Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

SOCIAL NETWORKING—U.S.

Privacy Advocates Differ on Merits of New Facebook Settings (May 28, 2010)

Privacy advocates have had mixed reactions to Facebook's announcement that it is rolling out new, simplified privacy settings. CNET News reports that groups including the Center for Digital Democracy, PrivacyActivism.org and the U.S.-based Consumer Watchdog are not impressed with the changes, and many are calling for new government rules targeting such services. The Electronic Frontier Foundation (EFF) and the ACLU of Northern California, however, have had different reactions. The EFF has stated that although the changes do not address all of the group's concerns, "they are a great first step in what will hopefully be a more privacy-driven direction for Facebook," while the ACLU of Northern California suggests, "Facebook is finally friending privacy again."
Full Story

PRIVACY LAW—EU & U.S.

Working Party Urges FTC to Examine Search Engines’ Compliance with Law (May 28, 2010)

The EU's Article 29 Data Protection Working Party is asking the U.S. Federal Trade Commission (FTC) to examine whether the world's largest search engine companies' policies comply with U.S. law. OUT-LAW.com reports that the Working Party has sent a letter to the FTC in connection with its recent announcement that policies for data retention and anonymisation at Yahoo, Google and Microsoft are not in compliance with EU law. The letter, which questions whether the companies' policies are compatible with the U.S. Federal Trade Commission Act prohibiting unfair or deceptive acts of practices in the marketplace, reads, "We respectfully offer our assistance in any possible steps you might want to take in finding a constructive solution to protect the private life of everybody that conducts searches on the Internet."
Full Story

PERSONAL PRIVACY—UK

ICO Will Watch Smart Meter Rollout (May 28, 2010)

The Information Commissioner's Office (ICO) is cautioning energy suppliers to take data protection into consideration when implementing smart meters, BBC News reports. Britain plans to bring smart meters, which will monitor household energy consumption, to every home by 2020. The ICO says it will monitor the rollout closely. "We will continue to maintain a close dialogue to ensure that their introduction does not compromise customers' privacy," an ICO spokesperson said, adding that "energy companies will clearly need to hold records linking meters with households, and all the information must be held in line with the requirements of the Data Protection Act."
Full Story

PERSONAL PRIVACY

Data Brokerage is Big Business, But Privacy Concerns Persist (May 28, 2010)

The Chicago Tribune reports on the activities of data aggregators and their impact on consumer privacy. Online information brokers are increasingly combining data gleaned from online sites with public records, creating comprehensive profiles of individuals. "A lot of people are disturbed by what apparently is a wealth of information that they didn't know is out there," said Rainey Reitman of the Privacy Rights Clearinghouse. The practice has come under regulatory scrutiny recently. One data aggregator, Spokeo.com, says it is aware of the privacy concerns and offers those featured on the site two ways to opt out.
Full Story

DATA PROTECTION

Survey Suggests Businesses Not Worried About Breaches (May 28, 2010)

The Office of the Privacy Commissioner (OPC) has released survey results that suggest Canadian businesses are not concerned about privacy breach risks despite the fact they are collecting more information about their customers than ever before. The OPC commissioned the survey, which found that 42 percent of the 1,005 businesses polled are not concerned about security breaches, according to the commission's press release. "Given the severity and number of major data spills that we have seen reported in the headlines over the past few years, it is concerning to see that businesses are not more apprehensive about this issue," said Assistant Privacy Commissioner Elizabeth Denham.
Full Story

ONLINE PRIVACY

Investigations, Court Actions Abound Over Google WiFi Collection (May 28, 2010)

A U.S. federal court has issued a restraining order prohibiting Google from destroying data it collected over WiFi networks, The San Francisco Chronicle reports. The court is also ordering Google to turn over two copies of wireless data collected from the U.S., where suits have also been filed in Oregon, Massachusetts, California and Washington, DC. In Australia, the Australian Privacy Foundation has said there are grounds for consumers to pursue legal recourse, suggesting the company violated the Telecommunications Act and the Privacy Act. Investigations into Google's collection of personal information through its Street View vehicles are ongoing across the globe, including in the Czech Republic, where the Office for Personal Data Protection has reported Google could face fines of up to €392,000.
Full Story

ONLINE PRIVACY

Opinion: On the Internet, Our Secrets Are Worth Billions (May 28, 2010)

Privacy concerns over access to the content we create on the Internet have taken the focus away from data we put out there for companies to collect, but that is where our primary concerns should be, Aditya Chakrabortty reports in a column for The Guardian. Search engines, online retailers and other Web-based companies "have only got better at taking our information and analysing it," Chakrabortty writes, while, "we have handed over intimate information--in clicks and search terms and hours of browsing--about ourselves with barely any questions asked." The result, he suggests, is making "commercial Internet enterprises the under-regulated custodian of our most intimate intentions and secrets...and it's a database worth billions."
Full Story

SOCIAL NETWORKING

Privacy Officials’ Reactions Split Over Facebook Changes (May 27, 2010)

Canada's federal and provincial privacy commissioners are offering different opinions based on their first reviews of Facebook's announcement of its new privacy settings. Assistant Privacy Commissioner Elizabeth Denham cautioned that the social networking site is still not compliant with federal privacy laws, noting the new settings still require public disclosure of user names, profile information, pictures, gender and networks, The Globe and Mail reports. "They have dialed it back a bit...but we don't think they have gone far enough," Denham said. Ontario Privacy Commissioner Ann Cavoukian had a more positive reaction, saying she is "very pleased with the response," but adding that her office will be reviewing the changes in the weeks ahead because "the devil is in the details, or in this case, the devil is in the default." Meanwhile, Gartner analyst Ray Valdes suggests Facebook's move could affect the privacy policies of other technology companies, saying, "Facebook is a very large canary in the coal mine...Competitors are watching to see how much Facebook can get away with and what are the limits that are considered acceptable by government and users." Facebook Vice President Christopher Cox has said the company will be consulting with Canada's federal privacy commissioner on the office's specific concerns.
Full Story

DATA LOSS—UK

HMRC Investigates Tax Data Breach (May 27, 2010)

Her Majesty's Revenue and Customs (HMRC) is investigating a breach involving taxpayer data, The Register reports. HMRC sent 50,000 letters to tax credit recipients, some of which contained details about other taxpayers, the report states. The agency has not disclosed how many customers have been affected by what it describes as a printer's error. "HMRC takes data security extremely seriously," a spokeswoman said. "Unfortunately, an error has occurred in one of the tax credit print runs causing some customer information to be wrongly formatted." The breach comes as the agency works to implement Poynter Review data protection recommendations made after the 2007 data breach involving HMRC's child benefit database.
Full Story

PRIVACY LAW—CANADA

Opinion: C-29 Disappoints (May 27, 2010)

A Canadian scholar weighs in on one of two bills tabled by Industry Minister Tony Clement this week, calling C-29--the Safeguarding Canadians' Personal Information Act--a "huge disappointment." On his blog, University of Ottawa law professor Michael Geist describes the bill to amend the country's private sector privacy law to include breach notification requirements as "very weak when compared with similar laws found elsewhere." Geist cites a lack of penalties for failures to notify and outlines the bill's new business exceptions, concluding that "C-29 does not do nearly enough to advance the Canadian privacy law framework in a manner that actually protects personal privacy."   
Full Story

ONLINE PRIVACY

Google Unable to Meet Regulators’ Data Deadline (May 27, 2010)

Google will not comply with requests from regulators in Germany and Hong Kong to surrender data collected from unsecured wireless networks, citing the need to address the "legal and logistical process for making data available." The New York Times reports that Google implied German privacy laws were preventing the disclosure, but Hamburg Data Protection Supervisor Johannes Caspar said the request would not constitute "criminal behavior" so there was "no apparent reason to still withhold the data from us." According to Hong Kong Privacy Commissioner Roderick B. Woo, Google is not "taking the matter seriously enough. Unless some remedial measures are taken by Google promptly, I shall have to consider escalating the situation and resort to more assertive action." In the U.S., meanwhile, where lawsuits continue to be filed over the company's WiFi data collection, the House Committee on Energy and Commerce has sent a letter to Google seeking details on how it "accidentally collected private data." (Registration may be required to access this story.)
Full Story

BEHAVIOURAL TARGETING—UK

OFT Plans Could Signal More Oversight (May 27, 2010)

The British Office of Fair Trading (OFT) announced Tuesday that it will back a self-regulatory approach to behavioural advertising practices. But the agency also voiced concerns about privacy issues and said it is working with the Information Commissioner's Office to strengthen regulations "should industry action prove ineffective." A Financial Times report suggests this might be "the first hint that the OFT and the Information Commissioner's Office could bring formal regulation to what has previously been a self-governing sector." AFP outlines the privacy concerns associated with behavioural advertising in this report.
Full Story

HEALTHCARE PRIVACY—U.S.

Workgroup: Encrypt Patient Data (May 27, 2010)

The Health IT Policy Committee's privacy and security workgroup has recommended that healthcare providers encrypt patient data even in direct exchanges with other providers and in cases not facilitated by third-party organizations, Healthcare IT News reports. At its May 19 meeting, the workgroup proposed policies for encryption, identity verification and usable personal information, the report states. The workgroup took the perspective of what a "reasonable patient would expect," said Deven McGraw, the panel's co-chair. "If strong policies...are in place and enforced, we don't think this scenario needs any additional individual consent beyond what is already required by current law."  
Full Story

ONLINE PRIVACY—U.S.

Study: Young Adults Are Most Privacy Proactive (May 27, 2010)

According to a study conducted by the Pew Internet & American Life Project, young adults are more likely to pay attention to online privacy than most people think, reports Ars Technica. The study shows that 18 to 29-year-olds keep tighter control of their online personas than any other age group. Seventy-one percent have changed their privacy settings on social networking sites and they have been consistent in this practice since 2006. Another major finding, the report states, is that no matter their age, people who are most aware of others viewing their online behavior are also the most likely to closely manage their privacy settings.
Full Story

PRIVACY LAW—EU

Working Party: Search Engines Violate EU Data Protection Rules (May 26, 2010)

The Article 29 Data Protection Working Party announced Wednesday that search engine operators Google, Microsoft and Yahoo are noncompliant with the EU's data protection rules. The group sent letters to the companies, U.S. Federal Trade Commission and EU Commissioner Viviane Reding specifying that the methods used to make search data anonymous do not comply with the EU's Data Protection Directive. The Working Party also wants the time period in which data is kept before it is made anonymous reduced to six months. The Wall Street Journal reports that while Yahoo and Microsoft fall within that timeframe, Google has responded that it keeps search queries for nine months to provide "the best experience for users both in terms of respect for their privacy and the quality and security of our services." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Facebook Unveils Simpler Privacy Controls (May 26, 2010)

Facebook announced today its plans for simplified privacy settings, including giving users a single control for their content. "The net effect of that is that all applications are going to have restricted access to your personal information," Facebook CEO Mark Zuckerberg said at a press conference on the new privacy settings. The conference came in the wake of international concerns about changes to the site's privacy policy and in the midst of social networking privacy becoming a topic of conversation around dinner tables and a focus for mainstream media and primetime television alike. "The number one thing we've heard," Zuckerberg said, "is that there just needs to be a simpler way to control your information."
Full Story

PRIVACY LAW—CANADA

Gov’t Tables Anti-Spam Legislation (May 26, 2010)

The Canadian government yesterday tabled what Industry Minister Tony Clement described as long-overdue legislation--an anti-spam law that would impose up to $1 million penalties and would allow for civil actions against violators. Clement said the Fighting Internet and Wireless Spam Act would result in "a significant diminution" of spam and would nix Canada's reputation as a haven for spammers, The Vancouver Sun reports. The Office of the Privacy Commissioner would enforce the legislation, which would also see the creation of a spam reporting centre. University of Ottawa law professor Michael Geist praised the bill and predicted its swift passage.
Full Story

PRIVACY LAW—CANADA

Proposed PIPEDA Amendments Would Require Breach Notifications (May 26, 2010)

Proposed amendments to Canada's private sector privacy law would require that companies report material data breaches to the Office of the Privacy Commissioner and notify affected individuals in cases involving significant risks, The Vancouver Sun reports. The government tabled the proposed amendments on Tuesday. They would require companies to notify affected individuals "when the organization deems the breach to pose a real risk of significant harm, such as identity theft, fraud or damage to reputation." Privacy Commissioner Jennifer Stoddart welcomed the proposal, but Janet Lo of the Public Interest Advocacy Centre said "that's a really, really high trigger threshold to inform the individual." University of Ottawa law professor Michael Geist described the Safeguarding Canadians' Personal Information Act as "the anti-privacy privacy bill."
Full Story

PRIVACY LAW—EU & U.S.

