ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PRIVACY LAW—CHINA

Making Sense of China’s New Privacy Laws (June 28, 2013)

In an apparent effort to encourage consumer engagement in the e-commerce market and establish baseline security standards, the Chinese government has in the past several months released a number of laws, regulations, and guidelines focused on privacy and security issues. In this exclusive Privacy Tracker post, the Hogan Lovells privacy team summarizes the notable takeaways from these initiatives.
Full Story

DATA PROTECTION—AUSTRALIA & NEW ZEALAND

Ludlum Introduces Game Plan (June 27, 2013)

Greens Sen. Scott Ludlum has indicated his focus areas when it comes to improving privacy and transparency of commercial companies’ and government agencies’ data use, Computerworld reports. Ludlum has been questioning the government about the U.S. PRISM surveillance program. He says the four areas where improvements can be made in Australia include protections for whistleblowers, the Freedom of Information Act, the Privacy Act and bringing the “state within a state back into the sunlight.” Meanwhile, one tech mogul is also speaking out against “privacy destroying” and “anti-human rights” spying powers in New Zealand.
Full Story

DATA LOSS—NEW ZEALAND

CIO To Get Powers, Budget, To Avoid Future “Debacles” (June 27, 2013)

The New Zealand Herald reports that NZ Chief Information Officer Colin McDonald “is to get more powers and a bigger budget as the government seeks to keep a lid on IT debacles like Novopay and a string of privacy breaches.” Based on a review of the Novopay incident and MacDonald’s review of publicly accessible IT systems, "It's made us take a step and consider that we need to lift the bar,” said Internal Affairs Minister Chris Tremain. MacDonald's team will receive an additional $1.5 million per year to fund additional staff and resources, the report states.
Full Story

PRIVACY LAW—AUSTRALIA

ADMA Calls for New Breach Code (June 27, 2013)

The Association for Data-driven Marketing and Advertising (ADMA) has called for the privacy commissioner to consider a new voluntary code for data breaches and stop compulsory notifications from being approved by the Australian Senate, CMO reports. The association says it is willing to work with the commissioner on a new code to replace the current Data Breach Notification Guide of the Office of the Australian Information Commissioner and the current legislation debated by Australian Parliament. Banks are also opposing mandatory breach requirements. The ADMA says the current plan’s requirements would cripple hundreds of thousands of Australian businesses. Meanwhile, ITnews reports the Privacy Alerts bill looks set to pass the Senate.
Full Story

SURVEILLANCE—NEW ZEALAND

Casino To Trial Facial-Recognition Technology (June 27, 2013)

Auckland’s SkyCity Casino will trial facial-recognition technology in an effort to prevent gambling addicts from entering, Radio New Zealand reports. The technology uses a database of images to identify those who have been banned or have opted to restrict themselves from casinos. Gehan Gunasekara, a specialist in information privacy law at Auckland University, said protection is needed to be sure data isn’t shared with other agencies for other purposes.
Full Story

PRIVACY BY DESIGN

How UI and UX Can KO Privacy (June 27, 2013)

At Navigate 2013, Will Dayable, co-director at Squareweave, and Jason Hong, associate professor at the Human Computer Interaction Institute at Carnegie Mellon, provoked the nearly 300 attendees into thinking about how UX (User Experience) and UI (User Interface) affect the way people experience and understand privacy. Is your privacy policy written and displayed with respect for your users?
Full Story

DATA PROTECTION

If Nine Of 10 Employees Breach Policies, How Is Privacy Possible? (June 27, 2013)

A survey taken over several years has found that out of 165,000 employees surveyed, 93 percent knowingly violate policies designed to prevent data breaches. Privacy professionals burn the midnight oil crafting policies in line with best practices. But such policies don't stand a chance at protecting consumer data if the employees charged with practicing model data-steward behavior could care less about doing so. So how can a company ensure that its people are complying with the policies it promises to practice? This exclusive for The Privacy Advisor discusses a few experts’ experiences with success.
Full Story

PRIVACY POLICIES

Using Virtual Assistants To Guide Privacy Settings (June 27, 2013)

To help navigate convoluted and complex privacy settings on commonly used websites, CNET News columnist Dan Farber proposes that virtual assistants, such as Siri and Google Now, can be effective tools to give users more control of their settings. Virtual assistant apps could also help educate users on how their data is being collected, processed and shared. “Instead of reading pages of text,” Farber suggests, “users could query a virtual assistant, which could walk them through their privacy settings.” As virtual assistants “gain more popularity, managing privacy and protecting your online persona will be more of a continuous, background process handled by an intelligent agent rather than a sometimes impenetrable chore.”
Full Story

