Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

DATA PROTECTION—U.S.

Privacy Seal Provider Settles FTC Charges (February 26, 2010)

A privacy and security certification program has settled Federal Trade Commission charges that it misled consumers about its Web site monitoring and verification practices. According to an FTC press release, the commission found that ControlScan, a provider of privacy and security seals, issued seals to Web sites with "little or no verification" of the sites' privacy protections, among other misdoings. The settlement bars future misrepresentations and requires that ControlScan notify its seal-bearers of the FTC action. The company's founder and former chief executive officer entered a separate agreement that requires him to give up $102,000 in ill-gotten gains, the report states.
Full Story

DATA RETENTION—EU

Art. 29 WP Wants Reduced Terms for Street View (February 26, 2010)

European data protection officials are urging Google to shorten the period of time it stores images for its Street View online mapping feature because of privacy concerns, Reuters reports. In a letter to Google Global Privacy Counsel Peter Fleischer, the Article 29 Working Party urges the company to reduce the period of time it retains images taken for the application. Street View offers panoramic views of cities and towns and continues to be controversial in parts of Europe, where regulators are concerned about the privacy of those inadvertently captured in photos. Currently, the company retains images for a period of one year. "The Working Party believes that a maximum retention of six months for the unblurred copies of the images would strike the right balance between the protection of privacy and the ability to eliminate false positives," the letter states.
Full Story

DATA PROTECTION—EU

Commissioner: ACTA Will Not Ignore Data Protection (February 26, 2010)

A spokesman for office of trade commissioner Karel De Gucht told ZDNet that an international anti-counterfeiting trade agreement (ACTA) being negotiated will not ignore data protection. European Data Protection Supervisor Peter Hustinx released an opinion on ACTA earlier this week that stated, "Intellectual property is important to society and must be protected [but] it should not be placed above individuals' fundamental rights to privacy and data protection." Spokesperson John Clancy said yesterday that those in negotiations were "neither willing nor able to do that..." Clancy said "The EU already has very stringent laws that defend individuals' civil liberties and personal data protection...they cannot be overruled or ignored by this international treaty."
Full Story

DATA LOSS—CANADA

BC Commissioner Monitoring Breach Investigation (February 26, 2010)

The Office of the Privacy Commissioner of British Columbia is monitoring an investigation into how banking documents turned up at a recycling center, reports Nanaimo Daily News. A Nanaimo man discovered the documents earlier this month. They contained the names, debit card numbers and expiration dates of Coastal Community Credit Union customers, the report states. Credit union officials said they will notify more than 250 affected members by Saturday.
Full Story

HEALTHCARE PRIVACY—U.S.

Pritts to Face Pressures, Experts Say (February 26, 2010)

Privacy advocates say the newly appointed ONC chief privacy officer has her work cut out for her. The Department of Health and Human Services Office of the National Coordinator for Health Information Technology named former Georgetown University faculty member, Joy Pritts, to the post, which was created under the American Recovery and Reinvestment Act of 2009. The founder of the World Privacy Forum, Pam Dixon, foresees tremendous pressure from health industry data users, Modern Healthcare reports. The CPO has to "really, really represent the consumers' interests," Dixon said, adding that Pritts needs to have "real power to put patients' interest first, not industry's interest first." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

New Legislation Targets P2P Privacy Concerns (February 26, 2010)

The P2P Cyber Protection and Informed User Act aims to fight data breaches by making consumers "aware of the privacy and security threats associated with some peer-to-peer file-sharing programs," explains Sen. John Thune (R-SD), who sponsored the bill with Sen. Amy Klobuchar (D-MN). The proposed legislation, which follows the Federal Trade Commission's notification about recent P2P data breaches, would prohibit file-sharing programs from being installed without user consent and require software developers to inform users when their files are made available to others, eWeek reports. Klobuchar says the bill aims to stop the unintentional exchange of "private files like tax returns, legal documents, medical records and home movies" via peer-to-peer networks by making sure that "people know--in a way that they can understand--that their personal files are being shared with complete strangers."
Full Story

FINANCIAL PRIVACY—EU

EU Ministers Want New U.S. Bank Data-Sharing Deal (February 26, 2010)

EU interior ministers have announced they support negotiating a new agreement with the U.S. on bank data transfers, the EU Observer reports. "We want something for Europe as a whole, an agreement that includes restrictions and allays concerns of the European Parliament," Spanish Interior Minister Alfredo Rubalcaba said at a press conference held Thursday. MEPs voted against the interim SWIFT agreement with the U.S. by a margin of 378 to 196 on February 11, stating the deal violated data protection law. While the U.S. has indicated it could opt for bilateral deals with specific European nations, the Council of Ministers sees such a move as offering fewer data protection guarantees than an EU agreement, the report states.
Full Story

ONLINE PRIVACY—ITALY

Reaction Rages on Google Convictions (February 25, 2010)

"Stunning," "chilling," and "shear madness" are some of the words being used to describe yesterday's conviction of three Google executives in an Italian court. In nearly 1,000 media stories on the decision so far, politicians, advocates, academia and numerous others have reacted to news that the company's global privacy counsel and two other executives were found guilty of privacy violations for the posting of a disparaging video to the company's video platform site. U.S. Senator John Kerry (D-MA) expressed deep disappointment, saying, "To hold Google employees criminally responsible for the actions of its users is unjust." The American ambassador to Italy said, "We disagree that Internet service providers are responsible prior to the posting for the content uploaded by users." Those convicted will appeal the decision.
Full Story

GEO PRIVACY—U.S.

Congress Reviews Concerns over Location-Based Mobile Data (February 25, 2010)

Congress is taking a closer look at location-based technologies and their potential impact on consumer privacy and safety, Clickz.com reports. During the House Subcommittee on Communications, Technology, and the Internet's joint hearing with the Subcommittee on Commerce, Trade, and Consumer Protection Wednesday, several witnesses advocated for privacy legislation to regulate commercial use of location-based mobile data. Some legislators stressed that new regulations must not inhibit industry innovation, while others said it is more important to have easily accessible privacy controls available to consumers. "I think you can expect to see this emerge as part of a larger legislative item," said Rep. Rick Boucher, chairman of the Communications, Technology, and the Internet subcommittee.
Full Story

EMPLOYEE PRIVACY—CANADA

Employer Ordered Not to Conduct Credit Checks (February 25, 2010)

Alberta's Office of the Information and Privacy Commissioner (OIPC) has ordered a retailer to stop performing credit information checks on job candidates, determining the practice is not "reasonably required" to assess job performance ability for sales associates, reports the Canadian HR Reporter. The decision followed the investigation of a complaint by a job applicant alleging the practice contravened the Personal Information Protection Act (PIPA). The company had responded by explaining it used credit checks to help assess such factors as whether applicants are financially responsible or pose theft or fraud risks, but the OIPC disagreed. The retailer has agreed to cease the practice.
Full Story

GENETIC PRIVACY—U.S.

Newborn DNA Sent to Military Database (February 25, 2010)

An Austin lawyer is threatening a new federal lawsuit after learning that the Texas health department sent newborn blood samples to the U.S. military in 2003 and 2007 for potential use in a national database. Jim Harrington, director of the Texas Civil Rights Project, says the state never revealed that 800 samples were sent to the Armed Forces DNA Identification Laboratory, the American-Statesman reports. "I can't tell you how many times we sat there, and they said no law enforcement," Harrington said. Harrington settled a separate lawsuit with the state in December regarding the storage of newborn DNA without parental consent.
Full Story

University Data Compromised (February 25, 2010)

A Georgia university is alerting some 170,000 students and staff that their Social Security numbers may have been exposed, SC Magazine reports. Valdosta State University says a hacker accessed a university server. "An initial investigation has found no evidence that any personal data was accessed or transferred," said Joe Newton, Valdosta director of information technology. He added that the school will continue to work with university police and the Georgia Bureau of Investigation, and will review its procedures and practices to minimize the risk of another breach. A Valdosta server was hacked into in December 2009, as well.
Full Story

ONLINE PRIVACY—ITALY

Google Execs Convicted on Privacy Charges (February 24, 2010)

Privacy interests are reacting to an Italian court's decision that is expected to have ramifications worldwide. A Milan judge today convicted three Google executives, including Global Privacy Counsel Peter Fleischer, for failing to comply with Italian privacy code in allowing a disparaging video to be posted online. A fourth defendant was acquitted. Judge Oscar Magi ordered a six-month suspended jail sentence and fines for Fleischer, Chief Legal Officer David Drummond and former Google Italy board member George De Los Reyes. "I find it worrying that the chief privacy officer who had nothing to do with the video has been found guilty," said Hunton & Williams Centre for Information Policy Leadership advisor Richard Thomas. All three will appeal the decision.
Full Story

PERSONAL PRIVACY—CANADA

Stores Cited for Recording Tobacco Users’ Info (February 24, 2010)

Privacy Commissioner Jennifer Stoddart is asking the Federal Court of Canada to order a national grocery chain to stop collecting personal information from tobacco purchasers, the Ottawa Citizen reports. The court filing comes on the heels of an Office of the Privacy Commissioner (OPC) investigation that found Sobeys breached the Personal Information Protection and Electronic Documents Act (PIPEDA) by requiring clerks to enter the birth dates of customers who purchase tobacco products into their cash registers. Although customer names are not recorded, the OPC contends the birth dates can be linked to purchase data. An OPC spokeswoman said retailers should "take the least privacy-intrusive approaches possible, even when there's a requirement by law."
Full Story

ONLINE PRIVACY—GERMANY

DPA to Investigate Allegations (February 24, 2010)

The federal privacy commissioner is reportedly planning an investigation into allegations that Deutsche Telekom shared another carrier's customer data, reports TMCnet. CEO Rene Obermann is accused of divulging the data of 16 million T-Mobile Germany customers to the mobile phone retailer The Phone House, according to the report.  
Full Story

PRIVACY LAW—U.S.

