Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

ONLINE PRIVACY—AUSTRALIA

Tax Office To Examine Online Sellers (July 30, 2010)

Australia's federal privacy commissioner has granted the Australian Tax Office (ATO) permission to examine the data of those who sell items on certain online auction sites, ninemsn.com reports. The ATO wants to crack down on sellers who fail to declare the income on their tax returns and will look at those who have sold more than $20,000 in goods and services over the last three years. The ATO is urging sellers to come forward before being found out. The inquiry is part of a larger crackdown on online businesses, according to the report.
Full Story

PRIVACY LAW—U.S.

Judges Consider Consolidation Location (July 30, 2010)

A panel of federal judges is considering where to consolidate several lawsuits against Google, Inc., the Associated Press reports. Nine lawsuits allege the company violated wiretapping laws when its Street View vehicles collected individuals' e-mail and Web surfing data through unsecured WiFi networks. The plaintiffs come from various locations across the country, and locales such as Washington, DC and Massachusetts have been suggested. At a meeting of the U.S. Judicial Panel on Multidistrict Litigation in Boise, ID this week, a Google attorney asked the judges to consider consolidating the cases in the Northern District of California.
Full Story

ONLINE PRIVACY

Wistful for Naiveté? (July 30, 2010)

On National Public Radio's "All Things Considered," reporter Aaron Couch thinks aloud about the privacy news and events of the past week, asking "what apps can I download and what social networks can I use without giving up too much?" Noting the ability for mobile phone apps and speech recognition apps, among others, to amass users' personal information, Couch wonders "where all this is headed." It's not hard to imagine living in a utopia "in which corporations know so much about us, and advertising is so personalized, that they can give us exactly what we think we want and need," he says.
Full Story

DATA LOSS

Former Tax Collector Breached Files of High Earners (July 30, 2010)

A former British Columbia tax collector improperly accessed the files of taxpayers over a four year period, The Vancouver Sun reports. A Canada Revenue Agency (CRA) report obtained by the newspaper reveals that, between 2005 and 2008, the employee engaged in "deliberate and systematic" mining of high-income individuals' tax information in violation of the CRA's employee code of conduct, which states that employees may only access files pertinent to their work. It is one of the largest privacy breaches in the agency's history, according to the VS. The CRA says it will not notify the taxpayers whose data was viewed, as the agency's risk assessment determined that "there was no risk of injury."    
Full Story

ONLINE PRIVACY

Google Looking into Android App Data Collection (July 30, 2010)

Google has suspended the sale of certain wallpaper applications after it was revealed at a hacker conference this week that they collect mobile phone users' personal data. The Wall Street Journal reports that the more than 80 apps sold through Google's Android store collected phone numbers and subscriber identifiers and transmitted the information to an unencrypted server. The security firm Lookout revealed the activity. Lookout CEO John Hering said the application developer notified users that the app would have access to "phone state and identity," but "I don't think most consumers would realize their personal data was being uploaded to a server," he said. (Registration may be required to access this story.)  
Full Story

ONLINE PRIVACY

Tech Firms Lobby EU on Privacy Rules (July 29, 2010)

As tech firms ready to sell remote computing services in the European marketplace, they are pushing for streamlined privacy standards in order to make cloud computing more viable in the 27-nation bloc. The Wall Street Journal reports on the efforts of U.S. tech giants, which say that Europe's patchwork and sometimes contradictory regulations on cloud computing represent "real hurdles or speed bumps to sales." But with Europe's Digital Agenda still months away from being finalized, some believe "It's way too early to say whether the EU directive will create a pan-European authority" to oversee cloud computing and privacy issues, according to an EU spokesperson. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Virtual Insecurity (July 29, 2010)

Companies are now able to create detailed "digital dossiers" from the Web browsing, networking and searching many of us engage in each day, raising questions about personal privacy, Financial Times reports. Self-regulation has been the norm in the U.S., but as Jessica Rich of the FTC points out, "If the goal is providing consumers with information about how their information is being used and giving them some control, that is not being achieved." U.S. legislators are discussing new laws to address online privacy issues. European regulators, meanwhile, are focused on such provisions as user consent and the "right to be forgotten," the report states. "Internet users must have effective control of what they put online and be able to correct, withdraw or delete it at will," said EU Justice Commissioner Viviane Reding.
Full Story

ONLINE PRIVACY

100M Social Network Users’ Details Published (July 29, 2010)

Personal information from 100 million Facebook users has been published online by a security consultant who was able to collect data through the site's public directory, BBC News reports. Ron Bowes said he published the list, which contains the URL of every searchable Facebook user profile along with such information as names and unique IDs, to highlight privacy issues, the report states. On the same day that reports of the list surfaced in the international media, Facebook CEO Mark Zuckerberg was meeting privately with U.S. legislators to discuss issues including online privacy. In response to the incident, Facebook has noted that data included in the creation of the list was already public. Simon Davies of Privacy International, however, contends it illustrates confusion over the site's privacy settings.
Full Story

PRIVACY LAW—HONG KONG

Octopus Debacle Has Commissioner Thinking About Law (July 29, 2010)

Hong Kong Privacy Commissioner for Personal Data Roderick Woo Bun has proposed introducing a law to make it a criminal offense for companies to sell customers' personal data, Bloomberg reports. The statement comes after Octopus Holdings' admission on Monday that it has received HK$44 million since January 2006 through the sale of customers' personal information. Woo is conducting an investigation into the matter and is expected to release a preliminary report before his term as commissioner ends on July 31. Octopus, meanwhile, has announced it will no longer engage in such activities.
Full Story

PRIVACY LAW—U.S.

Suit Targets Zombie Cookie Maker, Users (July 29, 2010)

A lawsuit filed in U.S. District Court in Central California on Friday calls out many top Web sites for their use of so-called zombie cookies, Wired reports. Quantcast, creator of the zombies, is also named in the suit, which alleges that companies using the technology violated eavesdropping and hacking laws in addition to state and federal fair trade laws. The suit seeks class-action status.
Full Story

ONLINE PRIVACY—U.S.

The Reputational Dangers of Data Collection (July 29, 2010)

"Joseph Turow, a professor of communications at the University of Pennsylvania and an expert in online privacy, thinks Internet users are woefully unaware of what information is being collected about them and how marketers are using that data," Cecilia Kang writes in the introduction to her Q&A with Turow for The Washington Post. In response to questions about tracking consumers online, Turow says that while he doesn't have an "intrinsic problem" with ad targeting, he is concerned "that this is going on behind the scenes and people don't have a clue as to the consequences. Marketing-driven reputations are being created...It has implications of people being treated differently status-wise." (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Study: Thieves Shifting Gears (July 29, 2010)

A report conducted by Verizon Business and the U.S. Secret Service shows that, increasingly, criminals are partnering with
insiders to steal company data. The 2010 Data Breach Investigations Report looked at 900 data breaches that compromised 900 million records, finding that 49 percent could be linked to an insider--more than double last year's number, reports SC Magazine. "Organized crime, in general, is looking for a better way in," said Bryan Sartin, director of investigative response at Verizon Business. The study also found that no breaches occurred as a result of system vulnerability, causing the authors to recommend changes in the way many organizations approach security programs.
Full Story

ONLINE PRIVACY—U.S.

FTC Exploring Simplified Notice, Do-Not-Track (July 28, 2010)

At the Senate Commerce Committee's hearing Tuesday on online privacy, FTC Chairman Jon Leibowitz testified that the commission is exploring the feasibility of an online "do not track" list and may recommend that firms detail the most "material terms" of their privacy policies in a small box so that controversial practices are not buried in fine print, Tech Daily Dose reports. Leibowitz also noted that when it comes to online behavioral targeting, "I think opt-in generally protects consumers' privacy better than opt-out...I don't think it undermines a company's ability to get the information it needs to advertise back to consumers." The FTC is expected to release a report this fall with its recommendations for improving online privacy.
Full Story

PRIVACY LAW—U.S.

Senator To Introduce Privacy Bill (July 28, 2010)

Sen. John Kerry (D-MA) plans to introduce an online privacy bill and is hoping to see legislation enacted next year, The Washington Post reports. "Our ability to control what information is collected, used and disclosed about us is central to how we want the world to view us," Kerry said in a statement issued prior to Tuesday's Senate Commerce Committee hearing on online privacy. Kerry's announcement follows similar discussions before the House Commerce, Trade and Consumer Protection Subcommittee. FTC Chairman Jon Leibowitz said that if the private sector does not "do a better job of ensuring consumers have clear choices going forward," it is likely the next congress will move forward with legislation. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Rite Aid Agrees to FTC Settlement (July 28, 2010)

The nation's third-largest drug store chain has agreed to settle Federal Trade Commission (FTC) charges that it failed to protect customers' and employees' sensitive financial and medical information, The Wall Street Journal reports. Rite Aid Corporation will establish a comprehensive information security program and will undergo an independent audit of its security program every two years for the next 20 years, according to an FTC press release. The company will also pay $1 million to resolve Department of Health and Human Services claims that it failed to protect customers' sensitive health information. "Companies that say they will protect personal information shouldn't be tossing patient prescriptions and employment applications in an open dumpster," said FTC Chairman Jon Leibowitz. (Registration may be required to access this story.)
Full Story

PRIVACY—HONG KONG

Group Criticizes Commissioner Appointment (July 28, 2010)

Critics of the newly named privacy commissioner are pressing the government to revoke his appointment, The Standard reports. Allan Chiang Yam-wang is set to take over as privacy commissioner next week, but former employees of Chiang cite data protection gaffes during his time as postmaster general as reasons for revoking the appointment. "People can see the important role the privacy commissioner played in the recent Octopus cards data saga and past incidents of confidential information leaks by the police and Hospital Authority," said lawyer Lee Cheuk-yan. "How can Chiang, with such a controversial background, gain the trust of the public?"   
Full Story

ONLINE PRIVACY—CANADA

BCLC Won’t Relaunch Until Review Complete (July 28, 2010)

The BC Lottery Corporation (BCLC) will not reactivate its online gambling site until an independent security review is complete, according to an update released yesterday by BC Information and Privacy Commissioner Elizabeth Denham. Denham launched an investigation into a breach of the PlayNow.com Web site last week after BCLC divulged that it had experienced a "data crossover" that exposed the personal information of 12 users to others, The Province reports. The corporation deactivated the site after learning of the problem. A third-party security review is underway.
Full Story

ONLINE PRIVACY—UK

ICO Checked WiFi Data (July 28, 2010)

Representatives from the Information Commissioner's Office (ICO) visited Google's offices earlier this month to view samples of the WiFi data the company collected via its Street View cars, V3.co.uk reports. "While Google considered it unlikely it had collected anything other than fragments of content, we wanted to make our own judgment," an ICO spokesperson said, adding that the samples viewed offered "no evidence" that the data captured has caused or could cause harm. "Nevertheless, it was wrong to collect the information," the spokesperson said. The ICO will forward its findings to those who have filed complaints about the information collection.
Full Story

ONLINE PRIVACY—U.S.

Experts Detail Web Privacy Concerns (July 28, 2010)

In the second part of a two-part series on questions to the experts about online privacy, The New York Times shares reader questions and responses from Michael Fertik of ReputationDefender and Paul Ohm of the University of Colorado. Responding to a variety of questions, Ohm and Fertik highlighted such issues as privacy law, barriers to anonymity and the ways online sharing can be expected to change in the years ahead. When it comes to remaining anonymous, Ohm points out that IP addresses can often be tracked, even if an online posting does not include the author's name. Current U.S. law, Fertik suggests, allows "nearly any use of data once they have been collected," referencing Internet sites that compile data that could threaten individual privacy and security. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—UK

T-Mobile Employee Pleads Guilty (July 27, 2010)

A former T-Mobile employee pleaded guilty last week in a Chester Crown Court to 18 charges of violating the Data Protection Act, reports The Register. The case stems from the illegal sale of millions of T-Mobile customer records that were used by marketers to poach subscribers nearing the end of their contracts, says the report. According to the report, the staffer has yet to be sentenced, and another employee will enter a plea on November 23 in relation to his role in the theft. The Information Commissioner's Office responded to the plea, saying, "We are pleased with this outcome."
Full Story

PRIVACY LAW—U.S.

