ANZ Dashboard Digest

“All human beings have three lives: public, private and secret.” Gabriel Garcia Márquez: A Life

The Easter week witnessed the death of one of our greatest authors, Gabriel Garcia Marquez, and tomorrow we commemorate the ANZACs throughout Australia and New Zealand. This is also the second long weekend in a row meaning that, as most people have had 10 days holiday, some are likening us to the land of the Lotus eaters. And if you have been trying to work—it’s a bit like one hand clapping. I have found almost everyone I want to talk to is away. I think that includes a fair bit of media, as there is not much on our favourite topic this week. Just plenty of time for the Royals, which in itself has raised the question of private boundaries, as the Australian press took personal photos of the Royals with long-distance photo lenses. I really do have to wonder about the public interest versus privacy in this instance.

The Marquez quote is to me the essence of why privacy fascinates. The layers, the nuances and the importance for humanity to be able to live without detection is perfectly encapsulated by Marquez.

One of the articles below examines the blurry edges between the public and private lives. Omer Tene and Jules Polonetsky, CIPP/US, discuss the concept of what constitutes “creepy” behavior. The interesting aspect of this is that it changes with circumstance. Whilst it may annoy you when your airline e-mails you about hotel deals at your next destination if you are staying with your family, your reaction could be different if you were in need of accommodation. Reminds me of the story of a woman who was propositioned by a millionaire at a dinner party. Outraged, she asked, “What do you think I am?” To which he replied, “I will give you a million dollars if you spend the night with me.” She acquiesced. The millionaire replied, “Now that we have established what you are, let’s negotiate.”

Perhaps just one of the reasons we have privacy principles rather than laws is to countenance the fluidity of what privacy means to us all. Whatever that baseline is, protections and custodianship of our public, private and secret lives make being a privacy professional a joy.

Enjoy your Dawn Service, your Two Up and your ANZAC Day.

Emma Hossack
President
IAPP ANZ

Top Australia and New Zealand Privacy News

PRIVACY COMMUNITY

A Record Night of Privacy After Hours Gatherings (January 31, 2014)

Privacy pros know that when they gather on IAPP Privacy After Hours nights they are part of something big. This past Tuesday night, however, was bigger than ever. More than 500 people who work with data—from all levels of experience, every sector and industry—gathered around the world in more than 30 locations. A big thank you to our volunteer hosts for setting up gatherings being described by participants as “extremely successful” and “practically a party … people didn’t want to leave.” For The Privacy Advisor, we’ve gathered up some scenes from around the globe.
Full Story

PRIVACY RESOURCES

New Whitepapers on Cloud Computing (January 31, 2014)

The IAPP has recently added to the Resource Center a series of four articles by Kuan Hon, Christopher Millard, Ian Walden and Julie Hornle of Queen Mary University of London. The articles cover topics including what personal data is regulated in cloud computing, who is responsible for it, jurisdiction concerns and exporting data outside the European Economic Area. Editor’s Note: Christopher Millard will take part in the preconference session The Privacy Pro's Field Guide to Contracting and Compliance in the Cloud at this year’s Global Privacy Summit. Register for the session online and receive a free copy of Millard’s book, Cloud Computing Law.
Full Story

BEHAVIORAL TARGETING

Researcher Identifies 212 Data Brokers; Fewer Than Half Allow Opt-Outs (January 31, 2014)

Journalist and author Julia Angwin recently sought to find the information commercial data brokers store about her, she reports on her blog. During her research, she discovered some of the data was incorrect—one broker asserting she was a single mother with no education—and decided to opt out. But less than half of the 212 data brokers Angwin identified offered opt-outs—there are no laws requiring they do so. In this post, Angwin provides two downloadable spreadsheets for users to both identify data brokers and then decipher which of them allow opt-outs. Editor's Note: Julia Angwin will give a keynote address at the IAPP Global Privacy Summit, March 5-7, in Washington, DC.
Full Story

PRIVACY LAW—AUSTRALIA

OAIC Observes Data Privacy Day with Review of New Laws (January 30, 2014)

The Office of the Australian Information Commissioner (OAIC) took time on Data Privacy Day this week to remind Australians of the new privacy laws going into effect 12 March. “With the introduction of new privacy laws, people’s privacy rights will be enhanced and strengthened in areas such as direct marketing, the disclosure of personal information overseas and requesting access to and correction of personal information held by an organisation,” explained Australian Privacy Commissioner Timothy Pilgrim. The OAIC release details on what the new privacy laws will mean for Australians. “Privacy Awareness Week 2014 will be about making sure people understand how to exercise their new and existing rights,” Pilgrim said.
Full Story

