ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

CHILDREN’S PRIVACY—NEW ZEALAND

Commish: School Sites Lack Data-Use Info (May 31, 2013)

After sweeping a number of websites as part of the Global Privacy Enforcement Network, New Zealand Privacy Commissioner Marie Shroff has announced that many schools and some popular children’s websites “show there is often no information given to users about how their personal information collected via the site will be used and shared.” According to a press release, “We found that in a selection of the larger New Zealand schools’ websites we looked at, very few had any sort of policy at all.” In contrast, many children’s gaming websites had privacy policies that “were usually extremely detailed and lengthy, and the references were often to U.S. or European law.”
Full Story
 

PRIVACY LAW—AUSTRALIA

Officials Disagree Over Privacy, Security Balance (May 30, 2013)

Greens Sen. Scott Ludlam and Opposition Shadow Attorney-General George Brandis are not seeing eye-to-eye on the balance between security and privacy laws, COMPUTERWORLD reports. While Ludlam has said privacy laws are not keeping up with expanded surveillance powers in a post-9/11 world, Brandis has called such concerns “inflated,” the report states. Brandis is calling for more public awareness of such security dangers as cyber-attacks, while Ludlam said Parliament has “rapidly” updated surveillance laws while “privacy laws are still stuck in the mid-1990s.” Ludlam cited warrantless requests for metadata, noting, “Dozens of government agencies are vacuuming this material up, and there’s really no judicial oversight whatsoever.”
Full Story

DATA LOSS—NEW ZEALAND

Survey: Breaches Spur High Level of Concern (May 30, 2013)

The Unisys Security Index has found that “New Zealanders show a high level of concern about loss of their private data,” COMPUTERWORLD reports. While overall concern about security matters decreased, “76 percent of Kiwis are concerned about data breaches at banks and financial institutions compared to only 57 percent concerned about health organisations including hospitals and doctors,” according to the Unisys report. Concerns about government data loss also ranked high—63 percent—“following a number of well-publicised accidental releases of data from ACC, the Earthquake Commission, the Ministry of Social Development and Inland Revenue,” the report states.
Full Story

CCTV—NEW SOUTH WALES

Greens: Use Must Comply with Privacy Act (May 30, 2013)

Government News reports that a “fresh row over how councils can use video surveillance and CCTV in New South Wales has erupted,” noting efforts to “relax privacy regulations governing cameras” have been met with a motion by the Greens aimed at ensuring that if councils use CCTV, “these cameras must be useful, fit for purpose and compliant with privacy laws.” Greens Spokesman for Local Government David Shoebridge has said the motion would not prohibit councils from using CCTV but instead would require them “to comply with Privacy Act requirements,” the report states.
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Credit Report Charges To Be Reviewed (May 30, 2013)

Stuff.co.nz reports a credit bureau’s move to stop providing individuals with their credit scores unless they pay for them is prompting plans for a review by the privacy commissioner. The Privacy Act’s credit reporting privacy code “gives people the right to a free copy of any credit information credit bureaux hold about them and the right to an explanation of their credit score if the bureau has generated one,” and the bureau’s move “has prompted the privacy commissioner's office to add the transparency of credit scoring to its list of issues to look at when it reviews last year's changes to credit reporting rules,” the report states.
Full Story

PERSONAL PRIVACY

A Networked World Calls for Brave New Thinking (May 30, 2013)

With increased distribution of wearable computing devices, Field Fisher Waterhouse Partner Phil Lee, CIPM, CIPP/E, writes that the “depth of relationship” individuals will have “with their device...far exceeds any previous relationship between man and computer.” In this latest Privacy Perspectives post, Lee examines what effect these wearable devices and the oncoming Internet of Things will have on individuals’ and business’ privacy expectations—from consent mechanisms to Privacy by Design initiatives.
Full Story

PRIVACY LAW—AUSTRALIA

Gov’t Introducing Breach Notification Bill (May 30, 2013)

Privacy Commissioner Timothy Pilgrim has voiced support for mandatory breach legislation, CSO reports. Attorney-General Mark Dreyfus has announced the government will introduce legislation to take effect in March that will require companies to disclose data breaches. The legislation, which the Australia Law Reform Commission has been proposing since 2008, will “require notification of serious data breaches that will result in a real risk of serious harm,” a Gizmodo report states, noting Dreyfus used the announcement of the legislation as an opportunity to chastise organizations for recent data breaches. As current legislation does not require companies to disclose breaches, the report questions “the data breaches we haven’t heard about over the last decade.”
Full Story