Industry Voices Concerns About Best Practices Act (July 27, 2010)

Internet industry representatives say a new privacy bill could have serious unintended consequences, including economically, unless it is rewritten, CNET News reports. The "Best Practices Act," introduced by House Commerce, Trade and Consumer Protection Subcommittee Chairman Bobby Rush (D-IL) would require online companies to get users' permission before collecting sensitive information and would include fines of up to $5 million for non-compliance. Mike Zaneis, vice president of public policy at the Interactive Advertising Bureau, told Rush's committee last week that such legislation "would turn the Internet from a fast-moving information highway to a slow-moving toll road" and that "would hinder, not facilitate e-commerce." An attorney for the U.S. Chamber of Commerce also voiced "strong concerns" with the bill.
Full Story

ONLINE PRIVACY—U.S.

Experts Answer Reader Questions About Privacy (July 27, 2010)

The New York Times is featuring a two-part series with expert answers to readers' questions about online privacy as a follow up to last week's report, "The Web Means the End of Forgetting." In the first part of the series, Michael Fertik, founder of ReputationDefender, and Paul Ohm, a law professor at the University of Colorado, field an array of questions on topics ranging from maintaining online anonymity to removing personal information from search engines to what happens to all that information on social networking sites when users log off for good. Fertik recommends such controls as setting up Internet alerts to monitor what information is out there, and Ohm notes that when it comes to making Internet comments untraceable, "there are no guarantees." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Court: Social Security Numbers Can Be Posted Online (July 27, 2010)

The Fourth U.S. Circuit Court of Appeals has ruled that a Virginia privacy advocate can post public records containing Social Security numbers on her Web site, the Times-Dispatch reports. Last year, U.S. District Judge Robert E. Payne stopped Virginia from enforcing a 2008 law that would have barred Betty "BJ" Ostergren from publishing the Social Security numbers of public officials that can be accessed on government Web sites. In its ruling Monday, "the three-judge panel upheld Payne and went further," the report states, as the Social Security numbers in public records had not been redacted before they were posted online, holding that Ostergren "could publish the Social Security numbers of private individuals if those numbers also are made available on the Internet by the government."
Full Story

STUDENT PRIVACY—U.S.

Inspector General: School Collection of SSN Unsafe (July 27, 2010)

The Social Security Administration's Office of the Inspector General has concluded that schools put children at risk of identity theft when collecting Social Security numbers (SSNs) in instances not required by law, The Washington Times reports. Seven states require schools to collect SSNs as identifiers, and school systems in 26 states use such identifiers for class registration from kindergarten through high school, though not required to by law. "We believe such practices increase the risk of SSN misuse and unnecessarily subject students to the possibility of identity theft," said the inspector general's report, which also noted a 2009 Fordham Law School study that found SSN databases often lack appropriate privacy protections.
Full Story

DATA PROTECTION

Report: Cyber Attacks Cost up to $53 Million Per Year (July 27, 2010)

A Ponemon Institute report has found that organizations are the victims of cyber attacks at least once per week, costing from $1 million to $53 million per year. "The First Annual Cost of Cyber Crime Study" found that Web-borne attacks, malicious code and malicious insiders are the most costly cyber attacks and that information theft remains the highest consequence, Dark Reading reports. Of the 45 U.S. organizations surveyed, the majority were "random and haphazard in their approach" to the problem, said Ponemon Institute CEO Larry Ponemon, CIPP. Meanwhile, a Digital Forensics Association report found that nearly half of all reported breaches in the last five years were due to mainly laptop thefts and that Social Security numbers are the most commonly compromised form of data.
Full Story

German Regulator Calls for Termination of U.S. Safe Harbor (July 26, 2010)
Ten years ago today, the European Commission agreed to recognize the U.S. Department of Commerce (DOC) “safe harbor” principles, and that anniversary has prompted Schleswig-Holstein Data Protection and Privacy Commissioner Thilo Weichert to call for an end to the agreement.

PRIVACY LAW

German Regulator: Terminate U.S. Safe Harbor (July 26, 2010)

On the 10th anniversary of the European Commission's agreement to recognize the U.S. Department of Commerce (DOC) "safe harbor" principles, Schleswig-Holstein Data Protection and Privacy Commissioner Thilo Weichert is calling for an end to the agreement. According to a release issued by Germany's Independent Centre for Privacy Protection (ULD), an Australian study due to be released next month has revealed widespread compliance issues among the 2,170 U.S. companies that "claim to be safe harbor privileged," including lack of information on how to enforce individual rights, high-priced dispute resolution options and a minimal number of U.S. Federal Trade Commission prosecutions for false claims of certification  "From a privacy perspective, there is only one conclusion to be drawn from the lessons learned--to terminate safe harbor immediately," Weichert said.
Full Story

PRIVACY LAW—U.S.

Senate Committee Online Privacy Hearing Tuesday (July 26, 2010)

Proposed privacy legislation has been gaining attention in the U.S. House of Representatives, and now the Senate Commerce Committee will hold a hearing Tuesday on online privacy, The Washington Post reports. "We believe the odds are against congress passing an online privacy bill in 2010. There is too little time left to move a bill that is fairly controversial," said analyst Paul Gallant, adding, "However, we continue to believe that there is a political consensus forming around the need for greater regulation of online advertising to better protect consumer privacy." Witnesses at the hearing will include representatives from the Federal Trade Commission, Federal Communications Commission, Cato Institute, Apple, Google, AT&T and Facebook, as well as a University of Pennsylvania professor.
Full Story

RFID—HONG KONG

Octopus Admits Receiving $44M for Data (July 26, 2010)

Octopus Holdings says it has been paid HK$44 million since January 2006 for providing personal information on its clients, the San Francisco Chronicle reports. Privacy Commissioner for Personal Data Roderick Woo Bun today launched an investigation of the electronic payment services company, which says it provided nearly two million customers' personal data to six companies, though it will cease the practice moving forward. The company's largest shareholder, MTR Corp., said the company needs to "fully cooperate with the relevant bodies, taking solid steps to eliminate the concern in the minds of the people." Octopus has said it will conduct a three-month comprehensive review of its handling of personal data, which Woo says should be transparent.
Full Story

SURVEILLANCE—CANADA

Commissioner Work: Crime Down, Cameras Down (July 26, 2010)

Based on a Statistics Canada report showing that Calgary's crime rate is below the national average and down seven percent from 2008, Alberta Privacy Commissioner Frank Work wants some of the city's surveillance cameras removed, reports the Calgary Herald. "The barbarians aren't loose in the streets--maybe we can afford to be a bit more skeptical," Work said. The city installed 16 cameras in high-crime areas last March and will hear a progress report this coming February. Work says the cameras don't effectively fight crime, but police say that the cameras are an important tool and have used camera footage for investigations more than 70 times since their installation.
Full Story

CONSUMER PRIVACY—UK

New Industry Code Requires Parental Consent (July 26, 2010)

Companies directly marketing to customers must not use the Internet to gather data about children. That's according to a new code of practice published by the Direct Marketing Association (DMA), which says companies must seek parental consent for children under 12 years old, The Register reports. The code must be adhered to by members of the DMA. "Even if your site is not primarily aimed at young people, if there is a possibility that it would be attractive to them...you have a responsibility," a DMA spokeswoman said. The revision brings the code into compliance with the Committee of Advertising Practice, which sets the rules governing advertising in the UK, the report states.
Full Story

PRIVACY LAW—AUSTRALIA

New Commissioner Looking Forward to Job Challenges (July 26, 2010)

Australia's new Privacy Commissioner Timothy Pilgrim, who was appointed last week to a five-year term, said he looks forward to the challenges and opportunities his new role will provide. Noting an increase in privacy risks as technology has advanced, Pilgrim said he sees an important part of his job as informing individuals of how privacy-enhancing technologies can be used to protect them from harm, as well as working with companies to encourage the development of such technologies. Australian Information Commissioner Designate Prof. John McMillan said he's delighted with Pilgrim's appointment, adding Pilgrim "brings a wealth of experience in privacy, great respect in and outside government and a strong commitment to the role," noting his contributions in developing the privacy act.
Full Story

PRIVACY LAW—U.S.

Legislators, Advocates Discuss Balancing Privacy, Innovation (July 23, 2010)

Thursday's congressional hearing on a pair of bills aimed at addressing the collection and disclosure of personal information revealed the challenges of balancing online privacy concerns with fears that regulation will limit innovation. ClickZ reports on such areas of contention as FTC rulemaking authority, the ability for private individuals to sue alleged violators, data sharing and safe harbor provisions. FTC Bureau of Consumer Protection Director David Vladeck joined industry and privacy advocates in offering testimony on both the Best Practices Act, proposed by Rep. Bobby Rush (D-IL), and the draft Boucher-Stearns bill. Vladeck spoke in support of such provisions as simplifying consumer privacy choices, using the example of an online gaming site's privacy policy that "guaranteed the company...your immortal soul," noting it was unlikely all 7,500 users meant to accept those terms.
Full Story

RFID

Walmart CPO Dispels Clothing ID Concerns (July 23, 2010)

Starting next month, Walmart will place removable smart tags on garments, The Wall Street Journal reports, and some privacy advocates are raising concerns that discarded tags could be tracked and that retailers might scan RFID-enabled identification carried by customers in their stores. Walmart CPO Zoe Strickland, CIPP/G, told the Daily Dashboard the company has taken steps to ensure that does not happen. "The only things that we're reading are tags in the program," she said, noting the readers cannot read through wallets. As for fears about the scanning of discarded tags, Strickland noted that would require reverse-engineering on the part of anyone trying to determine what was purchased. Walmart conducted a privacy impact assessment in developing the program, she said, and will be providing extensive notification to customers in its stores. (Registration may be required to access this story.)
Full Story

PRIVACY—EUROPE

EC Releases Report on PETs (July 23, 2010)

The European Commission this week received the final report on a London Economics study that looks at the costs and benefits of Privacy Enhancing Technologies (PETs) and lays out a framework for how to understand and deploy them, reports egovmonitor.com. Based on a survey of businesses from 12 EU member states, the economic benefits are shown to be technology and application specific and should be determined on a case-by-case basis. The report states,"There is little evidence that the demand by individuals for greater privacy is driving PETs deployment...Data controllers, on the other hand, can derive a variety of benefits from holding and using personal data, including the personalisation of goods and services, data mining, etc."
Full Story

RFID—HONG KONG

Commissioner to Launch Octopus Investigation (July 23, 2010)

The privacy commissioner will start an inquiry next week into Octopus Holdings sharing customer data with two insurance companies, The Standard reports. In the wake of recent allegations, Octopus Holdings has admitted it shared the personal information of 2.4 million customers with two merchant partners involved in its rewards program. "I've noticed that the incident sparked huge public interest," said Privacy Commissioner for Personal Data Roderick Woo Bun. "Therefore, we have decided to proactively investigate the case." The investigation is expected to be concluded in two months. The company will conduct a three-month comprehensive review of its handling of customer information, the report states, which Woo said should be more transparent.
Full Story

HEALTHCARE PRIVACY—U.S.

Opinion: Decision Opens Medical Records To Gov’t (July 23, 2010)

Earlier this month, the Georgia Supreme Court ruled that personal medical records are no longer considered "private papers" and are not protected from government searches, Bob Barr writes in a report for The Atlanta Journal Constitution. The decision "opens the door to law enforcement gaining access to personal medical records that are not themselves evidence of crimes," he writes, noting that as national efforts to move toward e-health continue, "the one provision essential to maintaining the privacy of individuals' medical records--affirming in law that the individual himself or herself is the owner of their own medical records" has yet to be put in place.
Full Story

GENETIC PRIVACY—U.S.

