ANZ Dashboard Digest

A new approach to notice and consent has been around for at least a couple of years now. The Microsoft whitepaper was released late 2012, and several subsequent books by privacy thought-leaders have developed this theme, which makes sense. Individuals ought to be given the opportunity to shape their profiles and to have a role in transactions involving their data, and notice and consent will no longer suffice. Equally, entities that stand to benefit from the information should protect their source if they wish to guarantee the future supply of valuable data.

If this approach is accepted, some of the stories this week indicate that there is still a long journey ahead. Whilst many entities still appear to treat privacy as a compliance issue, and one where boundaries should be pressed, others continue to succeed based on adoption of the new approach. It will be interesting to see how this divide plays out in terms of commercial success. That other old chestnut of balancing the right to information against the right to privacy also gets some play this week in the opinion piece titled “Privacy starts to bite.” To hear all about it and ask your own questions of the experts, make sure you book your place at our Privacy Awareness Week breakfast discussion on 6 May as debate on the Australian Law Reform Commission paper on serious invasions to privacy in a digital age continues.

A safe and very Happy Easter to you all,

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

INTERNET OF THINGS

Opinion: TV’s Rollout Shows Lack of PbD, Transparency (November 27, 2013)

The recent rollout of LG’s new smart television has garnered press attention arising from several privacy concerns about how the new appliance collects and shares user data. The company has since announced it will update its firmware to address some of the concerns, and in the meantime, according to the Center for Democracy & Technology Director of Consumer Privacy Justin Brookman, its privacy notice has changed several times—often in contradictory ways. Did the company miss an opportunity to prevent all this? What roles could privacy professionals play in preventing such backlash. In this installment for Privacy Perspectives, Brookman looks into LG’s collection practices while pointing out the appliance’s apparent lack of Privacy by Design and transparency, suggesting the incident could serve as a lesson for privacy pros within other companies set to roll out new technology and consumer products.
Full Story

ONLINE PRIVACY

Will the Internet Become Private as a Standard? (November 27, 2013)

The Internet Engineering Task Force (IETF) has asked the architects of Tor, a privacy-protecting web-browsing tool, to discuss the idea of using their product to make private web browsing the Internet standard, Salon reports. “Collaborating with Tor would add an additional layer of security and privacy … that goes beyond encrypting your communications,” the report states. Andrew Lewman, executive director of Tor, says the idea is “worth exploring to see what is involved. It adds legitimacy; it adds validation of all the research we’ve done”; however, he adds, “The risks and concerns are that it would tie down developers in rehashing everything we’ve done, explaining why we made decisions we made. It also opens it up to being weakened.” Meanwhile, new app Aether is an encrypted network that lets people share content anonymously.
Full Story

DATA PROTECTION—AUSTRALIA

Final Set of APPs Released for Comment (November 21, 2013)

The Office of the Australian Information Commissioner (OAIC) has released the final set of Australian Privacy Principles (APPs), reports Computerworld. APP 12 and 13 cover access to and correction of personal information and require organisations to give consumers access to the information organisations hold on them and to take reasonable steps to correct information as well as “contact other organisations that hold the same information about a person so that they can update these details,” the report states. The consultation period is open until 16 December.
Full Story

PRIVACY—NEW ZEALAND

Officials Announce Creation of Gov’t CPO (November 21, 2013)

Officials have announced the creation of a government chief privacy officer (GCPO) position, Voxy reports. “It is important that New Zealanders have confidence in government agencies to do all they can to ensure personal information is kept safe," said State Services Minister Jonathan Coleman. The GCPO will provide additional support to the government chief information officer in assuring privacy is managed appropriately, the report states. “This move brings the government sector into line with many large private sector organisations. Global internet giants and banks position responsibility for privacy at a very senior level," said Privacy Commissioner Marie Shroff. “Even before the recent spate of privacy breaches, it was clear to us as the independent regulator that the public sector needed better privacy leadership and accountability.”
Full Story

SURVEILLANCE—AUSTRALIA

APF Urges Gov’t To Back UN Resolution (November 21, 2013)