MOBILE PRIVACY

Health Group Releases mHealth Study; Privacy in HTML5 Era (June 26, 2013)

A new study by a mobile health advocacy group states there is not a “one-size-fits-all” resolution for mobile privacy legislation, Thomson Reuters reports. The mHealth Alliance report, Patient Privacy in a Mobile World: A Framework To Address Privacy Law Issues in Mobile Health, also has provided a mobile privacy toolkit for using mobile health technology. The evolving nature of mobile technology “makes it difficult, and some may say ill-advised, to create rigid legal rules that may not fit future mHeath applications or worse that may hamper their development in the first place,” the study states. Meanwhile, CIO reports on how to ensure privacy in the age of HTML5.
Full Story

MOBILE PRIVACY

Balancing the Benefits and Risks of BYOD (June 26, 2013)

InfoWorld examines the bring-your-own-device (BYOD) trend and “the question of how to balance the benefits of a self-provisioned workforce against the risks of company assets walking out the door when workers are let go.” One chief technology officer cautions, “Mobile data is a big problem, so it's time to start compartmentalizing risks. This way, you can find a balance between the benefits of a (BYOD) workforce and the risks.” The report highlights steps organizations and their IT departments can take to protect vulnerable data in the event of employee layoffs or other departures. Tips include having a written BYOD policy, keeping data off local devices and doing sweeps regularly.
Full Story

HEALTHCARE PRIVACY

For Sale: Ingestible Computers To Monitor Your Health (June 25, 2013)

The New York Times reports on a new wave of prescription pills—ones that can e-mail your doctor after being swallowed. Ingestible computers in pill-form can now monitor health data and share it wirelessly with doctors. The pills stay intact throughout the intestinal tract and are powered through stomach acids. John Perry Barlow of the Electronic Frontier Foundation says such a pill has wonderful and terrible aspects. “The wonderful is that there are a great number of things you want to know about yourself on a continual basis…The terrible is that health insurance companies could know about the inner workings of your body.” (Registration may be required to access this story.)
Full Story

DATA RETENTION—AUSTRALIA

Gov’t Won’t Pursue Retention Law (June 24, 2013)

Following a parliamentary report that analyzed telecommunications interception in Australia, the federal government has temporarily decided not to pursue a mandatory data retention regime, Computerworld Australia reports. The Parliamentary Joint Committee on Intelligence and Security submitted 43 recommendations around a retention regime. “Accordingly,” said Attorney-General Mark Dreyfus, “the government will not pursue a mandatory data retention regime at this time and will await further advice from the departments and relevant agencies and comprehensive consultation.”
Full Story

SURVEILLANCE—INDIA

CCTV Not Covered in Draft Law (June 21, 2013)

Those whose images are captured via CCTV in public places “will not be able to invoke the proposed privacy law to seek redress,” The Indian Express reports. That is one provision of the draft privacy bill “likely to be tabled in Parliament's forthcoming session,” the report states, noting the bill does include the creation of a national body to hold individuals, organizations and others accountable for audio and video recording. The bill “addresses the home ministry's concern that interception laws must not change and that footage from security cameras in public places are kept out of the ambit of the new law," officials said.
Full Story

DATA PROTECTION—AUSTRALIA

Survey: Australians Trust Gov’t To Protect PI (June 20, 2013)

A Unisys study has found that while the majority of Australians trust government to protect their personal information from misuse, they oppose any Internet monitoring efforts, The Sydney Morning Herald reports. The study found that 80 percent of respondents trust Medicare to protect such private data as eye scans or fingerprints; however, “only about one in two people would willingly give biometric details to other government agencies.” Seventy-five percent of respondents trust the Taxation Office, and 87 percent support surveillance of public roadways, but “more than half of Australians opposed increasing government surveillance of their Internet use,” the report states.
Full Story

PRIVACY LAW—AUSTRALIA

ADMA CEO Opposes Breach Notification Plan (June 20, 2013)