Opinion: DNA Program “A Spectacularly Bad Idea” (July 23, 2010)

A program being offered by UC Berkeley inviting incoming freshmen to submit their DNA for testing is a "spectacularly bad idea," according to a San Francisco Chronicle editorial. Citing concerns over security breaches and privacy, the editors point to a state bill by a California assemblyman seeking to prevent the California State University System and the University of California from requesting DNA from enrolled or perspective students. Regardless of whether the bill passes, the editors ask, "with so many privacy questions lingering over the emerging field of personalized medicine, should the university be doing this in the first place?"
Full Story

PRIVACY LAW

Clement Stands Behind Scrapping Long-Form Census (July 23, 2010)

Industry Minister Tony Clement says he and the prime minister are in agreement regarding his decision to make the country's long-form census optional due to privacy concerns, despite criticisms and even the resignation of Canada's chief statistician in protest. Clement said the government has taken a "compromise position" between privacy concerns and ensuring usable data from the next census in May 2011, CBC News reports. Though the Office of the Privacy Commissioner said it has received only two complaints since the 2006 census and is satisfied with the privacy protections in place, Clement says he has to be respectful of Canadians who have voiced concerns to him about the "very private nature of those questions" asked and must give them "a chance to opt out if they so choose."
Full Story

PRIVACY LAW—AUSTRALIA

New Privacy Commissioner Appointed (July 22, 2010)

Timothy Pilgrim has been appointed to a five-year term as Australia's new privacy commissioner. Sen. Joe Ludwig announced the appointment in a press release issued Thursday. Pilgrim, who has been deputy privacy commissioner since 1998, replaces former commissioner Karen Curtis, whose six-year term expired this month. Ludwig praised Curtis for her significant contributions to privacy in Australia and said that Pilgrim's "experience and operational knowledge of the office will be of great assistance when the office transitions to form part of the new Office of the Australian Information Commissioner, which will open its doors on November 1, 2010." Ludwig also announced the appointments of Barbara Robertson, Michael Kidd and Joan Sheedy as part-time members of the Privacy Advisory Committee.
Full Story

PRIVACY LAW—U.S.

FTC: Privacy 3.0 Will Not Differentiate Between PII, Non-PII (July 22, 2010)

FTC Commissioner Julie Brill recently highlighted the need for what she described as Privacy 3.0 to address behavioral targeting in online advertising, Chris Hoofnagle writes for The Berkeley Blog, noting that Brill suggests in this new approach to privacy there will be no distinction between personally identifiable information (PII) and non-PII. In addition to not making a distinction between types of personal information, the report states that "Privacy 3.0 will recognize that notice and choice was not enough and emphasize 'just in time' notices" that warn consumers they are taking steps that might result in new data collection as well as giving users notice of "unexpected uses" of their personal information.
Full Story

DATA PROTECTION—IRELAND

Commissioner Investigates Insurance Industry Database (July 22, 2010)

The Office of the Data Protection Commissioner is investigating insurance companies' use of an industry-wide database, which may breach data protection laws, The Irish Times reports. The database, which companies lawfully use to post the personal details of people who make an official insurance claim, includes data on customers who have consulted an insurer but never made an official claim, which is not permitted under the law. The commissioner's office is also concerned about unregulated access to the database, the report states. Deputy Data Commissioner Gary Davis said the investigation, the office's largest undertaking yet, was initiated following a large number of audits that gave the office "cause for concern."  
Full Story

IDENTITY THEFT—U.S.

Cars and Fax Machines on the At-Risk List (July 22, 2010)

WBZ-TV reports that used cars and fax machines have become information resources for identity thieves. The technology built into newer-model cars has the ability to store personal information such as Bluetooth contacts, garage door codes and more, and consumers aren't necessarily removing that information prior to reselling their vehicles. Brian Cooley of CNET said, "Here's the car you traded in, sitting on the used car lot. The garage door is programmed into the garage door opener, and your home address can be programmed into the GPS system. That's a perfect, pre-made kit for a garage burglary." Meanwhile, thermal transfer fax machines, which contain an imprint of all their fax transmissions--possibly including sensitive information--are being tossed, at times without destroying the data they hold. The FTC is currently investigatingsimilar concerns with data storage on copy machines.
Full Story

ONLINE PRIVACY

Tips for Managing Your Online Information (July 22, 2010)

This week's New York Times Magazine features a report by Jeffrey Rosen on the challenges of living life in this age when the Internet has records of almost everything we do and forgets none of it. Rosen is now inviting readers to submit their questions to two of the experts he interviewed for his article, Michael Fertik of ReputationDefender, a company that offers its clients options for managing their online reputations, and Prof. Paul Ohm of the University of Colorado, who has suggested ways new laws could be drafted to limit how companies use online information to influence employment decisions. Questions on managing online information will be accepted until July 25, the report notes, with answers to be posted July 26 and 27.
Full Story

DATA LOSS—U.S.

Universities Struggle with Data Breaches (July 22, 2010)

Campus Technology reports on a series of data breaches at universities across the U.S. Last month, both Florida International University (FIU) and the University of Maine (UMaine) reported breaches affecting thousands of students. The FIU breach required the school to notify more than 19,000 students that a database containing their Social Security numbers and test scores, among other information, had been found unsecured. UMaine notified nearly 5,000 students that two servers storing data from the university's counseling center had been hacked. And at California State University San Bernardino earlier this month, a class roster containing names and Social Security numbers of 36 students was accidently made public after being posted to a Web server.
Full Story

ONLINE PRIVACY—U.S.

AG Seeks WiFi Collection Answers (July 22, 2010)

Connecticut Attorney General Richard Blumenthal has asked Google to respond by Friday to his question of whether the company tested its Street View software before using it, suggesting such tests should have revealed the potential for collecting personal data from unsecured wireless networks. Bloomberg reports that Blumenthal, who is leading an investigation that now includes 37 states, wrote to Google's senior counsel Wednesday asking for the response. "If Google tested this software, it should have known all along that Street View cars would snare and collect confidential data from homes across America," Blumenthal said. "Now the question is how it may have used--and secured--all this private information." Google has maintained that the data collection was a mistake.
Full Story

ONLINE PRIVACY

The Internet Never Forgets (July 21, 2010)

"The fact that the Internet never seems to forget is threatening, at an almost existential level, our ability to control our identities; to preserve the option of reinventing ourselves and starting anew," Jeffrey Rosen, author of The Naked Crowd and past IAPP keynote speaker, writes in a feature for The New York Times Magazine. Rosen explores issues raised in Viktor Mayer-Schönberger's Delete: The Virtue of Forgetting in the Digital Age in the context of privacy concerns raised by social networks and search engines and the real-world implications of online photographs, opinions, status updates and allegations. Because of the Internet's inability to forget, he writes, "the idea of a home self, a work self, a family self and a high-school-friends self has become increasingly untenable." Efforts to protect privacy and reputation abound, with new startups attempting for-profit online information management while, as Rosen writes, "All around the world, political leaders, scholars and citizens are searching for responses to the challenge of preserving control of our identities in a digital world that never forgets." (Registration may be required to access this story.) Editor's Note: Viktor Mayer-Schönberger will deliver the keynote at the IAPP Europe Data Protection Congress in Paris later this year.
Full Story

RFID

The Benefits of Information vs. Loss of Privacy (July 21, 2010)

From using RFID devices in student identification cards to track attendance at university classes to card-based customer loyalty programs, controversies around the use of RFID center on the balance between privacy and information. "RFID, and electronic storage and transmission of information more broadly, often evokes concerns about breaches of privacy. In practice, the technology often replaces tracking methods prone to security lapses," Rebecca Walberg writes in a report published in The Vancouver Sun. While some experts suggests RFID is not a threat to privacy, given that programs such as customer rewards require user consent, others, like Prof. Yeona Jang of McGill University, caution, "there are privacy issues that need to be addressed accordingly, as technology advances."
Full Story

PRIVACY LAW—U.S.

Best Practices Act: A Step in the Right Direction (July 21, 2010)

New privacy legislation introduced by Rep. Bobby Rush (D-IL) is being called a "step in the right direction" by both online advertising industry experts and privacy advocates, ClickZ reports. Mike Zaneis of the Interactive Advertising Bureau said Rush's Best Practice Act is "much more palatable than the Boucher proposal" unveiled in May, while Jeff Chester of the Center for Digital Democracy suggested it provides more clarity and, overall, should reduce the amount of user data collected and increase consumer control. The House Subcommittee on Commerce, Trade and Consumer Protection will hold a hearing Thursday on both bills; however, Sen. Byron Dorgan (D-ND) cautions that given the limited time left in the 2010 legislative calendar and how "very complicated" crafting privacy legislation has been, it is unlikely there will be action on the senate side of legislature this year.
Full Story

ONLINE PRIVACY—U.S.

Class-Action Suit Filed Against Data Aggregator (July 21, 2010)

A class-action lawsuit has been filed in California against Spokeo, a search engine that provides personal information gathered from various public sources to paying subscribers, alleging much of the information is inaccurate, PC Magazine reports. According to the Washington, DC-area resident who filed the suit, the company has published "largely inaccurate and false information about him and has marketed this information to employers at a time when he is seeking employment," the report states. Separately, the Center for Democracy and Technology has filed a complaint with the FTC over the accuracy of Spokeo's information, stating the site should be subject to the Fair Credit Reporting Act. Spokeo announced this week that it is implementing new privacy controls to be unveiled within the year.
Full Story

DATA LOSS—U.S.

Employee Suspended for Posting SSNs Online (July 21, 2010)

A Maryland Department of Human Resources (DHR) employee has been placed on administrative leave after posting the Social Security numbers and other personal information of nearly 3,000 DHR clients online, reports The Baltimore Sun. The affected clients are being offered credit monitoring, and a DHR spokeswoman said, "We take the privacy of the data that's entrusted to us very seriously." A spokesman for the nonprofit privacy watchdog that uncovered the breach said the incident exemplifies why Maryland's government, and others, should better protect personal information. "The goal should be to create a culture where everyone knows they'll be held responsible for dealing with this very precious asset called personal information."
Full Story

DATA LOSS—U.S.

Mass. Hospital Missing 800,000 Records (July 21, 2010)

The South Shore Hospital has announced that 800,000 records may have been lost during shipping to an off-site contractor responsible for destroying the records, reports The Boston Globe. The files contained information on patients, employees, physicians, volunteers, donors and business partners of the hospital and may have included names, addresses, phone numbers, dates of birth, Social Security numbers, driver's license numbers, medical information and other personal data. Hospital officials have determined that the records cannot be accessed without specialized equipment and knowledge and they have no evidence suggesting the files have been accessed. President and CEO Richard Aubut has apologized and noted that they are "still searching for those files."
Full Story

DATA LOSS—CANADA

Gambling Site Reveals Breach of 134 Accounts (July 21, 2010)

The BC Lottery Corporation (BCLC) has revealed a data breach on its Web site that compromised the accounts of 134 users, The Vancouver Sun reports. The company shut down its gambling operations after discovering the breach, which occurred just moments after the site was relaunched. Twelve of the 134 exposed accounts allowed users to view the personal information of others, including, in one case, the last four digits of a person's credit card. Some critics say the breach has not been handled transparently. However, both BCLC and BC Information and Privacy Commissioner Elizabeth Denham, just weeks into her new appointment, say officials have acted responsibly. Denham said she'd like to be assured that all problems are resolved before the site goes live again.
Full Story

PRIVACY LAW—U.S.

Rush Unveils “Best Practices Act” (July 20, 2010)

House Commerce, Trade and Consumer Protection Subcommittee Chairman Bobby Rush (D-IL) has introduced a new privacy bill that seeks to "foster transparency about the commercial use of personal information and provide consumers with meaningful choices about the collection, use and disclosure of such information." The Best Practices Act would require online companies to get users' permission before collecting sensitive information such as Social Security numbers, medical or financial data and race or ethnicity, Broadcasting & Cable reports. It would also require companies that share "less sensitive" personal information with third parties to obtain user consent and would mandate that opt-outs be provided for the collection of all other personal data. Rush's bill calls for the Federal Trade Commission to administer the new regulations, with fines of up to $5 million for noncompliance. A hearing on the proposal and the similar Boucher-Stearns bill is scheduled for Thursday.
Full Story

ONLINE PRIVACY

The Economic Value of Privacy (July 20, 2010)

While at least one startup is banking on consumers wanting to use their personal information as "virtual currency that can be traded," making personal information a commodity poses challenges, Steve Lohr writes in The New York Times. According to M. Ryan Calo of Stanford Law School, "There is no way to know in advance what the value of this information is." Citing last year's "What Is Privacy Worth?" study by three Carnegie Mellon researchers, Lohr points out that the value of privacy is shaped by people's expectations, as summed up by Alessandro Acquisti, one of the study's authors, who notes, "When you have privacy, you value it more, but when the starting point is that we feel we don't have privacy, we value privacy far less." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—MEXICO

New Law Has Strict Requirements, Tough Penalties (July 20, 2010)

Mexico's new Federal Law for Protection of Personal Data Held by Private Persons (LFPDP) focuses on "controlled and informed" processing of personal data and ensuring Mexican citizens' "privacy and right to self-determination." In their analysis of the new law, Fernando de Ovando and Mauricio F. Paez of Jones Day detail the rights of data subjects under the LFPDP as well as the strict requirements for companies that process the personal data of Mexican citizens. To avoid severe penalties enacted under the law--including fines of up to $1.4 million and prison sentences of up to five years that can be doubled in certain cases--de Ovando and Paez advise companies to "draft comprehensive privacy policies, procedures and guidelines" to satisfy Mexico's new legal requirements. (Registration may be required to access this story.) Editor's Note: The IAPP will host a Web conference on the new law next Thursday, July 29, at 1 p.m. EDT.
Full Story

PRIVACY LAW—U.S.