The Australian Privacy Foundation (APF) is urging the government to support a United Nations resolution “bolstering international privacy protection in the wake of more revelations about Australia’s surveillance of Indonesian ministers,” The Guardian reports. “As we find out what our national security agencies are doing overseas, it makes you wonder what they're doing within Australia,” said APF Chairman Roger Clarke, adding, “We know that parliaments have granted national security agencies enormous powers since 2001. We know that those powers are not subject to proper controls. For all we know, they could be self-authorising all manner of intrusions, here as well as in Jakarta.”
Full Story

DATA LOSS—AUSTRALIA

Online Dating Service Gets Hacked (November 21, 2013)

Online dating service company Cupid Media suffered a breach in January this year exposing names, e-mail addresses and passwords in plaintext, The Guardian reports. It appears 42 million have been affected and that the hackers responsible were also responsible for the recent Adobe hack. Affected users are being notified and asked to change their passwords.
Full Story

CYBERSECURITY

Debunking Three Cyber Insurance Myths (November 21, 2013)

“In the past, cyber insurance was a polarizing issue in my discussions with privacy and risk professionals,” writes Experian Data Breach Resolution Vice President Michael Bruemmer, CIPP/US, “Some professionals were adamant about the benefits of cyber insurance, while others worried that the policies currently on the market didn’t meet its needs or were too costly.” In this post for Privacy Perspectives, Bruemmer debunks three of the most common myths associated with cyber insurance and examines why small- and medium-sized businesses are not off the radar of hackers and other cyber thieves.
Full Story

PRIVACY ENGINEERING

How To Do PbD in Predictive Analytics (November 21, 2013)

In a Q&A with DataInformed, IBM Fellow and Entity Analytics Group Chief Scientist Jeff Jonas discusses his involvement with Privacy by Design and how he integrated it into new predictive analytics software. Jonas has created technology that allows businesses to collect and analyze data from multiple sources in real time to help make “smart” decisions. He said, “One of my goals in the use of Privacy by Design in the G2 project was what kind of privacy features can I bake in that cost no more? In other words, they’re by default. They’re built in. In fact, a few of them, you can’t even turn them off. That way, someone’s not left there with a decision, ‘Yeah, we trust ourselves. I don’t have to pay extra for a privacy feature. I’d rather just buy more disk space.’”
Full Story

INTERNET OF THINGS

Are Smart TVs Watching Us? (November 21, 2013)

CNET UK reports on a UK blogger's allegations that “smart TVs are sending information on what channels you watch and the names of media files you stream over your network—even if you turn the setting off.” The report notes the blogger noticed ads on his Internet-connected TV and found an online instruction video where TV-maker LG “details how it can effectively target ads based on user data.” Asked for comment, LG responded, “Customer privacy is a top priority at LG Electronics and, as such, we take the issue very seriously. We are looking into reports that certain viewing information on LG Smart TVs was shared without consent.”
Full Story

BYOD

Where IBM Thinks BYOD Technology Is Headed (November 20, 2013)

When IBM announced last week it will soon acquire FiberLink, a maker of cloud-based mobile-device-management technology and the MaaS360 product, the news may have been interesting to privacy professionals on its own, drawing attention to a tech provider that will now have access to IBM’s much larger resources in attempting to solve a problem, in BYOD, with which many struggle. However, the buy is part of what IBM Director of Mobile Security Caleb Barlow called a “string of pearls” that includes the acquisition of Trustseer and the creation of a “cybersecurity software lab” in Israel, staffed with 200-plus researchers who will focus on mobile and application security and privacy. In this exclusive for The Privacy Advisor, Sam Pfeifle talks with Barlow about what IBM sees as the “Holy Grail” of mobile device management.
Full Story

PRIVACY LAW—MALAYSIA

Long-Delayed Data Protection Law Now In Effect (November 20, 2013)

Passed originally in 2010, Malaysia’s Data Protection Law is now actually in effect, after years of postponements. Hunton & Williams’ Privacy and Information Security Law Blog reports that the Malaysian Minister of Communications and Multimedia announced on November 14 that the law would go into effect the next day, leaving professionals to scramble to make sure they are in compliance. Major features of the law include: An exemption for Malaysia’s federal and state governments, a category of personal data that is considered so sensitive that it requires explicit consent, cross-border transfer restrictions and criminal penalties of up to $156,000 and imprisonment of up to three years.
Full Story

ONLINE PRIVACY

Hochman: What Are the Ethics of the Internet? (November 19, 2013)