Commission Adopts Draft Mandate on EU-U.S. Data Transfers (May 26, 2010)

The European Commission has adopted a draft mandate to negotiate a personal data protection agreement between the EU and U.S. for information shared during criminal investigations or anti-terrorism efforts, the Kuwait News Agency (KUNA) reports. The goal is to ensure protection of personal information such as passenger data or financial records transferred during instances of transatlantic cooperation in criminal matters, the report states. According to a statement from the commission, "The agreement would enhance the right of citizens to access, rectify or delete data, where appropriate. EU citizens would receive a right to seek judicial redress in the U.S. if their data is unlawfully processed."
Full Story

BEHAVIORAL TARGETING—UK

OFT Allows Internet to Self-Regulate (May 26, 2010)

The Office of Fair Trading (OFT) is giving Internet companies a chance to oversee their behavioral advertising practices, The Guardian reports, but is also putting plans in place for more regulations, if necessary. The OFT, which launched an investigation last year into how companies use data gleaned from the Internet habits and personal information shared by Web users to target advertising, announced Tuesday that it will back a self-regulatory approach through the Internet Advertising Bureau. However, referencing concerns about privacy issues and the misuse of personal data, the OFT is also working with the Information Commissioner's Office to strengthen regulations "should industry action prove ineffective."
Full Story

DATA PROTECTION—EU & U.S.

Privacy Group: Safe Harbor Certification Does Not Guarantee Compliance (May 26, 2010)

The Düsseldorfer Kreis, an informal group of Germany's private sector data protection entities, is cautioning that even if U.S. companies are part of the Safe Harbor data protection agreement, European companies should not take their word on compliance with EU privacy requirements. OUT-LAW.com reports that the group instead urges EU firms to conduct their own reviews of U.S. companies certified under Safe Harbor as complying with similar privacy standards to those enforced in the EU. "At the very least, the exporting company must clarify when the Safe Harbor certification of the U.S. company was issued," the Düsseldorfer Kreis recommends, noting that, "Any certification older than seven years old is not valid."
Full Story

EMPLOYEE PRIVACY—CANADA

Commissioner Probes Credit Checks (May 26, 2010)

Alberta's privacy commissioner is investigating why some Alberta government employees were the subject of credit checks earlier this year, The Edmonton Journal reports. The Alberta Union of Provincial Employees is calling Alberta Justice's credit checks on 27 employees--revealed by an anonymous tipster after employees noticed flags on their credit reports--an "unnecessary invasion of privacy." The union has filed a grievance against the government. In a letter to those affected, Deputy Minister Ray Bodnarek apologized and said proper procedures and government-wide protocols had not been followed, but records of the credit checks had since been destroyed. "I take this matter very seriously and have further instructed that internal mechanisms are established and followed to ensure this type of error does not occur again," he said.
Full Story

ONLINE PRIVACY

Opinion: The Most Powerful Privacy Setting (May 26, 2010)

Like pulling the blinds or sharing one's Social Security number, our actions impact our privacy. Choosing not to engage in privacy-degrading activities on the Internet is "the most powerful privacy setting," according to Jim Harper of the Cato Institute. "Declining to engage in activities that emit personal information protects privacy. Not broadcasting oneself on Facebook protects privacy. Not going online protects privacy," Harper writes on the Cato@Liberty blog. But while users are in control of their privacy on social networking sites, they cannot choose whether to participate in "government-sponsored incursions on privacy," Harper adds, citing recent calls for a national ID system.
Full Story

SOCIAL NETWORKING

Will Privacy Concerns Drive Users Away from Facebook? (May 26, 2010)

Despite criticism over the way Facebook handles personal information, users are flocking to the world's largest social networking site, Businessweek reports. As of last month, Facebook had more than 519 million users, the report states, up from the 411 million it had eight months ago. Meanwhile, an online survey of more than 5,000 Mashable readers offered a different perspective, with about 30 percent indicating that due to concerns about the way the site handles personal information, they plan to leave Facebook. Despite those concerns, analyst Augie Ray of Forrester Research suggests, "I don't think we're going see an immediate and large migration away from Facebook. There isn't a real clear alternative for people to do the sorts of sharing that they've really come to expect and enjoy."
Full Story

Zeitgeist: Social Networking Privacy? (May 26, 2010)
In a press conference held Wednesday, Facebook CEO Mark Zuckerberg announced plans for simplified privacy settings, including a single control for user content, more powerful controls for basic information and easy options for turning off site applications. For example, users will now be able to choose who can see their friends and pages.

SOCIAL NETWORKING

Zuckerberg Admits Mistakes, Discusses Intentions (May 25, 2010)

When it comes to privacy, Facebook CEO Mark Zuckerberg is admitting to making mistakes and promising to fix the problems, CNN reports. "I know we've made a bunch of mistakes, but my hope at the end of this is that the service ends up in a better place and that people understand that our intentions are in the right place," Zuckerberg wrote in a letter on Sunday, noting the company plans to address the privacy concerns. "There needs to be a simpler way to control your information," Zuckerberg wrote in an op-ed published in The Washington Post on Monday, noting the company "will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services."
Full Story

ONLINE PRIVACY—AUSTRALIA & NEW ZEALAND

Officials Denounce Google Over WiFi Data Collection (May 25, 2010)

Privacy commissioners in Australia and New Zealand have joined many of their counterparts across the globe in investigating the company's admission that its Street View vehicles had gathered personal data from unsecured wireless networks around the world. Describing actions Google has taken so far to address the issue, New Zealand Privacy Commissioner Marie Shroff said she is joining other commissioners to consider whether its plan to keep information about personal networks and signal strength is acceptable in terms of privacy law. Meanwhile, Australia Communications Minister Stephen Conroy, a proponent of Internet filtering, has denounced Google, Financial Times reports, describing the data collection as "probably the single greatest breach in the history of privacy." (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—U.S.

Human Error Continues to Put Records at Risk (May 25, 2010)

InformationWeek reports that although technological advancements and laws have made patient data more secure, human error continues to put medical records at risk. During a recent e-health panel at a symposium in Cambridge, Massachusetts, healthcare CIOs talked about the importance of training and reminding employees about ways to protect patient records, including securing laptops and mobile devices. The CIOs agreed that all healthcare facilities need to pay attention to audits and tracking through access and control software and that employees caught snooping in patient records should be fired, the report states. According to Julie Boughn, CIO of the Centers for Medicare and Medicaid Services, trust will be the key to adopting healthcare IT.
Full Story

TRAVELERS’ PRIVACY—U.S.

A “Watch List” for Disrespectful Fliers? (May 25, 2010)

A Transportation Security Administration (TSA) database aimed at preventing violence against airport screeners is raising privacy concerns, USA Today reports. According to a TSA report, the database includes such information as names, birth dates, Social Security numbers, home addresses and phone numbers of aggressors, victims and witnesses involved in airport incidents where threats, bullying or verbal abuse against TSA employees or excessive displays of anger have occurred. Advocates are concerned the database could lead to additional airport screening for innocent travelers. "Is this going to be the baby watch list?" asks American Civil Liberties Union lawyer Michael German. "There's a potential for the misuse of information or the mischaracterization of harmless events as potential threats."
Full Story

HEALTHCARE PRIVACY—U.S.

Officials Investigate Possible Patient Privacy Breaches (May 25, 2010)

North County Times reports that officials at a California hospital are investigating a possible breach of patient privacy involving Facebook. Tri-City Medical Center spokeswoman Courtney Berlin said last week that hospital officials are looking into alleged incidents where employees may have posted patient information onto the social networking site. Berlin refuted the rumor that 26 employees had been fired or suspended. Recently, large healthcare companies have begun taking social networking more seriously, the report states, and some have enacted social media policies.  
Full Story

ONLINE PRIVACY—U.S.

Advocates Slam AG’s Attempt to Identify Web Posters (May 25, 2010)

Efforts by the Pennsylvania Attorney General's Office to subpoena Twitter to determine whether a former legislative aide was the anonymous writer behind Internet postings about a court case have come under fire from privacy advocates, The Philadelphia Inquirer reports. Prosecutors withdrew the subpoena, the report states, but advocates continue to denounce it as an invasion of privacy. Meanwhile, Deputy Attorney General E. Marc Costanzo is pointing to the potential "chilling effect" of such posts on witnesses and jury members, suggesting, "This whole realm of the law is going to have to be something that gets ultimately addressed by our courts and our legislature." On the federal level, calls are going out to revise the Electronic Communications Privacy Act.
Full Story

HEALTHCARE PRIVACY—U.S.

MGMA Details HIPAA Concerns (May 25, 2010)

The Medical Group Management Association (MGMA) believes that expanding HIPAA disclosure requirements is burdensome and will hinder electronic health record (EHR) adoption, InformationWeek reports. In a letter to the Department of Health and Human Services Office for Civil Rights, MGMA called for significant modifications to the new HIPAA disclosure requirements, stating that they run "counter to the nation's efforts to improve patient care and reduce waste and inefficiency." Meanwhile, BlueCross BlueShield of Tennessee has shared its "lessons learned" after addressing HITECH notification requirements for a breach that affected nearly one million customers. The company's actions include improved server protection with added encryption and appointing a chief security officer.
Full Story

SOCIAL NETWORKING

How Facebook is Redefining Privacy (May 25, 2010)

Facebook and privacy are the subjects of the cover story for TIME Magazine's May 31 edition. Author Dan Fletcher offers an extensive look at the company and its co-founder and CEO, Mark Zuckerberg, who has come under fire recently for a continued loosening of user privacy defaults. Fletcher writes that for many people, Facebook is a second home, and goes on to examine the cultural shift that is occurring due to advancements in sharing. "Facebook has changed our social DNA," he writes, "making us more accustomed to openness." But, Fletcher continues, "the site is premised on a contradiction." It is rich in intimate opportunities, "but the company is making money because you are, on some level, broadcasting those moments online."
Full Story

HEALTHCARE PRIVACY—U.S.

Physicians, AMA Sue FTC (May 24, 2010)

The American Medical Association (AMA), American Osteopathic Association and the Medical Society of the District of Columbia have filed a lawsuit against the Federal Trade Commission (FTC) for defining physicians as "creditors" under its Red Flags Rule, HealthLeaders Media reports. Beginning June 1, the Red Flags Rule will require the verification of patient identities before providing treatment. The physician groups contend that the requirement to set up identity theft prevention and detection programs is unnecessary because they are already bound by the Health Insurance Portability and Accountability Act. They argue that the FTC acted beyond its authority because physicians are not creditors and patients are neither accountholders nor customers under the Fair and Accurate Credit Transactions Act, the report states.
Full Story

ONLINE PRIVACY

A Perfect Privacy Storm? (May 24, 2010)

In the wake of concerns about how the world's largest social networking site shares user information, Facebook founder Mark Zuckerberg is promising his company will make it simpler for users to control their data on the Internet, The Washington Post reports. Meanwhile, Google has announced it is adding Secure Sockets Layer (SSL) encryption to its search engine following the admission it accidentally collected user data from unsecured WiFi networks across the globe. From Europe to Australia, officials and advocacy groups are calling for investigations, and in the U.S., the Electronic Privacy Information Center suggests Google broke federal wiretapping laws by collecting residential data. "Thanks to both Google and Facebook, we have all the elements of a perfect privacy storm," said Jeffrey Chester of the Center for Digital Democracy. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—CANADA

Experts: Facebook Could Face Day in Court (May 24, 2010)

In the wake of a report of social networking sites providing user information to advertisers, and in response to assertions that Facebook must get serious about privacy if it wants to continue to grow, the world's largest social network has pledged to offer its users simplified privacy choices. Privacy experts in Canada predict, however, that the site's failure to "honor its commitments" to the Office of the Privacy Commissioner (OPC) will end in court, The Vancouver Sun reports. The OPC is considering an investigation into Facebook for new violations of Canada's privacy act, the report states. "My guess is by September, we're in Federal Court," said David Fewer of the Canadian Internet Policy and Public Interest Clinic, "and it's about time, too."
Full Story

ONLINE PRIVACY

The Dangers of “You Are What You Buy” Sites (May 24, 2010)

Shoppers are sharing everything from how much they paid for lunch to where they're traveling through purchase-based networking sites Blippy and Swipely, prompting privacy advocates to warn such information could be at risk. The Washington Post reports on concerns about divulging "a dangerous level of personal financial information" that could be gold for behavioral advertisers. Blippy users, for example, share details on about $1.5 million worth of transactions every week, the report states, and give the company access to credit, debit and online accounts to create purchase histories and post new transactions to the site. "Blippy already knows what you're doing with every swipe," the report states, "And friends, or strangers, can join your network and watch your money leave your wallet." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—SWITZERLAND

Thür: A Change in Legislation Needed (May 24, 2010)

According to Swiss Data Protection Commissioner Hanspeter Thür, new rules should be put in place to regulate Internet service companies that handle sensitive personal data, reports swissinfo.ch.  "A change in legislation is needed...for all IT applications," Thür told the Sonntag newspaper. "Everyone that offers applications on the market that could harm personal rights must be certified." The commissioner is currently in a legal dispute with Google over its Street View mapping service, as well as part of a multinational effort taking the company to task for collecting personal data from unprotected wireless networks while taking pictures for Street View.
Full Story

PRIVACY LAW—U.S.