HHS Web Site Lists Breached Entities (February 24, 2010)

To comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act, the Office for Civil Rights has posted to the Department of Health and Human Services Web site the 32 covered entities that have reported protected health information breaches. HITECH mandates that breaches of protected health information affecting more than 500 individuals be reported to HHS within 60 days and made public. That includes covered entities' business associates. Smaller breaches must be reported annually, Health Data Management reports.
Full Story

GENETIC PRIVACY

Researchers Highlight Risks of Volunteering DNA (February 24, 2010)

Current methods for sharing genetic data for research purposes pose privacy risks to those who have volunteered their DNA, Ars Technica reports. For example, researchers have designed tools making it possible to determine whether or not individuals were present in any given Genome-Wide Association Study (GWAS), as well as exposing whether they belong to a population affected by a particular genetic disorder or if DNA from close family members has been used in the same experiment. With the risk of privacy breaches "likely to increase with the ever-expanding volume of genetic data available," the report stresses that researchers have an obligation to protect the privacy of volunteers in DNA studies.
Full Story

IDENTITY THEFT—U.S.

Iowa Victims Fear Identity Theft (February 24, 2010)

Thousands of Iowa residents fear they could become victims of identity theft after the state's Racing and Gaming Commission licensing database was hacked during routine Internet maintenance last month, the Des Moines Register reports. The FBI is investigating the breach of the database, which includes the names, addresses, dates of birth and Social Security numbers of 80,000 current and former casino and racetrack employees. Experts say those whose information was compromised have every reason to be concerned. Citing examples of financial and medical identity fraud, California-based attorney Mari Frank said, "the sky is the limit as to what could happen..."
Full Story

ONLINE PRIVACY—GERMANY

Consumer Affairs Minister Wants Tightened Law (February 24, 2010)

Google plans to launch the German version of its Street View mapping feature by the end of the year, but the German government says more work needs to be done to ensure the privacy of those captured in the online photos, reports Deutsche Welle. Consumer Affairs Minister Ilse Aigner said, "I do not share the company's assessment that all personal data concerns have been resolved." Her staff is consulting with justice ministry officials about tightening legislation, the report states. Street View offers panoramic images of cities and towns. A Google spokesperson said, "We've been discussing privacy issues all over Europe, but here in Germany the intensity of the questions is really impressive."
Full Story

Google execs guilty on privacy charges (February 24, 2010)
(Updated 1:31 p.m. ET)
In a decision that is expected to have ramifications worldwide, an Italian judge convicted three Google executives on privacy violations in Milan court today. Global Privacy Counsel Peter Fleischer and two other executives were found guilty of failing to comply with Italian privacy code in allowing a disparaging video to be posted online. A fourth defendant was acquitted.

DATA LOSS—U.S.

FTC: Sensitive Data on P2P Networks (February 23, 2010)

A Federal Trade Commission probe has uncovered widespread leakage of sensitive data onto peer-to-peer file-sharing networks, reports the Washington Post. The commission has notified nearly 100 public and private entities--including schools, local governments and companies--that sensitive personal information about customers and employees is exposed. "Companies should take a hard look at their systems to ensure that there are no unauthorized P2P file-sharing programs and that authorized programs are properly configured and secure," said FTC Chairman Jon Leibowitz. While the warning is welcome, according to a MediaPost report, "vilifying the technology" won't solve the problem.
Full story

PRIVACY LAW—U.S.

USSC Sets Date for Employee Privacy Case Review (February 23, 2010)

The U.S. Supreme Court will soon begin its review of a Ninth Circuit decision that has implications for employee privacy. The Hunton & Williams Privacy and Information Security Law Blog reports that the USSC has set oral argument for April 19. The court will review the Ninth Circuit's 2008 decision in Quon v. Arch Wireless Operating Co. which, according to the blog, has "forced private employers to renew their focus on ensuring robust and consistent enforcement of employee monitoring policies." Among other considerations, the Supreme Court will determine whether a municipal police officer has a reasonable expectation of privacy in text messages transmitted on a department-issued pager.
Full Story

PRIVACY—CANADA

Commissioner Cutting Services Due to Funding Woes (February 23, 2010)

The Saskatchewan privacy commissioner's office will be cutting back on its services due to limited staffing, the Winnipeg Free Press reports. Privacy Commissioner Gary Dickson said increased demand for services has surpassed the current staffing levels, and with the Board of Internal Economy's denial of a request for $129,000 in funding, the result will be more "waits and delays" for Saskatchewan's residents. With the number of reviews and complaints now up 113 percent, Dickson said, "We just cannot possibly...respond to that demand in any kind of reasonable timeframe." The office's three investigators are currently managing a caseload of 376 files, and some residents have been waiting years for resolution.
Full Story

PRIVACY LAW—U.S.

OCR: BA Provisions Won’t Be Enforced Yet (February 23, 2010)

A Department of Health & Human Services official has indicated that the department will delay enforcement of the Health Information Technology for Economic and Clinical Health Act's "business associate" provisions, which took effect last week. According to the Hunton & Williams Privacy and Information Security Law Blog, Adam Greene, general counsel of the HHS Office of Civil Rights (OCR), indicated that HITECH enforcement will be delayed until the final rules for those provisions are published. Greene made the comments at the American Bar Association's 11th Annual Conference on Emerging Issues in Healthcare Law on Thursday. The provisions require that business associates of HIPAA-covered entities implement certain data protection safeguards.
Full Story

HEALTHCARE PRIVACY—U.S.

DHHS Addressing HITECH Privacy Requirements (February 23, 2010)

The Department of Health and Human Services (HHS) has taken two steps to implement privacy and security provisions included in the HITECH (Health Information Technology for Economic and Clinical Health) Act within the past week, InformationWeek reports. The Office of National Coordinator for Health IT (ONC) appointed its first chief privacy officer, and HHS posted a synopsis of a preliminary solicitation for a contractor "to carry out a sequence of related activities with the goal of understanding security risks to Health Information Technology." The proposal states that "the assurance of safety and security" is essential to moving forward with Health IT.
Full Story

HEALTHCARE PRIVACY—CANADA

Officials Look into Records Storage Complaint (February 23, 2010)

Saskatchewan Privacy Commissioner Gary Dickson is investigating a complaint by a Regina woman alleging she has been told she must pay to access her health records, CBC News reports. The woman's records were shipped to a private Ontario document storage company when her doctor's medical practice closed down, and she has since been told she must pay $150 for access to the file. While a storage company spokesperson told CBC News that its practices comply with the province's privacy laws, Dickson has raised concerns regarding how the information is protected. He notes contract "language that suggests the information can be de-identified without defining how or whether that would be true de-identification...That raises all kinds of red flags, all kinds of concern."
Full Story

PRIVACY LAW—U.S.

Appeals Court: Federal Government Can Be Sued for Emotional Distress over Medical Records Incident (February 23, 2010)

The Ninth Circuit Court of Appeals has ruled that a pilot who lost his license for failing to disclose his HIV status to the Federal Aviation Administration has the right to sue for emotional distress caused by the Social Security Administration releasing his medical records without his permission, the Washington Post reports. The case is linked to a criminal investigation in which the pilot pleaded guilty to a misdemeanor charge of making a false statement but later sued the federal government for violating the Privacy Act by sharing his medical records. While a district court judge agreed the records were improperly handled, he dismissed the case because the claim alleged only emotional distress. On Monday, the appeals court judges ruled unanimously that emotional distress constitutes actual damages and reinstated the lawsuit.
Full Story

DATA LOSS—U.S.