In a piece for Internet Evolution, Jonathan Hochman explores the ethical limits on the Internet and what he sees as a major problem called “paid unpublishing.” In such cases, a website operator obtains embarrassing information, publishes it and then offers to remove it for a fee. A recent example of this can be seen with mugshot website operators. “Unless steps are taken now to confront paid unpublishing, we may increasingly find our secrets or mistakes for sale online by unscrupulous ‘entrepreneurs,’” Hochman writes, adding that ethical online media follows three principles: no paid unpublishing, avoiding conflicts of interest and supporting the right to respond.
Full Story

PRIVACY LAW

Alberta Privacy Law Ruled Unconstitutional, and More (November 18, 2013)

The Supreme Court of Canada, in a unanimous ruling, has determined that the Alberta privacy law is unconstitutional and has given the province one year to amend it; a federal judge in Vermont has ruled there can be no expectation of privacy when it comes to data exposed online via a peer-to-peer file-sharing network, and the New Zealand Parliament has voted down a bill that would have given the privacy commissioner increased powers. Meanwhile, the U.S. FTC has asserted its power over parental-consent methods; Brazil is calling for a crackdown on government surveillance, and Italy’s data protection authority and intelligence department have entered into a cooperation protocol. This week’s Privacy Tracker roundup has these stories and more. (IAPP member login required.)
Full Story

PERSONAL PRIVACY

The Secret Life of Webcams (November 18, 2013)

Webcams are on nearly every laptop and smartphone these days. They are great for video conferencing but can be used for nefarious purposes as well. One such case involves a young adult who hacked into a number of computers to take photos of young women and then used such photos to blackmail them. Moreover, the U.S. Federal Trade Commission recently settled with security company TRENDnet because it allegedly used lax security in protecting its cameras from being hacked and exploited. This Privacy Perspectives post explores these cases and looks at what can be done to prevent such nefarious use of these ubiquitous and potentially invasive features.
Full Story

PRIVACY IN POP CULTURE

The Circle Makes Us Square (November 15, 2013)

In his new novel, The Circle, Dave Eggers creates a world dominated by a search/social/commerce operation that is basically every cliché you’ve ever heard about Google, Facebook, Amazon, Yahoo and Twitter, all wrapped into one. In this exclusive for The Privacy Advisor, Publications Director Sam Pfeifle examines the world Eggers creates—a world devoid of privacy pros, where characters live by slogans like “secrets are lies,” “sharing is caring” and “privacy is theft.”
Full Story

PRIVACY

Brick-and-Mortars Catch Up on Tracking (November 15, 2013)

Reuters reports on brick-and-mortar retailers’ use of face scanners in an effort to improve such things as staffing, layout and marketing. Many businesses, aware of consumers’ reticence to be tracked, promise to only use the data in aggregate unless consumers give their consent. Shoppers are also increasingly asked to sign up for loyalty card programs that would allow the retailer to track them in exchange for discounts. “They are just trying to get real smart with data in the way the e-commerce guys are smart with data,” said the head of one tracking-device manufacturer. But the chief executive of a customer science company said, “Too much is happening without consumer consent.”
Full Story

PRIVACY LAW—NEW ZEALAND

Privacy Bill Defeated (November 14, 2013)

3News NZ reports on the defeat of a bill “that would have given the privacy commissioner much wider powers” by a vote of 61 to 59 on its first reading in Parliament this week. Labour MP Sue Moroney drafted the Privacy (Giving Privacy Commissioner Necessary Tools) Bill to allow the commissioner “to undertake investigations, issue compliance notices and demand privacy audits across the public and private sectors.” The government opposed the bill, the report states.
Full Story

ONLINE PRIVACY—AUSTRALIA

Study: Aussies Using False Info To Protect Privacy (November 14, 2013)

According to “Digital Footprints and Identities,” a Taverner Research study conducted for the Australian Communications and Media Authority, nearly “half of all Australians admit to providing fake details online to protect their actual details from misuse,” ZDNet reports. The information, which was based on surveys of 2,509 Australians, found, “Users, especially younger users, appeared willing to replace anonymity with what might be termed ‘pseudonymity.’ They would do this by withholding or misstating one or more of their real name, their actual age or date of birth, their e-mail address or their physical address.”
Full Story