PRIVACY—HONG KONG & SINGAPORE

IAPP Asia Privacy Forum Set for March, April (January 30, 2014)

Every indication from the headlines that flooded inboxes and newsstands in the final days of 2013 and the first weeks of 2014 is that privacy will continue to be big news this year in every region of the globe. To continue to meet the needs of privacy pros—those who work for international firms, those who live in specific regions and those who are concerned with the privacy implications of living in an age where data privacy knows no borders—the IAPP is launching the IAPP Asia Privacy Forum, coming to Hong Kong and Singapore at the end of March and early April. In this feature for The Privacy Advisor, IAPP Publications Managing Editor Jennifer Saunders, CIPP/US, details what attendees can expect at these first-ever events.
Full Story

BIG DATA—NEW ZEALAND

Shroff Warns of Data Collection Threat (January 30, 2014)

Departing Privacy Commissioner Marie Shroff “has issued a stern warning over the growing threat posed by Big Data entities including governments and large Internet companies,” The New Zealand Herald reports. Shroff commented, “The public has woken up to the fact that their information is not completely safe with business or government or on the Internet—if it ever was,” citing the “mega growth” of technological abilities in the past decade. “The Internet and information technology empower us hugely, but they also put us at huge risk,” she said. Shroff, who will depart her post on 14 February, will be replaced as commissioner by John Edwards. Editor's Note: Katrine Evans recently shared an inside view from the New Zealand Privacy Office in the IAPP's Privacy Perspectives blog.
Full Story

PRIVACY—NEW ZEALAND

NZ CPO Search Begins (January 30, 2014)

The government has begun the search for a chief privacy officer (CPO) “to lead, engage and influence an all-of-government approach to privacy,” Computerworld reports. In its advertisement for the CPO post, the government indicates a priority will be the creation of a close relationship with the Ministry of Justice and the Office of the Privacy Commissioner “to ensure the three roles complement each other,” the report states. State Services Minister Jonathan Coleman and Internal Affairs Minister Chris Tremain announced the creation of the role last year. “It is important that New Zealanders have confidence in government agencies to do all they can to ensure personal information is kept safe,” Coleman said.
Full Story

PRIVACY LAW—AUSTRALIA

Expert: Examine Cloud Contracts Closely (January 30, 2014)

The Australian reports on recommendations from Henry Davis York Partner Matthew McMillan urging organisations “to closely examine their cloud computing contracts, especially with overseas suppliers, to avoid breaching new privacy laws that could see fines of up to $1.7 million.” The Australian Privacy Principles (APPs), which will replace the National Privacy Principles and Information Privacy Principles, come into effect 12 March, and McMillan, who specializes in privacy and technology, warns that certain contracts may need to be revised to address the Privacy Act’s “new accountability principle.” McMillan explains, “If there is an act of omission by an overseas entity, which would otherwise breach the APPs, then the Australian-based entity will be liable for the acts and omissions of the overseas entity.” (Registration may be required to access this story.)
Full Story

PRIVACY BY DESIGN

Whitepaper Highlights Emerging Privacy Engineer Discipline (January 30, 2014)

A new whitepaper surveying the emerging discipline of privacy engineering has been released. Co-written by Ontario Information and Privacy Commissioner Ann Cavoukian, Stuart Shapiro of the MITRE Corporation and Enterprivacy Consulting Group’s R. Jason Cronk, CIPP/US, Privacy Engineering: Proactively Embedding Privacy, by Design “seeks to promote a broader understanding and deeper practice of privacy engineering.” Editor’s Note: In a Privacy Perspectives installment, Cronk wrote, “Is 2013 the Year of the Privacy Engineer?
Full Story

PERSONAL PRIVACY

Which Information Do Consumers Most Closely Guard? (January 29, 2014)

Though consumers don’t always know how companies collect their data, which often causes a “trust gap,” evidence exists that consumers are still willing to exchange some of their personal information for products and services. Create with Context (CwC) recently surveyed 800 consumers to find out what information they would be willing to give up “in exchange for 50 percent off three different items: a gallon of milk, a large-screen television and a new car.” This Privacy Perspectives post reveals what CwC’s Ilana Westerman and Gabriela Aschenberger found, including how “97 percent of respondents said they’d be willing to give up at least one piece of data about themselves in exchange for a discount,” while noting that consumers don’t guard “all their information with equal vigilance.” 
Full Story

