June 24, 2011)

Commercial pilots belonging to the New Zealand Airline Pilots Association have accused the Civil Aviation Authority (CAA) of violating their privacy when it "trawled" through pilots' records for "undisclosed convictions," Stuff.co.nz reports. The pilots sought an injunction against the CAA in a Wellington High Court, but Justice Stephen Kos reserved his decision, according to the report. After randomly selecting 100 names of commercial pilots and running them through a Justice Ministry database, the CAA found no convictions. A CAA lawyer said voluntary disclosure of drunk-driving convictions was "not as effective as required to ensure aviation safety on an ongoing basis."
Full Story
 

ONLINE PRIVACY—AUSTRALIA

Former Privacy Commissioner Talks Web Privacy (June 24, 2011)

The keys to resolving debates on Internet privacy are transparency, awareness and accountability. That's according to former Privacy Commissioner Malcolm Crompton, CIPP, who spoke with New Tech Post about online privacy. While users and companies are becoming more aware of the privacy issue, "People are not quite being told yet what is going on and certainly, not yet understanding what they've been told. So, there's more to do," Crompton said. When it comes to search engines filtering results based on users' online activities, Crompton said we're only beginning to understand it and find a balance between giving people the results they want without "going so far that it becomes censorship..."
Full Story

SURVEILLANCE—NEW ZEALAND

Taxis Say No to Audio Recording (June 24, 2011)

Customer privacy concerns have prompted Auckland's largest taxi company and others to decide against recording voices along with images on video cameras soon to be installed in all their cabs, reports the New Zealand Herald. After two murders and multiple attacks on drivers and passengers, the government mandated the installation of the cameras in cities with more than 30 cabs. Assistant Privacy Commissioner Katherine Evans has said her office is looking into both video and audio recording in taxis. Transportation Minister Steven Joyce said there are clear collection and use requirements and heavy fines for misuse of the footage.
Full Story

SURVEILLANCE—NEW ZEALAND

Opinion: Discretion Is Key to Balance (June 24, 2011)

A New Zealand Herald editorial explores the balance between protecting private property and the public's right to privacy by delving into the details of a recent decision by the North Shore City Council. The council has ordered a couple to remove a video camera that takes images of a public road bordering their property. The editorial identifies two components that have inspired reaction to the decision: the prevalence of surveillance cameras in public spaces and the public's increasing alarm over "breaches of our private domain." The author opines that "discretion is the key" to balancing security and privacy with cameras and that councils need to consider each instance individually.
Full Story

PRIVACY—NEW ZEALAND

Opinion: Privacy Feels Like A Lost Cause (June 24, 2011)

In an opinion piece for the New Zealand Herald, Brian Rudman writes that there are "times when the right to privacy seems to be a lost cause." Rudman cites recent events, including the recent controversy around the New Zealand Post survey criticised by Privacy Commissioner Marie Shroff for its sale of personal details to third parties. "Shroff defends the 'victims,' arguing many people are very trusting when asked to give personal or financial details...very trusting is too generous. Stupid would be another word," Rudman says, adding that entrants should have been wary on their own. Rudman also discusses recent plans to install sound recorders in taxi cabs.
Full Story
 

ONLINE PRIVACY—INDIA

Street View Vehicles Sidelined By Police (June 22, 2011)

Google is taking its camera-outfitted Street View vehicles off the streets in Bangalore after receiving a letter from city police. Financial Chronicle reports that a Google spokesman said the company is reviewing the letter and has "stopped our cars until we have a chance to answer any questions or concerns the police have." When Google launched Street View in Bangalore in late May with plans to expand to the rest of the country, its product head ensured "Street View is designed to comply with all local laws, including those related to security and privacy in India" and that the company would not be collecting data from wireless networks.
Full Story

PRIVACY LAW—MALAYSIA

Data Protection Office To Be Established (June 22, 2011)

The Malaysian Ministry of Information, Communication and Culture plans to establish a government department to help implement the country's new data protection law, reports Bernama. According to Deputy Minister Datuk Joseph Salang, the office should be up and running by next year. At a press conference, Salang underscored the urgent need for personal data protection laws, saying, "Prior to the implementation of this act, personal data is only bound by contractual agreement or common law." The Personal Data Protection Act was passed in 2010 and is expected to go into effect early next year.
Full Story

ONLINE PRIVACY

Is Anonymity on the Web Impossible? (June 22, 2011)