BIG DATA

From Beavers to Smart Cars to Ivory Coast with Sandy Pentland (May 29, 2013)

Alex “Sandy” Pentland has worked using data to solve any number of problems--enough to realize that privacy issues can be overcome when working with Big Data. The MIT and World Economic Forum researcher addressed the Center for Geographic Analysis annual conference recently to discuss “data commons” and the power they may hold for public good. Editor’s Note: Pentland will address the audience at Navigate, June 21, as part of a cast of provocative thinkers.
Full Story

MOBILE PRIVACY

Website Shows Just How Private Snapchat Really Is (May 29, 2013)

If recent stories showing the permanence of Snapchat’s supposedly ephemeral photo sharing didn’t convince you, perhaps the launch of the new SnapchatLeaked.com will. As Beta Beat reports, the startup website allows users to upload photos that have been sent to them, despite the senders’ assumption that they would be deleted after only 10 seconds of viewing. While the site covers up “naughty bits” and doesn’t display a Snapchat ID, there is still some speculation as to whether the site will lead to lawsuits. “All images are user-submitted,” the site’s creators told UK tabloid Metro, “if the person asks to take them down, we do. Most see it as fun and getting ‘Facebook famous’.” Editor’s Note: Jed Bracy, CIPP/US, CIPP/E, wrote about how Snapchat plays into cyberstalking and cyberbullying recently for Privacy Perspectives.
Full Story

ONLINE PRIVACY

Estate Planning for Digital Assets (May 28, 2013)

The New York Times reports on the issue of end-of-life planning for online data. “Digital assets have value, sometimes sentimental and sometimes commercial, just like a boxful of jewelry,” one lawyer notes, suggesting they can result in “painful legal and emotional issues for relatives unless you decide how to handle your electronic possessions in your estate planning.” The report highlights options available to online users—including Google’s Inactive Account Manager, which allows users to “decide exactly how they want to deal with the data they’ve stored online with the company”—as well as expert recommendations for getting “your Internet house in order.” (Registration may be required to access this story.)
Full Story

PERSONAL PRIVACY

Opinion: What About Those Who Don’t Want To Be Recorded? (May 28, 2013)

In an opinion piece for The New York Times, Nick Bilton discusses a recent experience with Google Glass, the wearable computer capable of recording everything occurring in its view with a click or a wink. “But what about people who don’t want to be recorded?” Bilton asks. At a recent social gathering, Bilton notes, “I was startled by how much Glass invades people’s privacy, leaving them two choices: Stare at a camera that is constantly staring back at them, or leave the room.” Meanwhile, a startup is preparing to launch a facial recognition API for developers of Google Glass apps, to be available within a week. (Registration may be required to access this story.)
Full Story

DATA LOSS—AUSTRALIA

Pilgrim Opens New Telstra Investigation (May 23, 2013)

After a new privacy breach hit Telstra last week, Australian Privacy Commissioner Timothy Pilgrim opened a new investigation, ZDNet reports. Pilgrim said his office has been contacted and briefed on the matter by Telstra, and the company has begun notifying affected individuals. “I have asked that Telstra provide me with further information on the incident,” Pilgrim said, “including how it occurred, what information was compromised and what steps they have taken to prevent a reoccurrence.”
Full Story

DATA LOSS—NEW ZEALAND

Labour Says New WINZ Breach Was Preventable (May 23, 2013)

Jacinda Ardern, Labour’s social development spokeswoman, said a recent Work and Income (WINZ) breach was preventable, The New Zealand Herald reports. The details of 34 WINZ beneficiaries were mistakenly sent to the wrong claimant. “Had the minister, right from the very beginning when we had that first kiosk breach, agreed to have Deloitte look at all of the privacy protocols and practices within the department, perhaps we might not have had this more recent breach,” Ardern said, adding, the government needs to take its citizens’ privacy more seriously.
Full Story

PRIVACY LAW—NEW ZEALAND

Opinion: Privacy Bill Step in Right Direction (May 23, 2013)

