ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

DATA LOSS—AUSTRALIA

Breach Exposes Bank Customers’ Information (December 23, 2011)

Privacy Commissioner Timothy Pilgrim has confirmed that the Bank of Melbourne has notified his office of "a privacy breach involving a mail merge mismatch," The Australian reports. The bank reported that 15 customers received collection letters that were meant for other patrons, but it has not specified how many customers' information was exposed, the report states. The bank has apologised, and a spokeswoman said the risk of fraud is low "due to the minimal level" of personal data involved. "The bank has provided answers to a series of questions I put to them about the incident," Pilgrim said, "and I am considering whether I need further information." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

ACMA Rules Photos Did Not Breach Rules (December 23, 2011)

The Australian Communications and Media Authority (ACMA) has found that Brisbane television network Seven did not breach the industry's privacy rules by showing photographs of a murder victim and her family obtained from a Facebook page created in her memory, AAP reports. ACMA released a statement on Monday that "due to the open nature of the tribute page, the absence of privacy settings and the non-sensitive nature of the photographs, Seven did not breach the privacy provisions of the code." Although ACMA found that the broadcast did not reveal sensitive information, it will "assess the licensee's compliance with its privacy code obligations," the report states.
Full Story

ONLINE PRIVACY—AUSTRALIA

Internet Shop Apologises for Breach (December 23, 2011)

Black Friday Magazine reports on the apology by the owners of a Malaysian-based eBay store for the recent inadvertent exposure of information on more than 300 Australian customers. In response to the breach, eBay is encoding "phone numbers, postal addresses, e-mail addresses and the items purchased by consumers online," the report states. Privacy Commissioner Timothy Pilgrim said, "It is concerning...eBay contacted us about this matter and are keeping us informed." The owners of the online store, Shahizanhashim, have said they will "give their full cooperation in order to resolve the issue of privacy and security at eBay," the report states.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Opinion: We Take Risks for Shopping, So Should We for Health (December 23, 2011)

The major barrier to improvements in healthcare remains the archaic nature of healthcare records, opines Tanveer Ahmed for The Sydney Morning Herald. But one of the key concerns in moving to electronic health records is the privacy and security of the data, especially data pertaining to those who suffer from mental health problems who fear sensitive information could be made available to unauthorised individuals, including employers. We've been willing to accept privacy risks when it comes to online banking, shopping and other services, though, Ahmed writes, adding that the move to electronic records will be a "transformative event" and "will make us healthier."
Full Story

BIOMETRICS

Is a Facial Recognition Opt-Out Possible? (December 22, 2011)

Slate reports on recent advances in facial recognition and detection technology and the inherent difficulties involved when offering an opt-out for individuals in the physical world. Though facial recognition technology is not entirely sophisticated at this point, "critical questions" about personal privacy remain. The column asks, "At what point do people know they are being watched? Where can they find the privacy policy to learn what happens when they're on camera? How can they opt out if they're not comfortable with the technology?" Noting that these questions were discussed at a recent Federal Trade Commission roundtable by industry representatives, regulators and privacy advocates, the report suggests the answers and "suggestions were problematic and superficial."
Full Story

PRIVACY LAW—AUSTRALIA

Authority Orders Telecom To Comply or Face Fines (December 21, 2011)

The Australian Communications and Media Authority (ACMA) has ordered Vodafone to comply with the telecommunications consumer protections code or face penalties as high as $250,000. An ACMA investigation found that the company had poor systems in place to protect customers' personal details ahead of its breach last January, reports The Sydney Morning Herald. A consumer advocacy group has criticized ACMA because it has not imposed fines or sanctions already. Vodafone's chief executive says the company has already addressed the issues.
Full Story

ONLINE PRIVACY

QR Codes Pose Potential Risks (December 20, 2011)

MSNBC reports on the increasing use of QR or "quick response" codes--puzzle-like square matrixes that populate ads and promotional posters to provide smartphone users with product details. Fifteen percent of consumers are using the codes, up from five percent last year. But experts say there are privacy risks involved, including the ability of the app maker to put in tracking systems and the potential for malware to be installed. "Unfortunately, this is a case of buyer beware," says malware researcher Tim Armstrong. "Being that this is a new territory, be suspicious of everything...users should always know what is being installed and when."
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

Shroff: Patients Should Be Able To Opt Out (December 20, 2011)