Computer Glitch Sends Personal Data to Unintended Recipients (February 23, 2010)

Tennessee's Medicaid management system is offering one year of free identity theft safeguards to 3,900 people after a computer glitch sent their personal information to the wrong mailing addresses.  TennCare says it will mail notifications this week to those whose personal data--including names, birth dates and Social Security numbers--may have been affected. TennCare's director said there is no evidence the information has been "improperly accessed or misused in any way," and that TennCare worked closely with other state agencies to correct the system's information and investigate the breach, Knox News reports. "We have also put in place protocols to help ensure such an error doesn't occur again," he said.
Full Story

PRIVACY LAW—U.S.

T Minus 10,080 Minutes (February 22, 2010)

Just one week remains before all entities that store or transmit personal information about Massachusetts residents must comply with the state's new security regulations. With the March 1 deadline looming, the Boston Herald reports that small businesses and other organizations are concerned about compliance, especially when it comes to the costs related to developing new policies and providing employee training. In addition to mandating encryption of any personal information that organizations store on portable devices or transmit online, the law also requires written data security plans. "What we're trying to do is create a culture of security around personal information," says Barbara Anthony, undersecretary of the Massachusetts Office of Consumer Affairs and Business Regulation.
Full Story

DATA PROTECTION—EU

EDPS Releases Opinion on ACTA (February 22, 2010)

European Data Protection Supervisor Peter Hustinx has criticized those involved in an international anti-counterfeiting trade agreement for secretly negotiating a deal that would potentially violate data protection requirements, reports PCWorld. In a statement released  today, Hustinx said, "Intellectual property is important to society and must be protected [but] it should not be placed above individuals' fundamental rights to privacy and data protection." According to a leaked portion of the draft agreement, negotiators plan for ISPs to monitor network content in an effort to crack down on piracy. Hustinx suggests "less intrusive solutions" and calls on the EU to "implement appropriate safeguards to all data transfers made in the context of ACTA."
Full Story

STUDENT PRIVACY—U.S.

Lawsuit Alleges School Spied on Students via Laptops (February 22, 2010)

The FBI and a Philadelphia-area prosecutor are investigating allegations that a Pennsylvania school official violated a student's privacy by remotely activating a Webcam in his school-issued laptop while he was at home, Computerworld reports. The student's parents filed a lawsuit on February 16 in U.S. District Court, claiming
the assistant principal confronted the teen about "improper behavior" at home and produced a photograph as proof. To do so would violate numerous laws, including the Electronic Communications Privacy Act and Pennsylvania Wiretapping and Electronic Surveillance Act. A spokesperson for the school district has confirmed the Webcams do have a security feature that can be activated if the laptop is lost or stolen, but stressed it would not be used for any other reason. Electronic Privacy Information Center (EPIC) Associate Director Lillie Coney said if the accusation is true it would constitute "an outrageous invasion of individual privacy."
Full Story

PRIVACY LAW—GERMANY

Schaar: Social Network Comes under German Law (February 22, 2010)

Facebook has opened shop in Hamburg, which means it can face prosecution in Germany for privacy violations, Germany's data protection commissioner said on Saturday. The Local reports that Commissioner Peter Schaar told Deutschlandradio that Germans now have legal protection from the unwanted use of their personal data. However, Schaar stressed that Facebook users are responsible for what they post. He advises them to read the site's terms and conditions.
Full Story

HEALTHCARE PRIVACY—U.S.

Overseas Contractors Have Incentives to Protect PHI (February 22, 2010)

Healthcare providers aiming to cut costs are sending their patients' personal information beyond U.S. borders, but that is not necessarily a bad thing when it comes to privacy protection, Health Business Daily points out in an excerpt from the "Report on Patient Privacy." There are inherent risks, especially when services such as medical transcribing, coding and billing are handled in countries where U.S. regulations like HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) do not apply, and no national privacy regulations are in place. However, "the process has built-in safeguards, including financial motivators on the BA (business associate) side, which can make working with offshore business associates as safe--if not safer--than working with those in the U.S.," the report states.
Full Story

CHILDREN’S PRIVACY—HONG KONG

Newborns’ ID Tags to be Alarmed (February 22, 2010)

The Privacy Commissioner for Personal Data has welcomed a Hospital Authority pilot program aimed at increasing newborns' safety. The program will don newborn babies with smaller and tighter identification tags, the commissioner's office reports. The tags will set off an alarm if an unauthorized person carries a baby out of the hospital ward. The program comes after an incident last year involving the mix-up of two babies' identities. "The Personal Data (Privacy) Ordinance was enacted to protect the personal data of all living individuals no matter how young they are," Commissioner Roderick Woo said.  
Full Story

GEO PRIVACY

Predictably Predictable (February 22, 2010)

Northeastern University researchers used the cell phone billing data of 50,000 Europeans to determine people's predictability. National Public Radio reports on the work of Professor Laszio Barabasi, who says the researchers did not have subscribers' names, phone numbers or characteristics, other than the location data their phones sent to towers. The study found that people are extremely predictable. It is one example of an emerging field of social science research that relies on data from major carriers. The results of such projects are expected to aid public policy. A U.S. House subcommittee will hold a joint hearing on the use of location data for commercial purposes on Wednesday.
Full Story

PRIVACY LAW—CANADA

Op-Ed: BC Database Poses Privacy Risk (February 22, 2010)

The provincial government's plans for a new database linking information gathered for income assistance, employment services, child welfare, family development, child mental health, youth justice and other purposes will put British Columbia residents' privacy at risk, a Times Colonist editorial asserts. Pointing to the project's objective of providing a "holistic view of each citizen," the editorial voices concern about giving government employees wider access to citizens' private information. "The dangers are obvious," the report states. "At a minimum, combining huge caches of personal information in one location invites theft...But there is a far more serious objection to this project. Whose interest is the government serving, when it sets out to develop a 'holistic view of each citizen?' It cannot be ours."
Full Story

DATA PROTECTION—EU

New SCCs Have “Important Advantages” (February 19, 2010)

The Financial reports on the European Commission's newly revised Standard Contractual Clauses for global data transfers. An important advantage of the new clauses, according to an advisor on the revision, is that "...they contemplate the possibility that a data processor outside the EU may need to transfer personal data to another data processor, something that happens frequently in daily business practice." Christopher Kuner, a partner with Hunton & Williams in Brussels and chair of the International Chamber of Commerce Task Force on Privacy and Data Protection, described the update as an "improvement" rather than "breakthrough," adding that the new SCCs "do have some important advantages over the existing controller-to-processor clauses."  
Full Story

HEALTHCARE PRIVACY—U.S.

HITECH Takes Effect, Hospitals Report Compliance Difficulties (February 19, 2010)

The privacy and security rules of the Health Information Technology for Economic and Clinical Health Act (HITECH) took effect this week and already providers are reporting compliance difficulties, reports Washington Technology. The results of a survey released yesterday indicate that nearly a third of 200 hospitals polled are not compliant with the new rules. Some say that could be due to a lack of clarity on the regulations. Nonetheless, "covered entities and their business associates must act immediately..." writes Jeff Drummond of Jackson Walker LLP. Among other must-dos, covered entities should put policies in place to meet the breach notification requirements.
Full Story

DATA PROTECTION

Effectively Contracting Your Network Privacy (February 19, 2010)

In a NetworkWorld article, Andreas Antonopoulos offers advice on creating privacy protective vendor contracts in a time of increasing law enforcement demands for data held by third parties. "It is up to you to negotiate terms that address key issues of data protection and safeguard your rights," Antonopoulos says. "Demand that law enforcement requests are properly documented...and that you are notified of any requests that may affect your data." He also warns to be wary of weak clauses. Antonopoulos admits that improved contract language is no silver bullet and suggests due diligence in the vendor selection process. "...Ask the right questions to make sure the provider can honor their obligation to protect your data."
Full Story

PRIVACY LAW—U.S.

NYC Bar Urges Redaction (February 19, 2010)

The New York City Bar proposes that courts adopt a statewide rule that would limit the amount of sensitive personal information in civil court filings, according to a Law Technology News report. The bar's subcommittee on electronic records issued a report last week that says the "reality is that the notion of privacy of court records is a misnomer." The proposal would hold those filing civil court documents responsible for redacting nine categories of information, including government-issued identification numbers and bank account numbers. The proposal aims to help prevent identity theft and "the unnecessary disclosure of an individual's sensitive personal information in civil court filings as an abusive litigation tactic."
Full Story

PRIVACY LAW—U.S.