Facebook: Privacy Class Action Should Be Dismissed (July 20, 2010)

A potential class action filed last month against social networking site Facebook over privacy concerns may not see its day in court, MediaPost reports, as such lawsuits must overcome the hurdle of proving damages have occurred as a result of the information shared. Facebook is arguing that the suit should be dismissed on the grounds that it lacks "a single factual allegation that specifies what information, exactly, Facebook has allegedly improperly disclosed or that Facebook publicly disclosed information that any plaintiff intended to remain private." While the suit alleges the social network's members may have been exposed to the risk of identity theft, the company has countered that the lawsuit is based on "vague, generalized allegations" and speculation.
Full Story

GEO PRIVACY

Apple Responds to Congressmen’s Inquiry (July 20, 2010)

The U.S. congressmen who recently asked Apple to disclose how the company handles customers' location information say they are pleased with the company's response, CNET News reports. Apple sent a letter to Reps. Edward J. Markey (D-MA) and Joe Barton (R-TX) on Monday stating that the company does not share customers' location information with third parties without their permission and that when customers use location-based applications, the collected information is kept anonymous. Barton applauded Apple for responding to the inquiry but added that he remains concerned about privacy policies that "run on for pages and pages" and said he hopes every business collecting information for marketing purposes "will work toward more transparency."
Full Story

BIOMETRICS—JAPAN

Facial Recognition Billboards Are Here (July 20, 2010)

A consortium of 11 railway companies has installed 27 facial recognition-enabled billboards in subway stations around Tokyo as a one-year pilot project that will collect data on passersby, reports CNET News. A spokesperson for the Digital Signage Promotion Project said, "The camera can distinguish a person's sex and approximate age, even if the person only walks by in front of the display, at least if he or she looks at the screen for a second." The information gleaned could then be used by marketers to strategically schedule their marketing campaigns and tailor them by gender. Project officials say they won't store images taken by the billboard cameras.
Full Story

PRIVACY LAW—U.S.

Court: Motor Vehicle Records Can Be Sold in Bulk (July 20, 2010)

The New Orleans Appeals Court fifth circuit has ruled that businesses can buy and resell motor vehicle records in bulk even if they are not used but are intended for permissible purposes, reports Courthouse News Service. The ruling upheld a lower court's dismissal of six class-action lawsuits, which alleged that the state of Texas's bulk sale of the records to businesses intending to retain them for future use was illegal under The Driver's Privacy Protection Act, which requires businesses to demonstrate "lawful purpose" for obtaining the records. The court concluded that under the act, buying records in bulk is legal whether or not the buyer uses every piece of information obtained.
Full Story

DATA LOSS—U.S.

U. Hawaii Parking Server Breached (July 20, 2010)

The University of Hawaii informed the Honolulu police and the FBI that a server was breached at their parking office, possibly exposing the personal information of 53,000 people. The university discovered the breach during a routine audit and says the server contained nearly 41,000 Social Security numbers and data on 200 credit cards, reports Campus Technology. The university has no evidence that the information has been accessed or used but has retained a forensic computer expert to investigate further. On a Web page about the incident, officials say they have stopped using SSNs for parking transactions and are in the process of purging them from the system. This latest incident comes 15 months after an affiliated community college experienced a malware-induced breach, the report states.
Full Story

PRIVACY LAW—U.S.

Firms Oppose Geolocation Legislation (July 20, 2010)

MAPPS, the national association of geospatial firms, has written to the U.S. Congress with concerns about privacy legislation proposed by Rep. Rick Boucher (D-VA) that would limit the use of "precise geolocation information," The American Surveyor reports. The association is concerned that the limitations would threaten information collected for such practices as emergency response management, home security and mortgage foreclosure monitoring, the report states. MAPPS has urged Boucher to clarify the term "precise geolocation information" and make other changes to the bill's language. "The intent of the bill drafted by Rep. Boucher--to protect personal privacy--is laudable, but in its current form, the provisions would result in a number of unintended consequences," said MAPPS President Jeff Lovin.
Full Story

BEHAVIORAL TARGETING

Start-Up: Consumers Should Be Paid for Data (July 19, 2010)

Just by using the Internet, we are supplying the "raw material that helps generate billions of dollars a year in online advertising revenue," Steve Lohr writes in a piece for The New York Times, exploring the emergence of start-up companies aimed at giving users control of their personal information. With everything from online search requests to social network postings being "mined to serve up targeted online ads," a new company is looking at creating economic opportunities for users who share personal information. As one venture capitalist put it, the focus is on "choice and ownership of data and ultimately a notion of an exchange of value." Experts note that the emergence of such companies points to "larger issues about privacy transactions and pricing of personal data." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—EU & ISRAEL

Irish Gov’t Asks for EU Support in Blocking Adequacy Status (July 19, 2010)

Ireland's Minister for Justice (MoJ) Dermot Ahern will ask the EU to back Ireland in its attempt to prevent data transfers to Israel, reports The Irish Times. Though the European Commission plans to grant Israel adequacy status under its data protection directive, allowing for the transfer and storage of European citizens' data in Israel, the MoJ has expressed "profound concerns." The EU declaration allowing for the data transfer was set to happen two weeks ago, but the Irish government objected, citing recent events involving fake Irish passports and alleged Israeli assassins. "I think it's important that we put down a marker, which we have, that given the history, we in Ireland are worried," said Ahern.
Full Story

PRIVACY LAW—U.S.

Supreme Court: Employees’ Private E-mails Stay Private (July 19, 2010)

The Wisconsin Supreme Court ruled Friday that government employees can send personal e-mails on work computers without fearing they may become public information, The Associated Press reports. The court ruled that using a work computer to send information doesn't make the information subject to the state's open records law. The case stemmed from a lawsuit filed by five public school teachers asking that none other than work-related e-mails be released in response to a citizen's open records request. In her majority ruling, which overturned that of a lower court, Chief Justice Shirley Abrahamson said, "While government business is to be kept open, the contents of employees' personal e-mails are not a part of government business."
Full Story

TRAVELERS’ PRIVACY—U.S.

Airport Wants Privacy-Protecting Scanner Software (July 19, 2010)

Logan International Airport in Massachusetts is seeking to acquire new software aimed at eliminating privacy concerns over full-body scanners by producing stick-figure images of passengers rather than the more detailed images currently revealed by such scanners, the Boston Herald reports. In the wake of concerns from privacy advocates about the scanners, the Transportation Security Administration implemented such safeguards as blurring faces and making it impossible to print or store scanner images. The hope is to have the software, which is still being developed, in place by next year, the report states. Once implemented, the new software will alleviate privacy concerns, said Massport Director of Aviation Ed Freni.
Full Story

SOCIAL NETWORKING—U.S.

Collection Agents “Friending” Debtors Online (July 19, 2010)

Collection agencies are now using social networking sites to track down debtors, NPR reports, and while they are getting results, the practice is raising legal questions. Gary Nitzkin, a credit collection attorney, explained how debt collectors "friend" debtors online to "get into their inner circle" and if they learn debtors are "boating today--on their new sailboat? Well, guess what? We just found an asset that we can take." According to the FTC, which enforces the Fair Debt Collections Practices Act, "collectors must disclose that they are attempting to collect on a debt and any information obtained will be used for that purpose," but debt collection attorneys believe there is a "gray area" when it comes to social network postings.
Full Story

DATA LOSS—U.S.

University Database Breached (July 19, 2010)

The Des Moines Register reports that a database security breach at Buena Vista University may have exposed the names, Social Security numbers and license numbers of 93,000 people affiliated with the university dating back to 1987. University President Fred Moore apologized for the incident and said there is no evidence the information has been misused. University officials began notifying those affected last week and are offering them free credit-monitoring and one year of fraud insurance. The school has updated its security policies, which, prior to the breach, had been deemed comparable to those at other institutions, but, Moore said, "Unfortunately, no network, no matter how tight, is impervious."
Full Story

PRIVACY

New Brunswick Names First Commissioner (July 16, 2010)

New Brunswick Premier Shawn Graham has named Fredericton lawyer Anne Bertrand as the province's first access to information and privacy commissioner, reports CBC News. Bertrand begins her new role September 1, when the office is officially created, but must be confirmed by the legislature after the September 27 election. As commissioner, Bertrand will be responsible for overseeing two new pieces of legislation governing access to information and health information privacy and will advocate for information and privacy issues, the report states. "I am confident that the breadth of her experience in the field of law, along with her work in the community and strong values of justice and integrity, will serve New Brunswickers well as she fulfils the commissioner's responsibilities," said Graham.
Full Story

DATA RETENTION—EU

EU Working Party Finds Problems with Data Retention Directive (July 16, 2010)

The Article 29 Working Party says the European data retention directive is not being applied correctly by member states and that some service providers are retaining inappropriate data. The Working Party this week published a report on the findings of a joint inquiry into the directive. The group of European data protection authorities found discrepancies among member states' implementation of the law. It also concluded that "more data are being retained than is allowed." The report includes several recommendations for amending the directive and calls on the European Commission to take into account its findings as it considers potential changes to the directive.
Full Story

DATA PROTECTION

APEC Launches New Privacy Enforcement Initiative (July 16, 2010)

The Asia-Pacific Economic Cooperation (APEC) has launched an initiative to help boost consumer trust in e-commerce by fortifying enforcement of regional data privacy laws, ZDNet reports. The APEC Cross-border Privacy Enforcement Arrangement (CPEA) will serve as a platform for authorities to engage in information sharing, evidence collection and complaints handling, among other imperatives. Its participants include the Office of the Privacy Commissioner of Australia, the Office of the Privacy Commissioner of New Zealand and the U.S. Federal Trade Commission (FTC). The announcement follows the recent establishment of the Global Privacy Enforcement Network (GPEN). Yael Weinman of the U.S. FTC told the Daily Dashboard that while the GPEN "is a less formal, global network designed to facilitate cooperation among its participants," the CPEA "is a more structured regional arrangement, setting out specific procedures and mechanisms for cooperation among participating privacy enforcement authorities in APEC member economies."
Full Story

DATA LOSS—UK

Experts Call for Breach Notification (July 16, 2010)

Starting next May, telecoms and Internet service providers will be required to report data breaches, but some legal experts at a roundtable event this week said they would like to see mandatory breach reporting requirements for all, reports V3.co.uk. Field Fisher Waterhouse partner Stewart Room said that mandating breach notification would stop companies from burying the bad news. He said many firms "often decide not to report data breaches to the (Information Commissioner's Office) as they are not obliged to report it under law, yet could suffer retrospective punishment despite admitting the loss."
Full Story

CONSUMER PRIVACY—EU & U.S.

Regulators Push for Consumer Protection Online (July 16, 2010)

EUobserver reports on the push by EU and U.S. consumer protection authorities for transparency in e-commerce data collection practices. Shoppers could be made aware of how their data will be used with a data privacy labeling system similar to the nutritional facts on food products, said David Vladeck, director of consumer protection at the U.S. Federal Trade Commission. In Brussels on Tuesday, Vladeck said his office is preparing a proposal to upgrade consumer protection, to be released later this year. Monique Goyens, director of the European Consumers Organisation, said she is pushing a similar model, adding, however, that new regulation is useless without proper enforcement.  
Full Story

PRIVACY LAW—U.S.

Ruling Could Affect Public Employees’ E-mail Privacy (July 16, 2010)

A Wisconsin case could subject public employees' private e-mails to the state's open records law, reports the Associated Press. The Wisconsin Supreme Court is set to rule on the case, which involves a citizen's request for release of the e-mails of five teachers in the Wisconsin Rapids School District. The teachers involved did not object to the release of work-related e-mails, but filed a lawsuit to keep their personal e-mails private, the report states. A lower court's judge ruled that all of the e-mails should be released, which the teachers then appealed. The verdict is due today.
Full Story

PRIVACY LAW—U.S.