Coalition Calls for ECPA Overhaul (May 24, 2010)

A coalition of companies and advocacy groups is calling for an overhaul of the Electronic Communications Privacy Act (ECPA), arguing that the law is outdated given the proliferation of cloud computing and mobile devices, Internet.com reports. The Digital Due Process coalition briefed congressional staff on Capitol Hill Friday. Its members want the 1986 law revised to require law enforcement to demonstrate probable cause and obtain a search warrant before gaining access to information covered under ECPA, among other updates and improvements. Earlier this month, a House Judiciary Committee subcommittee held a hearing on the issue, and Senate Judiciary Committee Chairman Patrick Leahy (D-VT) has said he plans to hold another hearing this year.
Full Story

PRIVACY LAW—IRELAND

Gov’t Group wants Breach Notifications, Sanctions (May 24, 2010)

A government-appointed review group has concluded that data controllers should face sanctions for deliberate or reckless breaches of data protection law, reports The Irish Times. The Data Protection Review Group recommends the creation of a statutory code of practice outlining when data controllers must disclose that a breach has occurred and stating that failure to disclose a breach leads to prosecution. Minister for Justice Dermot Ahern welcomed the report, saying that measures to help prevent data breaches will boost consumers' confidence in e-commerce. He will now consider the report's recommendations at the EU level before deciding if Irish legislation needs to be updated, the report states.
Full Story

PRIVACY LAW—U.S.

Boucher Bill: Burden on Employers? (May 24, 2010)

Federal privacy legislation proposed by Rep. Rick Boucher (D-VA) aimed at regulating online marketers "would impose substantial burdens on virtually every U.S. employer," Philip Gordon writes on the Workplace Privacy Counsel blog. Gordon examines provisions within the bill "that would require almost every employer, regardless of size, to provide every employee and apparently every job applicant with a privacy notice and obtain their affirmative opt-in consent to the employer's collection, use and disclosure of certain categories of personal information." In its current form, he writes, the bill is "substantially burdensome" as "every employer collects at least one category of sensitive information as defined by the bill."
Full Story

GENETIC PRIVACY—U.S.

Student DNA Program Draws Criticism (May 21, 2010)

A program at UC Berkeley that would solicit voluntary DNA samples from students is raising privacy concerns, The Mercury News reports. The university plans to send cotton swabs to 5,500 incoming students, asking them to collect cheek samples to be tested for tolerances to folic acid, lactose and alcohol. The researchers plan to destroy the samples and have put other precautions in place to protect the data. However, criticism from the Council for Responsible Genetics and others has project officials taking another look. Biology Dean Mark Schlissel said, "The rapidity and energy behind the criticism have a validity we have to think about."
Full Story

GENETIC PRIVACY—U.S.

House Votes to Expand DNA Database (May 21, 2010)

By a vote of 357 to 32, the House of Representatives has approved legislation to provide funding to state governments that require DNA samples from adults arrested on suspicions of serious crimes. CNET News reports that while supporters of the plan point to the use of such data to reduce instances of false convictions and to help solve violent crimes, civil libertarians and privacy advocates are concerned about plans to extract DNA from individuals who have not been convicted of a crime. Marc Rotenberg of the Electronic Privacy Information Center said the U.S. should instead follow the example set by the European Court of Human Rights, which has ruled that holding DNA samples from people arrested but not convicted of crimes violates their privacy rights.
Full Story

PRIVACY LAW—RUSSIA

Data Protection Amendments Proposed (May 21, 2010)

Russia's data protection regulator has already received more than 100 recommendations from businesses and data protection professionals as it considers improving the country's data protection law, the Hunton & Williams Privacy and Information Security Law Blog reports. Businesses have pointed to issues with the law, including requirements for digital signatures for online data processing, as being extremely difficult to meet, the report states. The Russian Federal Service for Oversight of Communications, Information Technology and Mass Media, which is proposing amendments to the law, reported that approximately 400 audits conducted in 2009 revealed 86 incidents of noncompliance with the current version.
Full Story

PRIVACY LAW—U.S.

Amazon Gets ACLU’s Support (May 21, 2010)

Amazon.com's refusal to turn over North Carolinians' purchase information to the state's Department of Revenue (NCDOR) now has the backing of the American Civil Liberties Union (ACLU), reports The Hill. "Amazon was right to stand up for the rights of its customers and refuse to turn over their personal information," said Aden Fine, staff attorney with the ACLU's Speech, Privacy and Technology project. The NCDOR requested the data in order to tax citizens' purchases on the site. Fine said, "The ACLU is not taking issue with the Department's authority to collect taxes on the value of these purchases, but there is no legitimate reason why government officials need to know which North Carolina residents are reading what books or purchasing specific brands of products."
Full Story

SOCIAL NETWORKING

Sites Sent User Data to Advertisers (May 21, 2010)

The Wall Street Journal reports that Facebook, MySpace and other social networking sites have been sharing data with advertising companies, potentially in breach of industry standards and their own privacy policies. In reviewing the code of seven sites at the request of the newspaper, Harvard Business School Associate Professor Ben Edelman found that when a user clicks on ads, the sites send the user name or ID numbers tied to the personal profile, giving advertisers the potential to find out more about the person behind the ad. The professor wrote to the Federal Trade Commission yesterday to request an investigation. According to the report, Facebook has changed its code to address the issue. Many of the advertisers receiving the data, meanwhile, said they have not made use of it. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

More Google Inquiries Launched (May 21, 2010)

The list of authorities planning to investigate Google's collection of data from wireless networks continues to grow, The New York Times reports. Officials in Spain, France and the Czech Republic announced Thursday that they plan to investigate the company's admission that it inadvertently collected "snippets of Web sites and e-mail messages" from unsecured WiFi networks, the report states. Germany has already started an inquiry, while regulators in the UK and Ireland have reported they are not initiating investigations but have asked Google to destroy the data collected in their countries. Nations around the globe, including the U.S. and Australia, are also considering what action to take. Privacy lawyers believe the company is likely to face fines and suffer damage to its reputation but not "serious criminal convictions." (Registration may be required to access this story.)
Full Story

BIOMETRICS

Google Execs Debate Facial Recognition Launch (May 21, 2010)

There's an internal debate going on over at Google right now, the Financial Times reports, as the company's executives are wrestling over whether to launch controversial facial recognition technology. Google CEO Eric Schmidt noted that recent public disputes over privacy issues have caused the management team to review its procedures and the launch of new technologies, saying, "Facial recognition is a good example...anything we did in that area would be highly, highly planned, discussed and reviewed." Google currently uses the technology in its photo sharing service, but held back on launching the technology more broadly. Schmidt has not, however, ruled out introducing the technology in the future, the report states.
Full Story

FINANCIAL PRIVACY—ITALY

Police Reviewing Stolen Account Information (May 21, 2010)

Italian finance police investigating instances of possible tax evasion or money laundering are reviewing a list of more than 7,000 Swiss bank accounts stolen by a former bank employee earlier this year, Bloomberg reports. The names are included on a list of 127,000 accounts belonging to 80,000 people, the report states. HSBC previously confirmed that French authorities had obtained details on about 24,000 accounts that were stolen by the employee in March, stating that while the theft posed a threat to client privacy, the data in question would not allow third-party access to the accounts. Tensions persist between Switzerland and countries that are willing to pay for stolen data to pursue tax evaders, the report states.
Full Story

SOCIAL NETWORKING

Facebook Hunkers Down While Users Open Up (May 21, 2010)

The backlash to recent changes by Facebook to make more public users' profiles has resulted in all-hands and closed-door meetings at the company's headquarters, The Wall Street Journal reports. Meanwhile, the U.S. Federal Trade Commission is looking into how social networks use members' data and European regulators are calling on the company to address what they describe as "unacceptable" practices. "The company can't afford not to act" the report states. But one blogger asserts that the privacy concerns are overblown, saying that "FB is a publishing function" and users give up privacy in order to use it. "If you think it's a problem," writes Mark Cuban, "deactivate your account." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—UK

New Center to Support Privacy Cause (May 20, 2010)

Britain's Law Society and Privacy International are teaming up to help usher in a more privacy-sensitive society, the Financial Times reports. On the heels of the new coalition government's promise to "reverse and restrain many of the surveillance systems that have marked its citizens out as the most watched in the world," the groups today launched a center dedicated to helping individuals take part in that effort. The founders hope to shadow the government agenda by "helping create a respect for privacy that reaches into the DNA of society" and by empowering more individuals to bring claims against those alleged to have breached their privacy. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—U.S.

Commerce Dept. Seeking Input on Internet Privacy (May 20, 2010)

The Department of Commerce (DOC) is actively seeking input from Internet users as part of its recent entry into the complex discussions and debate around federal data privacy legislation, Federal Computer Week reports. The DOC will continue to gather public comments on Internet privacy through June 7. Respondents have the chance to comment on a range of topics, including the nation's legal framework for privacy protection, the impact of state and international laws and the effects of data privacy law on trade. Comments received will contribute to the Obama Administration's domestic policy and international engagement on Internet privacy, the report states.
Full Story

ONLINE PRIVACY

Google Leaders React to WiFi Privacy Fallout (May 20, 2010)

Google's Sergey Brin said the company he co-founded "screwed up" when it collected personal data sent over wireless networks through its Street View vehicles and would be putting "more internal controls in place to prevent such data captures in the future," The Wall Street Journal reports. CEO Eric Schmidt also admitted the company had made privacy mistakes, but said the incident is a case of "No harm, no foul" where a "relatively small" amount of unauthorized information was collected. Meanwhile, a federal class action lawsuit has been filed in the U.S. accusing Google of violating privacy by gathering the information, and data protection officials and advocacy groups across the globe are calling for investigations into Google's practices. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Bill Could Mandate Black Boxes in Cars (May 20, 2010)

Privacy interests will likely be watching an auto safety bill that proposes all new cars be equipped with black boxes that record crash data. The Washington Post reports that one of the bill's more controversial elements would require the collection of pre- and post-crash data. While one proposal calls for recording 75 seconds of data, a Virginia Tech researcher says that having more would provide a better picture for post-crash investigations. "From a research point of view," said H. Clay Gabler, "the more data the better." (Registration may be required to access this story.)
Full Story

DATA THEFT—U.S.

Heartland and MasterCard Settle (May 20, 2010)

In its third settlement related to a 2008 data breach, Heartland Payment Systems has agreed to pay out up to $41.1 million to MasterCard issuers that lost money as a result of the breach, reports PCWorld. Affected financial institutions have until June 25 to agree to the deal, the reports states. Heartland's data center was hacked in a string of data thefts resulting in the exposure of payment transactions and more than $100 million in costs so far.
Full Story

BEHAVIORAL TARGETING

Study: Regulations Affect Ads’ Effectiveness (May 20, 2010)

A study conducted by marketing professors concludes that even moderate regulation impacts the effectiveness of ad targeting, reports MediaPost News. The study explored European participants' intent to purchase and compared the results with similar studies carried out in non-EU countries, concluding that online ad effectiveness in Europe is lower by more than 65 percent due to more stringent online privacy laws, the researchers say. Another academic suggests the findings may be due to greater consumer awareness in the EU about targeted ads rather than the regulations.
Full Story

ONLINE PRIVACY

Across the Globe: Google WiFi Fallout Continues (May 19, 2010)

While the UK Information Commissioner's Office has ordered Google to destroy data collected from British home wireless networks, a German regulator is threatening legal action if the company does not hand over a hard drive containing information collected from that country by May 26. Johannes Caspar, Hamburg's data protection supervisor, warns that "until we can inspect one of the hard drives ourselves, we will not know to what extent what kinds of data have actually been stored." Google has said it is willing to destroy the data but has not indicated whether it will provide the requested information to German officials, The New York Times reports. U.S. privacy advocates, meanwhile, agree with Germany that the data should be reviewed, describing its collection as "a major violation of user privacy" that warrants "an independent inquiry," and prosecutors in Germany and privacy officials in Australia have launched investigations into the incidents. EU Justice Commissioner Viviane Reding criticized Google for not cooperating with German privacy officials, saying, "It is not acceptable that a company operating in the EU does not respect EU rules." (Registration may be required to access this story.)
Full Story

DATA PROTECTION—U.S.

FTC Investigating Copy Machine Privacy Risks (May 19, 2010)

The Federal Trade Commission (FTC) is contacting copy machine manufacturers and retailers about privacy concerns related to sensitive data stored on the machines' hard drives, Computerworld reports. Chairman Jon Leibowitz said in a letter to Rep. Ed Markey (D-MA) last week that the FTC is working with manufacturers and sellers to provide educational materials about privacy risks to consumers. Markey called for an FTC investigation after a CBS News report revealed that sensitive data is readily accessible. Markey said most users aren't aware of the risks, including identity theft, "when they place their tax returns, financial records and other personal information on the copier and hit the start button."
Full Story

PRIVACY LAW—FRANCE

Bill Shows Commitment to Data Protection (May 19, 2010)

Whether or not legislation "intended to better guarantee the right to privacy in the digital age" under review by the Law Commission of the French National Assembly is passed in its current form, its existence "demonstrates the importance attached to the protection of personal data by the French lawmaker," explain Cynthia O'Donoghue and Daniel Kadar of Reed Smith LLP. The bill's goals include educating students about the exposure of personal information on the Internet, reinforcing the obligations of data processors and increasing the powers of the Commission Nationale de l'Informatique et des Libertés (CNIL)--including doubling the potential fines for infringements. The bill won strong majority support in the Senate, the report states, but does not have the French government's backing and is not likely to be passed without changes.
Full Story

ONLINE PRIVACY—U.S.