Bill Would Make Public Employees’ Birth Dates Confidential (February 19, 2010)

A new bill passed in Oklahoma's Senate yesterday would keep the birth dates of public employees confidential, NEWSOK reports. The bill, which passed with a 44-0 vote and now goes to the House, aims to prevent criminals from easily accessing information about state employees. However, the executive director of the Oklahoma Press Association says the bill would violate right-to-know laws. "This is not like a Social Security number, it's a date on the calendar that we use to decide if somebody can vote, if they can serve in the military and a host of other things," he said. The bill's author, Rep. Randy Terrill, said he plans to develop criteria to address this.
Full Story

PERSONAL PRIVACY

Be Smart about Smart Grid Privacy (February 19, 2010)

Like the toaster and blender, smart meters are expected to become household items within the next several years. Already, there are more than a million in Ontario, and in Boulder, Colorado, every home has one. Smart meters will record household electricity consumption--down to the appliance level--offering new information that is expected to help consumers manage their energy consumption. But advocates are warning that privacy safeguards must be incorporated into their design. In a CBC News report, Ontario Information and Privacy Commissioner Ann Cavoukian, who recently co-authored a whitepaper on the topic, says, "If privacy is to live well into the future, we can no longer rely on regulatory compliance."  
Full Story

PRIVACY LAW—BULGARIA

Parliament Approves Amended Act (February 19, 2010)

Bulgaria's Parliament approved the second reading of amendments to the Electronic Communications Act after concessions were made to quell privacy concerns, reports the Sofia Echo. Under the amended act, police will be able to access citizens' communications data related to computer crimes and crimes that carry a minimum jail sentence of five years, the report states. The amended act also specifies data retention and destruction terms. Privacy advocates have criticized the bill, describing it as a "backdoor" for the Interior Ministry to access personal communications data. Under the amendments, a parliamentary committee will oversee data access procedures, and the Commission for Personal Data Protection will submit an annual report to Parliament and the European Commission.
Full Story

HEALTHCARE PRIVACY—EUROPE

E-Health Privacy Concerns Abound (February 17, 2010)

Privacy concerns are a key factor slowing the deployment of e-health across Europe, the EU Observer reports. Most recently, Germany decided to postpone enacting its national e-health smart card due to concerns of security and confidentiality. European Network and Information Security Agency (ENISA) risk management expert Barbara Daskala says that taking time to implement e-health has benefits when it comes to addressing privacy and data protection concerns. "E-health services have a lot to offer of important benefits for citizens and society in general, there is no doubt about that," Daskala notes. "However, it is still a controversial area in the sense that it may also pose many important risks that need to be addressed, preferably before its massive deployment."
Full Story

BEHAVIORAL TARGETING—U.S.

Industry Pushes for Self Regulation (February 17, 2010)

Mediaweek reports on digital media leaders' efforts to stave off regulation around online advertising. "There would have been a bill already" if not for the efforts of some, says one industry executive. The Interactive Advertising Bureau, which is viewed as being out in front on the issue, says advertisers must not rest. IAB VP of Public Policy Mike Zaneis says, "I think you are going to see a very rigorous [FTC] enforcement agenda this year." He is urging members to follow industry best practices. The IAB and other industry groups have backed new self-regulatory principles and an icon aimed at helping consumers better understand online advertising.
Full Story

PRIVACY LAW—U.S.

Coalition to Push for ECPA Changes (February 17, 2010)

The Center for Democracy and Technology (CDT) is creating a coalition to push for changes to the Electronic Communications Privacy Act (ECPA), Tech Daily Dose reports. CDT Vice President for Government Policy Jim Dempsey explains that the 1986 law is outdated, pointing to new technological developments such as cloud computing. Senate Judiciary Chairman Patrick Leahy (D-VT) has also voiced support for reviewing the ECPA, saying, "Congress must work with the Justice Department, privacy advocates and the technology industry to update and clarify the law to reflect the realities of our times." The CDT is expected to announce its new ECPA coalition in the next few weeks.
Full Story

DATA PROTECTION—CANADA

Privacy Concerns Persist over Data-Sharing Plan (February 17, 2010)

Privacy concerns are again being raised around British Columbia's Integrated Case Management computer system aimed at allowing housing and children's ministries staff to share information on more than 200,000 residents, the Times Colonist reports. Citing a 2008 recommendation by former Information and Privacy Commissioner David Loukidelis that such data-sharing plans not go forward without a public consultation, privacy advocates have asked Premier Gordon Campbell to review the project. "If you think about the kind of information government has about you, it's everything--your sexual history, drugs, health, family history and education," says BC Freedom of Information and Privacy Association Executive Director Darrell Evans. "To put this together on an individual is like a massive dossier."
Full Story

PERSONAL PRIVACY

How Much Does Openness Cost? (February 17, 2010)

Researchers, activists and celebrities have different ideas about the potential risks and benefits associated with being a "non-private person," the Toronto Star reports. Social media researcher Danah Boyd argues that there are "huge social costs" in choosing to live life in the public sphere. "Privacy is about having control of a situation," she says. Andrea James, a writer and activist, points to the financial aspects of "privacy as a commodity vs. privacy as a right" in an era where private individuals have shared their children, marriages and fertility treatments with millions via television and Internet programs for monetary gain. The report also examines the fallout that can occur between "non-private" people and their more private counterparts.
Full Story

DATA PROTECTION—U.S.

BBB: Avoid Scammers Posing as 2010 Census Bureau Workers (February 17, 2010)

The U.S. Census 2010 is underway and, already, state law enforcement officials say scammers are posing as Census Bureau employees to solicit donations and Social Security numbers. The Better Business Bureau (BBB) is advising people to cooperate but use caution when providing personal data to solicitors. The bureau is offering advice on how to differentiate a scammer from one of the 140,000 legitimate Census Bureau employees. "Unfortunately, scammers know that the public is more willing to share personal data when taking part in the census and they have an opportunity to ply their trade by posing as a government employee and soliciting sensitive financial information," a BBB spokesman said.
Full Story

DATA LOSS—UK

Orange Says “Case Closed” on Breach (February 17, 2010)

Customers of a telecommunications provider are unhappy with the company's response to their complaints about a data breach, ComputerWeekly reports. Orange has acknowledged the incident, which inadvertently exposed more than 1,100 UK subscribers' e-mail addresses. The company also notified the Information Commissioner's Office about the breach. In response to complaints, an Orange executive sent e-mails to customers stating that a full investigation had been completed and that "we consider that this matter does not constitute a breach in the network terms by Orange, as such, no further action is deemed necessary and your case has now been closed." Orange also refused one customer's request to be released from his contract, saying it was unjustified.  
Full Story

SOCIAL NETWORKING

Canadian Commissioner Probing Buzz; EPIC Asks for FTC Probe (February 17, 2010)

The Office of the Privacy Commissioner (OPC) of Canada is investigating Google's new Buzz social networking feature to see if it complies with Canadian privacy laws, reports the CBC. "We understand the public concern about privacy issues related to google Buzz," said OPC spokesperson Valerie Lawton. "Our office is looking at the issue." Released last week, Buzz has garnered criticism from privacy interests, prompting a Google product manager to promise certain changes. Despite this, the Electronic Privacy Information Center has filed a complaint with the U.S. Federal Trade commission alleging that the service violates federal consumer protection law.

Full Story

SOCIAL NETWORKING

Buzz Changes Outlined (February 16, 2010)

Google has announced changes to improve user privacy on its new social network, Buzz, reports the New York Times. In a weekend blog post, Buzz and Gmail product manager Todd Jackson wrote that the company would alter a Buzz feature that incited criticism upon release last week. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback," Jackson wrote. The feature created a Buzz user's circle of friends based on Gmail activity. Google says it will suggest, rather than automatically connect potential friends going forward. One technology expert described the change as a "huge improvement," while another expressed lingering concern. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—FINLAND

Police Investigating Street View Image (February 16, 2010)

Finnish police are investigating whether Google's Street View mapping feature has breached privacy legislation, reports Agence France-Presse. Street View launched in Finland last week, offering panoramic images of cities and towns. A Raahe police sergeant confirmed that the department initiated a criminal investigation on Thursday at the request of a resident who was captured in one of the photographs taken for the feature while seated in the garden of a private residence last summer. It is the first investigation of its kind in Finland, according to the report. Police will determine whether Google violated unauthorized surveillance and privacy laws.
Full Story

BEHAVIOURAL TARGETING—UK

Yahoo Teams with Nectar on Opt-In Program (February 16, 2010)

Yahoo and Nectar have teamed up on a behavioural targeting program that will link customers' offline and online shopping data, reports OUT-LAW.COM. The Customer Connect program will link the two companies' databases to help advertisers determine which adverts to display to particular users. "For the first time UK advertisers will have a simple way to track offline sales from online advertising campaigns," Yahoo managing director Mark Rabe told the Financial Times. Users must opt in to the program to begin receiving the targeted ads. According to reports, 20,000 have signed up.
Full Story

DATA PROTECTION—UK

ICO Draft Code Says New Powers Will Not Result in Automatic Fines (February 16, 2010)

The Information Commissioner's Office (ICO) has announced that while it does not plan to use its new power to levy fines for data protection law breaches if the incidents are discovered during one of its audits, organisations could face fines of up to £500,000 if breaches are not resolved in a timely manner, OUT-LAW.COM reports. "My audit team is developing a risk-based approach to help us focus on those organisations...where complaints are significant and where business intelligence highlights the risk of failure," says Information Commissioner Christopher Graham, explaining that in some cases, audits will be compulsory rather than voluntary. The ICO is currently accepting input on its draft Code of Practice.  
Full Story

DATA LOSS—LATVIA

Police Investigating Tax System Breach (February 16, 2010)

Police are investigating a breach of Latvia's State Revenue Service (VID), according to an Earthtimes report. VID said yesterday that its electronic security systems may have been breached, possibly exposing seven million confidential documents from its tax declaration system. It is believed to be the largest data breach in Latvia's history. A group of hackers claims that a senior tax official is responsible for exposing the system's vulnerability.
Full Story

HEALTHCARE PRIVACY—U.S.