DATA LOSS—NEW ZEALAND

Board To Settle Medical Privacy Breach (November 14, 2013)

Stuff.co.nz reports that Canterbury District Health Board (DHB) “appears to have reached a deal to avoid legal action over a doctor's 2007 privacy breach,” suggesting this case “could have proved a test case for whether DHBs are vicariously liable for their staff breaching patient confidentiality by accessing electronic records without permission, something virtually untested in New Zealand.” The report cites input from University of Canterbury Prof. Ursula Cheer. Cheer suggests New Zealand’s privacy laws are “quite undeveloped,” the report states, noting “it would be difficult to hold the organisation responsible if it had clear policies, training and procedures in place.”
Full Story

SURVEILLANCE—AUSTRALIA

AFP Moving To Capture, Retain Metadata (November 14, 2013)

Despite the lack of legislation to allow widespread data retention, ZDNet reports the Australian Federal Police (AFP) “is setting up systems that will allow it to analyse traffic and capture and retain metadata.” The AFP is moving to extend its network forensics “to include new deep packet inspection capacity that will be able to capture and retain metadata,” the report states, noting, “The AFP has long admitted it seeks legislative changes that would force telcos and ISPs to retain data so that it may use it in criminal investigations.” And, the AFP’s assistant commission has indicated he would like such data retained indefinitely.
Full Story

TRAVELLERS’ PRIVACY—NEW ZEALAND

Transport Users Must “Opt Out” or Details Will Be Shared (November 14, 2013)

Auckland Transport is standing by its policy to share its Hop cardholders' personal information with third parties “unless specifically asked not to,” The New Zealand Herald reports. Auckland Transport’s privacy policy requires “bus, rail or ferry users not wanting it to share their personal details with other organisations to ask it in writing not to do so”—in spite of the Office of the Privacy Commissioner's recommendation that information not be shared “without specific permission from card users,” the report states. Auckland Transport is claiming it has the right to provide personal information to "carefully selected third parties … so they can offer products and services which we reasonably believe may be of interest to you."
Full Story

PRIVACY LAW—HONG KONG

Privacy Law Amendments Affect Insurers (November 14, 2013)

South China Morning Post reports on the impact of amendments to Hong Kong’s privacy law on insurance companies. The changes “may have made it harder for insurers to sell products by cold calling potential customers, and has cut down sales in the second quarter,” the report states. “But it has not entirely shut the door on such a sales channel.” As amended, the Personal Data (Privacy) Ordinance “forces companies to determine in advance whether their customers object to the use of their personal data for direct marketing purposes,” and, one insurer comments, "Previously, many insurers linked up with banks and used the banks' data to cold call their customers. This practice is now banned under the amended privacy law."
Full Story

SURVEILLANCE

As NSA Fallout Continues, Investigations Called For, Launched (November 14, 2013)

Dutch and Belgian data protection authorities are leading an investigation “into whether consumers’ personal data on the global SWIFT money-transfer network can be accessed by the U.S. National Security Agency (NSA) or other intelligence services,” Bloomberg reports. “We will investigate if the security of the networks and databases of SWIFT containing huge quantities of personal data related to bank transactions of, among others, European citizens, allow for or have allowed for unlawful access,” said Dutch DPA and Article 29 Working Party Chairman Jacob Kohnstamm. In the U.S., advocacy groups including the Electronic Privacy Information Center, Privacy Rights Clearinghouse and Center for Digital Democracy sent a letter to the U.S. Federal Trade Commission calling for an investigation into Internet companies whose networks were accessed by the NSA. “It is inconceivable that when faced with the most significant breach of consumer data in U.S. history, the commission could ignore the consequences for consumer privacy,” the letter states. Meanwhile, a GigaOM report suggests the legacy of Edward Snowden's revelations about NSA surveillance could be "much if not most of the open web will be encrypted by default."
Full Story

PRIVACY BUSINESS

IBM To Acquire Fiberlink Communications (November 14, 2013)

IBM has announced its agreement to acquire mobile management and security company Fiberlink Communications. “In a mobile-first world, clients require a comprehensive mobile management and security offering. Oftentimes they integrate solutions on their own and take on unnecessary risk,” said IBM’s Robert LeBlanc. “To protect and enhance the complete mobile experience, it’s crucial to secure the app, user, content, data and the transaction. The acquisition of Fiberlink will enable us to offer these expanded capabilities to our clients, making it simple and quick to unlock the full potential of mobility.”
Full Story