PRIVACY

Given the Heightened Fervor, What’s To Come in 2014? (January 29, 2014)

In this exclusive for The Privacy Advisor, Brian Dean, CIPP/US, pulls out his “foggy crystal ball” and prognosticates the future of privacy and security, looking at controversial topics including Safe Harbor, the NSA, the erosion of consumer trust, facial recognition and data brokers. “For data privacy and security professionals, this year offers optimism, but with looming midterm elections and recent significant data breaches, only subtle privacy improvements are likely,” Dean writes.
Full Story

PRIVACY

IAPP Releases Two New Whitepapers for #DPD2014 (January 28, 2014)
Looking for tools to help you spread the message of privacy professionalism through your organization or community? The IAPP has released for Data Privacy Day two new whitepapers. “Privacy Polices: How To Communicate Effectively With Consumers” is a collaboration between the IAPP, Kinsella Media and Rust Consulting and features new research on how consumers interact with privacy notices posted online. “Privacy 101 for SMEs: The Best Defense Is a Good Offense” was written by IAPP VP of Research and Education Omer Tene and Network Advertising Initiative President and CEO Marc Groman, CIPP/US, and provides practical advice for setting up a privacy program at, for example, a small tech start-up. Both papers are free for download and can be distributed as you see fit. Help spread the word of professional privacy practices. Editor’s Note: Celebrate Data Privacy Day at one of a record 36 scheduled Privacy After Hours events tonight.

PRIVACY

Opinion: Privacy Is Not Dead; Innovate for the Future (January 28, 2014)

“It’s time to get over zero-sum thinking about Internet privacy,” writes Respect Network CEO Drummond Reed, adding, “Privacy is not dead or dying because of the advances in new technologies.” Reed’s comments are in response to a recent Privacy Perspectives post by IU CLEAR Director Stanley Crosley, CIPP/US, CIPM, called “Old School Privacy is Dead, But Don’t Go Privacy Crazy.” Reed opines in his response on Perspectives that “it’s not an either/or proposition, and the thought of abandoning the notion of user control simply invites control by others.” Instead of “suggesting that privacy must adapt to technology,” Reed notes, privacy should be “embedded into technology systematically so as to remove the burden from the individual to protect their privacy.”
Full Story

PRIVACY COMMUNITY

Want to Speak at the All-New Academy? (January 28, 2014)

The IAPP and the Cloud Security Alliance have opened up the call for presentations for the 2014 Privacy Academy, a joining of the IAPP Privacy Academy and the Cloud Security Alliance Congress. The event happens September 17-19, and the programmers of the event are looking for innovative presentations in areas like the Internet of Things and connected devices, Big Data, risk management, privacy and cloud computing, employee privacy issues like BYOD and many more. This is the place where information security and privacy meet up to find technological solutions to the leading privacy issues of our day. The call for proposals ends February 21.
Full Story

PRIVACY LAW

Privacy on the Docket from Davos to DC (January 27, 2014)

While industry leaders at the World Economic Forum in Davos, Switzerland, called for new rules surrounding data protection, the U.S. Supreme Court announced it will hear two cases involving warrantless searches by law enforcement of suspects’ cellphones. And, the U.S. Federal Trade Commission announced settlements with 12 companies over false claims of alignment with Safe Harbor rules. In this Privacy Tracker roundup, learn about these issues as well as bills being considered by U.S. state legislatures, how Obama’s NSA plans may affect EU law and more. (IAPP member login required.)
Full Story

DATA PROTECTION

E-Receipts Helping Retailers Do More than Save Paper (January 27, 2014)

Paper receipts are headed toward extinction, Today reports, as e-receipts increasingly become commonplace. But e-receipts may serve more of a purpose for merchants than is obvious. “Merchants see digital receipts as a way to ‘engage’ with their customers. Translation: They see this as a new marketing channel—an efficient way to sell you more stuff,” the report states. While collecting customer data can be difficult, e-mailing receipts is “a fairly effective and simple way to get accurate contact points for your customer base,” says one CEO. A recent Epsilon International report found that 83 percent of retailers offering e-receipts did so to obtain a customer’s e-mail address.
Full Story

PRIVACY TOOLS

A New Handy Guide to Global DPAs (January 24, 2014)

The legal world is still fond of reference books. How many of you have giant binders on your shelves into which you insert this year’s latest update on some area of law or other? For a quickly changing legal environment like privacy, though, your binder fills up fast. Pretty soon, you need another binder. Luckily, we have the Internet. DLA Piper has attacked the problem of surveying the world’s data protection laws and regulations with a handy online and interactive guidebook for which they’ve released version 3.0 just in time for Data Privacy Day. Find out where it lives and how it was developed in this exclusive for The Privacy Advisor.
Full Story