Stuff.co.nz reports on New Zealand's move toward electronic health records and the federal privacy commissioner's expectations on patient information sharing. "In New Zealand, we have very high levels of trust in our health professionals and everyone is working hard to keep it that way," Privacy Commissioner Marie Shroff said, adding e-health records will be successful only if patients and health providers are confident about privacy protections. Shroff also said the $38 million information sharing system must have privacy safeguards built in and that patients should be able to opt out of the sharing. "We can't afford to get it wrong," Shroff said.
Full Story

DATA LOSS—NEW SOUTH WALES

Commissioner Investigating the Sale of Lost USB Keys (December 16, 2011)

The New South Wales privacy commissioner is investigating Railcorp after it sold 50 USB keys containing personal data to computer security company Sophos at its lost property auction. While a Railcorp spokeswoman said the organisation has a process "where we look to erase any stored information" before auctioning devices, the keys had not been wiped of data. Deputy Privacy Commissioner John McAteer said, if the company wasn't going to destroy the devices, it "had an obligation to work out what was on there, and if it was personal information, they either had the obligation to cleanse it or to contact the person to whom it related." However, The Sydney Morning Herald reports that Paul Ducklin of Sophos says Railcorp should not be responsible for "protecting its customers from making IT blunders."
Full Story

CHILDREN’S PRIVACY — AUSTRALIA

Youth Magazine Subscribers Receive Inappropriate Marketing (December 16, 2011)

Privacy Commissioner Timothy Pilgrim says his office will look into a data sharing mishap that resulted in children aged six to 13 receiving invitations to join a wine club, reports Brisbane Times. A Pacific Magazines spokeswoman has said that a "small number of youth subscribers received a co-branded Pacific Magazines and Cellarmasters mailing in error," adding that the company has reviewed its systems to ensure it will not happen again. One parent says the broader issue is privacy. "There was no duty of care and no protection of a child's information," she said. Pilgrim said all organisations must use data in compliance with the Privacy Act, including "when using that data for marketing purposes."
Full Story

PRIVACY LAW—AUSTRALIA

Opinion: Statutory Cause of Action? Maybe. (December 16, 2011)

Melbourne University Prof. Megan Richardson outlines aspects of the debate over a statutory cause of action for serious infringements of privacy. She writes for The Australian that regardless of the protections offered under breach of confidence actions and others, "statutory law reform--if done well--may still be desirable...especially if we want the law to shape social behaviour and not just in a few actual cases that get to court." Richardson says the pain and expense of proving a statutory cause of action, as hinted at by the privacy commissioner in his proposal for an alternative resolution process, is also problematic, but says, "it would be a pity if any new statutory cause of action sought to limit the options of parties" that want to take their case to court. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—HONG KONG

Commissioner Responds to Privacy Bill Amendments (December 16, 2011)

While Hong Kong's privacy commissioner for personal data is pleased that most of his office's proposals were incorporated into the administration's amendments to the Personal Data Privacy Bill, he says some provisions are a step backwards. Certain proposals dealing with collection, use and sale of personal data in direct marketing--such as allowing companies to collect personal data prior to notifying consumers on how it will be used and offering them an opt-out--are insufficient in the commissioner's view. One proposal gives consumers 30 days to opt out of the sale of their personal data, which, according to the commissioner, "falls short of the strong public expectation revealed in the Octopus incident." He urges the administration to consider his comments.
Full Story

DATA LOSS—JAPAN

Game Developer’s Servers Hacked (December 16, 2011)

A Japanese game developer says servers containing data on 1.8 million customers has been hacked, AFP reports. The extent of damage done is not yet known, but Square Enix says it stopped service an hour after discovering the intruder, who breached an unknown number of servers storing data--including names and e-mail addresses--on one million members in Japan and 800,000 in North America. The server for its 300,000 European members was not breached, however. Earlier this year, Square Enix was breached after a hacker attacked its European server and accessed consumer e-mails and the resumes of 250 job applicants.
Full Story

HEALTHCARE PRIVACY—HONG KONG

Public Consultation Open for EHR System (December 16, 2011)