Expert: Saying “No” is Good PR (May 19, 2010)

An Indiana University privacy researcher believes it is good public relations for companies to refuse government requests for data. From consumer reaction to instances where companies have "too willingly" shared their data with the government to the cost of incidents where customers or civil liberties groups file suit over access, Chris Soghoian says it is in the best interest of companies to put forethought into how networks are designed and carefully plan how they respond to government requests or make it a point not to store data, PC World reports. "If you don't log it, there's nothing for them to come and get," he said.
Full Story

SOCIAL NETWORKING

Facebook to Roll Out Simple Privacy Options (May 19, 2010)

Responding to backlash about recent changes to the site's default privacy settings, a Facebook official said the company will roll out new "simplistic" privacy options for its users in the coming weeks, Wired reports. "Now we've heard from our users that we have gotten a little bit complex," said Tim Sparapani, Facebook's head of public policy, in a radio interview yesterday. "We are going to be providing options for users who want simplistic bands of privacy that they can choose from." The news follows criticism from U.S. senators, advocacy groups and Europe's Article 29 Working Party.
Full Story

HEALTHCARE PRIVACY—U.S.

Study: HITECH Hasn’t Stopped Leaks (May 19, 2010)

A study by Dartmouth College's Tuck School of Business shows that eight months after enacting the HITECH Act, organizations are still leaking information through peer-to-peer (P2P) networks, reports Computerworld. The study searched P2P networks for healthcare-related keywords and found that health information was just as accessible as it was before the implementation of stronger data controls required under the HITECH Act. The study found that 20 percent of the documents uncovered in the search contained data protected under the HITECH Act. According to the report, data leaks often happen when users improperly install software onto computers that store personal information.
Full Story

HEALTHCARE PRIVACY—U.S.

HHS Proposes Survey of Patients (May 19, 2010)

HealthImaging.com reports that the Department of Health and Human Services (HHS) plans to conduct a study to address "an evidence gap about patients' preferences and perceptions of delivery of healthcare services by providers who have adopted EHR systems in their practices." The proposed "Patient Perceptions of EHR" study will survey 840 patients of healthcare providers currently using EHRs to get their opinion on the quality of their care. The aim is to help policymakers understand how EHRs affect patients' medical care, communication with their doctor and coordination of care, the report states.
Full Story

IDENTITY THEFT—U.S

LifeLock CEO Victim of 13 ID Theft Incidents (May 19, 2010)

The CEO of a credit monitoring services company has been the victim of identity theft 13 times, Computerworld reports. LifeLock CEO Todd Davis, who is notorious for publishing his Social Security number (SSN) in numerous advertisements to demonstrate confidence in his company's product, says not all of the instances were "true identity thefts." The Phoenix New Times first reported Davis had been victimized by thieves who used his SSN to open cellular phone and utility accounts and to purchase gifts. Davis noted that the 13 successful attempts were among "hundreds" that were prevented by LifeLock's product.
Full Story

ONLINE PRIVACY

Authorities Move Toward Google Investigation (May 18, 2010)

Privacy authorities from across the globe may investigate Google following the disclosure that it gathered personal data while using its Street View vehicles in an attempt to collect WiFi addresses for improved service, the Financial Times reports. Peter Schaar, Germany's data protection commissioner, is calling for a "detailed probe" into what one privacy expert said could be "one of the most massive surveillance incidents by a private corporation that has ever occurred." A complaint has been filed with the U.S. Federal Trade Commission, and Google has deleted data gathered in Ireland at the request of the Data Protection Authority. Privacy commissioners in Australia and Hong Kong are also voicing concerns over the company's access to personal information. "We didn't want to collect this data in the first place," a Google spokesman said, "and we would like to destroy it as soon as possible."
Full Story

PRIVACY LAW—GUAM

Senators Introduce Privacy Bill (May 18, 2010)

Lawmakers in Guam have introduced The Guam Privacy Protection Act, reports KUAM News. Senators Ray Tenorio (R) and Adolpho Palacios (D) say the bill will mirror the federal Privacy Protection Act of 1980, which regulates newsroom searches. Bill 398 comes on the heels of an incident last week involving the Guam Police Department's search of a KUAM newsroom. "This local statute...would actually provide for a penalty--not just disallow what was obtained during a search in a newsroom," Palacios said. According to Tenorio, violators will face civil and criminal penalties. The bill provides for third-degree felony charges.
Full Story

SOCIAL NETWORKING

MySpace Launches Simplified Privacy Settings (May 18, 2010)

MySpace has announced it has created simplified privacy settings for user information, The Wall Street Journal reports. The new controls include giving users the option of selecting one privacy setting for all their information as well as choosing whether to make their profile public to friends only, to all users over the age of 18 or to everyone. MySpace users also have the ability to block the sharing of their information with other Web sites or third-party applications, the report states. In disclosing the company's new policies, MySpace Co-President Mike Jones said, "we want to get out and state a clear position so that our users understand that we take privacy very seriously." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Bill Would Allow for Video Cameras on Dashboards (May 18, 2010)

California's state assembly passed a bill yesterday that would allow video recorders to be installed on vehicles' dashboards. AB1942, which passed 49-0, is supported by those who hope the cameras will ensure safe driving and help determine fault in accident claims, The Mercury News reports. But in a letter to the bill's author, Assemblyman Nathan Fletcher (R-San Diego), the American Civil Liberties Union said the bill should specify that the recorded data belongs to the vehicle owner and that employees should have the right to refuse being recorded. "You want safety precautions, but on the other hand, an individual's sense of autonomy and privacy has to be protected," said an ACLU spokeswoman.
Full Story

SOCIAL NETWORKING—UK

Report: UK Users Are Limiting Profile Access (May 18, 2010)

A report released Monday states that British subscribers to social networking sites such as Facebook are limiting those who can see their online profiles to friends and family, The Washington Post reports. Ofcom, Britain's communications regulator, released a portion of its Media Literacy reports that shows that in 2009, 80 percent of adults with a social networking profile allowed only friends and family to view their profiles, compared with 48 percent in 2007. The findings come as regulators and lawmakers worldwide examine ways to protect consumers' privacy in the social era. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—U.S.

Experts: Get Serious About Patient Data Protection (May 18, 2010)

A HealthLeaders Media report suggests that providers must start taking privacy regulations seriously and should ensure that portable devices are encrypted in order to better protect patients' personal health information. Recent breaches involving stolen laptops underscore the need for encryption, as do statistics on the HHS Office for Civil Rights' Web site that show 25 percent of reported large patient data breaches involved a laptop. "Providers must start taking the regulations seriously and must take the steps necessary to protect patient information, especially on these most vulnerable portable devices," said the privacy and security officer of a Jackson, Mississippi, hospital.  
Full Story

ONLINE PRIVACY

Tracking Web Users? No Cookies Necessary (May 18, 2010)

Deleting those cookies from your Web browser is not enough to protect your privacy online, an Electronic Frontier Foundation computer scientist asserts in a paper due to be formally presented this summer. CNET News reports on Peter Eckersley's findings that modern browsers have been designed to provide Web sites with "a torrent of information thought to be innocuous" that can actually become personally identifiable when taken in combination and compared with other browsers. Eckersley said the law should treat these "browser fingerprints" as personally identifiable information and is recommending changes to ensure browsers send less information about their configuration settings to Web sites.
Full Story

ONLINE PRIVACY

Google Confesses, Regulators React (May 17, 2010)

European officials are reacting angrily to Google's admission that it has been recording private data sent over unencrypted residential wireless networks in countries around the world since 2006, The New York Times reports. The company acknowledged in a blog post on Friday that its Street View cars, which have been photographing cities and towns worldwide for the company's mapping feature, have also been collecting "samples" of data from open WiFi networks. Google says it will hire an independent auditor to determine what has been collected and will delete the data as soon as possible. "This was obviously a mistake, and we are profoundly sorry," a spokesperson from its Hamburg offices said. Australia's privacy commissioner is scheduled to discuss the issue with Google Australia today. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—U.S.

What Does Your Favorite Charity Know About You? (May 17, 2010)

The value of your home. How much your stock holdings have increased. What night of the week you're most likely to be home to answer the phone. How much you make per year. These are all facts that your favorite charities may have gathered about you as they search for prospective donors, The Wall Street Journal reports. Some nonprofit hospitals, for example, will use such data to give VIP treatment to potential donors, the report states. According to one marketing research firm, nearly half of all charities now use donor research tools to help focus on those who are most likely to give. With so much data publicly available, the report states, "There are virtually no limits to the snooping charities can do." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

WV Education Bill Raising Privacy Concerns (May 17, 2010)

A proposal by West Virginia Gov. Joe Manchin to require regular health screenings for public school students is raising privacy concerns, West Virginia Public Broadcasting reports. The bill seeks to broaden the current practice of mandating health screening tests for students who enter the public school system to include comprehensive examinations upon entering school and again in the third, sixth and ninth grades. However, WV House Education Committee Vice Chairman Brady Paxton said there are privacy concerns around the proposal. "Everybody's scared to death about their identity theft now," he said, "and they're scared that those things would get out."
Full Story

BEHAVIORAL TARGETING—U.S.

Is There Middle Ground Between Privacy and Profit? (May 17, 2010)

The online behavioral targeting focus in a privacy bill proposed by Rep. Rick Boucher (D-VA) relates to what ClickZ News columnist Amy Manus calls the "new 'church and state'--that fine line between making a buck and consumer privacy issues." In balancing online advertising with consumer privacy, Manus points to a recent study that indicated 88 percent of those responding "would like to see more targeted offers from brands they trust." When it comes to behavioral targeting, Manus suggests, "there has to be middle ground, giving a higher level of privacy to consumers while not significantly compromising the ability to successfully target, optimize and measure advertising effectiveness."
Full Story

DATA LOSS—U.S.

Two Entities Report Breaches (May 17, 2010)

The Los Angeles Firemen's Credit Union has notified some of its members that their personal information, including account and Social Security numbers, may have been compromised, Credit Union Times reports. The credit union's CEO said that "an extremely small percentage" of its 28,000 members' information was exposed when the credit union changed locations and that it is reviewing its "operational policies and procedures to ensure this type of situation never happens again." Meanwhile, New Mexico's Human Services Department is informing about 9,600 members of its Medicaid health plans that their personal information may have been compromised after a subcontractor's laptop was stolen.
Full Story

DATA LOSS—U.S.

House Committee to Discuss Breaches (May 17, 2010)

A House committee will discuss recent data breaches at the Veterans Affairs Department during a hearing on Wednesday, Federal Times reports. One of the breaches involved more than 600 veterans whose information was exposed when a government contractor's unencrypted laptop was stolen, the report states. In a letter to VA Secretary Eric Shinseki, Rep. Steve Buyer (R-IN) suggested that the department is neglecting its responsibility to protect veterans' personal information.
Full Story

SOCIAL NETWORKING

Article 29 Working Party Condemns Privacy Changes, Facebook Announces New Security Features (May 14, 2010)

Europe's Article 29 Working Party sent a letter to Facebook this week, informing the social networking site that "it is unacceptable that the company fundamentally changed the default settings on its social networking platform to the detriment of a user," the Christian Science Monitor reports. The Working Party is calling for default settings that allow users to self-select the contacts that will be able to view their information as well as for maximum user control when it comes to third-party applications on social networks. Meanwhile, the company has announced that it will roll out new security features, including unusual activity notifications and login verifications.
Full Story

DATA LOSS—U.S.

Army Reserve Notifies 207,000 of Laptop Theft (May 14, 2010)

The Army Reserve is notifying 207,000 reservists that a laptop containing their sensitive data and that of their family members was stolen from the office of a government contractor, GovInfoSecurity reports. The data was contained on a CD-Rom within one of three laptops stolen from the Reston, Virginia, offices of Serco, Inc. "The Army Reserve takes the management and protection of personally identifiable information very seriously and will take lessons learned from this incident...and will incorporate necessary changes to ensure our PII is properly protected and safeguarded," said Lt. Col. Ben Zoller.
Full Story

SOCIAL NETWORKING—U.S.

Could CA Election Be “Litmus Test” on Consumer Privacy Concerns? (May 14, 2010)

Former Facebook Chief Privacy Officer Chris Kelly's campaign to become California's attorney general "will be a litmus test" for how privacy issues resonate with the public, The New York Times reports. Kelly has said that his work collaborating with privacy regulators, attorneys general and international officials to establish safeguards related to privacy has prepared him for being attorney general. Kelly, who criticized Facebook's most recent changes to its privacy practices, is quoted as saying that many of the complaints the company has received about privacy reflect a disconnect between the privacy views of regulators and those of the company, which sees sharing certain information as beneficial, as long as it is properly controlled. (Registration may be required to access this story.)
Full Story

PRIVACY—U.S.

Oversight Board Still Empty (May 14, 2010)

The Obama Administration still has not appointed members to the Privacy and Civil Liberties Oversight Board. CNET News reports that Rep. Jane Harman (D-CA) yesterday reiterated urgings for the president to fill the board, which was created in 2004 based on the recommendation of the 9-11 Commission. Harman, who is head of the Homeland Security Committee, said reconstituting the board would "go a long way toward making sure that all the practices we're talking about by fusion centers and new regulations and proposed legal remedies comply fully with our constitution."
Full Story

BEHAVIORAL TARGETING—U.S.