In a feature for The New York Times, Brian Stelter suggests the Internet is becoming "the place where anonymity dies." Amidst calls for a "right to be forgotten" in Europe, Stelter suggests, "The collective intelligence of the Internet's two billion users, and the digital fingerprints that so many users leave on websites, combine to make it more and more likely that every embarrassing video, every intimate photo and every indelicate e-mail is attributed to its source, whether that source wants it to be or not." One expert suggests the Web "can't be made to forget," and "an inescapable public world" may be the result. (Registration may be required to access this story.)
Full Story

STUDENT PRIVACY—CHINA

Student Data Is For Sale Online (June 22, 2011)

Personally identifiable information about elementary and secondary students is for sale online, prompting some legal experts to claim that it is a breach of privacy, China Daily reports. One list cited in the article contains approximately 70,000 students who recently sat for a college entrance exam. The list included students' names, cell phone numbers and home addresses. According to the report, the buyers of the information tend to be educational companies or training institutions. One expert said, "Officials at the schools can make money from the sellers...They are the source of the information and the reason why sellers can easily get private information."
Full Story

DATA LOSS

Online Network Hacked, 1.3 Million Affected (June 21, 2011)

A recent rash of cyberattacks continues, this time affecting 1.3 million members of Sega's online video game network, Sega Pass. Reuters reports that names, birth dates, e-mail addresses and encrypted passwords of users were stolen from the database. Sega Europe discovered the breach on Thursday and notified network users and Sega Corp, which then shut down the site. A company spokeswoman apologized for the breach, saying that Sega is working on improving security measures. A hacker group responsible for attacks on other video game sites has offered to track down these hackers, according to the report.
Full Story

PRIVACY LAW—AUSTRALIA

Committee: Small Business Should Not Be Exempt (June 21, 2011)

A parliamentary committee is calling on the government to scrap a provision exempting small businesses from Australia's Privacy Act. The Australian Parliamentary Cyber-Safety Committee tabled a report yesterday raising concerns that small businesses with annual revenues of $3 million or less were exempt from the Privacy Act 1988, iTnews reports. The committee recommends that the government drop the exemptions and undertake a review of businesses with "significant personal data holdings" since a "large proportion of the Australian private sector is not subject to any privacy laws." The Australian Law Reform Commission said in 2008 that the exemptions were "neither necessary nor justifiable."
Full Story

PRIVACY LAW—HONG KONG

Commissioner Admonishes Banks for Sharing (June 20, 2011)

Privacy Commissioner for Personal Data Allan Chiang is displeased with four banks that released customers' personal data to third parties, AFP reports. Citibank, ICBC, Fubon Bank and Wing Hang Bank released customer data, Chiang says, and several profited from doing so. The data was transferred without user consent, and the banks' disclosures on data practices are vague and printed in small font, the commissioner said. "I am disappointed that the banks are less than forthcoming in following good privacy practices," Chiang said, adding, "We trust that the practice of naming data users will invoke the sanction and discipline of public scrutiny" and "encourage compliant behavior."
Full Story

PERSONAL PRIVACY—INDIA

Gov’t Commission Will Meet to Discuss Initiatives (June 20, 2011)

India's Planning Commission has called a meeting to discuss the privacy concerns surrounding government initiatives such as Unique ID, NATGRID and DNA profiling, among others. The Times of India reports that while these initiatives are intended to strengthen national security and assist in delivering public services, the commission has acknowledged that they use IT platforms that bring risks and require built-in security measures. "Steps have to be taken to ensure that a full and better understanding of privacy concerns are factored into our policy and lawmaking process," said Minister for Planning Ashwini Kumar. The meeting will bring together experts, civil society representatives and government officials, the report states.
Full Story

DATA PROTECTION—NEW ZEALAND

Survey To Be Released Despite Complaints (June 20, 2011)

Despite criticism from Privacy Commissioner Marie Shroff, the New Zealand Post will ship out a public survey this week. The Lifestyle survey collects personal information, including income details, and shares it with marketing companies, TVNZ reports. Shroff had criticized the 2009 survey, calling it a "systematic, large-scale breach" of privacy and said that when personal details are collected "solely to on-sell to third parties, it is easy for there to be a blurring of legal and ethical duties." A New Zealand Post spokesman said the company is acting lawfully, and the survey is voluntary. Shroff will release a report on the survey this week.
Full Story