Many Millions Directed to EMRs (February 16, 2010)

The Obama administration has committed nearly a billion dollars toward the transition to electronic medical records (EMRs), reports the Associated Press. The White House announced on Friday that it would award $975 million in grants to aid the transition, the report states. The funds come from the economic stimulus package and will be distributed through the Department of Health and Human Services and the Department of Labor. The funds will be used to assist healthcare providers with the move to electronic record-keeping and will also be used to train healthcare workers on the new technology.
Full Story

HEALTHCARE PRIVACY—U.S.

Experts Say Breach Prevention is Key (February 16, 2010)

With HIPAA, HITECH and the FTC's Red Flags Rule, privacy and security officers are facing a collision of compliance obligations, reports HealthLeaders Media. A trio of experts offers advice on how to handle converging obligations. Breach prevention, they say, is critical. "Implement a three-step process to protect all patient information that includes plans for what to do before, during and after a security incident," says Andrew Blustein, a partner at Garfunkel Wild & Travis PC. The experts offer specific breach-prevention tactics, such as incorporating technical safeguards and educating employees. They also recommend conducting regular audits, creating an incident-response program and learning from breach incidents when they occur.
Full Story

DATA LOSS—U.S.

Third-Party Vendors Responsible for Breach, Breach Scare (February 16, 2010)

An unknown number of current and former employees of a credit reporting firm received W-2 forms in the mail with their Social Security numbers visible through the envelope's window, CNET News reports. The payroll vendor that issued the tax forms said it was "an isolated incident and we immediately took the appropriate steps to ensure that this does not occur again in the future." Meanwhile, a company hired by the University of Texas Medical Branch at Galveston to assist with university billing has offered to pay for identity theft protection for some 1,200 patients after discovering that a former employee allegedly used a stolen identity to gain employment there.
Full Story

FINANCIAL PRIVACY—EU & U.S.

U.S. Criticizes EU’s Rejection of SWIFT Agreement (February 12, 2010)
While privacy advocates are praising the EU's vote Thursday to reject an agreement allowing European bank transfer data to be shared with the U.S., Obama administration officials are calling the move a "setback" for counterterrorism cooperation, the Washington Post reports.

DATA LOSS—UK

ICO: Charities Not Exempt from Laws (February 12, 2010)
The Alzheimer's Society has signed a formal undertaking to improve security after the Information Commissioner's Office (ICO) found it in breach of the Data Protection Act, ComputerWeekly.com reports.

DATA LOSS

Shell Employees’ Data Leaked to Advocacy Groups (February 12, 2010)
Contact information for 176,000 employees and contractors of Royal Dutch Shell has been sent to environmental and human rights campaign groups, the Financial Times reports.

DATA PROTECTION—U.S.

Mass. Regs Effective Soon, Encryption Concerns Endure (February 12, 2010)

Computerworld reports on the Massachusetts data protection regulations that are set to take effect on March 1. The law mandates encryption, access controls and data-collection limits, among other provisions, and applies to all businesses that store personal information on Massachusetts residents, regardless of the business's location. A Boston attorney told Computerworld it seems companies have "put considerable effort" into getting ready for the new provisions. However, encryption for mobile devices and back-up storage media remains an area of concern. Also, how the Attorney General's Office intends to enforce the regulations remains to be known.
Full Story

FINANCIAL PRIVACY—SWITZERLAND

Opinion: Privacy Must Not Be Sacrificed (February 12, 2010)
In a New York Times editorial, James Nason explains the history of the Swiss tradition of banking secrecy and tells why privacy must not be sacrificed "on the altar of international cooperation in tax matters." The Swiss codified their secrecy tradition into law with the federal banking act in 1934.

STUDENT PRIVACY—U.S.

Panel to Address Concerns over Plans for Student Database (February 12, 2010)
Moving forward with its plan to encourage states to compile detailed databases on all student records from preschool through adult employment, the Obama administration has created a task force of "national experts" to resolve political and legal privacy concerns, the Chronicle of Higher Education reports.

PRIVACY LAW—U.S.

Two Suits Filed; Fairness Hearing Scheduled (February 12, 2010)
A group of nine Facebook users filed two class-action lawsuits against the social networking site, MediaPost reports. The suits allege that the company's new privacy settings are "confusing and materially deceptive," and that they expose users to identity fraud and other cybercrimes.

ONLINE PRIVACY

Should We Remember to Forget? (February 12, 2010)
When it comes to our online lives, "Cheap storage has been a boon in many ways, but can it also be a nightmare?" an Ars Technica report asks.

PRIVACY

Following Breach Scandal, BC May Create CPO Post (February 12, 2010)

British Columbia's provincial government will explore creating a new chief privacy officer position following a recent privacy breach scandal involving the personal information of 1,400 government clients, the Times Colonist reports. "It's one of the things we are considering," says Citizens' Services Minister Ben Stewart. The announcement comes on the heels of a report  this week from Acting Privacy Commissioner Paul Fraser calling for the creation of a new executive-level post to help educate government employees on what to do in the case of privacy breaches. Stewart has said he will spend the next 90 days assessing what changes are needed based on Fraser's report and an internal review released earlier this month.
Full Story

GEO PRIVACY

New Program Lets You Show What You Are Thinking—and Where (February 12, 2010)

A new social networking service that combines many of the features already used in some popular sites with location-mapping technology could pose new privacy challenges, the Washington Post reports. When used on mobile devices, Google's new "Buzz" social-networking feature has many attributes similar to popular services such as MySpace, Twitter and Facebook; however, when used on a mobile device, it ties into the capabilities of sites such as Google Maps to place users at their exact locations, the report states. Google representatives plan to make Buzz "standards-compliant" and "protocol-obeying" when it comes to sharing data; however, the report points out that Buzz's location-awareness options could present significant issues when it comes to protecting personal privacy. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Remembering Who, What, Where and When—Digitally (February 12, 2010)

Two computing pioneers are recording every aspect of their lives digitally, prompting questions about the potential dangers these "lifelogs" pose to personal privacy, The Times reports. Gordon Bell and Jim Gemmell, both Microsoft researchers, suggest the biological ability to retain memories can be augmented with an electronic memory they call "Total Recall." Proponents tout the ability of storing away mundane information and making interesting facts and experiences easily accessible. Others question whether using Total Recall could lead to a "life without privacy," where authorities could demand access to such memory storage banks. Bell, who has spent years compiling an electronic memory that comprises everything from letters and photographs to biometric data, says, "We need to adapt to reap the benefits."
Full Story

FINANCIAL PRIVACY—EU & U.S.

European Parliament Rejects SWIFT Data Accord (February 11, 2010)

The European Parliament has rejected an agreement to share bank transfer data with the U.S., reports European Voice. In a 378-196 vote in Strasbourg today, MEPs said no to the deal, which would have allowed U.S. Treasury officials to continue accessing data from the Society for Worldwide Interbank Financial Transactions (SWIFT) for counter-terrorism purposes. MEPs said the accord failed to adequately consider the privacy of EU citizens. The vote "underlined differences between the United States and the European Union over how to balance guarantees of personal privacy with concerns about national and international security," the New York Times reports. The U.S. could use other instruments to seek the data, according to the NYT.
Full Story

DATA PROTECTION

Insurer Eyeing Leahy Bill (February 11, 2010)

The National Journal reports on the fledgling cyber-insurance market, which might receive a shot in the arm after the "malicious and well-publicized attack" that affected 20 companies in December. According to industry experts, insurers are adapting coverage to suit. "Underwriters are mostly concerned about companies having the right attitude and approach in their corporate DNA," said Al Modugno, a senior vice president with Marsh. "...If a company keeps senior staff for information security, they assume they will operate online safely." Modugno noted that he is following the progress of the Personal Data Privacy and Security Act, which cleared the Senate Judiciary Committee in December. "A federal data breach law would once and for all make it clear that a comprehensive cybersecurity mentality is necessary," Modugno said.
Full Story

HEALTHCARE PRIVACY—U.S.