Leibowitz Bullish about Self-Regulation, Hints about Harm (May 14, 2010)

During a speech in Los Angeles this week, FTC Chairman Jon Leibowitz expressed hope in the online advertising industry's ability to self-regulate but also signaled that the FTC may begin looking at the "harm" factor differently, MediaPost News reports. "In the FTC's more traditional consumer protection work, we often look to stop practices that cause consumers tangible harm. But wouldn't that miss a serious part of the value of privacy to consumers?" Leibowitz asked. "How can we put a price on the unease of knowing that strangers out in cyberspace might be compiling detailed dossiers about you?"
Full Story

SOCIAL NETWORKING—CANADA

Users Committing “Facebook Suicide” (May 14, 2010)

If online searches are any indicator, there is a growing movement afoot to cut ties with the world's most popular social networking site over its controversial privacy amendments. That is the focus of a report in The Montreal Gazette that points to Google Canada's recent reports that "the top online search related to 'Facebook account' is 'delete Facebook,' while the fastest-rising related query is 'deactivate Facebook account,' up 40 percent over the past 90 days." According to Amy Muise of the University of Guelph, who received a grant from the Office of the Privacy Commissioner to study the site, "To be on Facebook, and use it for what it's good for, you do have to risk your privacy. And we're starting to see a backlash over that."
Full Story

DATA PROTECTION—U.S.

Rep. Buyer Points to Procurement Failures (May 14, 2010)

An unencrypted laptop containing the personal information of 644 veterans was stolen from a Veterans Affairs Department (VA) contractor earlier this year, causing House Veteran Affairs Committee member Rep. Steve Buyer (R-IN) to investigate the data security measures of other VA contractors, reports Nextgov. In 2006, the VA began requiring all laptops containing veterans' personal information to be encrypted; however, a 2009 review found that many VA contracts failed to include the required information security clause. "There is a preponderance of evidence of a severely dysfunctional and broken procurement process in the Veterans Health Administration," said Buyer. The House VA committee has a hearing on the topic scheduled for May 19.
Full Story

SOCIAL NETWORKING

New Sites Rattle Privacy Concerns (May 14, 2010)

A new social networking site aims to "add value to every swipe" of a customer's credit card purchase by publishing information about what consumers are buying and where. Swipely works on the premise that if users know people who bought certain items and can vouch for it, they are more likely to purchase those items themselves, Inventorspot reports. Swipely's advent follows that of Blippy, the site that publishes purchase information and that recently apologized to customers for inadvertently exposing some users' credit card information online. Meanwhile, Arkansas' attorney general is reminding citizens to protect their privacy in response to a Web site that aggregates personal information from public sources and publishes it online.
Full Story

GENETIC PRIVACY—U.S.

DNA Tests Set to Hit Drugstore Shelves (May 14, 2010)

A California-based genomics company has announced it will begin selling an over-the-counter DNA test it claims could offer clues as to whether individuals will become obese, have the risk of losing their eyesight or carry the genes for certain diseases that could be passed on to their children, The Washington Post reports. The kit is set to hit the shelves at 6,000 branches of one national drugstore chain today. However, the report states, the plan has bioethicists, federal regulators and others concerned that it could be a "Pandora's box of confusion, privacy violations, genetic discrimination and other issues." The Food and Drug Administration (FDA) has indicated it will investigate the test, which does not have FDA approval. (Registration may be required to access this story.)
Full Story

STUDENT PRIVACY—U.S.

Opinion: Time to Reform FERPA (May 14, 2010)

The U.S. Department of Education needs to ensure the integrity of the Family Educational Rights and Privacy Act (FERPA) and not allow educational institutions to abuse it by "denying information requests with no conceivable privacy interest." That is the message Frank D. LoMonte shares in a Chronicle of Higher Education report. LoMonte and others contend that some schools are overreaching when it comes to the application of FERPA. While some experts warn that FERPA does not do enough to protect student information, LoMonte insists that as the Department of Education considers rules to clarify the law, it can protect student records from inappropriate disclosure by "more coherently defining the scope of information it covers." (Registration may be required to access this article.)
Full Story

BEHAVIORAL TARGETING—U.S.

Leibowitz: Forward Progress is Key in Preventing Regulation (May 13, 2010)

At the Cable Show 2010 in Los Angeles yesterday, Federal Trade Commission Chairman Jon Leibowitz reiterated his stance that the commission is not interested in regulating the behavioral advertising space "so long as self-regulation is making forward progress," Multichannel News reports. He said self-regulatory guidelines proposed by marketers and the Better Business Bureau offer great hope, specifically citing a proposal that calls for online marketers to explain data collection practices in plain language. Disclosure forms, some of which are longer than the United States Constitution, are comprehended by few, Leibowitz said, adding "The consent half of 'notice and consent' rarely reflects a consumer's conscious informed choice."
Full Story

PRIVACY LAW—EU

Article 29 Working Party: Facebook Changes “Unacceptable” (May 13, 2010)

Following its 75th plenary session, held in Brussels this week, the Article 29 Working Party sent a letter to Facebook informing the social networking site that "it is unacceptable that the company fundamentally changed the default settings on its social networking platform to the detriment of a user," according to a press release issued Wednesday. The Working Party is calling for default settings that allow users to self-select the contacts that will be able to view their information as well as for maximum user control when it comes to third-party applications on social networks. Also at this week's session, the group met with representatives from the Organisation for Economic Cooperation and Development (OECD) to exchange views on international enforcement issues.
Full Story

PRIVACY LAW—UK

Coalition Gov’t Proposes “Radical Privacy Protections” (May 13, 2010)

The UK's first coalition government since the Second World War is combining election promises made by both the Conservatives and Liberal Democrats to protect citizens' rights, including a plan to "reverse and restrain many of the surveillance systems that have marked its citizens out as the most watched in the world," THINQ.co.uk reports. The coalition agreement proposes introducing "radical privacy protections" into law, the report states. Plans include scrapping the National Identity Register and ID card, as well as biometric passports, and expanding the Freedom of Information Act. Other coalition commitments include removing innocent people's records from the DNA database, regulating the use of CCTV and halting the prior government's plan to retain national records of e-mail and communications data.
Full Story

SOCIAL NETWORKING

All Hands on Deck, 4 p.m. Pacific Time (May 13, 2010)

Facebook will hold an all-hands meeting later today to discuss privacy, CNET News reports. The company has been under scrutiny since launching its instant personalization platform last month, facing calls from U.S. senators, European data protection authorities, advocacy groups and users. In a New York Times Q&A this week, the company's vice president for public policy answered readers' questions related to opt in versus opt out, account deletion and the company's long-term plans for monetization.
Full Story

HEALTHCARE PRIVACY—CANADA

Health Minister Backs Off Patient Record Sharing (May 13, 2010)

Saskatchewan Health Commissioner Don McMorris has temporarily halted a controversial new plan that allows hospitals to share patient information with fundraising organizations, reports CBC News. McMorris says he won't allow hospitals to release patient data until he can tell patients how they can opt out of the plan "We are going to take our time on this, because we know the sensitivity," he said, "and so what I would just do is ask the general public to be patient." McMorris's plan was criticized by the NDP and the provincial privacy commissioner. Both voiced concerns about patient privacy and pushed for an opt-in rather than opt-out system.
Full Story

ONLINE PRIVACY—AUSTRALIA

Privacy Groups Write to Google (May 13, 2010)

Two privacy groups will send a letter to Google today asking the company to explain why its Street View cars are collecting Wi-Fi information and how the data will be used, The Sydney Morning Herald reports. The Australia Privacy Foundation and Electronic Frontiers Australia also want to know what other information the Google cars might be collecting. The company has already responded to the concerns of 10 global data protection authorities on the matter after Germany's top privacy official learned last month that the cars were collecting more than just photographs.
Full Story

STUDENT PRIVACY—U.S.

Maryland Bars Release of Student Scores to Military (May 13, 2010)

Maryland's new law barring public high schools from automatically sending student scores from the Services Vocational Aptitude Battery exam to military recruiters goes into effect in July, The San Francisco Chronicle reports. Although the law is the first of its kind, it follows similar policies in place in Hawaii and at individual school districts. The Maryland Coalition to Protect Student Privacy, which worked toward the passage of the legislation, had argued the military has not been up front about the test's purposes, the report states. Under the new law, students, along with their parents if they are under the age of 18, will have to decide whether to provide the information to the military.
Full Story

FINANCIAL PRIVACY—GERMANY

DPA Fines Deutsche Postbank €120,000 (May 13, 2010)

The North Rhine-Westphalia data protection authority last week imposed a fine of €120,000 on Deutsche Postbank AG for illegal disclosure of customers' bank account transaction data, reports the Hunton & Williams Privacy and Information Security Law Blog. According to the report, the bank unlawfully allowed approximately 4,000 self-employed agents to access information on more than a million customer accounts for sales purposes.  
Full Story

PRIVACY LAW—U.S.

Online Publishers Raise Questions About Boucher Bill (May 13, 2010)

Online publishers have indicated that a privacy bill proposed by Rep. Rick Boucher (D-VA) is a balanced first step, The Washington Post reports, but they have questions as to how the draft bill could affect their future business models. "What our members provide is free to consumers, but the business model is advertising," said Online Publishers Association President Pam Horan, "so we need to get clarification on what is actually covered here." When it comes to consumers' use of mobile devices and advertisers' ability to use "precise geolocation information" for targeted ads, Horan suggests, "This can all be done in a way that is non-identifiable and is a huge opportunity for us." (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Is Tracking Users’ Favorite Kindle Passages Intrusive? (May 13, 2010)

Amazon can now track and display the book passages users most often highlight on their Kindles, raising concerns about the privacy implications of collecting and storing such information. The new feature, which is already being used by some Kindle owners, is expected to be rolled out in the weeks ahead as an automatically enabled update for Kindle's software, according to media reports, and opting out will result in the loss of the device's notes and highlights backup service. The Christian Science Monitor reports that Bnet, a business management Web site, has pointed to the possibility that publishing such information could erode consumer trust, while Amazon has stated that in sharing the highlights, it does not disclose customers' identities or information.
Full Story

HEALTHCARE PRIVACY—U.S.

OCR Boosts HIPAA Enforcement Initiatives (May 13, 2010)

The healthcare industry can soon expect a greater emphasis on enforcing HIPAA, Health Data Management reports. The Department of Health and Human Services Office for Civil Rights (OCR) has added investigators in 10 regional offices. "We're hoping that with additional feet on the ground, we'll be able to do many more security cases as the year moves forward," said Susan McAndrew, deputy director for privacy at the OCR. Speaking at the Safeguarding Health Information conference in Washington, DC this week, McAndrew said this year the healthcare industry will start to see the realization of HITECH's initiatives. "We're hoping to move security to the forefront and make it a real partner with privacy in enforcement."
Full Story

TRAVELERS’ PRIVACY—CANADA & U.S.

Secure Flight Raises Privacy Concerns (May 12, 2010)

Canadian Assistant Privacy Commissioner Chantal Bernier shared privacy concerns about the U.S. Secure Flight program, telling parliament that there is little Canada can do about it, The Vancouver Sun reports. When Secure Flight goes into effect in December, passengers who raise the suspicions of U.S. authorities can be prevented from boarding flights that cross U.S. airspace. The new policy will also allow the U.S. government to retain passengers' personal information--including passport and itinerary information--for lengths of time ranging from one week to 99 years, the report states. Bernier said the collection of personal information on Canadian travelers by U.S. authorities "is not without risk," but that, "We unfortunately do not have any jurisdiction to affect change in that regard."
Full Story

PRIVACY LAW—EU

Parliament Pushing for Data Rights Charter by 2012 (May 12, 2010)

The European Parliament is calling for a charter of citizen data rights to be implemented by 2012, advocating for Internet users to be able to have their information removed from online systems even if it was collected with their consent. OUT-LAW.com reports the European Parliament has adopted a new digital strategy called 2015.eu, which outlines its ambitions for Internet policy, and has passed a resolution for implementation by the European Commission. Parliament has issued a statement asserting that, "A clear legal framework laying down the rights and duties of citizens while protecting personal data is essential" while balancing information holders' rights with access to content "is also crucial."
Full Story

DATA PROTECTION—EU

Google Urged to Protect Privacy in Street View Rollouts (May 12, 2010)

Officials from 30 European countries yesterday supported a measure that would force Google to create a coordinated approach to privacy issues arising as Street View is rolled out in Europe, Bloomberg reports. Google's Street View mapping feature may break EU laws unless it improves the blurring technique it uses to disguise images, the report states. "There needs to be a right to object for people, even when the images have not yet been put online," said Gerard Lommel, a member of the Article 29 Working Party. Google recently stressed its commitment to user privacy in response to similar calls last month.
Full Story

SOCIAL NETWORKING

Facebook Responds to Readers’ Questions (May 12, 2010)

Last week The New York Times invited readers to submit questions for Facebook's vice president for public policy, Elliot Schrage. More than 300 readers responded to the call. In his response, Schrage expressed empathy and "professional frustration" that despite its efforts, the company has not successfully communicated with users. Schrage also moved to dispel what he described as an incorrect perception about the company's attitude towards users' privacy and discussed the company's long-term plans for monetization. In response to one reader's question about why everything is not simply set up for "opt in rather than opt out," Schrage responded, "Everything is opt-in on Facebook." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Court: Ohio Law Preempts HIPAA Provision (May 12, 2010)

A federal court in Ohio has denied a medical clinic's motion to dismiss invasion of privacy claims following the clinic's disclosure of a plaintiff's medical records to a grand jury, reports the Hunton & Williams Privacy and Information Security Law Blog. In Turk v. Oiler, the plaintiff sued the Cleveland Clinic for disclosing his medical records in response to a grand jury subpoena. The clinic argued that the subpoena allowed for disclosure of the records due to a HIPAA exemption. But the court determined that Ohio's state law on physician-patient privilege preempts the HIPAA exception in this case.
Full Story

DATA PROTECTION—CANADA

Commissioner: Smart Grid Data Must be Protected (May 12, 2010)

Energy Minister Brad Duguid says he is taking the advice of Ontario's information and privacy commissioner "very seriously" when it comes to protecting customer information on the smart grid, the Toronto Star reports. In her 2009 Annual Report, released yesterday, Commissioner Ann Cavoukian said that although Ontario is "leading the game," in incorporating privacy into the grid, vigilance must be maintained. Cavoukian said that "right now is the ideal time" to insure the protection of customers' household energy data. "This is a treasure trove of information. We want to make sure privacy is the default."
Full Story

EMPLOYEE PRIVACY—U.S.