The Food and Health Bureau has announced a two-month public consultation period on the legal, privacy and security aspects of its proposed electronic health records system, which will connect public and private providers in an effort to streamline patient care, reports China Daily. The proposal includes criminal sanctions for unauthorised access of patient data with "malicious intent," and patient participation would be voluntary. "The government endeavors not only to deploy the appropriate technologies to safeguard system security but also to formulate a legal, privacy and security framework for sharing with reference to views of various stakeholders...to provide legal protection for the privacy of patients' health data and system security," said Food and Health Secretary York Chow.
Full Story 

SOCIAL NETWORKING

Facial Recognition Feature on Google+ (December 16, 2011)

Users of the Google+ social network are now able to opt in to a facial recognition feature that will "prompt people you know to tag your face when it appears in photos," says a company engineer in a blog post. Unlike its main rival, Google+ has chosen to make the feature opt-in, reports The New Zealand Herald. "Of course, you have control over which tags you accept or reject," says the blog post. Google executives at an October Internet conference said the company will increasingly integrate its services into the Google+ network, which has acquired more than 40 million users since it became publicly available in September.
Full Story

PERSONAL PRIVACY

CarrierIQ Reassures Regulators, Customers on Privacy Practices (December 15, 2011)

CarrierIQ says it contacted the Federal Trade Commission (FTC) and Federal Communications Commission (FCC), not the other way around, VentureBeat reports. The company has faced scrutiny since computer programmers discovered that CarrierIQ software--used by many smartphone service providers--logs users' keystrokes and other personal information. In the U.S., several lawsuits have been filed, and lawmakers have written to the company, which says it sought meetings with the FCC and FTC for transparency and that it will "comply with all domestic and foreign regulators" as European agencies investigate. CarrierIQ recently published a 19-page report explaining how its technology works. 
Full Story

PRIVACY LAW—AUSTRALIA

Pilgrim’s First Determination: Damages, Apology, Training (December 14, 2011)
Australia Privacy Commissioner Timothy Pilgrim has declared that the Wentworthville Leagues Club breached National Privacy Principle 2.1 when it disclosed information on a member's gambling habits to his former partner. In 2005, the club was issued a court subpoena to turn over the information to the court, instead it gave the documentation to the former partner--who then shared it with others.

RFID

Expert: Banks Should Allow Opt-Out for New Technology (December 13, 2011)

The lack of consumer choice when it comes to banks' use of near-field communication (NFC) enabled bank cards is of grave concern, according to one expert. ISACA's Richard Hollis recently visited five banks to ask for a bank card without the embedded technology--a method of wireless communication--but was refused at each, V3.co.uk reports. "The industry is not leading on the issue of privacy but just saying, 'User Beware' and carrying on with its practices, and we are still some way from the tipping point of consumers starting to ask questions about what is actually being done with their data," Hollis said at a recent conference on cyber privacy.
Full Story

DATA LOSS—AUSTRALIA

Commissioner To Investigate Website Glitch (December 12, 2011)
The Australian privacy commissioner says his office has launched a formal investigation into the most recent Telstra breach, ZDNet reports. The commissioner has asked the company for a detailed written report on the incident, including what information was compromised and what action the company is taking to prevent a similar occurrence in the future.

ONLINE PRIVACY

Opinion: Online Anonymity Isn’t So Achievable Anymore (December 12, 2011)

In a column for The New York Times, Nick Bilton describes how easily a supposedly anonymous Web user can be identified. Bilton recently uploaded images to a photo-sharing app, eliciting comments from a stranger. But it took Bilton only 10 minutes to piece together bits of the stranger's personal information online to identify her full name, phone number, home address and place of employment. Privacy expert Elizabeth Stark of Stanford University said, "Previously you could have searched every photo on the Internet for a photo of Nick Bilton until you eventually found one, but that would take a lifetime. Now, facial recognition software can return more images about someone instantly." (Registration may be required to access this story.)
Full Story

DATA LOSS—NEW SOUTH WALES

Auctioned USB Sticks Contained Personal Data (December 9, 2011)

SC Magazine reports that troves of personal data files stored on USB keys and lost on Sydney trains have been sold to the public at auction. A chief technology officer bought about 70 USBs recently and discovered the personal information--including resumes, tax returns, photos and documents--still stored on the unencrypted sticks. The NSW Privacy Office has chastised RailCorp for selling the devices, the report states. "They should be following best practice," said Deputy Privacy Commissioner John McAteer. "They should not disclose the data without the consent of the person the data relates to."
Full Story