In a column for The New Zealand Herald, Prof. Gehen Gunasekara opines that MP Sue Moroney’s Privacy Amendment Bill is “bound to set the cat among the pigeons” as it enacts several of the Law Commission’s recommendations, including strengthening the powers of the privacy commissioner. Although many recent breaches—including the ACC, WINZ, IRD and EQC—“are undoubtedly a byproduct of the proliferation of information technologies, there is nevertheless evidence that some of the problems are systemic in nature, thereby highlighting the need for systemic and coordinated scrutiny as recommended by the Law Commission, as opposed to ad-hoc inquiry,” Gunasekara writes. Meanwhile, a privacy report reviewing the public sector has been stalled, causing some to speculate that problems have been uncovered.
Full Story

BIG DATA

Privacy Hampers Research Outcomes (May 23, 2013)

Professors at the Massachusetts Institute of Technology say privacy remains a “big stumbling block” to effectively using Big Data, The Wall Street Journal reports. MIT’s Andrew Lo, Dimitris Bertsimas and Alex “Sandy” Pentland are building Big Data models to predict financial market shifts and crime and improve healthcare outcomes, the report states, but run into privacy issues when it comes time to analyze the data. There are also concerns about individuals being profiled based on Big Data findings. Meanwhile, Amsterdam’s ZyLAB has published a whitepaper warning IT decision-makers about “the dark side of Big Data.” (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Facebook Joins Advocacy Group (May 23, 2013)

Facebook announced on Wednesday that it has joined the online privacy and freedom advocacy group Global Network Initiative (GNI), reports The Wall Street Journal. The affiliation may help to show users that Facebook is taking privacy concerns seriously and also help it navigate expansion in developing countries, the report states. GNI provides guidance on protecting online privacy against government intrusions and reviews members’ practices to ensure they are in line with GNI’s goals. Meanwhile, Facebook CEO Mark Zuckerberg was in Poland on Wednesday meeting with Polish Minister for Administrative Affairs and Digitisation Michal Boni about the global significance of the Polish IT industry. (Registration may be required to access this story.)
Full Story

BIG DATA

Service Would Sell Phone Data on Consumers (May 22, 2013)

European software firm SAP has announced a new service that will pull data from its “extensive partner network”—which includes “over 990 mobile operators”—collect and analyze it “without drilling down into user-specific information,” CNET News reports, and disclose the results to subscribers via web portal. SAP said of its Consumer Insight 365 mobile service that “this market intelligence will ultimately allow brands to strengthen relationships with consumers through more targeted and context-specific marketing efforts.” The Wall Street Journal reports on the potential privacy concerns from a service that will “broaden the range of data about individuals’ habits and movements that law enforcement could subpoena.”
Full Story

BIG DATA

Creating a Data Empire (with Uncle Enzo and Steve Sneak) (May 22, 2013)

With gamification making its way further and further into mainstream marketing and corporate efforts, it only makes sense that privacy-awareness advocates would get into the game. Privacy professionals should get a kick out of Data Dealer, a new browser-based game, which will eventually be integrated into Facebook like the popular Zynga games (et al) and takes a satirical and ironic approach to the world of data collection and sale. The Privacy Advisor gives it a spin and gives you a full review.
Full Story

DATA LOSS—JAPAN

Breach May Have Exposed 22M IDs (May 21, 2013)
Yahoo Japan released a statement on Friday that a file with 22 million login names may have been exposed, InformationWeek reports. “We don't know if the file was leaked or not, but we can't deny the possibility, given the volume of traffic between our server and external terminals,” the statement notes. The company has posted information related to the breach on its homepage and is contacting those affected, the report states, noting the unauthorized access was discovered on Thursday and could affect 10 percent of the company’s user base.