PRIVACY BUSINESS

IAPP Launches Industry of Privacy Survey (January 24, 2014)

As part of our organization’s efforts to better understand the industry of privacy and the collective budgetary power of privacy professionals, the IAPP has launched an ambitious program to study the economic impact of the privacy industry and distribute the results to the world at large. And we need your help. Please take our first survey and be part of this effort to benchmark spending and help privacy professionals around the globe better shape their privacy programs.
Full Story

BIOMETRICS

Facial Recognition Databases Demand “Responsible” Actions; App Explores Augmented Reality (January 24, 2014)

In a column for The Atlantic, Profs. Woodrow Hartzog and Evan Selinger highlight the importance of separating facial recognition apps and large databases in order to protect privacy and relative anonymity in public. “No matter how powerful a facial recognition app is designed to be, it can’t get the job done without being connected to a database that links names to faces,” they write, adding, “the key is to ensure legal and social pressure demands the same responsible behavior from database owners as it does from designers, hosts and users of facial recognition technologies.” Meanwhile, CNET News reports on an augmented reality app planned for Google Glass. The Brain app would lay data from the virtual world—such as a Facebook profile—over what’s being observed in the real world. The company’s chief executive said, “We are trying to develop the platform … to try to anticipate and understand what you need and what you want and then present it when you need it.”
Full Story

PRIVACY—NEW ZEALAND

The Interesting View From the NZ Privacy Office (January 24, 2014)

“One of the dubious delights of being a privacy regulator,” writes Assistant Privacy Commissioner of New Zealand Katrine Evans, “is the unexpected things that crop up during every working week.” In this latest Privacy Perspectives post, she provides a thumbnail sketch of the major issues she sees coming across her desk in 2014, from wearables to a reform of the Privacy Act to biometrics—even the departure of Privacy Commissioner Marie Shroff, who leaves her post after 10 years on the job.
Full Story

PRIVACY LAW—AUSTRALIA

Report: Half of Orgs Unaware of Privacy Act Amendments (January 23, 2014)

The Australian reports on “startling low awareness” among corporations and organisations about the impact of the country’s Privacy Act amendments. “Half of all organisations are not even aware of amendments to the Privacy Act that could see fines of about $1.7 million imposed when it comes into effect,” the report states. For those seeking guidance on the amendments, IT News has made the report “Understanding Australia's New Privacy Act” available through its website. With only 25 percent of organisations “doing something about” the Privacy Act amendments, Capgemini Australia’s Shane Lonergan tells The Australian, "It's across the board from tier-one to tier-two organisations ... they're major players (in the dark).” (Registration may be required to access this story.)
Full Story

PRIVACY LAW—AUSTRALIA

Breach of Privacy Case Dismissed (January 23, 2014)

A police officer’s privacy complaint against the Queensland Police Service (QPS) has been dismissed, Brisbane Times reports. The officer “launched legal action against the Queensland Police Service claiming his privacy had been breached when details of a raid on his home appeared in the media,” the report states. The Queensland Civil and Administrative Tribunal dismissed the complaint after finding the officer “had not substantiated his claims against the QPS,” the report states.
Full Story

PRIVACY LAW—HONG KONG

Data Privacy Complaints at Record High (January 23, 2014)

South China Morning Post reports complaints and enquiries to the Office of the Privacy Commissioner for Personal Data (PCPD) peaked in 2013, “driven partly by new restrictions on companies’ use of their customers’ personal data for direct marketing.” The PCPD reported Thursday that more than 75 percent of the “complaints targeted private organisations, while more than half of the enquiries asked about the marketing restrictions,” the Office of the Privacy Commissioner for Personal Data said on Thursday. The number of complaints received in 2013 was up 48 percent over 2012, the report states. (Editor’s Note: The IAPP Asia Privacy Forum comes to Hong Kong on 31 March.)
Full Story

PRIVACY LAW

Laws, Amendments Set To Roll Out Across Globe (January 23, 2014)

This Privacy Tracker weekly roundup reports on new compliance hurdles for organisations in Canada and Australia as new laws are set to roll out in those countries. In the EU, the LIBE has published amendments it would like to see in the Network and Information Security (NIS) Directive. The report also looks at lawmakers’ efforts to get privacy-protecting laws on the books in the U.S., where FTC Commissioner Maureen Ohlhausen has called for legislators to look to existing laws, saying, “We simply do not need new talk, new laws or new regulations.” (IAPP member login required.)
Full Story