Experts: Your Work E-mails Are Not Private (May 12, 2010)

In the wake of several high-profile cases of employees' inappropriate use of company pagers and e-mail systems, there is an increasing tension at the boundary between work and personal life, The Philadelphia Inquirer reports. The bottom line, the report states, is that employees should not expect the e-mail messages they send through their work accounts to be private. "We know for a fact that employers routinely read e-mail," notes Larry Ponemon, CIPP. Pointing out that most IT departments can access employee e-mail, employment law attorney Katharine Parker says it is "not reasonable to expect that communications on the employer's system are private; it's not the same as a conversation you have in your living room."
Full Story

SOCIAL NETWORKING

Service Provides Forum for Anonymous Insults (May 12, 2010)

A new social network with more than 28 million users worldwide has become "the online version of the bathroom wall in school," The New York Times reports. In the past two months, the report states, Formspring.me has become the site of choice for thousands of middle and high school students. The site allows users to answer questions without identifying themselves--prompting many to publicize cruel responses about their appearances, friends and dating habits. According to the report, a 17-year-old soccer player from New York who had received many nasty messages on the site committed suicide in March. "There's nothing positive on there, absolutely nothing," one school counselor said, "but the kids don't seem to be able to stop reading..." (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING

Nerds Unite on Privacy-Rich Social Network (May 12, 2010)

Four college students are creating a social network that differentiates on privacy, and the funds rolling in to back the project suggest a strong demand for such an offering, The New York Times reports. The creators of Diaspora* plan to freely distribute the software and will open the code so other programmers can build upon it, the report states. "In our real lives, we talk to each other," says co-creator Raphael Sofaer, describing why centralized social networks are unnecessary. "We don't need to hand our messages to a hub." The creators say the value of existing social networks "is negligible in the scale of what they are doing, and what we are giving up is all of our privacy."
Full Story

HEALTHCARE PRIVACY—U.S.

Opinion: Enforcement Key to Protecting Patient Data (May 12, 2010)

In an editorial, the St. Petersburg Times reports on recent data breaches involving the healthcare records of Tampa Bay area citizens, which, the editors say, suggest "the federal Health Insurance Portability and Accountability Act (HIPAA) is falling far short of its promise to protect and enforce patient privacy." One of the breaches involved patients' records being sent to a citizen's home fax machine. Another citizen received in the mail records from two insurance companies. In both cases, repeated calls to correct the breaches went unanswered until recently, prompting the editors to ask, "What good is a law when the government won't enforce it?"
Full Story

STUDENT PRIVACY—U.S.

Judge: FBI Can Review School’s Webcam Photos (May 11, 2010)

U.S. District Judge Jan E. DuBois has ruled that federal agents may examine Webcam photos and other information collected from student laptops by the Lower Merion School District, The Philadelphia Inquirer reports. The FBI wants to review the images to see whether any laws were broken when the school district employed its tracking system to capture about 50,000 images from laptops that had been returned to students, the report states. DuBois has said that "the government shall do all that is reasonable to protect the privacy interests of students and family members whose images and/or communications were captured in photographs and screen shots."
Full Story

PRIVACY—CANADA

ON Commissioner’s Annual Report Addresses Smart Grid, Other Concerns (May 11, 2010)

Embedding privacy into the Smart Grid will be essential as its implementation goes forward, according to Ontario Information and Privacy Commissioner Ann Cavoukian's 2009 Annual Report, released this morning. "The Smart Grid is presently in its infancy worldwide," Cavoukian said, adding, "I'm confident that many jurisdictions will look to our work being done in Ontario as the privacy standard to be met. We are creating the necessary framework with which to address this issue." Cavoukian also highlighted recommendations to amend the Personal Health Information Protection Act to better protect patient records discarded by health professionals, CNW reports. The report also includes key statistics from the past year.
Full Story

DATA PROTECTION—NEW ZEALAND

Law Commissioner: Law Needs to Keep up with Technology (May 11, 2010)

Law Commissioner John Burrows says his greatest nightmare is that five years from now technology will have progressed rapidly and the law will have done absolutely nothing to protect privacy, reports stuff.co.nz. Speaking last week at a Privacy Awareness Week event in Wellington, Burrows said, "The potential for identity theft and what hackers can do is the main worry." Google's head of privacy engineering spoke about smartphones' increased sophistication saying, "We need to have conversations about security and what checks and balances we need to have in these tools." The Law Commission is reviewing the Privacy Act, and new legislation could be drafted later this year, the report states.
Full Story

DATA RETENTION—BULGARIA

Data Retention Legislation Takes Effect (May 11, 2010)

An amendment to Bulgaria's new Electronic Communications Act will take effect Monday, novinite.com reports. The amendment will allow authorities to ask electronic communications providers for traffic data when serious or computer crimes are being investigated. It includes rules for deleting data. Earlier this year, the amendment drew protests, with critics asserting that "Bulgaria is not Big Brother..." The Commission for the Protection of Private Data will present Parliament and the European Commission with annual reports on cases where operators have provided the traffic data to the Interior Minister, the report states.
Full Story

HEALTHCARE PRIVACY

Experts: Prohibition and Consequences Needed for Snoopers (May 11, 2010)

The advent of electronic health records brings new privacy concerns for healthcare facilities, especially in terms of employee snooping, says a healthcare industry consultant. HealthLeaders Media reports that Kate Borten, president of The Marblehead Group, says healthcare organizations should not only block employees' access to PHI, but also they should "have strict policies and penalties in place for those who snoop at patient records." Another healthcare privacy expert says the recent prison sentence handed down to a former healthcare worker who viewed patient records inappropriately sends a strong message and suggests that organizations set their own examples by firing employees caught snooping.
Full Story

SOCIAL NETWORKING—U.S.

Facebook Taps Former FTC Chairman to Defend Privacy Practices (May 11, 2010)

Facebook is looking to former Federal Trade Commission (FTC) Chairman Tim Muris to assist in defending the company's privacy practices, the Financial Times reports. Muris, who holds an FTC lifetime achievement award, has testified against a proposal to give the FTC greater regulation authority. News of Muris's connection to Facebook comes at a time when the FTC has received complaints against the world's largest social networking site from privacy advocates--including one filed last week by the Electronic Privacy Information Center (EPIC)--and when governments around the world are grappling with questions centering on its regulation, the report states. (Registration may be required to access this story.)
Full Story

DATA PROTECTION—EU

Agency: Data Violations Go Unpunished (May 10, 2010)

The EU's Agency for Fundamental Rights (FRA) has found that data protection authorities (DPAs) suffer from insufficient funds, inadequate staffing levels and a lack of sanctions for violators, AFP reports. The FRA report notes that in several counties, including Austria, France, Germany, Latvia, the Netherlands, Poland and the UK, "prosecutions and sanctions for violations of data protection law are limited or non-existing" and that national DPAs often lack "full powers of investigation and intervention or the capacity to give legal advice or engage in legal proceedings." The FRA is urging for improvements--specifically with regard to such factors as keeping DPAs independent from government and clarifying data protection law when it overlaps with national security.
Full Story

PRIVACY LAW—U.S.

DOC Explores Privacy in Practice (May 10, 2010)

When it comes to regulation, Prof. Deirdre Mulligan of the University of California, Berkeley, suggests, "We have to take into account privacy in practice, not just on paper." That was one of the messages shared at the Privacy and Innovation Symposium, hosted by the Department of Commerce (DOC) on May 7. Mulligan offered an overview on privacy in practice during the panel discussion "Privacy on the Ground," featuring chief privacy officers, consumer advocates and U.S. Ambassador Phil Verveer, who urged the private sector and government to work together in responding to international privacy issues with a focus on outcomes rather than form.
Full Story

ONLINE PRIVACY

Google Responds to DPAs (May 10, 2010)

Google officials have responded to the 10 data protection authorities who last month expressed disappointment with the company's privacy practices and urged CEO Eric Schmidt to "incorporate fundamental privacy principles directly into the design of new online services" and to set an example "as a leader in the online world." In a letter to the DPAs on Friday, Google's top global privacy executives outlined the company's core privacy principles and stressed that "Respecting privacy is part of every Googler's job," and that the company is "committed to ensuring that privacy is designed into our products at every stage of the development cycle."
Full Story

PRIVACY—CANADA

Denham: Post Provides Unique Challenges (May 10, 2010)

Newly appointed BC Information and Privacy Commissioner Elizabeth Denham has cited the unique nature of the job in her decision to leave her post in the federal privacy commissioner's office. "The lobbyist registry is a unique challenge because there is no other information and privacy commissioner across the country that has the responsibility for the lobbyist registry," she said in a Times Colonist interview. "The freedom of information work is also very interesting to me." Denham, who is expected to start her six-year term in July, said such issues as balancing the province's privacy law with emerging technologies are similar to those facing other provincial and federal governments. "Data is borderless now," she said. "These are live issues everywhere."
Full Story

PRIVACY LAW—U.S.

Deadline for Comments: June 4 (May 10, 2010)

The congressmen who drafted an online privacy bill that was released last week are giving interested parties until June 4 to register comments, reports Tech Daily Dose. One of the bill's authors, Rep. Rick Boucher (D-VA), will begin meeting with stakeholders to inform revisions to the proposed bill, which has been praised by some and panned by others. As drafted, the bill's online behavioral advertising regulations would require third parties that collect information on Web sites and then use the information to target ads to consumers on other sites to obtain consumers' permission for the data collection, with some exceptions.
Full Story

ONLINE PRIVACY—U.S.

“Tell-All Generation” Learns What Not to Share (May 10, 2010)

The widely accepted idea that everyone under the age of 30 is comfortable revealing their personal information online may not reflect reality. A survey released last month by the University of California, Berkeley, found that more than half of those questioned have become more concerned about privacy, and a new study to be released this month by the Pew Internet Project has found that people in their 20s exert more control over their digital reputations than older adults. The New York Times reports that these and other recent surveys indicate pervasive mistrust of social networking sites. As one college student put it, "I don't think they would look out for me. I have to look out for me." (Registration may be required to access this story.)
Full Story

DATA THEFT

$4M Settlement in Heartland Breach (May 10, 2010)

A Texas federal court gave preliminary approval of a $4 million settlement in a consumer class action lawsuit against Heartland Payment Systems Inc., reports Computerworld. The settlement will add to the more than $100 million in costs that Heartland has already paid out for a January 2009 data breach that occurred when cyber-thieves attacked its data center. The proposed settlement would bring payments of up to $175 to individuals for out-of-pocket expenses, up to $10,000 for victims of breach-induced identity theft and $2.4 million to be set aside to fund future claims. Any unclaimed funds would be donated to a nonprofit consumer privacy organization, the report states. The final hearing is scheduled for December.
Full Story

SOCIAL NETWORKING

Facebook Defends Privacy Policies (May 10, 2010)

A Facebook executive is insisting that users are happy with recent changes to the site, despite criticism over recent privacy issues. In a question and answer session with Computerworld, Ethan Beard, director of the social networking site's developer network, said he has been somewhat surprised with how much criticism the site has received for sharing user information with third-party Web sites. When it comes to the site's privacy settings, he said, "I think that privacy is a complicated matter and each individual's view on privacy and how one thinks about it is quite nuanced...It requires us to create very sophisticated tools to deal with all these nuances and give people the control they want."
Full Story

ONLINE PRIVACY—U.S.