ONLINE PRIVACY

Browser Unveils Reputation Monitoring Tool (June 20, 2011)

Social Barrel reports that Google has unveiled a new privacy tool aimed at helping users manage their identities online. "Me on the Web" is available on the Google Dashboard and alerts users if their name or e-mail address is mentioned anywhere on the Internet, suggests search terms that users may want to monitor and offers tips on how to remove unwanted content about themselves, the report states.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Post: Survey Intended for Marketing Purposes (June 17, 2011)

The New Zealand Post will next week begin sending its voluntary Lifestyle Survey, asking New Zealanders about their hobbies, favorite travel spots and more. Scoop reports that the information gleaned is used for marketing purposes--for the New Zealand Post and its commercial clients--and Post General Manager for Integrated Communications Sohail Choudhry says it is vital that people are aware of this. Choudhry says consumers benefit from companies having this data, but adds that the New Zealand Post needs "to be an industry leader in being upfront and clear about why we're asking for this information and what it is used for." 
Full Story

DATA PROTECTION—WESTERN AUSTRALIA

Audit Exposes Security Flaws (June 17, 2011)

The auditor general of Western Australia has released a report detailing several instances of lax security in state government systems, ZDNet reports. The audit tested the "readiness and response" capabilities of at least 15 government departments. The report said, "None of the agencies we tested had adequate systems or processes in place to detect, manage or appropriately respond to a cyber attack." The Auditor-General's Department tested the security systems using what it called "freely available software." The report also added, "The failure of most agencies to detect our attacks was a particular concern, given that the tools and methods we used in our tests were unsophisticated."
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Comments on E-Health Plan Released (June 17, 2011)

The government has made public the comments received in response to its draft plan for implementing personally controlled electronic health records, The Australian reports. The Australian Privacy Foundation says the reported low number of responses is likely "due to enormous confusion" with the plan. Other comments addressed the plan's technical aspects, governance plan and costs. The Consumers Health Forum of Australia said, "Personal control means more than simply having access and setting controls. Consumers want to participate in the management of their records," while the Australian Medical Association warns that "A record with hidden information could be more dangerous than no record at all."
Full Story

DATA LOSS—AUSTRALIA

Computer Theft Leaves 66,000 Records at Risk (June 17, 2011)

The Australian Institute of Company Directors (AICD) is alerting members and clients that a computer containing their data was stolen from its offices, reports The Australian. The records include names, addresses, phone numbers and birth dates of 66,000 people, and while it was behind three tiers of password protection, the hard drive was not encrypted. The AICD says that the risk of thieves accessing the data is low, and the information is mostly publicly available, but it is working with the authorities on an investigation. The AICD has also consulted the privacy commissioner and is "following his best practice guidelines," said the AICD's chief executive.
Full Story

DATA LOSS—NEW ZEALAND

Political Website Data Breach Causes Concern (June 17, 2011)

The National Party has admitted that it accessed personal information after it discovered a security flaw in a Labour Party website, The National Business Review reports. The security flaw allowed free downloads from a database that contained a list of names and e-mail addresses of approximately 18,000 individuals as well as recent donation amounts. The report states that a blogger claims he has the compromised data and has said he will publish the donor names. The Labour Party has apologised to its donors. Privacy Commissioner Marie Shroff is aware of the incident, saying, "I understand the information gained has also been sent to third parties. This chain of events concerns me."
Full Story

CHILDREN’S PRIVACY—SOUTH AUSTRALIA

MP: Social Networking Site Hinders Parenting (June 17, 2011)

South Australian Family First MP Dennis Hood is drafting a bill to give parents more access to their children's social networking activities, reports The Sydney Morning Herald. After hearing how Facebook handled a mother's concerns over her teen's posts to the site, Hood said Facebook needs to "allow parents to properly monitor their children's online activities," adding that its policy and "privacy laws are interfering with parents' ability to properly protect their children from inappropriate online exposure." How any new controls would be imposed is still being decided, and, according to the report, Hood has said he would welcome federal or state government involvement in the matter.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Opinion: Citizens Crave Privacy (June 17, 2011)