RFID

Chips Pose ID Theft and Privacy Concerns (May 21, 2013)

The Washington Post reports on rising identity theft of travelers stemming from access to RFID chips in passports and credit cards. Criminals can also access personal data from smartphones via WiFi networks. To help curb such attacks, some luggage companies are inserting RFID-blocking compartments in luggage. Meanwhile, Bruce Schneier, a security expert, writes about the rise of the Internet of Things and surveillance in his latest blog post, noting that “any illusion of privacy we maintain” is “about to get worse.” (Registration may be required to access this story.)
Full Story

PRIVACY LAW—SINGAPORE

Data Protection Act Comes Into Effect Next Summer (May 20, 2013)

Singapore’s Personal Data Protection Act will come into effect on July 2, 2014, ZDNet reports, and “organizations will need to complete data inventory mapping, process audits, staff training and publication of various processes” by that date. The Personal Data Protection Commission has introduced tools and trainings to assist small- and medium-size businesses, the report states, noting, “There is very significant effort involved in data mapping…Similarly, process audits needed to sync across business units and different offices may involve process re-engineering and relearning by staff members. Organizations should not underestimate this task.”
Full Story

ONLINE PRIVACY

Firefox Cookie Blocking By Default on Pause (May 17, 2013)

Mozilla has postponed default cookie-blocking in its Beta version of Firefox 22 “to collect and analyze data on the effect of blocking some third-party cookies,” PC World reports. The default setting has been criticized by the online advertisement industry. The nonprofit is currently testing a patch created by Jonathan Mayer. In a blog post, Mozilla Chief Technology Officer Brendan Eich wrote, “Our next engineering task is to add privacy-preserving code to measure how the patch affects real websites,” adding, “We will also ask some of our Aurora and Beta users to opt in to a study with deeper data collection.”
Full Story

GENETIC PRIVACY

Making Art of the DNA We Leave Behind (May 17, 2013)

What if someone could take your mundane, discarded items—chewing gum, a stray hair and other things with traces of DNA—and turn them into a portrait of you? Heather Dewey-Hagborg has already started doing just that. This Privacy Perspectives blog post explores her work and the broader implications, both creepy and courageous, for our fledgling personal privacy in light of advancing DNA capabilities.
Full Story

PRIVACY LAW—AUSTRALIA

Roundtable Discusses Mandatory Breach Notification Impact (May 16, 2013)

CRN reports on comments from security and technology leaders at top Australian organisations during a recent SC and ITnews roundtable on the impact of mandatory data breach notification. “Plans for a data breach notification scheme were shared with a small number of stakeholders as the Exposure Draft Privacy Amendment (Privacy Alerts) Bill 2013, obtained by SC,” the report states, noting the roundtable’s participants “say the impact of a mandatory data breach reporting scheme on businesses will largely depend on what the federal government determines are 'reasonable' security controls.”
Full Story

SURVEILLANCE—NEW ZEALAND

Commissioner Reviewing Activist’s Complaint (May 16, 2013)

The Office of the Privacy Commissioner is investigating a complaint about the refusal of the Government Communications Security Bureau (GCSB) “to tell an activist whether she had been under illegal surveillance,” Radio New Zealand reports. Political activist Valerie Morse, who is considering legal action, has asked the GCSB whether she had been monitored but was told that the GCSB “would not confirm or deny anything,” the report states. While it is not legal for the bureau to spy on New Zealanders at this time, Parliament is considering legislation that could change that.
Full Story

DATA LOSS—AUSTRALIA

Telstra Customers’ Info Exposed Online (May 16, 2013)

Following breach reports earlier this year, The Age reports on one Internet user finding nearly 10,000 Telstra customers’ personal details online. The individual “contacted Fairfax Media about the information being freely accessible to anyone online after conducting a specific Google search that turned up Telstra spreadsheets,” the report states. The company is investigating the incident, and Telstra’s Peter Jamieson said the information should not have been public, adding, “This is unacceptable. We take very seriously the confidentiality of our customers' information and we will take all steps to ensure we protect that information.”
Full Story

SURVEILLANCE—NEW ZEALAND

Plate-Scanners: Success or Privacy Invasion? (May 16, 2013)

The New Zealand Herald reports that while the Automobile Association and police are welcoming the use of automatic number-plate recognition technology for safety and crime-fighting, civil liberties lawyers are concerned. The technology has helped police locate “15 stolen vehicles, take 180 disqualified drivers off the road and recover other stolen goods from a number of offenders,” the report states, “But lawyers fear innocent people…may be caught in widespread surveillance that could expand to tracking their movements to build profiles of people of interest.” The Privacy Commission has cautioned the technology must be used "carefully," the report states.
Full Story