Library Clarifies Twitter Archive Plan (May 10, 2010)

Faced with privacy concerns, the Library of Congress is clarifying its plans to archive all public tweets posted since Twitter went live in March 2006, The Chronicle of Higher Education reports. Twitter announced last month that it would donate its archive of public messages to the library. Since the announcement, privacy concerns have emerged. In response, the database won't contain deleted tweets or private account information, the report states. "There's concern about privacy issues in the near term, and we're sensitive to these concerns," said a library spokeswoman. "We may have to filter certain things or wait longer to make them available."
Full Story

Privacy on the Ground: DOC Panel Explores U.S. and International Privacy in Practice (May 10, 2010)
The Privacy and Innovation Symposium, hosted by the Department of Commerce (DOC) on May 7, featured in-the-field information from privacy, consumer and Internet stakeholders as the DOC continues to gather public comment on the relationship between U.S. and international privacy regulations and the “information economy.”

SOCIAL NETWORKING—U.S.

Consumer Groups Lodge Complaint with FTC (May 7, 2010)

The Electronic Privacy Information Center (EPIC) and 14 other consumer protection groups have filed a formal complaint against Facebook with the Federal Trade Commission (FTC) alleging the social networking service's new policies "violate user expectations, diminish user privacy and contradict Facebook's own representations." NetworkWorld reports that Facebook's response to the complaint has been that the new features are "transparent, consistent with user expectations and in full compliance with legal requirements." According to the report, Facebook violated its own privacy policy by making user information publicly available with the changes it introduced in April--including making users' hometowns, education, employment, activities, likes and interests public. The complainants' requests include asking the FTC to require Facebook to restore its prior privacy settings.
Full Story

PRIVACY LAW—EU & U.S.

Biden: U.S. Will Work With EU on Data Privacy (May 7, 2010)

Vice President Joe Biden is urging the European Parliament to allow terror investigators from the U.S. to access citizens' data and is pledging to protect privacy, Reuters reports. "I am absolutely confident that we can succeed to both use the tool and guarantee privacy," Biden said in a speech given Thursday in Brussels. The European Parliament must approve any new agreement on sharing data, with talks due to start this month. The EU's executive commission has vowed to win improvements in privacy protection, the report states, but some MEPs want more safeguards--such as assurances from the U.S. that unused data will be stored for as little time as possible.
Full Story

HEALTHCARE PRIVACY—U.S.

Report: State Law Doesn’t Cover Disposal of Personal Records (May 7, 2010)

An ABC News investigation in Florida has revealed examples of private medical records that businesses have thrown away unshredded, including lab results, prescriptions, names and addresses. Though federal laws require doctors to safeguard patients' private medical records, there are no laws in Florida that hold businesses accountable for careless disposal of personal information, the report states. "At the state level in terms of the disposal of records, there really isn't any guidance there," said State Rep. Kevin Ambler. "Unfortunately, the HIPPA laws haven't got a lot of teeth in them in terms of enforcement mechanisms."
Full Story

SURVEILLANCE

“Smart Dust” Would Monitor Everything (May 7, 2010)

In the 1990s, a researcher at the University of California, Berkeley, coined the term "smart dust" to predict a future in which the world would be sprinkled with countless, tiny sensors capable of monitoring everything. The reality of that future may not be so distant, CNN.com reports, as Hewlett-Packard recently announced plans to deploy a trillion sensors all over the planet, constantly collecting data on energy usage, predicting earthquakes and monitoring ecosystems, among other uses. But Lee Tien, an attorney at the Electronic Frontier Foundation, calls the sensors, which experts say may eventually connect in a network similar to the World Wide Web, "a very, very, very huge potential privacy invasion..."
Full Story

IDENTITY THEFT—U.S.

Former Hospital Employee Convicted for Aggravated Identity Theft (May 7, 2010)

A former employee of an Alabama hospital has been sentenced to two years and one day in federal prison for wire fraud and stealing the identities of patients, according to a Department of Justice press release. Adrienne Denise Stovall, 30, pled guilty in January to one count of wire fraud and one count of aggravated identity theft, which carries a mandatory sentence of two years. Stovall worked at Montgomery's Baptist Hospital from August 2006 to early 2007. Her position gave her access to the hospital's computer system, containing confidential information including patient names, dates of birth and Social Security numbers. Stovall used the information to apply for credit and credit cards.
Full Story

ONLINE PRIVACY—U.S.

Secretary of Commerce: Collaboration Needed for Privacy Framework (May 7, 2010)

Commerce Secretary Gary Locke offered the opening remarks at today's Privacy and Innovation Symposium, telling privacy advocates and Internet entrepreneurs that collaboration is needed to develop "a privacy framework for the 21st century." The daylong forum includes multiple sessions aimed at gathering input and exploring issues toward the creation of a global privacy strategy, according to a Department of Commerce media release. "Simply stated, the Internet is becoming the central nervous system of our information economy and society," Locke said in his remarks, adding, "If we are going to harness the full power of the Internet, we need to establish norms and ground rules that promote innovative uses of information while still respecting consumers' legitimate privacy interests."
Full Story

PRIVACY

Denham Named BC Information and Privacy Commissioner (May 7, 2010)

Federal Assistant Privacy Commissioner Elizabeth Denham has been appointed to a six-year term as British Columbia's new information and privacy commissioner. Denham has spearheaded high-profile investigations into social networking and other online services to improve privacy safeguards during her term as assistant privacy commissioner, the Times Colonist reports. "We had a good number of applications for the position, we interviewed six candidates and the committee unanimously felt that Ms. Denham had all of the qualities and experience we were looking for," said Stephanie Cadieux, chair of the five-member committee that unanimously recommended Denham for the post. Denham's start date at the Office of the Information and Privacy Commissioner has not yet been announced.
Full Story

PRIVACY LAW—EU & U.S.

Parliament: Protect Data Collected by U.S. Authorities (May 6, 2010)

The European Parliament has approved two resolutions calling for limitations on the use of personal data collected by U.S. authorities. European Voice reports that two separate data transfer requests are at issue: the collection of passenger name records (PNR) on transatlantic flights and the collection of bank transfer information. MEPs decided to postpone approval on the transfer of PNR, the report states, and are seeking negotiations with the U.S. covering all data transfer deals. The MEPs have also called for better safeguards to protect European financial data transmitted to U.S. authorities. U.S. Vice President Joe Biden met with MEPs today on balancing anti-terrorism initiatives and human rights. "The longer we are without an agreement," he warned, "the bigger the threat of a terrorist attack that could have been prevented."
Full Story

SOCIAL NETWORKING

An “Inopportunely Timed” Glitch Gets Fixed (May 6, 2010)

The New York Times reports on a glitch that gave Facebook users access to friends' chats for a few hours yesterday. The glitch has been fixed, but users are frustrated, the report states. "While this breach appears to be relatively small, it's inopportunely timed," said Forrester Research analyst Augie Ray. "It threatens to undermine what Facebook hopes to achieve with its network over the next few years, because users have to ask whether it is a platform worthy of their trust." Recent changes to site's privacy settings have elicited criticism from advocates and users alike. But the company's vice president for public policy said the unease is a reflection of a greater shift in the online world. (Registration may be required to access this story.)
Full Story

SURVEILLANCE—NORWAY

Support for EU Data Retention Directive Could Mean “Surveillance Regime” (May 6, 2010)

An opinion poll has found that 51 percent of the public are in favour of implementing the EU's Data Retention Directive (DRD), but Norwegian privacy advocates remain concerned. The Foreigner reports that Gunnel Helmers of the Data Inspectorate believes that although "people are increasingly concerned about privacy, we see a tendency towards numerous believing it doesn't concern them. It's a rather abstract issue, and many think they've nothing to hide. But we all do." Regardless of majority support for the plan, Lars-Henrik Parup Michelson, head of an independent bipartisan campaign against the DRD, cautions, "We're talking about a directive that will introduce one of the most comprehensive surveillance regimes in Norway's history."
Full Story

HEALTHCARE PRIVACY—CANADA

Health Minister Apologizes (May 6, 2010)

Saskatchewan Health Minister Don McMorris says he consulted Privacy Commissioner Gary Dickson before amending data sharing rules for Saskatchewan hospitals, but it was years ago and under another government party, reports The Canadian Press. McMorris has come under fire for leading the house to believe that he spoke with Commissioner Dickson recently about legislative changes that now allow Saskatchewan hospitals to share patient names and addresses with fundraising foundations without patient consent. McMorris apologized for misleading the house and has acknowledged that the commissioner has never been in favor of the changes.
Full Story

PRIVACY LAW—U.S.

Privacy and Innovation Symposium Set for Friday (May 6, 2010)

The Department of Commerce's Privacy and Innovation Symposium will be held this Friday as the department gathers input from stakeholders on how privacy laws impact Internet innovation. U.S. Commerce Secretary Gary Locke is slated to open the event, focusing on the importance of balancing innovation with the need for an environment that is respectful of individual privacy expectations. The event will feature five panel discussions on topics including U.S. privacy framework and the flow of information to commerce, innovation and economic growth; consumer privacy and transparency, and how the U.S. legal system influences privacy protection in the private sector.
Full Story

HEALTHCARE PRIVACY—U.S.

Online List Shows Reported Data Breaches Have Affected 1.2 Million People (May 6, 2010)

Since the Department of Health and Human Services (HHS) began listing healthcare breaches online, 64 incidents affecting well over one million people have been reported. American Medical News reports that HHS updated the list of breaches in April. Hospitals and large medical centers are identified by name in the updated list, the report states, and private practices will soon be named as well. Of the breaches reported so far, theft was listed as the cause for the majority of the incidents, and seven involved laptops, 12 involved paper records, 11 involved desktop computers, eight involved either hard drives or network servers, seven involved portable electronic devices and the remainder were classified as "other" in the report.
Full Story

PRIVACY LAW—U.S.

Reactions to Boucher-Stearns Bill Uniformly Negative (May 5, 2010)

While consumer advocates and online behavioral advertisers typically agree on little when it comes to Internet users' privacy, their reactions to an online privacy bill released yesterday are in accord. Responses to the bill, which was released for review by Reps. Rick Boucher (D-VA) and Cliff Stearns (R-FL), have been swift and largely negative, with some praising the overall effort to draft legislation and lauding certain elements of the bill and others scorning those same elements and scoffing at lawmakers' attempts to "deliver privacy." Hunton and Williams' partner Lisa Sotto says the bill "represents a sea change" and, if passed, "would get us closer to the more stringent privacy regimes that we see in other countries." (Registration may be required to access this story.)
Full Story

TRAVELERS’ PRIVACY

Hotels Identify Guests Through Online Reviews (May 5, 2010)

An increasing number of hotels have been finding ways to figure out who you are if you're reviewing them anonymously online, The Washington Post reports. Travel experts point out that hotels are using such online data as locations, dates and usernames to narrow down identity. "Once they find a likely match," the report states, "the review is added to a hotel's guest preference records, next to information such as frequent-guest number, newspaper choice and preferred room type." One expert suggests that with the evolution of technology, "every hotel representative could have a toolbar on his or her computer that reveals everything about a guest at the click of a mouse." (Registration may be required to access this story.)
Full Story

BEHAVIORAL TARGETING—U.S.

Service Allows Consumers to Manage Online Ads (May 5, 2010)

A new service has now been unveiled with the aim of giving marketers the ability to let Web users decide what type of targeted advertising they receive. MediaPost News reports that UnsubCentral's new PreferenceCentral will allow companies to collect information directly from consumers about what kinds of targeted ads they wish to receive--if any at all. "This is a tool that will help brands comply with the online behavioral advertising principles," said PreferenceCentral Privacy Officer Steven Vine, explaining that the company has developed the tool in response to requests by clients that use UnsubCentral to ensure their e-mail lists comply with the federal CAN-SPAM law.
Full Story

TRAVELERS’ PRIVACY—U.S.

Clear Program To Reopen at Airports by Fall (May 5, 2010)

The Clear program, which allowed travelers quick passage through airport security checkpoints in exchange for biometric data and Social Security numbers, has a new owner and is expected to reopen by the fall, the Associated Press reports. When Clear's former owner declared bankruptcy last year, the program stopped abruptly, prompting questions from customers about what would happen to their personal data. That data, currently stored by a private security company, will now be transferred to new owner Alclear, pending permission from Clear's 160,000 former customers.
Full Story

HEALTHCARE PRIVACY—CANADA

Concerns Mount over Data Sharing Plan (May 5, 2010)

Provincial Privacy Commissioner Gary Dickson wants the government to rethink its recent decision to allow Saskatchewan hospitals to share the names and addresses of former patients with fundraising foundations without the patients' consent, reports CBC News. In a statement released Monday, Dickson reiterated his concern about the opt-out format and said that because his office has no jurisdiction over hospital foundations, people will have no recourse to complain, the report states. Dickson says that half of provinces with health legislation require express consent for such data sharing and encourages other regional legislators to require the same. The Leader-Post reports on allegations by the NDP that Health Minister Don McMorris misled the public by stating that he had consulted Commissioner Dickson before enacting the new law.
Full Story

DATA PROTECTION—NEW ZEALAND

Privacy Commissioner Concerned about PSD Risks (May 5, 2010)

New Zealand's privacy commissioner has expressed concern about the potential security risks portable storage devices (PSDs) pose in the workplace following a survey that found 120 PSDs were lost or stolen within the last year. Released today, the survey studied security controls for PSDs at 42 government agencies, finding that only half had policies for disposing of PSDs and 16 had policies on when stored data should be deleted, reports stuff.co.nz. Privacy Commissioner Marie Shroff said due to significant increases in PSDs' storage capacity, agencies are exposed to data breach risks, which "can seriously damage both the reputation of the agency concerned and the trust that the public has in that agency."
Full Story

SOCIAL NETWORKING—U.S.

