Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!Subscribe now!
After a year of collaboration on the effort, the U.S. Federal Trade Commission (FTC), together with data protection authorities from around the world, held a press conference at the IAPP Global Privacy Summit Thursday to announce a joint agreement between G29 and APEC countries aiming to aid companies in achieving compliance with global data transfers. Speaking for the group, Isabelle Falque-Pierrotin, chairwoman of the French Data Protection Authority (CNIL) and president of the Article 29 Working Party, said the tool, called a “referential,” is a “very political and symbolic act” for companies seeking to obtain double certification under Europe’s binding corporate rules (BCRs) and APEC’s cross-border privacy rules (CBPRs).
In what can only be described as a standing-room only crowd at the IAPP Global Privacy Summit, new National Security Agency Civil Liberties and Privacy Officer and longtime IAPP member Rebecca Richards, CIPP/US, CIPP/G, made her first public statements yesterday in a conversation with last year’s Privacy Leadership Award-winner Danny Weitzner. Watch for yourself in this video from the Conversations in Privacy stage.
We’re in an age of a technological tsunami. Here in the West, we’re faced with two opposing ideologies: On the left, we believe Big Brother is descending upon us via an oligarchy of faceless corporations. On the right, we believe Big Brother is descending upon us via “snooty academics and faceless bureaucrats.” The result? A civil war that has completely destroyed our political world. And the only thing that will save us is a fierce militancy that sees the watched becoming the watchers. Such was the message delivered on the IAPP Global Summit keynote stage yesterday by scientist, inventor and sci-fi author David Brin.
Privacy compliance can be a complex endeavor, and privacy and security professionals often “believe that their compliance challenges are specific to their company, and subsequently have very little opportunity to collaborate with peers within their own companies,” writes AvePoint’s Dana Simberkoff, CIPP/US, “much less opportunities to collaborate with peers within or across industries.” In this post for Privacy Perspectives, Simberkoff presents the new AvePoint Privacy Impact Assessment solution in conjunction with the IAPP “to bring automation to one of the fundamental tenets of a good privacy program.” This new tool “allows privacy teams to develop a Service Level Agreement with their colleagues in IT and the business,” she writes.
Google has argued it should not have to face a class-action lawsuit claiming it illegally scanned private e-mails, Businessweek reports. A 2013 case claiming Google violated federal wiretap law has been combined with several other lawsuits. Ultimately, the case would represent hundreds of millions of users and, according to Google, an unmanageable amount of evidence. Stanford University Law Prof. Deborah Hensler said the plaintiffs face “a very steep hurdle” to proceed as a class. Meanwhile, a judge for the Southern District of Florida submitted final approval to a settlement between AvMed, a health insurance provider, and plaintiffs in a class-action involving a data breach of 1.2 million sensitive health records from unencrypted laptops. According to the settlement, AvMed will create a $3 million fund.
The National Telecommunications and Information Administration (NTIA) led a multi-stakeholder process last year aimed at developing a voluntary code of conduct for mobile app transparency. Some of those who participated in the process spoke at a Global Privacy Summit preconference session Wednesday on why a multi-stakeholder process was chosen, what the code looks like and whether the process was a success. The NTIA’s John Verdi led the stakeholder process for the Department of Commerce but was quick to tell the room that the code—now in its final draft after 142 earlier versions, 19 of which became public—is not a government product.
The British Pregnancy Advice Service has been fined 200,000 GBP by the Information Commissioner’s Office (ICO) following a malicious hack and blackmailing incident. Though police recovered the data before a hacker could go through with a threat to publish the names, addresses and contact information of women who’d used the service for advice on pregnancy issues, the ICO still chose to fine the charity because it didn’t realize its website was storing the information and it further was not storing the information securely. “Ignorance is no excuse,” said Deputy ICO Commissioner and Director of Data Protection David Smith. “It is especially unforgivable when the organization is handling information as sensitive as that held by the BPAS.”
Los Angeles Times reports that approximately 168,500 patients of Los Angeles County medical facilities may have had their personal information stolen. An office handling billing and collections for the county’s Department of Health Services was robbed, and several computers containing sensitive personal data were stolen. In a separate breach, the sensitive data, including Social Security numbers, of nearly 300,000 North Dakota university students was compromised after a server was hacked. In an op-ed for CNBC, Stroz Friedberg Executive Chairman Eric Friedberg writes that companies that have been cyber attacked should not be rushed to disclose a breach. Attempts by lawmakers and attorneys general may be “to protect the common good,” he writes, “but forcing businesses to notify authorities, shareholders, consumers and others in advance of completed forensics could cause a flood of damaging misinformation—and aid the attackers themselves.”
South by Southwest Interactive (SXSW), a conference known for music, film and emerging technology, will explore the privacy implications of data sharing and government surveillance, Bloomberg reports. SXSW Director Hugh Forrest said this new focus stems from the revelations by Edward Snowden, who will speak at the event via video conference. “We understand more and more … how much of our data is no longer in our control,” Forrest said. University of Texas Law Prof. Robert Chesney said, “It was in vogue for a while for people to say that the up-and-coming generation doesn’t care about privacy … It’s clear now that was at best overstated and probably reflected a failure to appreciate the real implications of what moving to a world of digitized information means.”
Here at the IAPP Global Privacy Summit, the IAPP and AvePoint announced the release of a new free privacy impact assessment tool that will allow privacy professionals to better organize PIAs, involve other departments in the organization and complete PIAs more rapidly. Available from the front page of the IAPP’s Resource Center and called the AvePoint Privacy Impact Assessment System, or APIA, it is a piece of software organizations can install on their own servers, which is then accessible through a standard web browser. It allows privacy professionals to assign roles, track progress, offer up different questions for types of products and services and has many other advantages over the standard Word- or Excel-based systems currently in place.
PRIVACY LAW—EU & U.S.
Is the often abstract scholarship of privacy academics read by privacy regulators? It would seem that regulators may not have the time or inclination to read such work. On Wednesday, however, it was clear the answer was yes in many respects. Squeezed into a small room in the Rayburn House Office Building in Washington, DC, a handful of privacy scholars met briefly with some of the world’s most influential privacy regulators to discuss the future of public policy and the role of the privacy regulator as part of “Privacy Papers for Policy Makers,” co-organized by the Future of Privacy Forum and Rep. Sheila Jackson Lee (D-TX).