Push for Compensation Will Persist (July 16, 2010)

To date, courts have largely ruled against plaintiffs seeking damages in data breach cases. Last month, a federal court in New York demonstrated this, dismissing a consumer class action claim against Bank of New York that alleged negligence and breach of implied contract after unencrypted data was lost. However, companies would be wise to comply with data protection laws and breach notification requirements, say lawyers at Mayer Brown LLP, who predict that, though the court's trend has been to rule otherwise, plaintiffs will continue to push for class action suits seeking compensation for perceived harm in identity theft risks and say that "compelling business and legal reasons remain for companies to comply" with state, national and international laws. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—U.S.

Poll: Social Networking Users Concerned about Privacy (July 16, 2010)

A new poll indicates that half of Americans who have a profile on a social networking site are worried about their privacy, reports The Washington Post. The Marist poll surveyed more than 1,000 people, 27 percent of whom said they were concerned about their privacy on sites such as Facebook and MySpace, and 23 percent of whom said they were very concerned. Americans over the age of 60 are the most concerned, and women are more concerned than men, the poll showed. "Some people are concerned, reluctant and skittish about the extent of online information. There's a privacy element that some people feel is getting lost," said the director of the Marist College Institute for Public Opinion. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Groups Call on FTC to Propose Privacy Law (July 15, 2010)

Seventeen advocacy groups have asked the Federal Trade Commission (FTC) to propose a new privacy law to give consumers "meaningful safeguards and control of their personal information," MediaPost reports. In a letter to FTC Chairman Jon Leibowitz, the groups, including the ACLU, Center for Digital Democracy, Electronic Frontier Foundation and PIRG, said "Privacy law in the United States is in disarray," and "Existing laws don't adequately address new business practices." Specifically, the coalition wants the FTC to "set out specific regulations for the collection of information by the online advertising industry to help ensure that consumers have some meaningful control over their personal information."
Full Story

DATA PROTECTION—UK

ICO Reiterates Call for Jail Sentences (July 15, 2010)

British Information Commissioner Christopher Graham released his Annual Report for 2009/10 yesterday, reiterating his call for jail sentences for those convicted of illegal data trading, OUT-LAW.COM reports. "I shall continue to press for a more effective deterrent to criminal behavior by 'rogue' individuals," Graham said. "I continue to believe that the courts should be able to impose a custodial sentence, where appropriate, to tackle the unlawful trade in personal data that is the scourge of the digital world." The ICO saw a 30 percent increase in the number of data protection enquiries during the 2009/10 year.
Full Story

PRIVACY LAW—U.S.

Bill Would Create National ID Theft Law (July 15, 2010)

A proposed law to help protect consumers from identity theft was reintroduced in the Senate yesterday, NextGov reports. Co-sponsor of the bill Sen. Tom Carper (D-DE) says the 2010 Data Security Act, introduced in 2007 but not passed, would require public and private agencies to protect consumers from anticipated threats, hazards or misuse that could result in substantial harm or inconvenience. Modeled after the Gramm-Leach-Bliley Act, the bill would preempt states' regulations and would also require breach notifications. "We need to replace the current patchwork of state and federal regulations for identity theft with a national law that provides uniform protections across the country," Carper said.
Full Story

PRIVACY LAW—CANADA

Census Changes Enacted Due to Privacy Concerns (July 15, 2010)

The Canadian government has scaled back census laws, to remove a mandatory requirement that all Canadians complete a long-form census, citing widespread privacy concerns, reports the Winnipeg Free Press. Industry Minister Tony Clement said, "the government of Canada received complaints about the long-form census from citizens who felt it was an intrusion of their privacy." But Office of the Privacy Commissioner (OPC) spokesperson Anne-Marie Hayden noted that her office has received only three complaints in the last 10 years. "We've worked closely with the agency to make sure Canadians' privacy rights are respected throughout the census process," she said, adding that, in general, the OPC is satisfied with the privacy protections that are in place.
Full Story

PRIVACY LAW—UKRAINE

Ukraine Passes Data Protection Law (July 15, 2010)

The Ukrainian Parliament has adopted a data protection law that will become effective  January 1, 2011. The law states that personal data may not be processed without the consent of the individual concerned, except in cases provided for by law or where the data is necessary for maintaining national security, economic welfare or the protection of human rights, according to Olexander Martinenko and Olga Belyakova of the law firm CMS Cameron McKenna. The law also requires that personal data not be used in ways other than its intended purpose at the time of collection. Any database must be registered with a state entity yet to be created by the government. (Registration may be required to access this story.)
Full Story

DATA LOSS—U.S.

OSU Virus, UNC Improvements, CT AG Calls out Teachers Board (July 15, 2010)

While the University of North Carolina institutes new policies to beef up data security after a state audit showed system vulnerabilities, officials at Oregon State University are notifying 34,000 current and former employees that their personal information was recently exposed by a computer virus, KVAL reports. The university says there is "no evidence that any data was extracted," but is notifying those impacted out of an abundance of caution. Meanwhile, Connecticut Attorney General Richard Blumenthal wants the state Teachers' Retirement Board to provide identity theft protection services for 58,000 members whose information was contained on a lost flash drive.
Full Story

DATA PROTECTION—EU & U.S.

Reding: Umbrella Data Transfer Agreement Needed (July 14, 2010)

European Commissioner for Justice, Fundamental Rights and Citizenship Viviane Reding is keen to hammer out a data protection agreement that would govern all transfers of data between the EU and U.S., OUT-LAW.COM reports. "It is my determination to end this piecemeal approach," she said, referring to the recent negotiations of separate deals on financial and travelers' data sharing during a meeting at The Atlantic Council in Washington, DC this week. Reding said that EU Member States are "discussing the fine print" of the European Commission's proposal. The aim, Reding said, is "to provide legal certainty to data transfers by ensuring that all these transfers are subject to high standards of data protection on both sides of the Atlantic."
Full Story

STUDENT PRIVACY—IRELAND

Department of Education to Revise Data Collection Practices (July 14, 2010)

Following warnings from the data protection commissioner that they may breach privacy laws, the Department of Education says it will revise its data collection practices. The department has confirmed it will seek parental consent in the collection of sensitive personal data. Deputy Data Commissioner Gary Davis said this week that parents were often unaware that information given to the schools, which sometimes includes Personal Public Service numbers and medical card status, was forwarded to the department, reports the Irish Times. The department said it has taken the data protection commissioner's concerns seriously and continues to work with the office to meet requirements.
Full Story

HEALTHCARE PRIVACY—U.S.

Private Practices Now Named on OCR Site (July 14, 2010)

The Health and Human Services Office for Civil Rights (OCR) has unveiled on its breach notification Web site the names of "private practices" that have reported data breaches affecting 500 or more individuals, HealthLeaders Media reports. When the OCR launched the Web site in February, as required by the HITECH Act, it listed sole practitioners who had experienced large breaches of unprotected health information as "private practices." But in April, the office proposed to make the posting of such breaches "routine use," which allows OCR to post the information without first seeking the consent of those involved.
Full Story

PRIVACY LAW—U.S.

ACLU: DNA Sample Law Infringes on Privacy Rights (July 14, 2010)

California's government should not be allowed to take DNA samples from those arrested on felony charges. That was the message from ACLU attorney Michael Risher to the Ninth U.S. Circuit Court of Appeals in San Francisco Tuesday, where he challenged a 2004 law that he says sacrifices privacy in exchange for "questionable gains in identifying criminals," the San Francisco Chronicle reports. But the state's attorney general said taking a DNA sample is no more a violation of privacy than taking a fingerprint, and that the recent arrest of the "grim sleeper"--suspected of killing at least 10 women over 25 years--could have happened sooner if DNA samples had been taken after the suspect's numerous felony arrests, the report states.    
Full Story

SOCIAL NETWORKING

Int’l Companies Must Navigate Patchwork Laws (July 14, 2010)

CNET News reports on the complications companies face in complying with data protection and privacy laws across national borders. The operational reality of platforms such as Facebook, for example, "is challenged to the breaking point by the patchwork of privacy laws in different countries," said Paul Bond, a data protection attorney with Reed Smith. However, changing privacy policies to comply with various jurisdictional laws can create more problems than solutions for users, according to attorney Francoise Gilbert of IT Law Group. "What all of these people are asking is that it be more simple, more understandable, so it should not be more complex. If it's more complex, then everybody has lost."
Full Story

PRIVACY LAW—U.S.

Defunct Site’s Sensitive Data in Limbo (July 13, 2010)

Federal bankruptcy proceedings involving sensitive personal data have the attention of the Federal Trade Commission (FTC), CNET News reports. The FTC recently sent a letter to creditors and attorneys involved in the case, warning that the sale, transfer or use of the information involved could violate federal law. The owner of the defunct Web site XY, which catered to gay young men, filed for bankruptcy protection earlier this year, listing as assets the XY customer list and personal data. Ari Schwartz of the Center for Democracy and Technology said it would make sense for the bankruptcy judge to appoint a consumer privacy ombudsman to this case.  
Full Story

DATA PROTECTION—GERMANY

German Minister Calls for Internet Code of Honor (July 13, 2010)

Germany's consumer minister has called for an Internet "honor code," reports The Sydney Morning Herald. Ilse Aigner says she's worried about the trends she sees on the Internet and that the Internet community should develop a code with "10 golden rules--short, sharp and clear," using suggestions from Internet users. Aigner, who wrote a letter to Facebook earlier this year urging that it revise its privacy policy "without delay," says users must be made aware that social networking services are not free. "We users pay for it with our private data."  
Full Story

ONLINE PRIVACY

Study: Consumer v. Marketer Expectations (July 13, 2010)

A recently released study shows that when it comes to new technology, consumers have higher privacy expectations than marketers and most often prefer an opt-in method for collecting personal information. The University of Massachusetts Amherst study looked at cookies, RFID, text messaging, pop-up ads, telemarketing, SPAM, biometrics and loyalty cards. This is the first study to directly compare the privacy expectations of consumers and marketers. The researchers also discovered that many consumers don't understand the tools used by online companies and marketers and don't know how much, or how often, detailed information is gathered about them.
Full Story

DATA PROTECTION—U.S.

Breach Numbers Released, Some Not Recorded (July 13, 2010)

InformationWeek reports that the Identity Theft Resource Center (ITRC) has recorded 341 data breaches within the first six months of 2010. However, the ITRC says that hundreds more occurred but were not reported due to loopholes in breach notification requirements. A Department of Health and Human Services (HHS) guideline, for example, states that if an organization determines a breach has not caused "significant risk of financial, reputational or other harm to individual," then the breach does not have to be reported. This type of exception may contribute to lower reporting numbers, the ITRC says. "Consumers want to know if they are at risk from even a small breach. The details of a breach help determine their risk factors as well as guide them in proactive measures."
Full Story

PRIVACY LAW—U.S.

Judge: Plaintiffs May Seek Injunction (July 13, 2010)

A federal judge has ruled that AOL members may pursue attempts to force the company to destroy records about users' searches, MediaPost News reports. U.S. District Court Judge Saundra Brown Armstrong decided that consumers should be able to seek an injunction, the report states. The trial is scheduled for November 2011. The case stems from a 2006 incident where AOL employees released three months of 650,000 users' search queries. In her decision, Armstrong wrote, "Plaintiffs aver that as a matter of policy, AOL continues to collect and disseminate the same type of data disclosed" previously. "These facts are sufficient to allege an ongoing injury."
Full Story

DATA PROTECTION—U.S.

Corrections Commissioner: Prisoners Don’t Have Access to Data (July 13, 2010)

A March report by the Social Security Administration that lists West Virginia as one of eight states that grants prisoners access to citizens' personal information was incorrect, according to the commissioner of the state's Division of Corrections. The report said prisoners working data processing jobs had access to such personal information as health records and wage statements. "That is absolutely not true and won't occur," the commissioner said, adding that broad questioning used to collect data for the report led to the misunderstanding. The corrections division is drafting a formal policy, due in August, that bans prisoners from personal data, the Charleston Daily Mail reports.  
Full Story

PRIVACY LAW—U.S.