Sharing Puts Users at Risk (May 5, 2010)

About 52 percent of social networking users post personal information that potentially exposes them to identity theft, the San Francisco Chronicle reports. That's according to a Consumer Reports magazine survey that found 38 percent of users posted the month, date and year of their birth, eight percent posted their home address and three percent posted details about when they were away from home. The report suggests "seven things to stop doing on Facebook," noting that nine percent of social networking users have experienced cyber-related abuse. In a Huffington Post article, Consumer Reports technology editor Jeff Fox says the study results confirm that Senator Charles Schumer's recent request for the Federal Trade Commission to create guidelines for social networks' use of private information is "well-founded."
Full Story

ONLINE PRIVACY—CANADA

Appellate Court Sets Standard for Disclosing Anonymous Posters (May 5, 2010)

The Ontario Superior Court of Justice has issued its decision on an appeal filed by the Canadian Civil Liberties Association and CIPPIC regarding whether Web site owners can be ordered to disclose the identities of anonymous users accused of defamation. Michael Geist reports that the court referenced factors raised by the Federal Court of Appeal in the case Sony BMG v. Doe, including that public interest must outweigh legitimate privacy interests when it comes to disclosure. The court determined the "principles are similarly applicable to defamation cases," the report states, and has established specific criteria for requests related to information on anonymous online posters.
Full Story

PRIVACY LAW—U.S.

Boucher-Stearns Bill To Be Released Today (May 4, 2010)

Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL) will today release the text of a long-anticipated online privacy bill, The Wall Street Journal reports. A year in the making, the bill regulates data collection and ad targeting practices and, according to reports, would apply to online and offline ad targeting activities. For the next two months, the lawmakers will accept comments and will revise the bill before formally introducing it. In previewing the bill at an event on Monday, Boucher noted, "Our purpose is not to interfere with legitimate behavioral advertising, but there is a great deal of concern from Internet users on how their information is being used." Meanwhile, a coalition of public interest groups sent Congress a letter yesterday urging it to enact sweeping online privacy protection. (Editor's note: The bill will be discussed in detail during an IAPP Web conference May 20.)
Full Story

SOCIAL NETWORKING—U.S.

Washington’s Facebook Concerns May Spur Regulations (May 4, 2010)

Criticism from Sen. Charles Shumer (D-NY) and his counterparts in the House and Senate over the world's largest social networking service's move to automatically share user data with third-party sites could mark the next step toward online advertising regulation. That is the focus of an Advertising Age report looking at moves by Facebook and other companies that are raising privacy concerns at the federal level. "Privacy has not been a national political issue in the rank of the economy, war on terror or financial fallout; putting this on (Schumer's) agenda shows this has moved from insiders to a big of enough issue it gets on the national agenda," said Future of Privacy Forum Director Jules Polonetsky, CIPP. (Registration may be required to access this story.)
Full Story

STUDENT PRIVACY—U.S.

School District Blasted for Web cam Use (May 4, 2010)

A team of lawyers and computer experts have reached the conclusion that a Pennsylvania school district's decision to activate Web cams on student computers was an "overzealous" use of technology "without any apparent regard for privacy considerations," The Philadelphia Inquirer reports. The conclusions followed a 10-week investigation into the Lower Merion School District's use of software to capture nearly 58,000 images, mostly from lost or stolen laptops, in the past two years. However, the reports states, "because employees frequently failed to turn off the tracking system, more than 50,000 of those images were taken after the computers had been recovered and given back to students." Superintendent Christopher McGinley said the district would learn from its mistakes and "must restore confidence...starting immediately."
Full Story

HEALTHCARE PRIVACY—NEW ZEALAND

High Court Clears Doctor of Wrongdoing (May 4, 2010)

The High Court at Wellington has cleared an Invercargill doctor of wrongdoing in a case involving a patient's medical information, The New Zealand Herald reports. The federal privacy commissioner had determined previously that Dr. Robert Henderson was wrong to have informed a nursing home's charge nurse that one of its employees had asked for opiates at his office. After an investigation, Privacy Commissioner Marie Shroff said that the doctor should have notified the nursing home's manager only, the report states. The court disagreed. "I am a great supporter of privacy but when it comes down to the safety of people's lives you've got to have safe procedure," the doctor said.
Full Story

SOCIAL NETWORKING

MySpace Creates New CPO Post (May 4, 2010)

Social networking service MySpace has promoted its vice president of business and legal affairs to its newly created chief privacy officer position, VentureBeat reports. Jennifer Mardosz will now be responsible for managing the risks and business impacts of privacy laws and policies for MySpace, the report states. And just as MySpace was announcing the creation of its new CPO post, rival social networking site Facebook's former CPO was criticizing the company's new "instant personalization" program. Chris Kelly, who is now running for California Attorney General, wrote, "I strongly encourage Facebook to structure all its programs to allow Facebook users to give permission before their information is shared with third parties."
Full Story

DATA PROTECTION—HONG KONG

Commissioner Warns Elderly Are Vulnerable (May 4, 2010)

Privacy Commissioner for Personal Data Roderick Woo Bun is warning that elderly citizens are more vulnerable to data fraud because they are less aware of the need to protect their data, The Standard reports. Woo made the comments in response to a recent Internet scam that has duped elderly people into divulging their personal information and on the heels of a University of Hong Kong survey of 400 people age 65 and older that revealed the ease with which many would relinquish their identify card number. Woo launched a campaign today to help the elderly protect their data from thieves and fraudsters.
Full Story

PRIVACY LAW—MEXICO

Violators of Mexico’s Data Protection Act Could Face Prison Time (May 4, 2010)

Those convicted of selling confidential personal data collected by the government will face up to five years in prison under Mexico's new Federal Data Protection Act, the Latin American Herald Tribune reports. The new law also mandates fines as high as $2.9 million for the improper use of sensitive data, the report states. Mexico's Federal Institute for Access to Public Information (IFAI) has announced that the new law will give citizens assurance their information will be used only for legitimate purposes and provides them with the right to view their government files and have erroneous items removed. The legislation is also consistent with international standards, according to an IFAI statement.
Full Story

HEALTHCARE PRIVACY—U.S.

HHS Seeking Comments on Process (May 4, 2010)

The Department of Health and Human Services wants stakeholders to comment on the process of accounting for disclosure of patients' protected health information contained within electronic health records, reports Government Health IT. The HITECH Act requires that providers, plans and business partners account for such disclosures, even when the data is for treatment and billing purposes, the reports states. The HHS Office of Civil Rights published the request for comments in the Federal Register yesterday.
Full Story

Online privacy bill to be released today (May 4, 2010)
Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL) will today release the text of a long anticipated online privacy bill, The Wall Street Journal reports. For the next two months, the lawmakers will accept comments and will revise the bill before formally introducing it.

BEHAVIORAL TARGETING—U.S.

Advances “Far Outpacing Data Protection” (May 3, 2010)

In the post-privacy society, technological advances "are far outpacing personal data protection," according to a New York Times report about online behavioral advertising. Increasing amounts of consumer data are being collected on behalf of advertisers, yet currently no general federal statute requires behavioral data marketers to show us the files they hold on us, says Jessica Rich, a Federal Trade Commission deputy director. "We need new strategies for transparent consumer surveillance," the report states. But, asks Rich, "How does notice and choice work when you don't even interface with the company that has your data?" The FTC will release comprehensive new privacy guidelines later this year. (Registration may be required to access this story.)
Full Story

BEHAVIORAL TARGETING

Survey: Marketers Curtail BT Methods Due to Privacy Concerns (May 3, 2010)

A survey of marketers has revealed that privacy fears are slowing adoption of behavioral targeting methods, The New York Times reports. The Ponemon Institute surveyed 90 marketers for the independent study. Nearly all of the respondents indicated that privacy concerns had them restricting their use of the method, despite the fact that 70 percent feel the method is more effective and despite estimates on how much more lucrative it is than traditional advertising. "Privacy fears are definitely having an economic impact," said the institute's founder, Larry Ponemon, CIPP. While the advertising industry has increased its efforts to ease privacy fears, economists say "information asymmetry" is at least partially to blame for their persistence. (Registration may be required to access this story.)
Full Story

DATA LOSS—SOUTH AFRICA

Patient Records Exposed on the Internet (May 3, 2010)

Health authorities are looking into a data breach that exposed thousands of confidential patient records on a government Internet server, the Daily Dispatch reports. The information included patient names, telephone numbers and home addresses. Though the files were blocked after the breach was reported to Karl Bremmer Hospital officials, the information remained available through Google cache files, the report states. Health department officials have asked the search engine to remove the files. "We are taking this very seriously and are investigating the matter," said a health department spokesperson.
Full Story

SOCIAL NETWORKING—NEW ZEALAND

Commissioner’s Survey Says…Be Aware (May 3, 2010)

According to a Privacy Commission survey, almost half of New Zealanders now have an online profile, up 32 percent from last June, reports the New Zealand Herald. The increase sparks concern about users' privacy. The study found that 57 percent of respondents consider social networks to be mostly private spaces, the report states. Privacy Commissioner Marie Shroff told the Herald that a high percentage of the users are children who "can and do give away a lot of information about themselves, without necessarily being aware of the consequences." She warned, "[Children] can risk themselves and their families by revealing personal and intimate information, which enables harms such as identity crime, stalking, text bullying and invasion of privacy in various ways."
Full Story

PRIVACY LAW—U.S.

Privacy at Heart of Tax Suit (May 3, 2010)

The New York Times reports on Amazon's efforts to block one state's demands for customer data. The company filed suit against the North Carolina Department of Revenue recently, claiming that providing state officials with North Carolinians' purchase information, as the state has requested, would violate customers' privacy and First Amendment rights. "The lawsuit can seem like the front line of the battle for privacy in the Internet age," the report states, pitting private industry against an "overreaching government." With companies storing more and more consumer data--a "honey pot for the government"--one expert warns that "the bleed from privately held data to state surveillance can happen very quickly." Another says a strengthened law is needed to ensure that information collected for one purpose isn't used for another. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—CANADA

Asst. Commissioner: OPC Needs Stronger Powers (May 3, 2010)

Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) needs to be strengthened to better handle threats from certain online services, and the Office of the Privacy Commissioner of Canada may need stronger powers to deal with the challenges they pose. That was the message from Assistant Privacy Commissioner Elizabeth Denham at a recent consultation in Toronto, itbusiness.ca reports. Denham, who is responsible for PIPEDA, said that given the challenges posed by new technology, "we very well may need stronger powers...We have a study underway at our office with two academics looking at whether stronger enforcement powers are warranted." Two more events to gather input on updating PIPEDA are scheduled in Montreal on May 19 and Calgary on June 21.
Full Story

ONLINE PRIVACY—U.S.

Choose Privacy: Teaching Children about Online Privacy (May 3, 2010)

Today marks the beginning of Choose Privacy Week, an initiative by the American Library Association (ALA) to raise awareness about sharing information online, reports the School Library Journal. Angela Maycock, assistant director for the ALA's Office for Intellectual Freedom, says, "school librarians play a really important and critical part in this effort as they're a starting gate in learning how to access information, and do it responsibly and safely." The ALA launched a Web site that offers tips for educators and parents on age-appropriate ways to address privacy concerns with children. "People are saying they're very concerned about their privacy online. But they lack good information on how to deal with it," says Maycock.
Full Story

HEALTHCARE PRIVACY—U.S.

Privacy Advocates Warn About Access Concerns as Doctors Call for Expanded Prescription Databases (May 3, 2010)

With 34 state online prescription databases currently in effect across the U.S., some doctors and medical professionals want to see that access expanded across state lines to better curb the problem of prescription drug abuse. The Associated Press reports that the National All Schedules Prescription Electronic Reporting Act of 2005, which has appropriated more than $50 million to states to provide access to patient records, also aims to have a coordinated national system. Privacy groups are concerned about the potential for unnecessary access to personal information, the report states. "There is a significant intrusion into the lives of individuals who are taking these medications legitimately," said Pam Dixon of World Privacy Forum. "There needs to be more restrictions about who can access this information."
Full Story

IDENTITY THEFT—AUSTRALIA

Commissioners Release ID Theft Tool (May 3, 2010)

Australian Privacy Commissioner Karen Curtis is kicking off Privacy Awareness Week by calling on Australians to take practical steps to protect their privacy. Partnering with the Asia Pacific Privacy Authorities, the commissioner's office has released an online tool allowing individuals to assess their risk of identity theft. "Identity theft is an area of increasing concern and this easy-to-use tool will help people understand how at risk they may be," the commissioner said. Themed "Privacy, it's in your hands," the week aims to raise awareness about privacy rights and educate people on how to protect their personal information.
Full Story