PRIVACY—AUSTRALIA

Pilgrim: I Am Prepared To Use My Power (December 9, 2011)

An Allens Arthur Robinson publication advises companies handling data to have "robust processes" in place for the collection, use, storage and disclosure of information, citing the Australian privacy commissioner's recent vow to increase enforcement actions. In a speech at the iappANZ conference on 30 November, Pilgrim said he would deliver his first determination--enforceable by federal law--under the Privacy Act within seven days. Pilgrim's office has been criticised for not using the powers provided, which include determining appropriate remedies and compensation required following breaches. But the commissioner says he is "prepared to use my power to make determinations directing how companies should be resolved."
Full Story

 

ONLINE PRIVACY—AUSTRALIA

Guidelines on Cloud Computing Released (December 9, 2011)

The Register reports on a new document, "Cloud Computing--Opportunities and Challenges," recently released by the Australian government. The document notes that the information commissioner has helped formulate "security, privacy and trust guidelines for cloud computing and that service providers agree on ways their services can be validated against the guidelines," the report states. The document suggests that the validations could be expressed as a sort of "star rating for cloud providers," according to the report, and calls for the government to take the lead on an education program for businesses about the use of cloud computing.
Full Story

DATA PROTECTION—ASIA PACIFIC

APPA Forum Summary (December 9, 2011)

The Office of the Victorian Privacy Commissioner hosted the 36th Asia Pacific Privacy Authorities (APPA) forum last week in Melbourne. According to a summary of the meeting on the Privacy Victoria website, participants discussed international privacy developments, credit reporting reforms and information access concerns, and heard from experts on such topics as cloud computing and biometrics. Members also discussed privacy enforcement and the potential for more future collaboration in this area. Hong Kong's Office of the Privacy Commissioner for Personal Data will host the next APPA forum in June 2012.
Full Story

PRIVACY LAW—AUSTRALIA

Minister Says Amendments Likely To Be Introduced Soon (December 9, 2011)

Changes to Australia's Privacy Act are expected to be introduced to Parliament as early as February, reports HWL Ebsworth. Minister for Privacy and Freedom of Information Brendan O'Connor announced at the recent iappANZ conference that the new legislation will be introduced in the first quarter. It will likely implement the Australian Privacy Principles and create a new credit reporting scheme. The government continues to review submissions on a statutory cause of action for serious privacy breaches, O'Connor said, adding that companies should review their compliance status under existing law and be sure appropriate measures are in place on data collection, storage and use.
Full Story

PRIVACY LAW—AUSTRALIA

Former Judge Calls for Tort, Lawyers Push Back (December 9, 2011)

If the government doesn't introduce protections against serious privacy invasions now, it never will. That's according to Michael Kirby, a privacy advocate and former High Court judge, who initially proposed the idea of a privacy tort in 1979. Speaking at the iappANZ conference, Kirby said the Organisation for Economic Cooperation and Development's privacy guidelines on data collection and storage rely on "use limitation" principles and stronger privacy laws are needed. Meanwhile, two telecommunications lawyers unveiled at the conference an alternative to the currently proposed privacy tort that would allow a conciliation scheme to avoid sending privacy grievances to court, The Australian reports. And, Privacy Commissioner Timothy Pilgrim discussed responsible use of citizen data by Australian agencies.
Full Story

SURVEILLANCE—AUSTRALIA

CCTV Shoplifting Site Raises Concerns (December 9, 2011)

The Sydney Morning Herald reports on a website shop owners are using to fight back against shoplifters and the privacy concerns this use of closed-circuit television (CCTV) footage is raising. "Retailers are able to upload images and CCTV footage of people they accuse of shoplifting onto whotube.com," the report states, where members of the public can view them and share information. The site has resulted in two arrests so far, but one civil liberties advocate is among those raising concerns that "effectively naming and shaming people should not be left up to an unregulated website."
Full Story

PRIVACY—AUSTRALIA

Technology Changes, Privacy Pillars Remain The Same (December 9, 2011)

Speaking at the iappANZ Privacy Summit recently, Microsoft Chief Privacy Officer Brendon Lynch, CIPP, said that while the technology landscape may be shifting, the fundamentals of privacy remain constant, iTWire reports. "Privacy is about the appropriate collection, use and protection of personal information," Lynch said. Privacy's core concepts are about empowering individuals with control over the use of their information, transparency and choice, he added. Meanwhile, eBay Global Privacy Leader Scott Shipman, CIPP, has warned that banks using mobile applications and social networking to engage customers should be careful. "When you change how you use information, you have to be able to communicate that clearly to the customer and make sure that they're comfortable with how you've done that," he said.   