Comment Period Begins This Week on New Proposed Rules (July 12, 2010)

The Hartford Courant reports on the new proposed privacy and security rules for healthcare providers, which were put forward last week by the U.S. Department of Health and Human Services (HHS). The rules would expand Health Information Portability and Accountability Act (HIPAA) coverage to a broader group of providers and would limit the use of protected health information for marketing and fundraising. They would also expand individuals' access and disclosure rights. "HHS strongly believes that an individual's personal information is to be kept private and confidential and used appropriately by the right people, for the right reasons," said HHS Chief Privacy Officer Joy Pritts. The agency will open a 60-day public comment period this week. Editor's note: The IAPP will host a Web conference on the new proposed rules on Thursday, July 15, at 1 p.m. EDT.
Full Story

SOCIAL NETWORKING—GERMANY

Facebook Facing German Complaint (July 12, 2010)

Facebook says it is reviewing a letter sent by Hamburg, Germany data protection officials last week and "will respond to it within the given time frame," PCWorld reports. Johannes Caspar, the head of Hamburg's data protection agency, last week took legal action against the company, alleging the social networking service illegally accessed personal information about people who do not use the site. Caspar said his office has received complaints from many people who were allegedly contacted by Facebook because users had listed their names and e-mail addresses among their personal contacts. The company has until August 11 to respond.
Full Story

ONLINE PRIVACY—AUSTRALIA

Guilty Finding Prompts Google Apology (July 12, 2010)

Australian Privacy Commissioner Karen Curtis last week determined that Google breached the country's Privacy Act by collecting personal information from unsecured wireless networks using its Street View vehicles, The New Zealand Herald reports. "Collecting personal information in these circumstances is a very serious matter," Curtis said. "Australians should reasonably expect that private communications remain private." Curtis's office lacks the authority to impose penalties for the breach, but the commissioner ordered the company to apologize, which it did in a blog post, where the company's senior vice president of engineering and research said, "this was a mistake for which we are sincerely sorry." Meanwhile, the company says it has removed from its cars any equipment used to collect WiFi data.
Full Story

TRAVELERS’ PRIVACY—U.S.

EPIC Sues to Block Airport Scanners (July 12, 2010)

The Electronic Privacy Information Center (EPIC) has sued the Department of Homeland Security in federal court for an emergency stay of the airport body scanner program, reports USA Today. According to the court filing, EPIC asserts that the Transportation Security Administration's (TSA) program violates the federal Privacy Act, the Religious Freedom Restoration Act, the Administrative Procedures Act and the Fourth Amendment. Despite earlier claims that the scanners are "configured to prevent TSA officers from storing or retaining any images," EPIC says government records show that "the TSA required that the devices be able to store and record images of naked air travelers."
Full Story

ONLINE PRIVACY—GERMANY

While Regulators Bear Down, Consumers Sign Up (July 12, 2010)

On the surface, the actions of German data protection regulators don't seem to reflect the sentiment of consumers in that country, where Facebook and Google--two companies under investigation by data protection regulators there--are popular, The New York Times reports. "I think many people in Germany...do not have as many problems with data protection as the regulators are making out," said a 21-year-old college student. But experts say that while the dichotomy is unlikely to lead to a loosening of the country's strict privacy rules, lowering barriers for online marketing could help encourage economic growth. (Registration may be required to access this story.)
Full Story

GENETIC PRIVACY—U.S.

Serial Killer Case Sparks DNA Privacy Questions (July 12, 2010)

Law enforcement officials and legal scholars are questioning whether a new law that allows police to match suspects' DNA with that taken from their relatives is a crime-solving breakthrough or a slippery slope to privacy invasions. Recent use of the law in California led to the arrest of a man suspected of murdering at least 10 women over 25 years, The Christian Science Monitor reports. California Attorney General Jerry Brown has said it is a "balanced policy" that protects citizens' rights, noting it is only allowed in major, violent crimes with serious risk to public safety. Prof. Anne Bowen Poulin of the Villanova University School of Law, meanwhile, asks, "Good police work? Most would probably applaud it. Risk to privacy? We probably won't know until it's too late."
Full Story

DATA PROTECTION—U.S.

Public Records Sales Prompt Concerns (July 12, 2010)

The Plain Dealer reports on the Ohio Bureau of Motor Vehicle's (BMV) sale of driving records to commercial entities and other customers. Since 2005, the state has collected more than $42 million in bulk record sales to more than 30 companies, including data aggregators. The information sold includes names, dates of birth, driver's license and Social Security numbers. In two known cases, data breaches involving drivers' personal information raised concerns about identity theft. A spokeswoman for the department that oversees the BMV said it is "required to provide this information, and we do not profit off of it." Sen. Tom Patton (R-OH) said he may introduce legislation to shield some of the information from distribution.
Full Story

ONLINE PRIVACY

Study: Online Habits of the Young Will Live On (July 12, 2010)

A study fielded by the Pew Research Center's Internet & American Life Project and Elon University's Imagining the Internet
Center found that most technology experts and stakeholders believe the online sharing habits of the millennial generation will
stay with them throughout their lives. Sixty-seven percent of respondents agreed with a statement that Millenials "will
continue to be ambient broadcasters who disclose a great deal of personal information in order to stay connected and take
advantage of social, economic and political opportunities." Respondents also acknowledged that new social norms and new
definitions of public and private information are already taking shape.
Full Story

PRIVACY LAW—U.S.

HHS Proposes New Rules (July 9, 2010)

The Department of Health and Human Services (HHS) yesterday proposed new privacy and security rules for the Health Insurance Portability and Accountability Act (HIPAA), Computerworld reports. The new rules would allow patients to restrict access to certain health information and would prohibit the sale of their data without consent, according to the report. The rules also would extend privacy and security requirements to business associates of HIPAA-covered entities. HHS will open a 60-day comment period on July 14. Editor's note: The IAPP will host a Web conference on the new proposed rules next Thursday, July 15, at 1 p.m. EDT.
Full Story

ONLINE PRIVACY—AUSTRALIA

Commissioner: WiFi Collection Breached Privacy Act (July 9, 2010)

Privacy Commissioner Karen Curtis has determined that the collection of personal information through unsecured wireless networks by Google's Street View vehicles breached the Australian Privacy Act, The Sydney Morning Herald reports. "Collecting personal information in these circumstances is a very serious matter," Curtis said Friday, following the conclusion of her investigation. "Australians should reasonably expect that private communications remain private." However, the office does not have the power to impose penalties for such breaches. Instead, Google has agreed to conduct a privacy impact assessment of the data collected and has issued a formal apology, stating "this was a mistake for which we are sincerely sorry."
Full Story

PERSONAL PRIVACY—SOUTH AFRICA

Security and Privacy at the FIFA World Cup (July 9, 2010)

While the 2010 FIFA World Cup has all eyes focused on South Africa for the public displays of athletic prowess on the soccer fields, an immense amount of work has been taking place behind the scenes to address the public safety issues that come with any international gathering of this size and scope. Such security measures also come with privacy concerns. This Privacy Advisor report focuses on how officials have aimed to address security concerns at a time when South Africa is in the process of reviewing proposed data protection legislation with its impacts on organizations as yet unknown.
Full Story

DATA LOSS—U.S.

Experts: University Data Breaches Not Surprising (July 9, 2010)

A data breach affecting 53,000 at The University of Hawaii (UH) Manoa this week is the latest in a recent string of university data breaches. The University of Maine, Florida International University and Penn State University all reported breaches this week, as well. Dark Reading reports that breaches at higher-education institutions don't surprise security experts. Education has been one of the most frequently targeted verticals, says one, because they tend to have more open networks that often aren't maintained well. "They have Social Security numbers; they have health records, and they also have financial information from the parents who are paying the bills," said another expert.
Full Story

DATA PROTECTION—AUSTRALIA

Commissioner: Safeguards Needed for Biometric Data Collection (July 9, 2010)

Fourteen major venues across Australia are now using fingerprint scanners to control alcohol-related violence, reports News.com.au, prompting Privacy Commissioner Karen Curtis to call for safeguards. Curtis says the biometric data collected should be destroyed as soon as possible; individuals should be notified as to why the data has been collected, and databases should be kept up to date and secure. "If clubs fail in any of these areas, they run the risk of breaching their customers' privacy and of having a privacy complaint lodged against them," Curtis said, adding that creating a database or sharing data between venues would breach privacy laws.
Full Story

SURVEILLANCE—U.S.

NSA Program Raises Privacy Concerns (July 9, 2010)

The National Security Agency (NSA) is launching a surveillance program called Perfect Citizen, aimed at detecting cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid, and that has some officials concerned about privacy implications, The Wall Street Journal reports. "Some industry and government officials familiar with the program see Perfect Citizen as an intrusion by the NSA into domestic affairs, while others say it is an important program to combat an emerging security threat," the report states. According to one U.S. military official, members of the public can expect any intrusion into privacy to be no greater than what is already in place from such surveillance devices as traffic cameras. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY

Can Digital Footprints Be Erased? (July 9, 2010)

Is it possible to erase our digital footprints from the Internet? "The short answer is no," according to a San Francisco Chronicle report. Experts point out that every online visit--whether to buy clothing, check in on social networks or use a search engine--leaves traces that "can be stitched together to create a thorough profile." For those who want to erase their digital histories, there are many challenges, including finding out which companies and organizations hold pieces of their personal data. According to Ryan Calo of California's Stanford Law Center for Internet and Society, "Unless there is a real change to the architecture (of the Internet) and the law, this is the cost of being in an information-intensive society."
Full Story

ONLINE PRIVACY

Ban on Anonymity Irks Some Gamers (July 9, 2010)

The Office of the Privacy Commissioner of Canada (OPC) has received inquiries from gamers who are upset about one company's new "zero anonymity" rule. CBC News reports that World of Warcraft maker Activision/Blizzard has banned anonymous comments in its user forums to cut down on anonymous attacks and spam. "Removing the veil of anonymity typical to online dialogue will contribute to a more positive forum environment," the company said in a statement. But "people are up in arms because their real name is going to be displayed," one commenter said, noting the potential consequences. The OPC is directing inquiries to the site's chief privacy officer.
Full Story

ONLINE PRIVACY—AUSTRALIA & NEW ZEALAND

Balancing Privacy and Security in the Cloud (July 9, 2010)

Understanding privacy and security and maintaining the balance between them is critical when it comes to successful cloud computing strategies. That was the message iappANZ President Kevin Shaw shared in an interview with CIO. With cloud computing, Shaw said, "you have to make sure you're looking at privacy in that environment and you understand what your principles are and enforce those." Shaw also spoke about the upcoming iappANZ Australasian Privacy Conference, explaining that the goal will be "to look at issues around privacy and cloud computing from a government perspective, from an advocate perspective, from a business perspective both from the view of the provider and the consumer, from a privacy professionals perspective, and lastly from a technology perspective."
Full Story

FINANCIAL PRIVACY—EU & U.S.

MEPs Approve SWIFT (July 8, 2010)

By a vote of 484 to 109, with 12 abstentions, the European Parliament voted today to approve a revised bank transfer data sharing agreement between the EU and U.S., V3.co.uk reports. Several of those opposing the plan have suggested it is "a clear violation of EU legislation on data protection." European Commissioner Cecilia Malmström, however, described the new agreement as "proof that we can find appropriate safeguards to accommodate legitimate concerns about both security and privacy," while U.S. President Barack Obama thanked the EU, stating the plan "reflects significant additional data privacy safeguards but still retains the effectiveness and integrity of this indispensable counterterrorism program." The agreement will go into effect August 1.
Full Story

HEALTHCARE PRIVACY—U.S.

HHS Issues Notice of Proposed Rulemaking (July 8, 2010)

The Department of Health and Human Services has issued a notice of proposed rulemaking to modify the HIPAA privacy, security and enforcement rules, according to an agency press release. HHS will accept public comments for the next 60 days. The HITECH Act required HHS to modify the rules in order to strengthen privacy and security protections in the electronic health information environment. The changes extend the rules to business associates of HIPAA-covered entities and establish new limitations on the use and disclosure of protected health information, among other modifications.
Full Story

DATA PROTECTION—UK

ICO Releases Guidelines on Personal Data Collection (July 8, 2010)

The information commissioner has issued guidelines on how organisations can protect consumers' personal information online, ComputerWeekly reports. Releasing the "Personal Information Online Code of Practice," Information Commissioner Christopher Graham has called on organisations to be transparent in collecting data from customers by informing them why the data is being collected and allowing them choice over data use. Companies that improperly collect or retain personal data risk enforcement by the ICO, Graham said, adding that customers may distrust companies that mislead them about collection and use. "Get privacy right and you will retain the trust and confidence of your customers and users," Graham said this week.
Full Story

SOCIAL NETWORKING—GERMANY

Legal Proceedings Launched Against Facebook (July 8, 2010)

A German data protection official has filed legal action against Facebook, alleging the social networking service illegally accessed personal information about people who do not use the site, the Associated Press reports. Johannes Caspar of the Hamburg office of data protection said his office has received complaints from many people who were allegedly contacted by Facebook because users had listed their names and e-mail addresses among their personal contacts. "We consider the saving of data from third parties, in this context, to be against data privacy laws," he said. Facebook has until August 11 to formally respond to the complaint. The company has confirmed it is reviewing the notice and will respond within that timeframe, the report states.
Full Story

BEHAVIORAL TARGETING—UK

ICO: Advertisers Should Offer Opt-Out Provisions (July 8, 2010)

There is nothing "intrinsically unfair" about behavioral advertising when users have the opportunity to opt out, the Information Commissioner's Office (ICO) suggests in its code of practice for gathering and processing personal data. "Organizations must be transparent so that consumers can make online privacy choices and see how their information will be used," said Information Commissioner Christopher Graham. OUT-LAW.COM reports on the ICO's position that the Data Protection Act provides options for processing information. The code of practice recommends Web sites include "a simple means of disabling the targeting of advertising using behavioral data," noting that Web companies also have the right to refuse to provide services to those who opt out.
Full Story

PRIVACY LAW—U.S.