Revised Business Associate Agreement Released (February 11, 2010)

The North Carolina Healthcare Information and Communications Alliance has released a revised model of its Business Associate Agreement that reflects changes in the HIPAA privacy and security rules under the HITECH Act, reports Health Data Management. The revised agreement is available for free online. Business associates are deemed to be covered entities under the HITECH Act, making them subject to the provisions of the security rule and portions of the privacy rule. At the annual HIPAA Summit in Washington, DC last week, the deputy director for health information privacy at the HHS Office for Civil Rights confirmed that business associates could be held liable for health data breaches.  
Full Story

PRIVACY LAW—U.S.

NH Biometrics Bill in Committee (February 11, 2010)

New Hampshire lawmakers are considering a bill that would ban the use of biometric data in identification cards, reports SCMagazine. The House Commerce and Consumer Affairs Committee will discuss the bill in an executive session today. Introduced in January, HB1409 would also prohibit the use of identification systems that would require the collection of an individual's biometric data, the report states. "That's the kind of information the government shouldn't generally require to be gathered about an individual," the bill's co-sponsor, New Hampshire Rep. Daniel Itse, told SCMagazine. Trade groups have voiced opposition to the proposed law.
Full Story

DATA PROTECTION—INDIA

Privacy Concerns Stall National Security Database (February 11, 2010)

Privacy concerns have stalled the home ministry's plans to set up the National Intelligence Grid (NATGRID), reports the Times of India. NATGRID is a proposed national security database, which will include individuals' personal information, such as banking, immigration and electronic communication details. The Cabinet Committee on Security (CCS) wants security mechanisms built into the grid before its implementation. "A more detailed proposal carrying specific points relating to the safeguards mechanism will be presented before the CCS as early as possible," said an official, who added, "The ministry has taken all care to have an inbuilt safeguard mechanism within NATGRID so that the available data is not misused."
Full Story

HEALTHCARE PRIVACY—U.S.

Conn. Attorney General Looking at Patient Record Requests (February 11, 2010)

The Connecticut Insurance Department and Attorney General Richard Blumenthal are investigating a health insurer's requests for patient records, reports the Hartford Courant. Several of the state's doctors have received faxed requests from Ingenix, a subsidiary of UnitedHealthcare. A spokesperson for that company said the information is necessary so that Ingenix can review charts to "improve the accuracy of diagnosis-related data in claims that are used to support Medicare risk adjustments for the plans," and that Ingenix "performed this service under contract with the health plans and consistent with federal regulations." A spokesperson for the state's medical society, however, says the requests appear unsubstantiated.  
Full Story

DATA LOSS—U.S.

Hacker Breaches Payroll Company (February 11, 2010)

A Minnesota payroll company is advising more than 1,900 of its customer companies that their employees' personal, sensitive data may have been compromised, eSecurity Planet reports. Ceridian Corp. alerted the FBI and local law enforcement that a hacker accessed the company's Internet payroll system in December. The system contained employee names, Social Security numbers and some bank account information and birth dates. In total, 27,000 employees may have been affected. Ceridian said that represents less than one-tenth of one percent of the employees for whom it provides payroll services. "While the total number of employees affected is small, in our minds one is too many, and we are handling this incident according to our established protocol," a spokesman said.
Full Story

SOCIAL NETWORKING

Blippy: Sharing Credit Card Data…Really? (February 10, 2010)
In the era of sharing, along comes a platform for broadcasting credit card holders' purchases. TIME reports on Blippy.com, the site that, with users' permission, posts point-of-purchase information such as cost and location. "Why would any sane person volunteer to publicize that information?" asks TIME author Barbara Kiviat.

PRIVACY LAW—U.S.

Judge Rules FACTA Does Not Extend to E-Confirmation (February 10, 2010)
A judge in the Northern District of Illinois has ruled that the Fair and Accurate Credit Transactions Act (FACTA) does not apply to electronic displays or e-mail confirmations of Internet transactions, reports Multichannel Merchant.

PRIVACY LAW—AUSTRALIA

Healthcare Identifier Bill Expected to Help Protect Privacy (February 10, 2010)
The introduction of a new national e-health identifier for all Australians is expected to assist with healthcare privacy issues, ZDNet Australia reports. Under the Healthcare Identifier Bill introduced into Parliament on Wednesday, unique 16-digit numbers will be assigned to individuals and healthcare providers by the middle of this year with the goal of streamlining the transfer of patient information.

PRIVACY—UK

ICO Seeks Stakeholder Input on Draft Consultation on Audit Powers (February 10, 2010)
A draft code for consultation related to the Information Commissioner's Office's (ICO) extended data protection audit powers is now open on the ICO's Web site. A Code of Practice for Assessment Notices will be published in April providing the framework for how audits will be conducted through the ICO's new powers under the Coroners and Justice Act of 2009.

SOCIAL NETWORKING

Privacy Concerns Prompting Users to Abandon Social Networking (February 10, 2010)
Concern over access to personal messages and photos is one of the reasons some former social networking fans are putting an end to their online lives, USA TODAY reports. Whether it's privacy issues or a desire to limit the time spent online, the urge to "unplug" has spurred the creation of new Web services like Seppukoo and Web 2.0 Suicide Machine designed to kill off online personas.

PRIVACY LAW—U.S.

Lawsuit Alleges Behavioral Tracking Was Offensive (February 10, 2010)
An Alabama resident has filed a second lawsuit against Cable One for allegedly selling data about his Web surfing activity to behavioral targeting company NebuAd, MediaPost reports. The suit, originally filed in California but dismissed due to geographic considerations, claims that the company's relationship with NebuAd "represented an unprecedented and extraordinarily pervasive ability to locate and monitor users."

DATA RETENTION—U.S.

FBI Wants ISPs to Retain Data for Two Years (February 10, 2010)
At the Online Safety and Technology Working Group meeting in Washington, DC last week, an attorney from the Federal Bureau of Investigation (FBI) said that FBI Director Robert Mueller supports the storing of Internet users' "origin and destination information," and that the bureau is asking Internet service providers to begin keeping logs, reports CNET News.

PRIVACY LAW—U.S.

Get Hip on HITECH (February 10, 2010)
Changing HIPAA compliance requirements should be commanding the attention of covered entities and business associates, writes Allison Tumilty of Leonard Street & Deinard. Tumilty cites new breach notification requirements, increased fines and the extension of privacy and security rules to "business associates," which take effect on February 17, as reasons to take notice.

PRIVACY LAW—U.S.

Opinion: Does Anyone Care About HIPAA Anymore? (February 10, 2010)
HIPAA is no longer the big scary mystery it was in 2003. That's according to Glenna Shaw, writing for HealthLeaders Media. Shaw says a ho-hum attitude toward HIPAA can be attributed to the fact "healthcare organizations know what they have to do to prevent breaches.

PRIVACY LAW—EU

EC Updates Model Clauses (February 9, 2010)
European companies will have to use new standard clauses in contracts controlling overseas data transfers as a result of a decision adopted by the European Commission (EC) last week, OUT-LAW.COM reports.

CONSUMER PRIVACY—U.S.

Ad Deal Sparks Privacy Concerns (February 9, 2010)
The potential purchase of a firm specializing in mobile device advertising by a popular Internet search engine has privacy advocates bringing their concerns to the Federal Trade Commission (FTC), the San Francisco Chronicle reports.

PRIVACY—CANADA

Acting Commissioner Says Breach Highlights Need for New Chief Privacy Officer (February 9, 2010)
British Columbia Acting Privacy Commissioner Paul Fraser is pointing to last year's breach involving the personal information of 1,400 welfare recipients as an example of why the provincial government should move quickly to appoint a new chief privacy officer (CPO), the Canadian Press reports.

ONLINE PRIVACY—GERMANY

Official Wants Clearer Privacy Lines on Street View (February 9, 2010)
German Consumer Minister Ilse Aigner wants more privacy safeguards for Google's Street View, calling it a "million-fold violation of the private sphere," The Local reports.

DATA LOSS—U.S.

Personal Banking Information E-mailed (February 9, 2010)
The personal banking information of 6,000 Ohio state employees, including the governor, was mistakenly sent in an e-mail to dozens of payroll officers at state agencies, the Columbus Dispatch reports.

HEALTHCARE PRIVACY—U.S.

Department Prints SSNs on Envelopes (February 9, 2010)
State health department officials are advising nearly 50,000 Californians how to protect themselves from identity theft, after employees inadvertently listed Social Security numbers alongside names and addresses in a February mailing, the San Francisco Chronicle reports.

DATA PROTECTION—U.S.

Top Five Mistakes of Privacy Training Programs (February 9, 2010)
Good intentions aside, many companies are missing the opportunity to effectively train employees on data protection. "Many corporations have adopted a check-box approach toward compliance" with the obligations set out in various data protection regulations, says Jay Cline, CIPP, in a Computerworld article.

ONLINE PRIVACY—CANADA

Who’s Watching, Tracking and Profiling You? (February 9, 2010)
Privacy Commissioner Jennifer Stoddart is seeking the public's input on the online tracking, profiling and targeting of consumers, Canoe.ca reports, where information from social networking, tracking cookies and global positioning systems (GPS) can be pieced together to create personal profiles.