In a column for The New Zealand Herald, Jo Knowsley analyses the tenuous nature of privacy in the online landscape. With the advent of social networking sites, she says there is a "veritable global honey pot of personal information, ripe for plunder by the Pooh Bears in government, the corporate world or indeed anyone with a computer who wants to find out more about us." She asks whether it is ironic that with greater information access, individuals "crave greater privacy." Knowsley notes that more individuals are opting out of being published in electoral rolls, and the number of complaints received by Privacy Commissioner Marie Shroff has almost doubled in five years.
Full Story

DATA LOSS—VICTORIA

Labor Party, Newspaper Face Off Over Database (June 17, 2011)

A computer audit of the Labor Party's database has shown that two computers belonging to a media outlet accessed the database shortly before last November's elections. The Herald Sun reports that Labor is alleging that The Age hacked into its database using stolen credentials and searched out information on prominent officials. The Age denies those allegations, calling its actions a "wholly legitimate exercise of journalism designed to expose the fact that the Labor Party maintains an...archive profiling Victorian voters without their knowledge or permission--a potentially serious invasion of privacy." Victoria's political parties' databases have raised concerns among privacy advocates in the past because the parties are exempt from privacy laws.
Full Story

SURVEILLANCE—NEW ZEALAND

Opinion: Balancing Privacy and Security (June 17, 2011)

The New Zealand Herald explores a recent North Shore City Council decision on surveillance cameras in an editorial about the balance between security and privacy. The council ordered the removal of a Torbay couple's security cameras, which they had implemented as a crime deterrent. "Clearly, there are valid privacy concerns," the report states, "and local councils have a responsibility to assess these." The paper notes that the continued emergence of new surveillance technologies will "pose a whole new set of issues. As will keep being the case as we seek to balance a right to privacy against the imperatives of security."
Full Story

GENETIC PRIVACY—AUSTRALIA

Opinion: DNA Legislation Is Needed (June 17, 2011)

Prof. Barry Marshall, a Nobel-prize winning researcher, has announced his plans to become the first Australian to post his full genetic code online but has suggested Australia needs genetic privacy laws similar to those in the U.S., The Sydney Morning Herald reports. The editorial highlights past and present cautions about the implications of the accessibility of such personal data to governments, businesses and the insurance industry, noting that "although science has marched on, the legal and ethical frameworks meant to protect us still offer limited recourse... the possibilities of discrimination and potential abuse remain."
Full Story

DATA PROTECTION

Council Releases PCI Standards Document (June 17, 2011)

The Payment Card Industry Security Standards Council has released a set of guidelines for companies to ensure compliance with industry standards, Computerworld reports. The 39-page document describes how each of the 12 PCI security requirements can be applied in a virtual environment, the report states, and offers recommendations on how to stay compliant in the cloud, delineating between entities' and cloud vendors' responsibilities. "Consequently, the burden for providing proof of PCI DSS compliance for a cloud-based service falls heavily on the cloud provider," the document states. The guidance is the "best document that the PCI Security Standards Council has written to date," an independent PCI consultant said.
Full Story

GEO PRIVACY

Nissan Looking Into Data Sharing Claims (June 15, 2011)
Nissan is looking into a blogger's claims that the navigation systems in its Leaf vehicles send drivers' location data to third parties, The Wall Street Journal reports. A SeattleWireless.net blog post claims that the information is transmitted via Nissan's subscription-based Carwings system when a driver updates his RSS feeds. "There is no way to prevent this data from being sent, nor does Nissan or Carwings warn you that your location data can be flung off to random third parties," the blog states.

SOCIAL NETWORKING

LinkedIn Privacy Changes Point To Social Ads (June 15, 2011)

MediaPost News reports on LinkedIn privacy policy updates as hinting at the introduction of "social ads" based on users' activities. LinkedIn "appears eager" to avoid privacy issues, the report states, and will allow users to opt out of social ads. "Most importantly, we do not provide your name or image back to any advertiser when that ad is served," one LinkedIn official noted, while another said, "This upcoming change to the privacy policy reflects the evolving ways in which our members are using the LinkedIn platform, and it allows us to explore this area should we choose."
Full Story

PRIVACY

“Cyberinsurance” in High Demand (June 15, 2011)

The "cyberinsurance" industry is experiencing an up-tick in business with recent high-profile breaches driving companies' desire to protect themselves from spending potentially millions of dollars on breach-related costs. Companies are upgrading IT and human resources practices and training employees in order to get coverage--in some cases worth hundreds of millions of dollars. "Concensus is building" on what policies cover, but standardization remains a hurdle, says one insurance expert who predicts, "One day the industry will actually be so robust that...we'll have the leverage to actually create standards." A Ponemon Institute study shows the average breach cost $7.2 million last year, "But with the scale and scope of hacking attacks growing daily, some companies cannot be cautious enough," the report states.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Taxpayer Data Being Sold Without Notice (June 13, 2011)