DATA PROTECTION

Microsoft Hints Overseas Users Can Store Data Outside U.S. (January 23, 2014)

Microsoft General Counsel Brad Smith has suggested that overseas users will be able to store their data outside of the U.S., in what Reuters reports as “the most radical move yet by a U.S. technology company to combat concerns that U.S. intelligence agencies routinely monitor foreigners.” According to Financial Times, Smith said users “should have the ability to know whether their data are being subjected to the laws and access of governments in some other country and should have the ability to make an informed choice of where their data resides.” As one example, Smith said, Europeans could choose to store their data in Microsoft’s data center in Ireland.
Full Story

PRIVACY LAW

At World Economic Forum, Industry Leaders Call for New Privacy Rules (January 22, 2014)

In a blog post, Microsoft General Counsel Brad Smith has called for “an international legal framework—an international convention—to create surveillance and data access rules across borders” and has said the current legal structures are out-of-date, prompting “some governments, as we’ve learned over the past year … to take unilateral actions outside the system,” CNET News reports. Smith is expected to take part in a World Economic Forum (WEF) panel discussion about the public perceptions of surveillance, data security and privacy in light of the NSA disclosures. BT Group Chief Executive Gavin Patterson, also speaking at the WEF, said customers cannot be guaranteed 100-percent privacy online and called for updates to “murky” data collection laws, The Guardian reports. Meanwhile, DW reports on Human Rights Watch's call this week for "a clear regulatory framework to keep intelligence services in check."
Full Story

SURVEILLANCE

Verizon Releases First Transparency Report (January 22, 2014)

In a press release on its website, Verizon has released its first transparency report for law enforcement requests in the U.S. and “other countries in which we do business.” According to the release, “Although Verizon has released a great deal of information over the past few years regarding the number of law enforcement demands we’ve received, Verizon’s online Transparency Report now makes an expanded data set more easily accessible.” The company said it will update the report semi-annually. Verizon also said it saw an increase in the number of law enforcement demands in 2013, as compared to 2012.
Full Story

ONLINE PRIVACY

Study Uncovers Tor Sabotage; Privacy Tools Used by 28 Percent Globally (January 22, 2014)

A group of computer scientists has found at least two dozen computers actively trying to sabotage the Tor privacy network, according to Ars Technica. The newly released paper, Spoiled Onions: Exposing Malicious Tor Exit Relays, is one of the first studies to document exit nodes purposely attempting to tamper with encrypted messages between the exit node and the open Internet. Developer Tal Ater has recently demonstrated that a microphone permission policy in Google Chrome can allow any site enabled for voice recognition to transcribe everything in range of the device without the user knowing. Separate research has revealed that privacy tools are used by 28 percent of the online world, or an estimated 415 million users. The GlobalWebIndex (GWI) study also found that 56 percent of those surveyed said they believe the Internet is eroding their personal privacy. The GWI study notes 11 percent of all users say they use the Tor network.
Full Story

DATA PROTECTION

Top Tips for a Data Incident Plan (January 21, 2014)
With recent data breach incidents practically saturating headlines, and with increasing evidence that preventing breaches altogether is next to impossible, Online Trust Alliance Director of Public Policy and Outreach Heather Federman, CIPP/US, writes about the importance of developing a data incidence plan (DIP). “The DIP is a playbook that describes the breach fundamentals an organization can deploy on a moment’s notice,” she writes, adding, “A good DIP helps you quickly determine the nature of an incident, immediately contain it, ensure evidence is not accidentally ruined and easily notify regulators.” In this Privacy Perspectives post, Federman, “in honor of the upcoming Data Privacy Day” next Tuesday, January 28, presents the top 14 tips for creating a DIP.

PRIVACY

Opinion: Old-School Privacy Is Dead, Embrace the New School (January 21, 2014)

“There is nothing left to debate. Our old-school privacy, as we’ve known it for decades, is dead and buried,” writes Indiana University Center for Law, Ethics and Applied Research Director Stanley Crosley, CIPM, CIPP/US. “But there’s good news,” he adds in this installment of Privacy Perspectives. “If your notion of privacy is defined by your personal control over all of the data about you, well, you’re privacy crazy, and I have tragic news: That privacy is lost.” Crosley notes that regulations “that default to all ‘use’ of data as being impermissible unless authorized by the individual are trying to protect a version of privacy that no one really wants”—the equivalent of going back to using “VCRs and flip phones.” Rather, Crosley explains, “our parents’ brand of privacy is being replaced by a better, more sustainable and meaningful privacy.”
Full Story