SOCIAL NETWORKING—EU

On Safer Internet Day, Social Networks Urged to Do More (February 9, 2010)
Today is Safer Internet Day in Europe and the European Commission (EC) is urging social networking sites to better protect the privacy of minors, reports Earthtimes.org.

GENETIC PRIVACY—U.S.

Is the Government Holding Your Baby’s DNA? (February 9, 2010)
Newborn genetic screening has been a routine practice in the U.S. since the 1960s; however, recent parent lawsuits in Texas and Minnesota have spurred debate over whether infant DNA should be held in the government's possession, CNN reports.

DATA LOSS—U.S.

Locke: Breaches “Unacceptable” (February 8, 2010)
In an e-mail to employees on Thursday, Commerce Secretary Gary Locke called recent breach incidents involving employees' personal information "simply unacceptable," and said that, beyond the two breach incidents known to have occurred in the last six months, "In recent weeks, we also discovered additional incidents where some employees failed to follow the proper protocol for handling personal information."

BEHAVIORAL TARGETING

“Everybody Can Be Tracked, Everybody Will Be Tracked” (February 8, 2010)
The San Francisco Chronicle reports on marketers' growing use of technologies to discern more about customers and prospective customers. Cameras within grocery store monitors, radio frequency identification (RFID) on shopping carts and billboards that target ads using publicly available data, among other methods, have arrived.

DATA PROTECTION—U.S.

Census Bureau’s Privacy Practices Spur Accuracy Questions (February 8, 2010)
Director Robert M. Groves has ordered a review of the Census Bureau's identity protection practices after researchers found evidence that "masking" techniques have resulted in instances of flawed data, the Washington Post reports.

HEALTHCARE PRIVACY—CANADA

Privacy Commissioner, Security Expert Disagree over Durham Health Report (February 8, 2010)
Ontario Privacy Commissioner Ann Cavoukian has denounced criticism of her report on Durham Health Region's recent loss of a memory stick containing data on thousands of patients, itWorldCanada reports.

SOCIAL NETWORKING

Social Networks Face EU Regulations, Reding Says (February 8, 2010)
The EU's telecommunications commissioner says if Facebook and other social networking sites don't change their privacy policies, they could face regulation, BusinessWeek reports.

HEALTHCARE PRIVACY—U.S.

New Hampshire Lawmakers Considering Patient Privacy Bill (February 8, 2010)
New Hampshire lawmakers are scheduled to hear a bill on Tuesday that would give patients more control of their medical records, the Citizen of Laconia reports. New Hampshire previously prohibited the sharing of medical records without patient permission, but the enactment of HIPAA "has been interpreted to override state law," says Rep. Cindy Rosenwald (D-Nashua).

DATA LOSS—U.S.

Business Associates to Pay for Data Breaches (February 8, 2010)
A top official at the Office of Civil Rights (OCR) says business associates could be liable for health data breaches. Sue McAndrew, deputy director for health information privacy at the OCR, said it's possible that business associates will be required to pay the OCR out-of-pocket.

CONSUMER PRIVACY—U.S.

FTC Roundtables Helping Build New Privacy Framework (February 5, 2010)
With two of its three roundtable events now complete, it appears the Federal Trade Commission's (FTC) new privacy framework could be one "where greater transparency and choice mechanisms will be required as the privacy risks, including the risk of identity theft, go up," D. Reed Freeman, CIPP, suggests in an ADWEEK report.

PRIVACY—HONG KONG

Government Bureau Will Oversee Privacy Commissioner’s Office (February 5, 2010)
Following the Legislative Council's recent criticism of the Office of the Privacy Commissioner for Personal Data, a government bureau will now monitor its performance, news.gov.hk reports.

ISP BEHAVIOURAL TARGETING—UK

Home Office Responds to EC (February 5, 2010)
The UK Home Office has responded to the European Commission (EC) about Internet privacy concerns, reports ISPreview.co.uk.

DATA THEFT— U.S.

Hackers Breach Payroll Company (February 5, 2010)
A Minnesota payroll company is changing all customer passwords after discovering a security breach, MPR News reports. The company is also offering identity theft protection for all affected employees.

DATA LOSS —U.S.

Policyholder Data Lost in the Mail (February 5, 2010)
A Pittsburg healthcare provider is offering some 3,700 policyholders one free year of credit monitoring after documents containing their names and Social Security numbers (SSNs) were lost, the Pittsburg Post-Gazette reports.

DATA PROTECTION—U.S.

Google, NSA Collaborate on Cyber Attacks (February 5, 2010)
The New York Times reports on Google's alliance with the National Security Agency (NSA) to learn more about the cyber attacks that breached the company's cybersecurity defenses last year. The collaboration is not uncommon, says James Lewis of the Center for Strategic and International Studies.

FINANCIAL PRIVACY—EU

MEPs Reject Deal to Share Bank Data with U.S. (February 5, 2010)
Parliament's Civil Liberties Committee has rejected a deal, which came into force temporarily on Monday, that allowed bank data from the Society for Worldwide Interbank Financial Transactions (SWIFT) to be shared with the U.S., the Times Online reports.

FINANCIAL PRIVACY—GERMANY

Despite Concerns, Germany Will Buy Stolen Bank Data (February 5, 2010)
Despite privacy concerns voiced by many officials including the data protection commissioner, Finance Minister Wolfgang Schaüble has announced the government will purchase the financial data on some 1,500 individuals with Swiss bank accounts, TIME reports.

FINANCIAL PRIVACY—EU & U.S.

Clinton Calls Buzek about SWIFT Deal (February 4, 2010)
Euobserver.com reports that U.S. Secretary of State Hillary Clinton called on European parliament president Jerzy Buzek late last night to express concern about members' plans to reject a data-sharing agreement that would allow the Society for Worldwide Interbank Financial Transactions (SWIFT) to continue sharing European citizens' banking transaction data with U.S. officials, who use it to track terrorist financing.

HEALTHCARE PRIVACY

Healthcare’s New Branch: Patients 2.0 (February 4, 2010)
Patients are talking and the medical community is watching what is being dubbed Patient 2.0, an information-sharing movement that sees patients using the Internet to collaborate on health issues, even if it means sharing private information.

BEHAVIOURAL TARGETING—UK

IAB to Roll out Icon (February 4, 2010)
OUT-LAW.COMa reports that Britain's online advertising trade body, the Interactive Advertising Bureau (IAB), will roll out a global icon intended to alert Internet users to the presence of targeted ads.

SOCIAL NETWORKING—U.S.

Critics Slam Proposed Privacy Settlement (February 4, 2010)
Critics are calling Facebook's settlement offer in a privacy lawsuit involving its Beacon behavioral tracking service "meaningless" while the company contends it is fair and adequate, Computerworld reports.

DATA LOSS—U.S.

Senator Seeks Inquiry (February 4, 2010)
Iowa's Senate majority leader will request an inquiry into how a hacker gained access to a state computer system, the Des Moines Register reports.

ONLINE PRIVACY—U.S.

Interface Could Give Police Quicker Access to Data (February 4, 2010)
Cybercrime investigators are advocating the creation of a national Web interface to link police computers to Internet and e-mail providers across the nation, CNET News reports.

ONLINE PRIVACY

Researcher Exposes Smartphone Privacy Threat (February 4, 2010)
A Swiss researcher is warning users of a popular smartphone that insufficient security and a design flaw could put their personal data at risk, CNET News reports.

FINANCIAL PRIVACY—EU & U.S.

SWIFT Says No Transfers until Parliament Votes (February 3, 2010)
The Society for Worldwide Interbank Financial Transactions (SWIFT) says it will not share European banking data with U.S. officials, pending further action by the European Parliament, reports Handelsblatt.

SOCIAL NETWORKING—CANADA

IIROC Considers Rules Governing Social Media Use (February 3, 2010)
The Investment Industry Regulatory Organization of Canada (IIROC) is considering new rules that would allow broker-dealer firms to monitor employee activities on social networking sites, the Wall Street Journal reports.

FINANCIAL PRIVACY—GERMANY & SWITZERLAND

Merkel Criticized for Intent to Buy Bank Data (February 3, 2010)
German Chancellor Angela Merkel is drawing criticism from her own Christian Democratic party over her intention to buy stolen data on about 1,500 German taxpayers who hold Swiss bank accounts, The Independent reports.

PERSONAL PRIVACY

My Pill is Smarter Than Your Honor Student (February 3, 2010)
Smart phones, smart meters and now, smart pills. A California startup recently won the nod of Swiss pharmaceutical giant Novartis, which will pay $24 million for exclusive rights to Proteus Biomedical's drug-delivery technologies, according to an Economist report.

HEALTHCARE PRIVACY—U.S.

Proposed Federal Budget Includes Millions for Health IT Privacy Research (February 3, 2010)
The proposed Department of Health and Human Services budget for fiscal 2011 includes funding related to health IT's potential impact on privacy, InformationWeek reports.