CMO reports on Association for Data-driven Marketing and Advertising CEO Jodie Sangster’s comments against the government’s plans to impose data breach notification requirements on Australian businesses. If passed, proposed breach notification will come into effect in March and will require government agencies and private organisations to notify customers of serious data breaches when they occur, the report states. Sangster has called the law “ill-considered,” noting the industry has guidelines in place for breach notification. “It comes at a time when businesses large and small are already grappling with the most extensive changes to privacy legislation seen in the last 10 years,” Sangster said.
Full Story

SURVEILLANCE

NSA Reactions Continue (June 20, 2013)

From connections between the National Security Agency (NSA) and various leaders at start-ups in Silicon Valley to questions of whether the NSA leaks will prompt an EU data protection rewrite, reports on the continued implications of the recent revelations abound. In an opinion piece for The New Zealand Herald, John Roughan suggests “security trumps privacy online,” while the South China Morning Post reports on legislators urging Hong Kong “to tighten its laws on invasion of privacy and covert surveillance” in the wake of the NSA revelations. This exclusive for The Privacy Advisor highlights the key headlines, including a recent report from The New York Times on the connection between a former Facebook CSO and the NSA, a Reuters report on Wednesday’s cloud security summit and Sir Martin Sorrell’s comments in The Guardian that the NSA revelations are a “game changer.”
Full Story

ONLINE PRIVACY

W3C Moves Forward on June Draft; Group Launches Privacy Controls (June 20, 2013)

ZDNet reports on two developments in the Do-Not-Track initiative. First, those participating in a World Wide Web Consortium conference call agreed to accept a draft of the standard in an effort to work toward “Last Call,” when the proposal is brought for a vote. The draft is being dubbed the June Draft. Also, Mozilla has teamed up with Stanford’s Center for Internet Society to announce it is launching its own set of privacy controls on the web. Called a “Cookie Clearinghouse,” it will allow users to create and maintain “allow lists” and “block lists,” the report states.
Full Story

ONLINE PRIVACY

Officials Want Answers on Google Glass (June 19, 2013)
Privacy officials from six countries have written to Google CEO Larry Page requesting more information about Google’s wearable computer technology, Google Glass. Privacy commissioners in Canada, Australia, New Zealand, Mexico, Switzerland and Israel want to know how the information collected by the technology may be used, CNET News reports. “We would be very interested in hearing about the privacy implications of this new product and the steps you are taking to ensure that, as you move forward with Google Glass, individuals’ privacy rights are respected around the world,” the officials wrote.

DATA PROTECTION

Average Breach Detection Takes 10 Hours (June 19, 2013)

The average organization believes it would spot a data breach within 10 hours, according to a recent McAfee Global Survey. The survey polled 500 decision-makers from the U.S., UK, Germany and Australia earlier this year. Twenty-two percent said they could identify a breach within a day, while just more than one-third said it would take them only minutes, PC Advisor reports. “This study has shown what we’ve long suspected—that far too few organizations have real-time access to the simple question, ‘Am I being breached?’” said a McAfee spokesman. Meanwhile, Australia’s new breach notification laws could require companies to “dumb down” their monitoring capabilities, reports The Sydney Morning Herald.
Full Story

DATA PROTECTION—AUSTRALIA

Commissioner: Data Collection Could Be Criminals’ “Honey Pot” (June 18, 2013)

Amidst an increase in complaints to his office, Privacy Commissioner Timothy Pilgrim is warning that personal data collected by corporations “is a honey pot calling to criminals,” The Sydney Morning Herald reports. Last year’s complaints were a “10 percent increase on the previous year, and the figures year to date look like we are heading towards another 10 percent increase on last year,” Pilgrim said, adding, “We have already passed the 1,357 mark at the end of May, and I would think we were looking at 1,500-plus this year.” Pilgrim cautioned organizations to “only collect the type of information that is absolutely essential to provide the service.”
Full Story

GENETIC PRIVACY

DNA Samples May Be More Identifiable Than Thought (June 17, 2013)

The New York Times reports that while research subjects are often told that the DNA sample they’ve provided for the sake of science is not identifiable and their anonymity will be preserved, “geneticists nationwide have gotten a few rude awakenings, hints that research subjects could sometimes be identified by their DNA alone or even by the way their cells were using their DNA.” Such revelations are particularly concerning following the announcement that nearly 80 researchers want to combine the world’s DNA databases to make it easier for researchers to retrieve and share such data. Meanwhile, local law enforcement agencies across the U.S. have begun amassing their own DNA databases. (Registration may be required to access this story.)
Full Story

SURVEILLANCE—AUSTRALIA

NSA Leaks Reach Australian Shores (June 13, 2013)