PRIVACY RESOURCES

Where To Get Schooled in Privacy (November 13, 2013)

Prompted by a post to the IAPP Privacy List, our online Resource Center now includes a list of colleges and universities that offer courses in privacy. Currently featuring universities in the U.S., Canada and Europe, we have collected a preliminary list of offerings for those seeking higher education in privacy, but we need your help. Do you know of a school with a strong privacy focus? If so, send us an e-mail and let us know what we’re missing.
View Resource

DATA PROTECTION

Facebook Asks Adobe Users To Change Passwords (November 12, 2013)

Facebook is warning users who also use Adobe that if they are using the same e-mail and password combinations on both sites, they should change that, KrebsonSecurity reports. That’s after the recent breach at Adobe in which hackers stole nearly three million encrypted credit card records and users’ login credentials. “We actively look for situations where the accounts of people who use Facebook could be at risk—even if the threat is external to our service,” said a Facebook spokesman. “When we find these situations, we present messages like the one in the screenshot to help affected people secure their accounts.”
Full Story

PRIVACY LAW

Kazakhstan Joins the Crowd and Other Legislative Updates (November 11, 2013)

In the U.S., guidelines and court rulings have offered insight on everything from drone use to workplace audio recordings, while, internationally, questions still loom about the future of Safe Harbor and national leaders have presented an Internet privacy resolution to the UN. Kazakhstan’s privacy law is scheduled to come into effect this month, and Indonesia is looking into consolidating its sectoral coverage into an overarching law. Also in this week’s Privacy Tracker roundup is analysis of India’s privacy bill, California’s spate of privacy laws and insight from the FTC and the New Jersey Attorney General’s Office on how to avoid the wrath of regulators. (IAPP member login required.)
Full Story

PRIVACY LAW—NEW ZEALAND

Parliament Considers Privacy Principles (November 7, 2013)

Parliament is considering adopting a set of privacy principles that would help protect both MPs and journalists, Radio New Zealand reports. Privacy Commissioner Marie Shroff, who recently reflected on the evolution of privacy in the past decade, told Parliament's Privileges Committee “it might be useful for the Privacy Act principles to be used as some sort of a guide within the Parliamentary precinct when difficulties occur over the use of information." With the Privacy Act and the Official Information Act already established, she suggested there is no need to “reinvent the wheel.”
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

Dutton’s PCEHR Inquiry “Widely Welcomed” (November 7, 2013)

Health Minister Peter Dutton's inquiry into the Australia’s Personally Controlled Electronic Health Record (PCEHR) system is bring “widely welcomed,” The Australian reports, with doctors calling for the review to result in changes in PCEHR legislation. As one GP put it, “Secondary use of data without specific consent is a big concern for many consumers and clinicians … Integration of private-sector products is a great idea if you ask me, although the same data governance principles apply." The report quotes iappANZ President and Medical Software Industry Association Secretary Emma Hossack as welcoming the government's initiative, noting “the effective, safe and useful work already done by the Australian health IT industry.”
Full Story

PRIVACY LAW—AUSTRALIA

ALRC Submissions Due 11 November (November 7, 2013)

Submissions on the Australian Law Reform Commission’s Issues Paper 43, “Serious Invasions of Privacy in the Digital Era,” close 11 November. The inquiry, which began in July and was headed by Prof. Barbara McDonald, addressed 28 questions on the creation of a stand-alone cause of action for privacy breaches and whether existing laws address privacy issues in the digital era. The commission will present its findings in June.
Full Story

ONLINE PRIVACY—NEW ZEALAND

Bill Could Put Cyber Bullies Behind Bars (November 7, 2013)

A new bill being introduced in Parliament could see cyber bullies facing up to three years in prison, The Sydney Morning Herald reports. The Harmful Digital Communications Bill is backed by Justice Minister Judith Collins and would create a criminal offence for “sending messages or posting material online with intent to cause harm—including threatening and offensive messages, harassment, damaging rumours and invasive photographs,” punishable by up to three months in prison or a $2,000 fine, the report states. The bill would also establish an agency responsible for handling complaints.
Full Story