PRIVACY LAW

Making a Privacy Law for the 21st Century (January 20, 2014)
With the EU’s proposed General Data Protection Regulation (GDPR) hanging in the balance, some think it a good time to go back to the drawing board. “Better, I think, to start again and design a good law than to adopt legislation for the sake of it—no matter how ill-suited it is to modern-day data processing standards,” writes Field Fisher Waterhouse Partner Phil Lee, CIPM, CIPP/E. In this post for Privacy Perspectives, Lee reflects on what a “21st-century data protection law ought to achieve, keeping in mind the ultimate aims of protecting citizens’ rights, promoting technological innovation and fostering economic growth.”

BIG DATA

Privacy, Security Leading Issues for Big Data, IoT (January 20, 2014)

A 2014 predictions report from Stratecast finds “privacy will ‘almost certainly’ be the leading Big Data issue this year,” InformationWeek reports, questioning how that could impact such retail “Big Data” uses as “in-store analytics systems that use WiFi-enabled devices—typically smartphones—to gather information on customers' shopping and purchasing habits.” Meanwhile, Financial Post reports on similar concerns for the Internet of Things, where questions about security and privacy continue to grow with the use of “smart home” devices. "It's getting more complicated," Gartner’s Angela McIntyre said, citing the broadening types of data being collected. "Companies are realizing they need to update their privacy policies and terms of service (with) easy-to-read disclosure of privacy up front."
Full Story

PRIVACY LAW—AUSTRALIA

Will Entities Use Privacy Act “Get Out of Gaol Free” Cards? (January 16, 2014)

In a series of IT News blogs, Brett Winterford explores “the improbability of Privacy Act compliance,” noting that as the 12 March deadline looms, “Australia’s new Privacy Act will come into effect during a period of tremendous turbulence in the technology sector, owing to a surge in subscriptions to cloud computing services.” Winterford advises organisations that use or plan to use “public cloud computing services that are hosted offshore … consider Australia’s amended Privacy Act in detail.” Winterford also details the Office of the Australian Information Commissioner’s “two ‘get out of gaol’ cards”—commensurate contract and consent—that “corporate Australia will make use of.”
Full Story

PRIVACY LAW—AUSTRALIA

Orgs Should Set Responsible Disclosure Expectations (January 16, 2014)

Highlighting cases where organisations were informed—sometimes by researchers or “white hat” hackers—of vulnerabilities but did not take appropriate action, a ZDNet report quotes Bugcrowd’s Jonathan Cran as saying, “It really comes down to 'don't be a jerk'—on both sides. But that's not legally scalable … Unless the organization defines what they expect with a responsible disclosure or bug bounty policy, the researcher is often left guessing." Cran discusses the importance of organisations becoming “proactive in defining 'reasonable' or 'responsible'—and setting expectations” or researchers are left “to decide what it means for both parties. Often, researchers have a sense of civic responsibility to let the public know what they've found."
Full Story

PRIVACY BUSINESS

IAPP and CSA Announce New Strategic Alliance (January 16, 2014)
The IAPP announced today that it has created a new strategic alliance with the Cloud Security Alliance, a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within cloud computing. The alliance’s most tangible result will be the joining of the IAPP Privacy Academy and CSA Congress into a single event to be held September 17 to 19 at the San Jose Convention Center in San Jose, CA. “Cloud security and privacy matters continue to twist and turn, especially given events of late, with the industry in constant pursuit for the best knowledge and practices to stay ahead of what’s next in securing all forms of computing,” said CSA CEO Jim Reavis. “Through this union, this event is now the center of gravity for information governance and management professionals to navigate the continually evolving challenges of the digital economy,” said IAPP President and CEO Trevor Hughes, CIPP.