Adelaide Now reports that taxpayer assessment records--including the name, address and property value of individuals--can be purchased from town councils by businesses and other entities without individuals' consent. Several real estate companies are using the purchased information to create databases in order to personalize marketing campaigns, the report states. Currently, there are not existing laws to prevent the sale of such information for profit. An investigation by the paper revealed that taxpayer data can be accessed through council computers without charge or registration and, though individuals can opt out, most are not aware of the process.
Full Story

SOCIAL NETWORKING

Facial Recognition Concerns Persist (June 13, 2011)

Financial Times reports that privacy groups have filed a complaint over Facebook's facial recognition technology with the U.S. Federal Trade Commission. Meanwhile, questions persist across the globe about the automatically enabled feature, which allows users to more easily identify and "tag" people they know in photos on the site. Among those raising concerns is the New Zealand Privacy Commission, which suggests the feature may breach users' privacy. The U.S. complaint, meanwhile, seeks the suspension of the feature "pending a full investigation, the establishment of stronger privacy standards and a requirement that automated identification, based on user photos, require opt-in consent." (Registration may be required to access this story.)
Full Story

Commissioner Welcomes Security Strategy (June 10, 2011)

New Zealand Privacy Commissioner Marie Shroff has announced that the government's new cybersecurity strategy is a "welcome start" but adds New Zealanders "need to remain vigilant," 3news.co.nz reports. The new security strategy aims to bolster the nation against cyber attacks and create more initiatives for improved online security in the public and private sectors. In a press release, Shroff cites a survey that shows New Zealanders are "alarmed about the safety of their personal information online." She said she looks forward "to learning how implementation of the strategy will support existing efforts...to provide people and businesses with information about how to protect themselves."
Full Story

PRIVACY LAW—AUSTRALIA

Security Expert: Disclosure Laws Needed (June 10, 2011)

Clearswift Director Phil Vasic believes that the repeated hacks of Sony's databases prove that Australia needs mandatory data breach notification laws, Computerworld reports. Vasic notes that disclosure laws have helped U.S. companies meet best practices, and similar legislation in Australia could reduce the number of cyber attacks. He said that U.S. disclosure laws "have helped from a customer perspective," which "drives the right kind of best practice behaviour." Vasic adds, "The Privacy Act would help if it was taken a step further...it's a bit of a toothless tiger."
Full Story

BEHAVIORAL TARGETING

IPv6 Rollout Could Necessitate Privacy Rethink (June 9, 2011)

Yesterday, hundreds of companies began testing the next-generation Internet address protocol--Ipv6. The new standard will replace IPv4, which is running out of unique IP addresses for the world's many devices, Computerworld reports. IPv6 will "have the ability to profile Internet behavior to more accurately target online ads," writes Laurie Sullivan for MediaPost. And although it is too soon to tell, "IPv6 could likely require companies to go back to the drawing board and renegotiate privacy laws with the SEC because of the ability to identify more granular data collected through ad targeting," she adds.
Full Story

ONLINE PRIVACY

Investigation Finds Apps Put Data at Risk (June 9, 2011)

A computer security firm has found that some popular mobile applications store users' personal data in plain text on their mobile devices, reports The Wall Street Journal. The viaForensics investigation found information such as unencrypted user names, passwords and transaction amounts on smartphones, which goes against industry best practices. "Data should not be stored on a phone," said Andrew Hoog, chief investigative officer of viaForensics. Hoog also said that while app developers are becoming more aware of data security issues, the fact that vulnerabilities still exist indicates security is not a top priority. One app maker's spokeswoman said that it's necessary for some information to be stored on phones, and the practice is allowed by the PCI Security Standards Council. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Facial Recognition Plan Spurs More Concerns (June 9, 2011)