ONLINE PRIVACY—U.S.

Mozilla Explores Standardized Privacy Icons for Web Sites (February 3, 2010)
CNET News reports that the organization behind the popular browser Firefox is in the process of creating brightly colored, easy-to-recognize icons to alert Internet users to how intrusive or privacy-friendly specific sites are.

SOCIAL NETWORKING

Companies Rank Riskiest Social Networking Sites (February 3, 2010)
A survey of 500 companies worldwide by the security firm Sophos has found that 60 percent consider Facebook to be the riskiest social-networking site, USA TODAY reports.

PERSONAL PRIVACY—U.S.

Court Dismisses Street View Privacy Claim (February 3, 2010)
An appellate court last week denied a Pittsburgh couple's claim that that their privacy was violated when Google photographed their home and pool for its online mapping feature, MediaPost reports.

PRIVACY—U.S.

Another Letter to Obama on Privacy Oversight Board (February 2, 2010)
Two more lawmakers have written to President Obama about reinstituting the Privacy and Civil Liberties Oversight Board, reports the Washington Times.

BEHAVIORAL TARGETING—U.S.

ISP Sued Over Spyware Installation (February 2, 2010)
Two customers have filed a lawsuit against their Kansas-based Internet service provider (ISP) for allegedly sharing their online information with a defunct behavioral targeting company, MediaPost reports.

PRIVACY LAW—U.S.

Health Groups Seek Exclusion from Red Flags Rule (February 2, 2010)
Four national medical organizations representing dentists, physicians and veterinarians are asking the Federal Trade Commission (FTC) to exclude their members from a new regulation aimed at preventing identity theft, according to an American Medical Association (AMA) press release.

PERSONAL PRIVACY—HONG KONG

Official Says “Smart Card” Payment System Poses No Risk to Privacy (February 2, 2010)
A top official has stated that Hong Kong and Shenzhen residents who use the smart card payment system when it is introduced later this year have no reason to worry about their privacy, Computerworld Hong Kong reports.

ONLINE PRIVACY

The Horizon for Google in Europe (February 2, 2010)
The New York Times reports that Google's recent troubles with China may prove to be less problematic than those the company will face in Europe.

SOCIAL NETWORKING

More than One-third of Facebook Users Reviewed Privacy Settings (February 2, 2010)
Approximately one in every three Facebook users customized their settings when the site rolled back its privacy shields in December and notified users to review what they share online, The Register reports.

DATA PROTECTION—U.S.

White House Cybersecurity Coordinator Talks Privacy (February 2, 2010)
The White House's cybersecurity coordinator has reaffirmed the Obama administration's commitment to data protection and privacy, Federal News Radio reports.

ONLINE PRIVACY

Online Tracking Tools Go Way Beyond the Cookie (February 2, 2010)
Cookies are just one example of the tools Web publishers can use to harvest a bounty of identifying information, MediaPost reports.

SSN PRIVACY—U.S.

SSNs to Remain in Use as IDs (February 2, 2010)
The Office of Personnel Management has abandoned a plan to restrict the use of U.S. federal employees' Social Security numbers as primary identifiers, Next Gov reports.

CONSUMER PRIVACY—U.S.

FTC Exploring Consumer Privacy Solution (February 2, 2010)
Following last week's Federal Trade Commission (FTC) privacy roundtable event, the FTC is focusing on the difference between consumer expectations and business practices, MediaPostreports. Read More

HEALTHCARE PRIVACY—U.S.

Opinion: Nat’l Records Database Will Put Privacy at Risk (February 2, 2010)
A national medical records database could jeopardize the personal information of more than 300 million Americans, 2008 Libertarian presidential candidate Bob Barr writes in an Atlanta Journal Constitution op-ed. Read More

FINANCIAL PRIVACY—EU

Parliament Likely to Reject SWIFT Agreement (February 1, 2010)
The European Parliament seems poised to reject a deal that would allow the sharing of European bank transfer data with the U.S. government, reports Spiegel. The proposed deal would give U.S. officials access to financial data from the Society for Worldwide Interbank Financial Transactions (SWIFT), which they deem important to counterterrorism investigations. Some parliamentarians and European officials oppose the deal, including Justice Commissioner Viviane Reding, who said in a speech last week, "I remain to be convinced that all these SWIFT transfers are necessary, proportionate and effective to fight terrorism. I will be looking into this very closely in the coming weeks."
Full Story

ONLINE PRIVACY

Job Applicants’ “Online Reputations” Can Help or Hurt Hiring Chances (February 1, 2010)
Posting indiscreet information online can prevent Internet users from getting jobs, while positive "online reputations" can have the opposite effect, InformationWeek reports.

PROFESSIONAL ETHICS IN PRIVACY—U.S.

FERPA at Heart of Firing (February 1, 2010)
In a case that raises interesting questions about the ethical duties of privacy professionals, a recently fired Department of Education employee says he is seeking an administrative review of his January 15 dismissal, reports Inside Higher Ed. Paul Gammill, former director of the department's Family Policy Compliance Center, says he was dismissed because his superiors didn't like what he had to say about the agency's plans to share students' educational records. Specifically, Gammill told officials that the department's intentions related to states' longitudinal student data systems would violate the Family Educational Rights and Privacy Act (FERPA), the report states. "While I'm an advocate of data systems, it's my job to administer FERPA, and they didn't like what I had to say," Gammill says.
Full Story

FINANCIAL PRIVACY—SWITZERLAND & GERMANY

Banking Data on Sale for €2.5 Million (February 1, 2010)
An unnamed person has offered the German government data on about 1,500 German taxpayers who hold Swiss bank accounts, and Berlin is said to be considering the offer, reports the Wall Street Journal. The data was stolen from a Swiss bank and Swiss officials are cautioning their German counterparts not to purchase it. "I consider it rather insidious that a state operating under the rule of law would make use of illegal data," said Swiss President Doris Leuthard. The Swiss Bankers Association is also calling on Germany to return the data, the report states. (Registration may be required to access this story.)
Full Story

DATA BREACH—CANADA

Review Finds BC Government’s Response to Breach Inadequate (February 1, 2010)
A government review has found the response by British Columbia government officials and supervisors to a privacy breach involving the personal information of 1,400 income-assisted residents was inadequate, the Times Colonist reports.

ONLINE PRIVACY—EU

Rewrite of 1995 Law Will Focus on Privacy in the Digital Age (February 1, 2010)
Incoming EU Justice Commissioner Viviane Reding has announced plans to strengthen the 1995 Data Protection Directive to include requirements that new technologies and processes include privacy by design, OUT-LAW.com reports. "I have had many opportunities to see the impressive power of innovation of information society and the creation of exciting and promising new products and services. Unfortunately, privacy and the protection of personal data were not always a key ingredient at the early development stage of these products and services," Reding said, calling for that to change. Privacy concerns related to new technology range from street-level mapping to social networking to the use of Internet searches by potential employers to gather information on job candidates.
Full Story

DATA LOSS—UK

Financial Details Mailed to Wrong Customers (February 1, 2010)
Skipton Building Society, a mortgage lender, is alerting more than 3,000 customers that their personal data was mailed out to other customers, the Daily Mail reports. The society's chief executive says the affected customers' accounts are not at risk for unauthorized transactions because the exposed data--including names, account numbers, balances and earned interest figures--did not include other identifying details needed to make transactions. "We are also offering to change the account numbers of any customers seeking additional peace of mind," the chief executive says. The society may face fines from the Financial Services Authority.
Full Story

DATA LOSS—U.S.

Personal Data Found on Chicago Streets (February 1, 2010)
Hundreds of partially shredded documents containing sensitive, personal information--including Social Security numbers--were found on a Chicago street last week, the Chicago Tribune reports. It is unclear who is responsible for the breach. A Privacy Rights Clearinghouse official notes that papers intended to be destroyed are often subject to data breaches. But Christopher Wolf of the Future of Privacy Forum says tougher data security laws have spurred more awareness in this area. "Companies know they can't put sensitive records on the curbside or throw them in the dumpster," Wolf says. "It's not to say that never happens, but it's rarer."
Full Story

PRIVACY

EPIC Names International and U.S. 2010 Privacy Champions (February 1, 2010)
EPIC has announced it will present the 2010 International Privacy Champion Award to the Honorable Michael Kirby for his role in the development of the OECD Privacy Guidelines of 1980, which have provided the basis for national laws, international agreements and privacy frameworks around the world. "The international privacy community owes Justice Kirby a huge debt for his critical role working with leading experts from North America, Europe and Asia to develop the guidelines," said Canadian Privacy Commissioner Jennifer Stoddart. EPIC's 2010 U.S. Privacy Champion Award went to Beth Givens, founder and director of the Privacy Rights Clearinghouse in San Diego, California.
Full Story