PRIVACY

When Buying Cyberinsurance, Semantics Matter (May 16, 2013)

At yesterday’s Pre-Breach Preparedness IAPP KnowledgeNet in Dedham, MA, Joe Burgoyne of Osram Sylvania, opened the “privacy panel” with a somewhat startling prompt: Raise your hand if you know where all of your company’s data is. Of the 100-plus attendees, maybe two hands went up—hesitantly. In this exclusive for The Privacy Advisor, Burgoyne offers advice on how to prepare for a data breach and attorney Nancy Kelly discusses the importance of negotiating when it comes to buying standalone cyber insurance.
Full Story

DATA LOSS

Experts Discuss Bloomberg Privacy Implications (May 15, 2013)

As Bloomberg News continues to answer questions about the actions of reporters who appear to have, on more than one occasion, used the company’s desktop data terminals to monitor activity at financial institutions, privacy experts are weighing in on the long-term implications. This exclusive for The Privacy Advisor examines the most recent developments and the reactions from experts like Lisa Sotto, CIPP/US, who told GovInfoSecurity Bloomberg must “toughen its IT security and privacy governance process…It is critically important to have a stringent set of access controls, but the integrity and ethics issues really go beyond privacy and data security."
Full Story

PRIVACY IN POP CULTURE

Going Gaga for Google Glass (May 15, 2013)

While it’s unquestionably true that the advent of Google Glass has created all manner of interesting privacy discussions, Glass may end up being as much a boon to comedy writers as to privacy professionals. In this exclusive for The Privacy Advisor, we round-up all of the best send-ups and look at the way being creepy may keep Glass users from being creepy.
Full Story

MOBILE PRIVACY

In-App Advertisers Beware: Lookout Announces Deadline (May 14, 2013)

With adware targeting the Android operating system up 61 percent over last year, by Bitdefender’s estimate, mobile security firm Lookout has decided to take a firmer stance with in-app advertisers. The company has announced “rules and standards for acceptable advertising practices that promote good user experience and privacy best practices” and has given advertisers 45 days from May 10 to comply or be otherwise classified as adware. If advertisers don’t get explicit user consent for display advertising outside the normal in-app experience, harvesting PII or performing unexpected actions in response to ad clicks, Lookout’s product will block them from users.
Full Story

ONLINE PRIVACY

LinkedIn Revises Policy for User Clarity (May 13, 2013)

LinkedIn is updating its privacy policy within the next week, the company reports in its blog. The updates will clarify and simplify language to make it easier for members to read and understand. The policy will be located on a page that will become the company’s “Privacy Portal” where users can access all of their LinkedIn data.
Full Story

CYBERSECURITY

A Global View of Integrating Privacy and Security (May 10, 2013)

“From Maryland to Ireland, Slovakia to Florida, privacy professionals and their industry colleagues are working on integrating Privacy by Design into business models and functionality,” writes Jenner & Block’s Mary Ellen Callahan, CIPP/US, in this latest Privacy Perspectives post. Amidst her “whirlwind tour” across continents and industry sectors—from marketing to security to government—Callahan assesses a growing effort to implement privacy into business and national security strategies.
Full Story

PRIVACY LAW—AUSTRALIA

Ludlam: Expect “Kinder, Gentler” Data Retention After Election (May 9, 2013)

Greens Sen. Scott Ludlam has predicted that proposed legislative changes that would require ISPs to retain customer data for up to two years will not be passed prior to the federal election in September, ZDNet reports. "I suspect we will end up with a kinder, gentler data retention after the election, and in the short term, that committee report will make it go away for six months," Ludlam said. Among the telecommunications interception legislation reforms the government proposed last July, the two-year requirement for data retention has received the most criticism.
Full Story

DATA PROTECTION—NEW ZEALAND

Government Struggles To Protect Privacy (May 9, 2013)

As the government relies more on electronic records with their ease of sharing information, privacy breaches have become commonplace, reports Stuff.co.nz. In the past two years, “departments have breached the privacy of more than 100,000 New Zealanders.” Privacy Commissioner Marie Shroff is seeking to improve the government’s privacy practices and restore public trust, noting there is a “vulnerability” that needs to be “urgently dealt with.” As former Privacy Commissioner Malcolm Crompton, CIPP/US, states, “There will always be risk, but it needs to be well-managed.”
Full Story