Privacy concerns abound after announcements about Facebook's new facial recognition feature allowing users to more easily identify and "tag" people in photos. Reports indicate that both the EU Article 29 Working Party and Ireland's Data Protection Authority plan to study the new feature, which is activated by default and requires users to opt out if they don't want to be tagged. The UK Information Commissioner's Office is speaking to Facebook about the new technology, while probes about online tagging are already underway in Switzerland and Germany. In the U.S., Tech Daily Dose reports, Bipartisan Congressional Privacy Caucus Co-Chairman Ed Markey said, "Requiring users to disable this feature after they've already been included by Facebook is no substitute for an opt-in process."
Full Story

DATA LOSS

Opinion: Management Lessons from Breaches (June 8, 2011)

The Financial Times reports on lessons that should be gleaned from data breaches that have affected several large companies. Saying that recent high-profile data breaches were "more a failure in management than a failure in security," the column notes that chief executives should place data governance on par with processes such as financial reporting and brand management. A major breach of privacy can have an effect on a company similar to a product recall or defect. "Managing consumers' data and privacy is an executive matter of the highest priority," the column states, adding that security efforts like encryption and firewalls are "only part of the challenge."  (Registration may be required to access this story.)
Full Story

PRIVACY LAW—PHILIPPINES

Lack of Legislation Raises Concerns (June 7, 2011)

Manilla Bulletin reports on the Joint Foreign Chambers and the business processing outsourcing (BPO) industry's warning that a lack of data privacy legislation is a growing concern for prospective investors. The country's proposed Data Privacy Bill aims to benefit the growth of IT and BPO, while also protecting "citizens whose personal data are stored by government offices and commercial establishments," the report states. In a statement to the Senate Committee on Science and Technology, industry leaders warn that without a law in place, there is a "real danger of losing investors to countries with a more favorable legislative framework" for privacy protection.
Full Story

ONLINE PRIVACY

Mobile Phone CEO Advocates Regulation (June 6, 2011)
The chief executive of a UK-based mobile phone company is among those calling for global Internet regulation, European Voice reports. Vodafone's Vittorio Colao has written in support of a call by President of the French Republic Nicolas Sarkozy for more regulation—a perspective that contradicts some high-profile U.S.-based Internet companies that are advocating instead for self-regulation. "If electronic commerce is to flourish and more jobs are to be created, we all need to feel we can trust those we deal with and that the law will protect our trust," Colao wrote, adding,"We need to feel that our privacy will be safeguarded and that personal data will be secure."

ONLINE PRIVACY—AUSTRALIA

Opinion: Government Should Regulate (June 3, 2011)

Anthony Wong of the Australian Computer Society (ACS) writes for The Australian that while "Australians have traditionally been quick to adopt emerging technology...concerns about the safety of personal information in the cloud have been exacerbated by breaches." Referring specifically to recent breaches at Sony, Wong says the ACS believes government needs to step in to protect consumer data held by social networking sites and telecommunications companies. Other experts outline the need for businesses to rein in their data collection and retention practices to mitigate breach risks. Federal Privacy Minister Brendan O'Connor has noted the possibility of a mandatory breach disclosure law, but the ACS says more is needed.
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Advocate: Credit History Plan “Risky” (June 3, 2011)

Civil liberties proponents are raising concerns about Privacy Commissioner Marie Shroff's proposed changes to New Zealand's Credit Reporting Privacy Code. The proposal would put individuals' bills on their credit record for two years, which the banking industry says would protect those struggling with debt from piling on too much more and provide those with good credit greater access to loans. Shroff says the plan is intrusive but important because often credit reports are only updated when things go wrong. A spokesman for the Council for Civil Liberties says collecting such personal information is risky, even with safeguards, Otago Daily Times reports.
Full Story

PRIVACY LAW—AUSTRALIA

Unions: Texts Breached Privacy Act (June 3, 2011)

Unions have accused a mining company of potential breaches of the Privacy Act, The Australian reports. The group says BHP Billiton sent text messages to wives and partners of company employees ahead of a voting strike and could have only obtained those phone numbers via the workers' emergency contact details. If so, the company used the data for purposes other than the reason it was obtained, says a union bargaining group including the CFMEU, The Australian Manufacturing Workers Union and the Electrical Trades Union. The group says it will complain to the privacy commissioner within 30 days unless it receives an apology. BHP says it has since done so.
Full Story

PERSONAL PRIVACY—AUSTRALIA

Are Smartphones, Privacy Mutually Exclusive? (June 3, 2011)