PRIVACY BUSINESS

Privacy-Enhancing Phone, Dating App Unveiled (January 15, 2014)

The creators of Silent Circle have announced they will unveil a privacy-enhancing smartphone called Blackphone, GigaOM reports. The device, which will be available for preordering on February 24, uses a secure version of Android called PrivatOS and will have the capability to transmit secure phone calls, texts, file exchanges and storage, and video chat, and anonymizes use via a virtual private network. Creator Phil Zimmerman said the phone “provides users with everything they need to ensure privacy and control of their communications, along with all the other high-end smartphone features they have come to expect.” Meanwhile, the makers of SinglesAroundMe have announced a patent-pending technology that allows users to change their locations to preserve their privacy. The “Position-Shift” algorithm gives users control over their location and who knows it. Fujitsu Labratories have announced an encryption search that keeps data encrypted to maintain privacy, and Twitter has announced it is enforcing SSL encryption for apps connected to its API. Editor’s Note: Privacy Perspectives recently posted “Data-Driven Dating: How Data Are Shaping Our Most Intimate Personal Relationships.”
Full Story

PRIVACY PROFESSION

How Privacy Engineers and Lawyers Can Get Along (January 14, 2014)
The burgeoning technological landscape is increasing the need for lawyers to work with engineers on privacy protection initiatives. In this post for Privacy Perspectives, two Georgia Tech professors—one a law professor, the other a software engineering professor—consider four points showing “how to bring together and leverage the skill sets of engineers, lawyers and others to create effective privacy policy with correspondingly compliant implementations.” Profs. Peter Swire, CIPP/US, and Annie Antón look into how lawyers and engineers make the simple complicated, why using the term “reasonable” works in privacy rules but not software specifications and, perhaps most importantly, “how to achieve consensus when both lawyers and engineers are in the same room.”

DATA LOSS

Snapchat Assures Users Spam Is Unrelated to Breach (January 14, 2014)

Following reports recently from some Snapchat users that they’ve received an excessive amount of spam, the company has apologized but assured users the messages are unrelated to a recent breach that exposed millions of usernames and phone numbers, Los Angeles Times reports. “While we expect to minimize spam, it is the consequence of a quickly growing service,” Snapchat said in a blog post.
Full Story

PRIVACY LAW—NEW ZEALAND

Parliament Blocks Privacy Amendment Bill (January 9, 2014)

The Privacy (Giving Privacy Commissioner Necessary Tools) Amendment Bill, which would have provided the Office of the Privacy Commissioner (OPC) with additional powers, was voted down in the New Zealand Parliament, Mondaq reports. If enacted, the bill would have given the OPC “broader powers to audit government authorities and issue compliance notices to ensure that personal information held by public-sector bodies is not abused,” the report states, noting, “The draft bill proved unsuccessful in Parliament as the ruling National Party have bigger plans for a more comprehensive reform package of New Zealand privacy law,” which is expected to address the OPC’s powers along with other issues in a 2011 Law Commission review. (Registration may be required to access this story.)
Full Story

DATA LOSS—NEW ZEALAND

Commissioner: Gov’t Agencies Mishandled Private Data (January 9, 2014)

TVNZ reports the Office of the Privacy Commissioner (OPC) has found the private information of New Zealand residents has been mishandled by government agencies that “break their own rules when sharing people's details.” OPC reports indicate noncompliance and “substantial issues” with data-sharing agreements between government agencies, the report states. In the wake of several high-profile privacy breaches in recent years, Privacy Commissioner Marie Shroff cautioned, “This is a highly complex environment with huge amounts of citizens' data, and you do need a watchdog carefully checking what is going on to keep them honest.”
Full Story

PRIVACY LAW—AUSTRALIA

Additional APPs Guidelines Issued (January 9, 2014)

Mondaq reports the Office of the Australian Information Commissioner has issued two additional sets of guidelines on the Australian Privacy Principles (APPs) relating to the rights of data subjects. The guidance focuses on APP 12 for “access to personal information” and APP 13 for “correction of personal information,” the report states, noting key points for each APP. For APP 12, for example, highlights such details as making access requests free of charge and allowing the refusal to grant access under certain circumstances. APP 13’s key points include the requirement to “take reasonable steps to correct personal information to ensure information held is accurate, up-to-date, relevant and not misleading. (Registration may be required to access this story.)
Full Story

NOTICE & CONSENT

Counterpoint: Consent, User Control Are Not Things of the Past (January 8, 2014)

In response to arguments presented by privacy scholar and author Victor Mayer-Schönberger on notice, choice and the regulation of use, Ontario Information and Privacy Commissioner Ann Cavoukian, Berlin State Parliament (Germany) Commissioner Alexander Dix and Prof. Khaled El Emam collectively contend that consent and personal control are not things of the past. In this Privacy Perspectives post, they write, “In fact, in the wake of Edward Snowden’s revelations, we are witnessing the opposite: A resurgence of interest in strengthening personal privacy.”
Full Story

SURVEILLANCE

Yahoo Implements Default Encryption; Speakers Canceling Due To NSA Claims (January 8, 2014)