Debate Looms Over Teens and the Web (July 8, 2010)

Possible changes to the Children's Online Privacy Protection Act (COPPA) aimed at giving parents control over what information Web sites collect from their children is stirring debate about teen privacy, FOX News reports. Some advocacy groups are championing changing the law to expand parental notification for the collection data from children--currently required for those under the age of 13--up to the age of 18 due to concerns about public access to minors' personal information. Others suggest, however, that free speech and privacy will be "very dramatically" affected if the law is changed. The Federal Trade Commission will continue to gather public input as part of its COPPA review through July 12.  
Full Story

DATA LOSS—U.S.

State Office Releases Personal Data (July 8, 2010)

The Massachusetts secretary of state's office is alerting 139,000 investment advisers that their personal information has been exposed, reports The Boston Globe. The information--including Social Security numbers and birth dates--was contained on a CD mailed to a business publication in response to a request for information. The publication has since returned the CD, but individuals, the state attorney general and the director of consumer affairs must be notified in accordance with Massachussetts law. "It was an unfortunate mistake," said a spokesman for the secretary of state's office. "It obviously was not done according to standard practice."
Full Story

DATA LOSS

Study Shows Hotels Hacked at “Disturbing Rate” (July 8, 2010)

A recent study by SpiderLabs found that the hotel industry was involved in 38 percent of all credit card hacking cases last year, reports The New York Times. Anthony Roman, a private security investigator, told the Times that hotels are attractive targets because "the greatest amount of credit card information can be obtained using the most simplified methods." Roman added that most hotel breaches are due to "a failure to equip, or to properly store or transmit, this kind of data, and that starts with the point-of-sale credit card swiping systems." According to the report, tough economic times have forced hotel owners to cut spending, leading to lagging security upgrades and a worsening of the problem. Credit card companies, meanwhile, are pushing for uniform security measures for all retailers. (Registration may be required to access this story.)
Full Story

  PRIVACY LAW—U.S.

Texas Database Administrator Sentenced (July 8, 2010)

A former senior database administrator at a Houston, TX, electricity provider has been sentenced to one year in prison for illegally accessing customer information, the U.S. Department of Justice (DOJ) announced this week. IDG News Service reports that Steven Jinwoo Kim pleaded guilty to one count of intentionally accessing a protected computer without authorization and recklessly causing damage after he was fired from Gexa Energy. In 2008, Kim used his home computer to access the company's network and download personal information on about 150,000 of the company's customers--including their names, billing addresses, Social Security numbers and dates of birth. In addition to the prison term, Kim has been ordered to pay $100,000 in restitution.
Full Story

DATA LOSS—U.S.

Universities Suffer Data Breaches (July 8, 2010)

Two universities are notifying thousands of individuals that their personal information may have been exposed. University of Florida officials have notified 2,047 people that their Social Security or Medicaid identification numbers were inadvertently mailed on address labels of letters inviting them to participate in a research study, University of Florida News reports. "We were dismayed to learn of this breach and deeply regret any concern this may cause these individuals," said the university's chief privacy officer, adding that the university has taken steps to ensure a similar breach will not occur. Meanwhile, Penn State University is alerting 15,800 students that their personal data may have been compromised after malicious software attacked a university computer.
Full Story

PRIVACY LAW—MEXICO

New Data Protection Law Takes Effect (July 7, 2010)

Mexico's Federal Institute of Access to Public Information has announced that the country's new Federal Data Protection Law came into effect on Tuesday. The law, which regulates the collection, processing and disclosure of personal data held by the private sector, was approved unanimously by the Mexican Congress on April 27. With the law's enactment, the institute is now known as the Federal Institute of Access to Information and Data Protection and has expanded oversight powers to cover the private sector as well as government entities. Lina Ornelas, the institute's general director of classified information and data protection, called the law "a major breakthrough."
Full Story

HEALTHCARE PRIVACY—U.S.

Health Net Settles Connecticut Suit (July 7, 2010)

Health Net has settled a lawsuit filed by Connecticut Attorney General Richard Blumenthal in January--the first such suit filed under HIPAA by a state AG--agreeing to pay $250,000 to the state and enact new privacy protection safeguards, The Wall Street Journal reports. "Protecting the privacy of our members is extremely important to us," the company said in a statement. The settlement, which was announced Tuesday, includes requirements that Health Net offer two years of credit monitoring, $1 million of identity theft insurance and reimbursement for the costs of security freezes. The settlement also includes a provision that would require a $500,000 payment to the state should the loss result in any cases of illegal identity fraud, the report states. (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY—EU & U.S.

Germany: SWIFT Compromise “Unsatisfactory” (July 7, 2010)

With the European Parliament expected to approve a revised agreement to allow European financial data to be shared with U.S. officials, Germany's Data Protection Agency (DPA) is raising concerns. The Associated Press reports that the DPA remains "highly critical" of the compromise agreement between the EU and the U.S. that will allow the sharing of information about bank transfers as part of terrorism investigations. Data Protection Commissioner Peter Schaar said Tuesday that the compromise is "not in the least satisfactory," noting he believes that about 97 percent of the information will be irrelevant and never used but will continue to be stored by the U.S.
Full Story

DATA PROTECTION—FRANCE

CNIL: Cease Illegal Data Processing (July 7, 2010)

The French data protection authority (CNIL) has issued orders in several recent cases that illegal data processing cease immediately, according to Matthias Rubner of Latham & Watkins LLP. CNIL investigators can audit a company's data protection controls without warning to review its data collection methods as well as the data it collects. Companies fined for breaches by CNIL are named on the authority's Web site and appear in French newspapers regularly, the report states, causing reputational damage to the brand. Recent cases included fines of €10,000 to a retail store and €40,000 to a marketing company. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—UK

Data Protection Costs £53 Million Per Year (July 7, 2010)

A government report released yesterday revealed that data protection law costs in the UK total £53 million every year. The Independent reports that a review of the Data Protection Act revealed that companies bear the brunt of costs, with officials saying they spend around £50 million a year responding to subject access requests for information. The review comes as the UK considers granting more punitive powers to the Information Commissioner's Office, at the urging of the EU. Justice Minister Lord McNally said in reviewing the law, the government aims to protect personal privacy "without placing undue burdens on businesses and other organisations that collect personal data."
Full Story

GENETIC PRIVACY—ARGENTINA

Activists: Mandatory DNA Testing a “Necessary Evil” (July 7, 2010)

Argentina's Abuelas de la Plaza de Mayo (Grandmothers of the Plaza de Mayo) have become convinced that when it comes to identifying the now-grown children stolen from murdered prisoners of the country's military dictatorship between 1976 and 1983, compulsory DNA testing is "a necessary evil with an ultimately beneficial result," TIME reports. Through DNA testing, the human rights group has located 101 children who were born to pregnant political activists in Argentina's death camps and then given to military families or civilians to raise. The Abuelas' efforts are gathering attention in a high-profile case involving the adopted children and only heirs of an Argentine media mogul worth an estimated $1 billion.   
Full Story

IDENTITY THEFT—AUSTRALIA

Study: Online Crime Hits One in 10 (July 7, 2010)

A study of 2,500 Australians found that in the past year about one in 10 have experienced online identity theft, and each occurrence cost an average of $1,000. The Sydney Morning Herald reports that, extrapolated nationally, that translates to 1.37 million Internet users and $1.3 billion last year. The most common methods of online fraud, according to the study, include "phishing" e-mails--imitating financial institutions or relaying sob stories--requesting personal or banking information. Despite that 60 percent of the respondents have encountered fraudulent sites or e-mails, the survey found that 69 percent of respondents ages 18-24 do not check a site's security features before handing over sensitive information, while those over 50 are the most diligent.
Full Story

SOCIAL NETWORKING—CANADA

Class Action Filed Against Facebook (July 7, 2010)

A Canadian law firm has filed a nationwide class-action suit against social networking site Facebook, The StarPhoenix reports. Regina-based Merchant Law Group LLP has filed the suit on behalf of a single class representative, the report states, but purports to represent all registered Facebook users who "were subject to misrepresentations and other wrongful practices" with regard to the site's use of their personal information. The suit's statement of claim accuses the social networking site of a long list of infractions--including invasion of privacy and conversion of personal information--and alleges the site "intentionally or negligently misrepresented" past changes to its terms of service that allowed user information to become publicly available.  
Full Story

PRIVACY—U.S.

DHS Shares Its Privacy Practices (July 7, 2010)

The Department of Homeland Security (DHS) has released its guide to protecting privacy, Federal News Radio reports. DHS's Privacy Office released the guide to share its approach with other agencies and the public, the report states. The guidebook outlines the DHS's strategies for minimizing impact on citizens' privacy--including certifications to ensure that all personally identifiable information is secure and accurate--as well as the department's response to privacy breach complaints. According to the guidebook, "Privacy and information security are closely linked, and strong practices in one area typically support the other...privacy is integrated into decision making from the very beginning."
Full Story

Mexico’s Data Protection Law Takes Effect (July 6, 2010)
At the Federal Institute of Access to Public Information (Mexico) we are delighted to share with you that the new “Federal Data Protection Law” published yesterday in the Federal Journal of the Federation —today, Tuesday, July 6, comes into force.

FINANCIAL PRIVACY—EU & U.S.

Parliament’s Civil Liberties Committee Approves SWIFT (July 6, 2010)

The European Parliament's Civil Liberties Committee has approved the revised five-year agreement allowing the U.S. access to international bank transfer data from Europe as part of criminal and terrorism investigations, European Voice reports. The committee voted today with 41 votes in favor, nine against and one abstention to recommend parliament give its support to the agreement when it votes on Thursday. Parliament's three largest groups have voiced support for the plan, the report states, but the Green Party has said it will vote against the deal, raising concerns it violates the EU's data protection laws. If the agreement is approved on Thursday, it will go into effect on August 1 as it has already been signed by the EU and U.S. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—UK

Legislation May Expand ICO Powers (July 6, 2010)

As part of its consideration of data protection legislation, the UK has announced another round of deliberations on whether the Information Commissioner's Office (ICO) should have its powers expanded, The Register reports. "We want to gather evidence and views on whether the current data protection laws are working in light of social and technological changes since the mid-1990s," Justice Minister Lord McNally said. The Ministry of Justice has called for views on custodial sentences for data protection offences following a threat of legal action against the UK government by the European Commission over "insufficient powers" for the ICO, the report states. Submissions close October 6.
Full Story

CHILDREN’S PRIVACY—U.S.

FTC Extends COPPA Public Comment Period (July 6, 2010)

The FTC has announced it is extending its public comment period on its review of the Children's Online Privacy Protection Act (COPPA) rule to July 12 due to a technical glitch, The Hill reports. The 90-day public comment period was formerly set to end June 30. The FTC is considering updates to the rule to address new geolocational technologies and behavioral targeting, among other advancements. The FTC held a public roundtable discussion on COPPA June 2, and last week, 17 advocacy groups called for clarification and updates to the rule in a group filing to the FTC.
Full Story

SURVEILLANCE—UK

Stricter Regulations for Car Tracking Cameras (July 6, 2010)

Home Secretary Theresa May has ordered tighter regulations placed on the automatic number plate recognition (ANPR) system, which captures images of the front of cars--including details of number plates--and records the date, time and place of capture. BBC News reports the government will look into limiting access to the database and length of data retention as well as requiring greater transparency over where the cameras are, among others. The review comes after a decision was made to remove 72 ANPR cameras once it was discovered they were funded through a Home Office counterterrorism fund, the report states. Home Office Minister James Brokenshire said the growing use of ANPR "has been outside of a suitable governance regime" and that to ensure ANPR is used effectively, "further regulation is required." One privacy group is calling the review "long overdue."
Full Story

DATA LOSS—U.S.