PRIVACY LAW—NEW ZEALAND

Minister Watching Australia’s Privacy Laws (May 9, 2013)

Justice Minister Judith Collins wants to introduce a privacy law change allowing police to “flag criminal backgrounds,” making past criminal behavior discoverable by family members and others, reports The New Zealand Herald, but is watching developments in Australia before introducing the changes. Australian privacy laws have changed to accommodate this, but will not be fully in effect until April 2014, the report states. Collins also wants better information-sharing between the two countries. “We are seeing some very, very violent and dangerous offenders deported back here, which means the information-sharing is going to have to move out of the ad hoc way it has been in the past,” she stated.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Changes Could Mean Criminal Database (May 9, 2013)

Justice Minister Judith Collins’ plans to change trans-Tasman information-sharing could mean a public register of serious criminals deported from Australia, reports Stuff.co.nz. The change would allow Australian authorities to hand over border-control information to New Zealand police—including criminal convictions. Collins’ plan would also have officials deciding whether the public should have access to criminal records by request or with an open register for serious offenders. The report outlines concerns including possible discrimination and the register’s impact on an individual's right to a fair trial if information about previous offences could be accessed.
Full Story

PRIVACY—NEW ZEALAND

An Interview with Commissioner Shroff (May 9, 2013)

Privacy Commissioner Marie Shroff recently sat down for an interview with Facebook New Zealand, emphasizing privacy and data safety. She discussed the best steps individuals can take to guard their privacy and what they can do if data inadvertently falls into their hands. She also stressed the importance of senior management leadership on data protection, stating, “Sound information management needs to be top-of-mind for every organisation.”
Full Story

PERSONAL PRIVACY—AUSTRALIA

Tattooists Reject Registry Proposal (May 9, 2013)

Due to problems with gangs using tattoo parlours to launder money, Gold Coast MP for Mermaid Beach Ray Stevens recently proposed a tattoo registry in Parliament, reports ABC News Australia. However Josh Roelink, the spokesman for the Australian Tattooists Guild, feels that most clients would not want to be on such a registry, and it would be “a huge infringement on civil liberties and privacy.” Queensland Council for Civil Liberties President Michael Cope concurs, calling the proposal “overkill” and an “unnecessary invasion of privacy.”
Full Story

STUDENT PRIVACY—NEW ZEALAND

Students Dislike Tracking System (May 9, 2013)

Stuff.co.nz reports on students’ concerns over a school administration system that allows staff to access student records to monitor attendance and grade results, among other details. Many schools have recently set up portal systems to give parents access to such data. School administrators say the system is essential to get parents involved, but students are concerned about their privacy, the report states. One student described the system as making her “uncomfortable,” but one principal said students’ privacy is still protected. Parents don’t know if their child visits the nurse or sees a counselor, for example.
Full Story

ONLINE PRIVACY

Google Chairman: Lack of Internet Delete Button Is “Significant Issue” (May 8, 2013)

Google Executive Chairman Eric Schmidt believes the “lack of a delete button on the Internet is in fact a significant issue.” That’s according to a Fast Company report on Schmidt’s comments to economist Nouriel Roubini at New York University’s Stern Business School this week. The discussion focused in part on the privacy implications of the “endless troves of personal user data” being amassed by online companies. Schmidt said, “Let me be very clear that Google is not tracking you,” adding that in terms of that lack of an online delete button, “There are times when erasure is the right thing...and there are times when it is inappropriate. How do we decide? We have to have that debate now."
Full Story

ONLINE PRIVACY

Internet of Things and Privacy a “Cat-and-Mouse Game” (May 8, 2013)

Wireless technology company Qualcomm is working on enabling the impending “Internet of Things” while maintaining user privacy. That’s according to CEO Paul Jacobs, who said in a recent speech that technology will certainly make it possible for “nearly everything people interact with” to be connected to the Internet in time, but companies must work to make such capabilities less intrusive, CNET reports. “Privacy is something that’s going to be a little bit like a cat-and-mouse game,” he said.
Full Story

ONLINE PRIVACY

GPEN Launches First Internet Privacy Sweep (May 7, 2013)
A total of 19 privacy enforcement authorities are participating in the Global Privacy Enforcement Network’s first Internet Privacy Sweep initiative. In announcing the launch of the weeklong initiative, the Office of the Privacy Commissioner of Canada said participating authorities will dedicate individuals to search the Internet in a coordinated effort to assess privacy issues related to the theme, Privacy Practice Transparency. “Privacy issues have become global and they require a global response,” noted Canadian Privacy Commissioner Jennifer Stoddart. “It is critical that privacy enforcement authorities work together to help protect the privacy rights of people around the world.” This exclusive for The Privacy Advisor takes a closer look at the new initiative.