Yahoo has begun automatically encrypting Yahoo Mail users’ connections. Automatic HTTPS is now the default. The move is in response to concerns about government surveillance. Google recently made a similar change, and Microsoft and Facebook have announced stronger encryption keys will be coming in the future. Meanwhile, following allegations that a major security firm accepted $10 million from the National Security Agency to implement an “intentional cryptographic flaw” in one of its encryption tools, several high-profile security experts have begun canceling their appearance at the firm’s annual conference, CNET reports.
Full Story

CONSUMER PRIVACY

Unsurprisingly, CES Buzzes With Privacy News (January 7, 2014)
With more than 150,000 attendees descending on Las Vegas, the Consumer Electronics Show, which kicked off yesterday, is the largest event of its kind in the world and is often the venue where electronics manufacturers make their big product unveilings. This year, privacy has more prominence at the event than ever before. The Privacy Advisor wraps up the big privacy news, from the latest in wearables to biometrics to smart cars and TVs. Further, the news makes two upcoming web conferences seem relevant. Rebecca Herold, CIPM, CIPP/US, CIPP/IT, hosts an event with ISACA on Thursday at noon, “Where Do You Draw the Creepy Line? Privacy, Big Data Analytics and the Internet of Things.” And at 1 p.m. on Thursday, the IAPP hosts a web conference on “Working with Third-Party Vendors: Moving Toward a Standardized Solution,” featuring Jules Polonetsky, CIPP/US; Ellen Giblin, CIPP/US, CIPP/C, CIPP/G; and Al Silipigni, CIPP/US.

DATA PROTECTION

10 Tips for Data Privacy in 2014 (January 7, 2014)

Several recent data breaches continue to show how “the disclosure of sensitive data can have dramatic financial impacts on an organization and erode consumer trust.” In this Privacy Perspectives post, AvePoint Vice President of Risk Management and Compliance Dana Simberkoff, CIPP/US, writes, “The good news here is that this should be highly preventable.” With Data Privacy Day around the corner, Simberkoff shares 10 tips for improving an organization’s privacy and data protection programs—from identifying the “Crown Jewels” to building bridges, not walls, to creating a pervasive culture of compliance and more.
Full Story

ONLINE PRIVACY

Are Data-Use Policies Useless? (January 7, 2014)

In an op-ed for Ars Technica, Casey Johnston questions whether the recent hack of Snapchat and the company’s allegedly questionable data security practices shows how data-use policies fail. Privacy policies and terms of use “make plenty of promises about all of the third-party evils they will protect our data from,” Johnston writes, “But those policies contain few limits on what the companies themselves can do with our info or how they will secure it.” Meanwhile, The Hill reports that Snapchat has hired lobbyists in Washington, DC, to work on “educating policymakers regarding the application’s operation and practice.” According to The Guardian, the integration of Google+ into its Android operating system “has made it too easy for users to leak personal information.” And in a column for Computerworld, Evan Schuman looks into what app developers should include in their mobile privacy policies.
Full Story

PRIVACY LAW—SINGAPORE

Companies Can Send Certain Messages Without Checking DNC Registry (January 7, 2014)

The Personal Data Protection Commission (PDPC) of Singapore has determined companies are allowed to “send marketing messages to customers that have registered to be listed on a new Do-Not-Call (DNC) Registry under certain circumstances,” Out-Law.com reports. While businesses are required to consult the DNC Registry before sending messages—and face fines in certain circumstances—“a new exemption allows businesses to send either text or fax messages to promote ‘related products and services’ to individuals they have an ‘ongoing relationship’ with,” the report states, noting in such instances, companies are not required to consult the registry first. “As the exemption order does not apply to voice calls, organizations are still required to check against the DNC Registry before making telemarketing calls,” the PDPC said. (Editor’s Note: The IAPP Asia Privacy Forum comes to Singapore in April.)
Full Story

DATA PROTECTION

Security Firm Buys Mandiant for $1 Billion (January 3, 2014)

FireEye, a major security firm, announced on Thursday that it is bolstering its security offerings in the purchase of Mandiant for $1 billion, IDG News Service reports. Mandiant, which does $100 million in sales per year, made headlines last January after it helped The New York Times discover alleged Chinese hackers lying dormant within the publisher’s network. Though the companies reside in the same industry, each specializes in different offerings. FireEye specializes in network monitoring and intrusion detection, while Mandiant provides an incident response platform, helps clients determine what data has been compromised and closes vulnerabilities, The Washington Post reports. FireEye Chairman and CEO David DeWalt said the combination of firms will allow it to move more quickly from detection to response.
Full Story