The recent disclosure of the U.S. National Security Agency’s surveillance programmes has transcended national borders, sending shockwaves throughout the privacy community. In our continuing coverage of the unfolding story, The Privacy Advisor has compiled a roundup of news—from comments by Privacy Commissioner Timothy Pilgrim to a refusal to comment by Attorney-General Mark Dreyfus.
Full Story

PRIVACY LAW—AUSTRALIA

AG Asks ALRC To Conduct Inquiry (June 13, 2013)

Attorney-General Mark Dreyfus has asked the Australian Law Reform Commission (ALRC) to examine “prevention and remedies for serious invasions of privacy in the digital era, including the right to sue for breach of privacy,” Computerworld reports. “Our privacy laws need to address future challenges and ensure people can take action against a person or organisation that seriously violates their privacy,” Dreyfus said. As part of the inquiry, Dreyfus has asked the ALRC to recommend ways to reduce privacy invasions and balance privacy with such other values as freedom of expression and justice, the report states.
Full Story

DATA LOSS—NEW ZEALAND

CYF Being Blackmailed After Breach (June 13, 2013)

Stuff.co.nz reports that Child, Youth and Family (CYF) accidentally sent private information about a young woman to the wrong person and is now “being blackmailed by the woman who received” the details. CYF’s Bernadine Mackenzie has said the agency is taking legal action to protect the first woman’s privacy. “A mistake occurred and I'm sorry that our actions have seen a family's private information passed to a third party,” she said, adding, “Unfortunately, the woman who has this short document is refusing to return or destroy the information. She is demanding that we return one of her children to her care in exchange for the document.” In a separate incident, confidential medical notes left on a bus by a Pathways worker are still missing.
Full Story

EMPLOYEE PRIVACY—AUSTRALIA & NEW ZEALAND

Will Drug, Alcohol Tests Prompt Future Lawsuits? (June 13, 2013)

In a post for Law Fuel, Jim Castiglione and Sarah Wilson of Chen Palmer Public and Employment Law Specialists discuss the issue of whether drug and alcohol testing is an unnecessary intrusion into employees’ privacy rights. “Employers’ and employees’ clashing interests have led to arguments about the most appropriate way to protect employee privacy while providing employers with sufficient opportunities to ensure workplace safety is maintained,” they write. The report details the types of tests involved, past lawsuits and the privacy implications of new technologies. “It may only be a matter of time before this issue is relitigated,” they write.
Full Story

STUDENT PRIVACY—AUSTRALIA

Majority of Parents Object to School Tracking (June 13, 2013)

A recent national survey of about 1,000 parents indicates “four in five Australian parents want a ban on data tracking in schools to protect their kids from online advertising,” ABC News reports, with more than 90 percent indicating they oppose online data tracking in schools. Australian Council of State School Organisations President Peter Garrigan said, “Our young people—their privacy is being invaded…Their data is being stored; it is going into the cloud, and what is going to happen once they finish school?”
Full Story

PERSONAL PRIVACY—AUSTRALIA

Opinion: Privacy Regs Impact Anti-Smoking Efforts (June 13, 2013)

In an op-ed for The Sydney Morning Herald, Matt Wade highlights fears that privacy requirements prohibiting the publication of tobacco use information will impede the nation’s campaign to reduce smoking. “Last month's budget papers withheld the figures on tobacco excise to protect ‘taxpayer confidentiality’…The latest statistics released by the Tax Office also declined to publish specific tobacco excise information ‘to comply with privacy regulations’,” he writes. One public health professor notes, “It’s going to make it very, very difficult for us to evaluate important policy and program impacts.”
Full Story

PRIVACY LAW—MALAYSIA

PDPA Enforcement Date Still Unknown (June 13, 2013)

The Malaysian Reserve reports no date has been set for the enforcement of the Personal Data Protection Act 2010. “It will be enforced as soon as possible,” said Communication and Multimedia Minister Datuk Seri Ahmad Shabery Cheek, though he declined to be more specific as to whether it will be in force by the end of the year. Communications and Multimedia Commission Chairman Datuk Mohamed Sharil Mohamed Tarmizi noted that as data crosses all industries, “There will be a lot of consultation, which we would have to go through those first, as the regulator in each sector has its own data protection requirement.”
Full Story

PRIVACY RESEARCH

OAIC Launches Community Attitudes to Privacy Survey (June 13, 2013)