DATA COLLECTION—AUSTRALIA

Apple Releases Transparency Report (November 7, 2013)

In its new transparency report, Apple revealed that it has released user data to the Australian government. The company says it offered data such as names and addresses attached to 41 user accounts in the first half of 2013 but not “content” like photos and e-mails. The Australian reports that the majority of government requests related to lost or stolen devices, the company said, noting that “Unlike other companies dealing with requests for customer data from government agencies, Apple's main business is not about collecting information.” Of 1,178 device data requests, the company responded with “some” data to 695. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—NEW ZEALAND

Gov’t Creates Panel To Assist Public Agencies (November 7, 2013)

Internal Affairs Minister Chris Tremain has announced the creation of a panel of 21 security service providers to help government agencies manage privacy and security issues, reports Voxy. The panel will offer services related to risk management, security consulting and review, network and application testing and certification and assurance. The panel was selected by the government chief information officer and is part of an “ongoing programme of work to ensure government agencies are continually lifting privacy and security standards.” Tremain said, "Use of the panel will be mandatory for public and non-public service departments, and it will be available to other state services to help them increase capability.”
Full Story

DATA LOSS—NEW ZEALAND

Bank Sharing Few Details on Breach (November 7, 2013)

Westpac is sharing few details about a breach involving customer details, Stuff.co.nz reports. “The bank will not confirm if it has told affected customers what happened,” the report states, noting a newspaper has seen the documents that were given to a customer by a bank employee in error. The documents “spelled out customer account numbers, term deposit start and maturity dates, interest rates and balances,” according to the report, which also cites the Office of the Privacy Commissioner’s recommendations that it is generally “a good idea for organisations to notify affected parties of any potential privacy breach.”
Full Story

ONLINE PRIVACY

Closed-Circle Feature Added to Google+ (November 7, 2013)

Google has added a new feature to Google+ to ensure private conversations remain private, Think Digit reports. The feature allows businesses to decide if their restricted community will be open to everyone at the company or more limited, the report states. System administrators can decide whether restricted communities will be the default, but communities open to third parties such as business partners and clients can also be created.
Full Story

SURVEILLANCE

U.S. Urges EU To Preserve Safe Harbor; International Reactions to Spying Programs Continue (November 7, 2013)

Across the globe, fallout from reports of U.S. National Security Agency (NSA) and other governmental surveillance programs continues. Politico reports on U.S. regulators urging their counterparts in the EU not to abandon the Safe Harbor Framework amidst “mounting European anger over NSA spying.” Separately “The CIA is paying AT&T more than $10 million a year to assist with overseas counterterrorism investigations by exploiting the company’s vast database of phone records, which includes Americans’ international calls,” according to a report in The New York Times. NSA General Counsel Rajesh De has attempted to explain the agency’s telephone metadata collection program by saying, “It’s effectively the same standard as stop-and-frisk”—using “reasonable and articulable suspicion” to identify phone numbers to target. Meanwhile, Google has begun encrypting its internal network in an effort to halt broad surveillance, and Kaspersky has said it is designing products “to detect all malware”—even that sponsored by the NSA. In response to allegations of U.S. agencies spying on EU officials, Spiegel examines what the White House might have known and how the NSA sets its priorities, and Indonesia has backed a UN statement indicating “anger at U.S.-led data snooping,” while Australian websites faced cyber attacks “in protest at Canberra's reported involvement in the surveillance network.”
Full Story

PRIVACY RESOURCES

Employee Monitoring: What’s Allowed and What’s Not? (November 6, 2013)
Employers walk the line between protecting company resources and ensuring productivity and becoming big brother to their staff. Technology is available to monitor everything from computer use to hallways, but just because it’s out there, doesn’t mean it’s okay to use it. This IAPP Resource Center Close-Up aims to help you balance organizational security with employee privacy laws across the globe. You’ll find tools, articles and guidance on conducting background checks, accessing employee data and BYOD, plus learn about differing laws from region to region. (IAPP member login required.)