A PC Authority report explores the balance between the use of smartphones and maintaining anonymity. The level of privacy a person can achieve depends on two things, the author writes, "the degree to which you use location-based services and social networking" and "the amount of personal information that the particular phone records and transmits." Privacy Commissioner Timothy Pilgrim said the Privacy Act requires "organisations to explain a number of things to individuals before collecting their personal information," but, the report states, without some kind of warning on smartphones that data collection is happening, "users start to feel it's hidden."
Full Story

DATA PROTECTION—NEW ZEALAND

Opinion: Cloud Survey Provides Direction (June 3, 2011)

New Zealand Privacy Commissioner Marie Shroff recently revealed the findings of a survey confirming that the international transfer of personal data is on the rise and that organisations need to improve data protection in the cloud computing context. According to a Computerworld report, the findings offer some help in determining practical steps for companies to prepare for regulations that are likely on the way. Because of high—but ambiguous—data protection standards set by the Privacy Act 1993, further guidance would be "genuinely welcome," the report states, going on to provide tips for organisations based on the commissioner's survey data.
Full Story

DATA LOSS—AUSTRALIA

Merchant Breach Causes Banks To Cancel Cards (June 3, 2011)

A handful of Australian banks have cancelled more than 10,000 credit cards after discovering fraudulent charges resulting from a merchant data breach. Commonwealth Bank cancelled 8,000 cards and alerted the breached merchant and its acquiring bank, the card issuers—Visa and MasterCard—and the affected customers, reports ITNews. A spokesperson has said the compromise occurred at "an Australian merchant acquired by another bank." Under PCI-DSS, Visa and MasterCard may issue fines to the acquiring bank, depending on the merchant's level of compliance with the rules at the time of the breach. The federal privacy commissioner is aware of the breach, but according to the report, the office has not said whether it is investigating.
Full Story

ONLINE PRIVACY—VICTORIA

Opinion: “Robust Protection of Privacy” Lacking (June 3, 2011)

The Sydney Morning Herald outlines the challenges of protecting personal data online. Upon joining a social network, users are often required to hand over personal data to sites—and the control over how that information is used and shared, as well. While there is no statutory right to privacy in Victoria, the right is recognized in the Charter of Human Rights and Responsibilities. The rights to freedom of expression and free press can conflict with a right to privacy, according to the report, causing a need for balance. "Our attitude should depend upon the source and nature of the information and whose privacy is being threatened," writes the author.
Full Story

PRIVACY LAW—HONG KONG

Chiang Responds to Data Ordinance Review (June 3, 2011)

Hong Kong Privacy Commissioner for Personal Data Allan Chiang responded this week to the Government's Report on Further Public Discussions on Review of the Personal Data (Privacy) Ordinance. Chiang addressed the administration and the Legislative Council's Panel on Constitutional Affairs, saying that while he looks forward to "early implementation" of the proposed amendments, he is standing firm on his belief in the need for proposals that the administration chose not to pursue. In the press release, Chiang notes "several crucial flaws" with the report, particularly those relating to "collection and use of personal data in direct marketing as well as unauthorised sale of personal data by data user."
Full Story

PRIVACY

Opinion: “Nothing To Hide” Argument Flawed (June 2, 2011)

The argument that "Only if you're doing something wrong should you worry, and then you don't deserve to keep it private," stems from faulty assumptions about privacy and its value, writes Daniel Solove in The Chronicle of Higher Education. Privacy can't be reduced to one simple idea, and people, courts and legislators often have trouble acknowledging certain privacy problems because they don't fit into a "one-size-fits-all conception of privacy," Solove writes. The "nothing to hide" argument assumes that privacy is about hiding bad things, without taking into consideration the freedoms privacy infringements erode, such as free speech and association. "In the end, the nothing to hide argument...has nothing to say," Solove says.
Full Story

ONLINE PRIVACY

Schmidt: Google Now More Cautious on Privacy (June 1, 2011)

Intensifying scrutiny by public- and private-sector watchdogs has Google taking a more guarded approach toward privacy, CNN reports. "We're so sensitive on the privacy issue now," Google Executive Chairman Eric Schmidt said yesterday at an event in California, where he also shed light on the company's privacy processes. "Historically, we would just throw stuff over the wall," he said. "We now have a very, very thorough process." Google lawyers and policy experts now collaborate with development teams during product creation. Schmidt's comments follow the recent announcement that the company is withholding its rollout of a facial-recognition app due to the potential privacy ramifications.
Full Story