Full Story

ONLINE PRIVACY

Mobile Software Company Faces Scrutiny (December 9, 2011)

Smartphone software maker CarrierIQ has said in a statement that it does monitor all keystrokes on mobile devices but only for "legitimate purposes," thinq.co.uk reports. The company said its "software does not record, store or transmit the contents of SMS messages, e-mail, photographs, audio or video." Global lawmakers and regulators have taken note of allegations about the company's data collection practices, and the French data protection authority said it is investigating the matter. The company is facing four lawsuits.
Full Story

ONLINE PRIVACY

Survey: Social Networkers Care About Privacy (December 8, 2011)

A recent survey conducted by the Asia Pacific Privacy Authorities has revealed that people care about their privacy when it comes to social networking sites, according to a press release from New Zealand Privacy Commissioner Marie Shroff's office. More than 10,000 individuals in Mexico, Australia, New Zealand, Hong Kong and Korea completed the survey, which found that 55 percent of respondents "said they would stop using a site that used their information in a way they hadn't expected." Fifty percent said they were uncomfortable with being tracked online for marketing purposes; however, 65 percent said they do not read privacy policies or terms and conditions.
Full Story

PRIVACY LAW—AUSTRALIA

Experts Align With Pilgrim: Conciliation, Not Torts (December 2, 2011)

At this week's iappANZ 2011 Privacy Summit, two telecommunications lawyers laid out their plan for resolving privacy grievances through conciliation, questioning the need for a statutory cause of action, reports The Australian. Their plan shares common ground with a recent submission by Privacy Commissioner Timothy Pilgrim outlining a framework where privacy complaints would first go to the Office of the Australian Information Commissioner and not the courts. Peter Leonard and Michael Burnett of Gilbert + Tobin said in a paper, "The debate needs to refocus towards enhancing quick, practical and cheap remedies," adding that individuals should be able to lodge complaints with the privacy commissioner, who should also be empowered to launch "own motion" investigations. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—NEW ZEALAND

Company: Staff Didn’t Leak PII (December 2, 2011)

Telecom says a member of its staff did not provide personal details in order to track down a stolen laptop, Stuff.co.nz reports. A poster to an online news group said their laptop was stolen and a Telecom staffer provided the Internet protocol number connecting the laptop to the Internet and the user's associated personal information, including a phone number and address. A Telecom spokesman said the company takes customer privacy seriously and that an internal investigation showed no evidence that a staffer had leaked the alleged user's personal information.
Full Story

PRIVACY LAW—AUSTRALIA

Commissioner: Privacy Act Limited, Needs Revision (December 2, 2011)

Australia's information commissioner is calling for an update to the nation's Privacy Act, suggesting amendments that would increase the scope of entities and practices it covers and add a breach notification requirement, reports Computerworld Australia. In a submission to the government's Issues Paper exploring changes to the Privacy Act, the information commissioner's office says technological advancements mean an increased likelihood for large-scale breaches and a greater impact resulting from them, adding, "consideration should be given to providing for additional ways of protecting individuals' privacy." Telecommunications company Telstra also submitted comments, arguing that including a statutory cause of action for privacy would impede freedom of communication and discourage online business.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Expert, Big Tech Respond to PCEHR Plans (December 2, 2011)

In the opinion of one legal expert, healthcare facilities will need to be especially vigilant in protecting patient data. The Australian reports that Kathie Sadler, special counsel with Thomson Lawyers, says it seems likely that instead of attempting to breach the government's personally controlled electronic health records (PCEHR) system--expected to have strong security controls--"parties attempting to illegally access information will concentrate their efforts on systems belonging to individual health professionals and non-government healthcare providers." Meanwhile, Microsoft has come out against the government's requirement to store PCEHR data on Australian soil, saying, "By regulating the geography where the data is held rather than the level of security under which it is held implicitly establishes criteria for data protection that are not related to principles of technology security." (Registration may be required to access this story.)
Full Story

BIOMETRICS—AUSTRALIA

Institute To Release Best Practices Charter (December 2, 2011)