ONLINE PRIVACY

The Struggling Do-Not-Track Negotiations (May 6, 2013)
The New York Times reports on the friction between industry and privacy advocates leading up to what will be the final face-to-face negotiations within the World Wide Web Consortium (W3C) on establishing a Do-Not-Track (DNT) standard. On Friday, Mozilla posted a new report on the “State of Do Not Track in Firefox.” Yet, if the W3C cannot come to an agreement this week, the proposed standard may go the way of the dodo. Two main sticking points revolve around default settings and what data may be collected after a DNT signal is activated. Jonathan Mayer, a Stanford University graduate student and participant in the W3C talks, said, “I think it’s right to think about shutting down the process and saying we just can’t agree,” adding, “We gave it the old college try. But sometimes you can’t reach a negotiated deal.” Editor’s Note: Mercatus Center Senior Research Fellow Adam Thierer recently wrote about Do Not Track in the first installment of a point-counterpoint with the Center for Democracy & Technology’s Justin Brookman for the IAPP’s Privacy Perspectives. (Registration may be required to access this story.)

GEO-LOCATION

What’s the Equivalent of Shouting “Fire!” in a Crowded Theater? (May 6, 2013)

The Center for Geographic Analysis held its annual conference at Harvard’s Tsai Auditorium last week, focusing on the challenges and thoughts surrounding policy-making for a location-enabled society. The benefits of location technology are hard to deny—identifying influenza outbreaks, getting necessary transportation to people in remote locations, providing emergency services to people who call 911 from cell phones, heck, even just figuring out how to get home without being stuck in rush-hour traffic—but the collection, analysis and use of this data bring risks, too.
Full Story

PERSONAL PRIVACY

Did Andy Warhol Get It Wrong? (May 6, 2013)

In 1968, Andy Warhol famously quipped, “In the future, everyone will be world-famous for 15 minutes.” But what if the opposite is becoming true? In his recent Privacy Perspectives blog post, IAPP Associate Editor Jedidiah Bracy, CIPP/US, CIPP/E, writes, “We could also say it this way, ‘In the future, everyone will have anonymity for 15 minutes.’” A recent TED Talk, given by Juan Enriquez, further illustrates this point by looking at “the obvious combination of Big Data, tattoos, immortality, the Ancient Greeks…and, of course, Jorge Luis Borges.”
Full Story

CCTV—AUSTRALIA

Cameras Shut Down Over Privacy Incident (May 6, 2013)

New South Wales Premier Barry O’Farrell has said the government will move to enact legislation to ensure the continued use of closed-circuit television cameras (CCTV) on public streets after an invasion-of-privacy incident prompted officials to turn off the cameras, The Sydney Morning Herald reports. O’Farrell said CCTV “has proven essential in assisting police” and cameras are “a vital tool in the fight against crime, and I am determined to ensure they remain so.” O’Farrell also has asked the attorney general “to seek urgent advice on the implications and whether legislative amendments are required to validate the continued use of CCTV.” In the U.S., meanwhile, during Sunday’s airing of Meet the Press, a U.S. lawmaker discussed the importance of camera surveillance to curb terrorism in the context of the Boston Marathon bombings.
Full Story

PERSONAL PRIVACY—NEW ZEALAND

Drink Driver List Suppressed Over Privacy Concerns (May 2, 2013)

The New Zealand Herald reports that a mother whose daughter was killed by a repeat drink-driver is outraged the perpetrator’s information was not published as part of the police’s “name-and-shame” lists due to privacy concerns. In the past, police have given names, offenses and other details of drink-driving violations to newspapers as part of a deterrence effort. However, in recent years privacy concerns have stopped the police from handing over the information. Police must have a legitimate reason to release such information and are in the process of reviewing whether there is one, the report states.
Full Story