The Office of the Australian Information Commissioner announced today it is launching its Community Attitudes to Privacy survey, to explore changes in attitudes to privacy across a range of areas. It follows previous studies conducted in 2001, 2004 and 2007, and focuses on the way that businesses and the government handle personal information. The research will involve 1,000 consumers and is being conducted by Wallis Strategic Market and Social Research.
Full Story

PRIVACY IN POPULAR CULTURE

IAPP Members in the News (June 13, 2013)

If nothing else, the news that has been rippling around the globe about the U.S. government’s surveillance practices has brought privacy to the forefront of public discourse. Therefore, it shouldn’t be surprising that our IAPP members are showing up all over the media in recent days. The Privacy Advisor takes you on a quick tour of IAPPers in the mass media.
Full Story

PRIVACY LAW—JAPAN

Japan Applies To Take Part in CBPR (June 13, 2013)

Japan’s Ministry of Economy, Trade and Industry has announced the government’s June 7 application to participate in APEC’s Cross-Border Privacy Rules. “Japan applied for participation in the system, following the United States and Mexico,” the announcement states, noting, “In the future, if Japan is admitted to the system and the neutral certification organization is authorized, enterprises and other entities certified by this organization will be able to prove that the handling process of private information in their companies is compatible with the APEC Information Privacy Principles.” The division in charge of the application is the Office of International Affairs, Information Policy Division, Commerce and Information Policy Bureau.
Full Story

DATA LOSS

Breach Stats and Implications: A Roundup (June 12, 2013)

From loss of patient data to the potential impact of the recent NSA/PRISM revelations on psychiatric patients to how the legislation affects data breach costs, breaches and their implications are making headlines across the globe. This roundup for The Privacy Advisor highlights some of the latest news, including BankInfoSecurity’s report on Symantec’s Cost of a Data Breach Study, conducted by the Ponemon Institute, which indicates the average cost of a data breach has gone up from $130 per record in 2011 to $136 per record.
Full Story

BIOMETRICS

Google Outlaws Facial Recognition, Voiceprints for Google Glass (June 11, 2013)

Google has decided to ban facial-recognition technology from its Google Glass product, following pressure from the U.S. Congress. It has also banned voiceprints, which would allow the microphone to identify a speaker. App developers—including Lance Nanek, who built an app that would allow clinicians wearing the glasses to verify patient identities and pull their medical records without having to turn to a secondary device—are disappointed in the decision. The company says it will not allow such applications until “strong privacy protections” are in place, but the Future of Privacy Forum wonders “what sort of privacy protections can actually be put in place for this sort of technology?”
Full Story

PRIVACY LAW—AUSTRALIA

Kaspersky: Mandatory Breach Notices Will “Ruin” Investigations (June 6, 2013)

The Australian reports on comments by IT security expert Eugene Kaspersky that mandatory breach notification would "ruin" police investigations. Kaspersky’s comments came days before Attorney-General Mark Dreyfus's announcement of the government’s plan for mandatory breach notification laws, the report states. “Exposing the information to the public is good but bad at the same time. It's good that you make your customers aware of their situation but the negative is that you will ruin any investigation,” Kaspersky said, adding, “There has to be a balance, and this balance has to shift in favour of the police investigation.” (Registration may be required to access this story.)
Full Story

DATA PROTECTION—NEW ZEALAND

GCIO Report “Wake-Up Call” for Public Sector (June 6, 2013)

A new report revealing systemic weaknesses in how privacy and security is managed across the public sector is “a wake-up call to the government sector,” Privacy Commissioner Marie Shroff has said. The Government Chief Information Officer (GCIO) report reviewed 215 publicly accessible information systems across 70 agencies. Shroff said, “While departments are keen to make use of personally-linked data, the report shows that they haven’t yet got their heads around how to handle it properly. I welcome the recommendations in the report. They are strong and comprehensive and will require some agencies to really lift their game.”
Full Story

PERSONAL PRIVACY—VICTORIA

Police To Get Database Access from Home (June 6, 2013)

As part of an overhaul to Victoria Police data services, certain police officers will be able to access confidential database information from home, reports The Sydney Morning Herald. The change has led to fears over the increased risk to police data. ''It's very confidential information and having it available from officers' homes when they're not on duty or on the beat in a tablet form is not particularly desirable because invariably it will fall into the wrong hands,'' said Liberty Victoria president Jane Dixon. It is yet to be determined what kind of device will be used to access the Interpose database and who will have the ability to access it.
Full Story