PRIVACY TECH

Hack the Trackers Taps Into the Post-Snowden Zeitgeist (November 5, 2013)

What do you get when you put a group of talented, self-motivated developers, tech-savvy judges and folks who built one of the Internet’s most-successful online privacy tools into the same room? This coming Saturday, you’ll get Hack the Trackers. Created by Ghostery, a privacy-enhancing browser service owned by Evidon, the hackathon aims to develop a new generation of online privacy tools by inviting developers to work together on open-sourced technology and then be judged by selected experts. In this exclusive for The Privacy Advisor, Jedidiah Bracy, CIPP/US, CIPP/E, talks with Evidon about how the event came to be and where they plan to take it.
Full Story

PRIVACY

Ten Steps to a Quality Privacy Program, Part Four: PIAs (November 4, 2013)
In part four of the series "Ten Steps to a Quality Privacy Program," Deidre Rodriguez, CIPP/US, explores privacy impact assessments, which she calls key to privacy by design—or default. While there are foundational concepts that must be addressed, each organization may need to approach PIAs differently according to its size and needs, writes Rodriguez in this exclusive for The Privacy Advisor.

PRIVACY LAW

Burden Lowered for Breach Compensation, Changes in China (November 4, 2013)

This week’s Privacy Tracker legislative roundup highlights a U.S. case that may have lightened the burden on plaintiffs in order to win compensation in breach cases, plus the introduction of bills inspired by the NSA’s surveillance techniques. China has amended its consumer protection law, and one Canadian provincial minister is trying to address a gap in privacy protection in the private sector by consolidating and adding laws. Meanwhile, Brazil is still considering a data protection law and the European Commission plans to push toward implementing the Data Protection Regulation by spring of 2014 despite attempts to delay it until 2015. (IAPP member login required.)
Full Story

BIG DATA

Business Lessons on Privacy and Data Mining (November 4, 2013)

Computerworld reports on the privacy issues surrounding data mining and how including ethical standards with mining can help bolster trust with consumers and help a company’s brand. One digital strategist said, “The values that you infuse into your data-handling practices can have some very real-world consequences.” The article provides a number of examples of companies getting into trouble because of their data-mining practices, but also provides another positive example. Data analytics firm Retention Science uses predictive algorithms and aggregated data to help better target consumers but refuses to share data across clients or third parties. The company also says its data scientists are not allowed to use or share collected data for their own research or publications. A representative from the company said it “works only with businesses that are fully committed to getting their consumers’ consent in advance to use their data.”
Full Story

ONLINE PRIVACY

Microsoft Updates Policy Ahead of Launch (November 4, 2013)

Ahead of the launch of the Xbox One this month, Microsoft has updated its privacy policy to clarify how data is collected and used within gaming functions. While Xbox One uses facial recognition to log in users, the data doesn’t leave the console and can be deleted at any time. However, users “should not expect any level of privacy” when it comes to live communication features like chat and video during live-hosted game sessions. Microsoft reserves the right to monitor those communications “to the extent permitted by law,” Ars Technica reports. Users are permitted to disable targeted ads and tracking through an opt-out page. Editor’s Note: For more on privacy concerns related to Kinect 2.0, see attorney David Tashroudian’s exclusive article, “Will Kinect 2.0 and COPPA Play Well Together?,” in The Privacy Advisor.
Full Story

DATA COLLECTION

Facebook Testing More Robust Data Tracking (November 1, 2013)

The Wall Street Journal reports on new software being tested by Facebook to increase the site’s ability to collect great amounts of user information, including the tracking of a user’s cursor on screen. In an interview with The Journal, Facebook Analytics Chief Ken Rudin said the collected data could be added to the company’s data analytics warehouse. According to the report, Facebook can use the stored data “for an endless range of purposes—from product development to more precise targeting of advertising.” Currently, the company collects two types of data: behavioral and demographic. The new tests would expand Facebook’s ability to collect behavioral data, according to Rudin. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Advocates, Industry Still Doubting DNT Talks (November 1, 2013)

Privacy advocates and the ad industry agree on one thing: the Do-Not-Track (DNT) talks should end, but, The Hill reports, the co-chairmen of the World Wide Web Consortium DNT working group announced that talks will continue. Network Advertising Initiative President Marc Groman, CIPP/US, said the NAI “remains concerned about the lack of progress and transparency in the working group as well as recent stories of arbitrary decisions,” but added, “we will continue to engage to ensure that there is a voice for third parties and digital advertising, small- and medium-sized businesses, the long tail of the Internet and frankly the consumer.”
Full Story