PRIVACY LAW—AUSTRALIA

Data Collection May Violate Codes (May 2, 2013)

There has been a large increase in the amount of personal information being collected on the Internet, raising concerns about compliance with privacy codes, AAP reports. It appears much of the data is being collected and sold by organisations with little experience working with consumer information or privacy regulations. While much of the data collected is “relatively harmless,” Prof. Terry Beed notes, “Of far greater concern is data that might be related to incomes, debt levels or health profiles which is gathered and onsold without any warning to the consumer.”
Full Story

BIG DATA—AUSTRALIA

Woolworths Partners With Analytics Company (May 2, 2013)

Woolworths has recently acquired a 50-percent stake in Quantium, a data analytics company, reports Australian Financial Review. With eight million members of its Everyday Rewards program, Woolworths is eager to analyse and leverage that data to “deliver better stores, range and prices” for consumers. In turn, Quantium will use de-identified customer data to improve services to its clients, including eBay and Quantas. When questioned about confidentiality concerns, Quantium Director Tony Davis stated, “Clients’ data, privacy and confidentiality is central to the deal…we won’t share client data or information with Woolworths in any way.”
Full Story

SURVEILLANCE—AUSTRALIA

Opinion: Invasion of Privacy Has Benefits (May 2, 2013)

Paul Malone makes a case in The Sydney Morning Herald for the invasion of privacy by citing recent occurrences—including the identification of the Boston Marathon bombing suspects—where surveillance has proven beneficial. Malone says that “we could not have had better examples of the benefits of ‘invasion of privacy’ than we have seen in the first quarter of this year” but acknowledges “the trend in legislation has been to enshrine privacy, restrict what we are allowed to know about each other and limit what governments can do with the information they gather about us.”
Full Story

BEHAVIOURAL TARGETING

Opinion: Google May Know Us Best (May 2, 2013)

In her latest column for The Sydney Morning Herald, Annabel Crabb humorously muses on Google’s practice of electronically “reading” e-mails by using complex algorithms to scan them and glean information to target advertising directly to the user’s inbox. She notes that the practice raises privacy concerns and is still imperfect—Google seems to think she has a cat merely because one of her e-mails contained the word—noting the “obvious” privacy implications of the practice.
Full Story

ONLINE PRIVACY

Reddit Rewrites Policy for Usability (May 2, 2013)

Reddit has rewritten its privacy policy “from the ground up” in order to be clearer and more accessible to the average user, WebProNews reports. The policy goes into effect May 15. “For some time now, the reddit privacy policy has been a bit of legal boilerplate,” said the announcement. “This new policy is a clear and direct description of how we handle your data on reddit and the steps we take to ensure your privacy.”
Full Story

PRIVACY LAW—AUSTRALIA

Draft Breach Notification Bill Being Circulated (May 2, 2013)

SC Magazine reports on draft data breach notification legislation from the Australian government that is being circulated among a “small number of stakeholders.” Circulated by the Australia Attorney-General’s Department, the Exposure Draft Privacy Amendment (Privacy Alerts) Bill 2013 “appears to take a conservative approach in its demand for data breaches to be reported, with only classifications of serious data breaches considered,” and the report states the legislation could come into force this July with an undisclosed grace period for compliance.
Full Story

ONLINE PRIVACY

Doc Causes Stir Before W3C Meeting (May 1, 2013)
There are rumblings within the World Wide Web Consortium (W3C) leading up to next week’s Do-Not-Track (DNT) meeting after a document was distributed among members “rendering the meeting practically moot,” AdWeek reports. The “Draft Framework for DNT Discussions Leading Up to Face-to-Face” has been called a “framework,” but privacy groups have called it a “proposal” from the Digital Advertising Alliance (DAA). In the document, DNT would be off by default. W3C Co-Chair Peter Swire, CIPP/US, said, “As the name states, it is a framework for discussion, to help frame a possible agenda for next week’s face-to-face meeting in California.” DAA Counsel Stu Ingis said the document is the result of input from the DAA, consumer groups and other stakeholders. “It’s hard for stuff to happen if there’s no agenda,” said Ingis, adding, “There are a lot of cats to herd.”