MOBILE PRIVACY

Opera Releases Mobile Browser With Privacy Built-In (June 6, 2013)

The Norwegian browser developer Opera announced this week the release of Opera Mini 4.5, a low-end mobile browser intended for “featurephones.” Notably, it has a built-in private setting that keeps any login or data from being saved to the phone. For example, friends can log in and check Facebook without worries their log-in information will be retained.
Full Story

GENETIC PRIVACY

Privacy Is Major Hurdle for Research Group (June 6, 2013)

A group of geneticists have established a consortium aimed at creating database of genetic and clinical data that could be accessed by doctors and researchers across the globe, reports The New York Times. Experts from the consortium say the major challenge is a lack of standards for storing and sharing data and for assuring that patients consent to this sharing of their data. “The question is whether and how we make it possible to learn from these data as they grow, in a manner that respects the autonomy and privacy choices of each participant,” said David Altshuler of Harvard and MIT. The group consists of more than 70 medical, research and advocacy organizations active in 41 countries. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Study: Avg. Breach Cost Is $136 Per Record (June 5, 2013)

Ponemon Institute and Symantec have released a study indicating human errors and system problems were the causes of two-thirds of data breaches in 2012, and the average breach cost is now up to $136 per record, The Wall Street Journal reports. The issues involved included “employee mishandling of confidential data, lack of systems controls and violations of industry and government regulations,” the report states. The study also found financial services incidents to be the most costly. (Registration may be required to access this story.)
Full Story

PRIVACY BIZ

Evidon To Acquire MobileScope (June 5, 2013)

MediaPost News reports on privacy-compliance company Evidon’s acquisition of MobileScope, a tool used to determine mobile apps’ collection or sharing of information about users. The deal, expected to be finalized today, will see Evidon incorporating MobileScope into a subscription-based offering that allows companies to view what data is being mined from their services for the purposes of ad targeting.
Full Story

PRIVACY ENGINEERING

What Misconceptions Do Consumers Have About Privacy? (June 4, 2013)
“Control of personal information in the digital space, and particularly on mobile devices, presents a unique design challenge,” writes Create with Context CEO Ilana Westerman in this Privacy Perspectives post. “We can leverage existing technology to create new experiences around personal data collection that are both transparent and provide control,” she notes, “But before we can begin to think about design solutions, we need to understand consumers’ current experience and expectations of how their personal information is handled and safeguarded.”

SURVEILLANCE

UN Report: State Surveillance Violates Rights to Privacy, Expression (June 4, 2013)

The United Nations (UN) Office of the High Commissioner of Human Rights drew attention today to its recent report indicating state communications surveillance undermines the human rights to privacy and freedom of expression. “Concerns about national security and criminal activity may justify the exceptional use of communications surveillance,” said UN Special Rapporteur Frank La Rue. “Nevertheless, national laws regulating what constitutes the necessary, legitimate and proportional state involvement in communications surveillance are often inadequate or simply do not exist…Who are the authorities mandated to promote the surveillance of individuals? What is the final destiny of the massive amounts of the stored information on our communications? These questions urgently need to be studied in all countries to ensure a better protection of the rights to privacy and the right to freedom of expression.”
Full Story

ONLINE PRIVACY

Yahoo E-Mail Scans Not New Practice (June 4, 2013)

CNET reports that news Yahoo users will have their e-mail scanned so relevant ads may be sent to them isn’t actually news at all; the service provider has been doing so since 2011. "This is not about a new policy," said Yahoo spokeswoman DJ Anderson. "We believe having personalized experiences benefits the user. If the user doesn't want to have contextual-based or interest-based advertising, they can opt out of that through our ad interest manager." Users may have simply become aware of the change when Yahoo recently informed users they will be required to upgrade to a newer version of Yahoo mail, which would require them to accept Yahoo’s terms of service and privacy policy.
Full Story

DATA LOSS

A Roundup of Recent Data Breaches (June 3, 2013)

Data breaches continue to plague organizations across industry sectors. From the hack of content management platform Drupal to a slew of breaches affecting personal health information, this roundup for The Privacy Advisor also includes analysis of two emerging legal arguments arising to prove financial harm in healthcare breaches, what a recent U.S. Supreme Court decision could mean for defending against data breach litigation and word that an Australian government proposal to implement mandatory breach notification legislation will increase class-action lawsuits.
Full Story