The Biometrics Institute has announced that it plans to release its international privacy charter next week in Canberra, reports CIO. According to General Manager Isabelle Moeller, the institute's document will provide "a universal guide for suppliers, end users, managers and purchasers of biometric systems." The guide is intended to be relevant across districts, taking into account differing regulations as well as legislative and administrative frameworks. "It is the public's assurance that the biometric managers have followed best practice privacy principles when designing, implementing and managing biometric-based projects," Moeller said.
Full Story

PRIVACY LAW—AUSTRALIA

Opinion: Communications Code of Practice Misses Mark (December 2, 2011)

The Communications Alliance has released its code of practice to formalise the handling of copyright infringement resulting from the downloading of copyrighted materials online, putting the onus on ISPs to notify the content industry when protected materials are illegally downloaded. A ZDNet Australia blog states, "It may be nice to see the industry formalise some steps to avoid a repeat of the iiNet fiasco, but the current policy leaves many questions unanswered." Among those questions are whether ISPs are capable of determining when copyrights have been violated. Calling the code "a supremely American policy," the author states, "If there were ever any question about the idea of net neutrality taking hold in Australia, this code of practice quashes it once and for all."
Full Story

DATA LOSS—SOUTH KOREA

Game Publisher Hacked, Gov’t Pushes for Data Collection (December 2, 2011)

A recent hacking incident at computer games publisher Nexon that exposed the sensitive information of more than 13 million users is shining a spotlight on the lax data security standards of Korean businesses and government, reports the Korea Times. The Nexon breach comes on the heels of data thefts at online auction sites and social media sites also exposing millions of citizens' data. And, according to the report, the government is "moving to require companies" to collect more data. "How many more massive data leaks will it take to finally convince everyone that the mountain of personal data floating out there really shouldn't be there?" asks computer security expert Jang Yeo-gyeong with the activist group Jinbo Net.
Full Story

SURVIELLANCE—CHINA

Taxi Cameras Irk Some, Please Others (December 2, 2011)

Audio and video recorders installed in about 6,000 Nanjing taxis are sparking privacy concerns by some, but others argue the recorders will help protect public safety. China Daily reports that while audio recordings will be stored in a data collector in the cab, images will be transferred to the police and transportation management authorities. "The only people who can have access to these recordings are the police and transportation management authorities who have proven they have reasons for dealing with public safety or with passengers' complaints," said Xu Hong of the Nanjing Passenger Transportation Management Office. Similar systems have been put in place in New Zealand, also eliciting privacy concerns.
Full Story

PRIVACY—AUSTRALIA

Technology Changes, Privacy Pillars Remain The Same (December 2, 2011)

Speaking at the iappANZ Privacy Summit this week, Microsoft Chief Privacy Officer Brendon Lynch, CIPP, said that while the technology landscape may be shifting, the fundamentals of privacy remain constant, iTWire reports. "Privacy is about the appropriate collection, use and protection of personal information," Lynch said. Privacy's core concepts are about empowering individuals with control over the use of their information, transparency and choice, he added. Meanwhile, eBay Global Privacy Leader Scott Shipman, CIPP, has warned that banks using mobile applications and social networking to engage customers should be careful. "When you change how you use information, you have to be able to communicate that clearly to the customer and make sure that they're comfortable with how you've done that," he said.
Full Story

PERSONAL PRIVACY

Hidden Rootkit Software Fuels Privacy Debate (December 1, 2011)
Several programmers have discovered a hidden software application found on Android-based HTC phones that logs a wide range of detailed information about a user's activities, Network World reports, prompting Sen. Al Franken (D-MN) to demand answers from the software maker. The software is called CarrierIQ and has been termed by one expert as a "classic rootkit" that lets carriers locate and correct performance issues on the cell phones but can also monitor key presses, locations and received messages of its users without notification.

PRIVACY

Expert: Attorneys Increasingly Important in Breach Responses (December 1, 2011)

Data breaches are all about reputational risk, says Hunton & Williams Managing Partner Lisa Sotto in this BankInfoSecurity podcast. Attorneys play increasingly integral roles in data breach responses, Sotto says, including deciding what steps must be taken beyond a jurisdiction's data breach notification mandates. "The law only requires that an entity notify those who had sensitive information compromised, like Social Security numbers. But now we know other things, like e-mail addresses, can lead to compromise through social engineering and phishing," Sotto says. 
Full Story