Employee, Health Info Breaches Under Investigation (July 6, 2010)

Two separate data breaches may have put personal information belonging to nearly 600,000 people at risk. The first case, involving WellPoint Inc., may have compromised financial and health information on almost 500,000 people, prompting Connecticut Attorney General Richard Blumenthal's announcement that he is launching an investigation. Blumenthal is seeking information on how the breach occurred, what steps have been taken to protect those affected and how the company plans to prevent future incidents, Bloomberg reports. Meanwhile, in a separate data loss incident, AMR Corp., the parent company of American Airlines, is investigating the theft of a hard drive containing personal information belonging to approximately 79,000 current and former employees.
Full Story

DATA LOSS—IRELAND

Gov’t Departments Have Lost More Than 50 Laptops (July 6, 2010)

An Irish Independent investigation has found that, since 2008, 51 laptops, 21 BlackBerrys, one desktop computer and two memory sticks have been lost by 19 government departments. One stolen laptop contained unencrypted personal data on 163 students, prompting the Department of Education to notify those affected, states the report. One data protection expert worries that if government-held private information gets into the public domain, the government may face lawsuits. Another expert says the Data Protection Act--revised in 2003--is not up to pace with technology such as mobile devices.
Full Story

PRIVACY—U.S.

Creating Safe Identities on the Web (July 6, 2010)

The New York Times reports on the Obama Administration's proposal to increase Web safety by introducing a voluntary "trusted identity system." The system would be the high-tech equivalent of a physical key, a fingerprint and a photo ID all rolled into one, the report states, and would see the creation of various private online identity systems allowing users to select which system to join. Some privacy advocates endorse the plan, but some have concerns. "It seems clear that such a scheme is a preemptive push toward what would eventually be a mandated Internet driver's license mentality," said Lauren Weinstein, editor of the Privacy Journal. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—CANADA

Firm Considers Filing Class Actions Against Facebook (July 6, 2010)

A Canadian law firm is considering filing class-action lawsuits against the world's largest social networking site over privacy issues. Regina-based Merchant Law Group LLP has announced it will launch class actions against Facebook on behalf of anyone who was "subject to misrepresentation and other wrongful practices...in regards to their personal information," The Vancouver Sun reports. Research has shown that 48 percent of Canadians use the social networking site. The focus of the potential lawsuits would be on allegations that the social network changed its terms of service without communicating the changes to users and altered privacy settings without proper user consent, according to a 32-page statement filed in the Court of Queen's Bench.
Full Story

PRIVACY LAW—U.S.

Groups Call for COPPA Updates (July 2, 2010)

Seventeen advocacy groups want the FTC to increase privacy protections for children on the Internet, USA Today reports. In a filing on Wednesday, the groups called for clarification and updates to the FTC's Children's Online Privacy Protection Act (COPPA) rule. The deadline for public input on the FTC rule, which is being reviewed, was Wednesday. Among other requests, the groups want the COPPA rule to extend to new technologies such as interactive TV and gaming as well as behavioral targeting. They also call for an update to COPPA's definition of "personal information" to extend to potentially combinable data such as age, zip code and gender.
Full Story

PRIVACY LAW—U.S.

DMA Files Suit Against Colorado (July 2, 2010)

The Direct Marketing Association (DMA) filed a lawsuit in federal court in Denver this week to challenge a Colorado law that it says violates the privacy of state residents, Bloomberg reports. The DMA is challenging Colorado House Bill 10-1193, which took effect March 1, requiring online retailers outside of Colorado to report purchase information to the state so it may seek sales taxes. "The new law and the regulations implementing it are an unconstitutional and blatant violation of Colorado consumers' privacy," said the DMA's Jerry Cerasale. One state lawmaker said the suit will help determine the law's constitutionality. "We have said from the beginning that this proposal jeopardizes consumer privacy," Rep. Amy Stephens said.
Full Story

PRIVACY LAW—U.S.

California Senator, Universities Disagree Over Privacy (July 2, 2010)

California's public universities, which are seeking to extend a law that allows them to share alumni information with vendors, are raising the ire of a state senator by opposing his bill to require them to disclose the identities of wealthy donors. The San Francisco Chronicle reports on the bill by Sen. Leland Yee (D-SF) to bring campus foundations and businesses under the California Public Records Act. The University of California and California State University are opposing that move, citing privacy concerns. The universities, meanwhile, support a law allowing them to share alumni contact information with such companies as insurance firms, travel agents and credit card issuers, which has netted them a combined $6.6 million per year, the report states. Yee is calling that position "blatant hypocrisy."
Full Story

GEO PRIVACY

Study: Social Networks Leaking Location Data (July 2, 2010)

A study by the U.S.-based Worcester Polytechnic Institute has found that mobile social networks are sharing information about users' physical location data with tracking sites and other networking services, Computerworld reports. According to the study, all 20 sites reviewed by researchers leaked some kind of private information to third-party sites. "The combination of location information, unique identifiers of devices and traditional leakage of other personally identifiable information all conspire against protection of users' privacy," the study notes. Craig Wills, a co-author of the study, said the findings point to the need "for a comprehensive way to capture the entire gamut of privacy controls into a single, unified, simple, easy-to-understand framework."
Full Story

HEALTHCARE PRIVACY—U.S.

Texas Cancer Database Possibly Hacked (July 2, 2010)

The FBI and the Texas Department of State Health Services are looking into whether a hacker broke into the state's confidential cancer registry, reports The Texas Tribune. According to Tom Suehs, health and human services commissioner, the preliminary investigation shows that the personal information contained in the database--names, dates of birth, Social Security numbers and medical information--was not stolen, and investigators say it's possible the incident is a hoax. However, Suehs says the incident has exposed security holes and is "an opportunity to elevate our awareness of our responsibility to protect information." Meanwhile, the state's health agencies are asking for federal dollars for a statewide health information network.
Full Story

DATA LOSS—U.S.

School Breaches Expose SSNs (July 2, 2010)

Two educational institutions are looking into data breaches involving personal information. California State University San Bernardino is investigating a data breach involving the names and Social Security numbers of dozens of students, reports The Desert Sun. The data was concealed on June 10 after the breach was revealed, and a spokesman said the university is "implementing measures to prevent this type of incident from happening in the future." Meanwhile, WABC reports on a New Jersey school district that inadvertently included the Social Security numbers of contracted vendors when responding to a citizen's open records request.
Full Story

SOCIAL NETWORKING

Stoddart Launches Dating Service Investigation (July 2, 2010)

Canada's privacy commissioner has launched an investigation into the practices of an online dating service, reports The Vancouver Sun. The investigation follows a complaint filed by a user of the service over the company's use of deactivated user account data. Stoddart says users should protect themselves by checking the privacy policies of such services before signing up, including information on data use and retention. "You put up a lot of very personal information," Stoddart said. David Fewer, director of the Canadian Internet Policy and Public Interest Clinic, predicts privacy complaints will increase as online dating continues to gain popularity. "There's a lot of them out there," he said.
Full Story

SOCIAL NETWORKING

Facebook: Third-Party Apps Must Tell Users What Data They Collect (July 2, 2010)

Facebook is now requiring outside applications and Web sites to let users know what data they collect from online profiles before asking permission from users for private information, eWeek reports. "With this new authorization process, when you log into an application with your Facebook account, the application will only be able to access the public parts of your profile by default," a company spokesman said. The recent changes are among those prompted by an agreement the social networking site reached last year with Canadian privacy authorities. Facebook noted information required to be public on the site "to make it easy for your friends to find you" will still be available to third-party applications.
Full Story

ONLINE PRIVACY

WiFi Collection Could Spur Legal Action, New Laws (July 2, 2010)

Experts believe the international controversies surrounding Google's collection of private data from unsecured wireless networks may be the impetus for new privacy regulations. A Reuters report quotes former U.S. Federal Trade Commissioner Pamela Jones Harbour's suggestion that the FTC is likely to question whether the company violated reasonable privacy expectations. Meanwhile, investigations are also underway in Europe, Australia, Canada and Hong Kong. According to one legal expert, while the company is likely to prevail in any legal action related to WiFi case, the data collection is likely to be "the one that will cause regulators to drop the hammer on Google." Google has reiterated its position that its actions were not illegal and it is "looking forward to answering questions," the report states.
Full Story

ONLINE PRIVACY—U.S.

FTC Complaint Filed Over People-Search Service (July 1, 2010)

The Center for Democracy and Technology (CDT) has filed a complaint with the Federal Trade Commission (FTC) against Spokeo, an Internet site that compiles such personal information as addresses, religious preferences and financial data on millions of U.S. residents. PCWorld reports on the CDT's allegations that the site contains inaccurate information and violates the Fair Credit Reporting Act (FCRA). The CDT has asked the FTC to stop Spokeo from offering consumer reports until it complies with the FCRA and to "prohibit Spokeo from making deceptive claims about its paid service and require the Web site to pay back customers who paid for the service," the report states.
Full Story

GEO PRIVACY

Privacy Breach Reveals Network Users’ Locations (July 1, 2010)

Internet site Foursquare published a notice Wednesday about a privacy breach that shared all users' location information across the Web, regardless of whether they had chosen to opt out of such broadcasts through their privacy settings, Wired reports. The location-based social network was made aware of the data breach on June 20 by "white-hat hacker" Jesper Andersen, the report states, and asked Andersen to give it nine days to address the issue. According to the report, Foursquare sent Andersen an e-mail Tuesday morning that it had fixed that "privacy leak" but had not yet solved two other issues Andersen raised and "was trying to figure out how to balance usability with privacy."
Full Story

DATA PROTECTION—CANADA

Commissioners’ Reports Call for Law Updates (July 1, 2010)

Releasing their offices' annual reports yesterday, two commissioners are calling for changes to their provinces' privacy laws. Saskatchewan Privacy Commissioner Gary Dickson's report says privacy laws need updating to protect citizens, particularly in an age of electronic health records, the CBC reports. Dickson pointed to privacy breaches at two health regions that did not terminate the employees responsible. For privacy to be respected, those who breach it must be held accountable, Dickson said. Meanwhile, acting BC Information and Privacy Commissioner Paul Fraser's annual report highlights concerns over the growth of databases. Fraser said of a recent database breach investigation, "too many staff had access to too much personal information."
Full Story

PRIVACY LAW—INDIA

Draft of Bill Published for Comment (July 1, 2010)

Ahead of rolling out its national identity card project, the Unique Identification Authority of India (UIDAI) has created draft legislation to ensure the security and confidentiality of citizens' information, reports Moneylife. The UIDAI has published the National Identification Authority of India Bill 2010 on its Web site and seeks public comment. The legislation would impose strict punishment for identity theft and privacy breaches and would make UIDAI a statutory body, among other provisions. The move to national identity cards will provide 11 law enforcement and intelligence agencies with access to phone records, credit card transactions and drivers' license information of all citizens, raising concerns about privacy.
Full Story

PERSONAL PRIVACY—U.S.

USPS Gets High Privacy Trust Score (July 1, 2010)

A Ponemon survey of 9,000 U.S. adults found the U.S. Postal Service to be the most trusted government agency, with the Federal Trade Commission and Internal Revenue Service coming in second and third, reports Federal Computer Week. According to the study, overall privacy trust scores for the government are at 38 percent, down from 52 percent in 2005. Respondents revealed that their top governmental privacy concerns include "surveillance into personal life," "loss of civil liberties" and "monitoring of e-mails and Web."
Full Story

PRIVACY—BERMUDA

Opinion: Let Us Be Forgotten (July 1, 2010)

In a piece for The Royal Gazette calling for Bermuda to enact data protection legislation, Ahmed ElAmin writes of European Commissioner Viviane Reding's comments on data protection and the desire by some for "a right to be forgotten." When it comes to companies using personal data, he says, this is exactly what individuals should have. Unlike the EU, ElAmin notes, "Bermuda has not implemented any specific data protection legislation under its Electronic Transactions Act 1999 or through a separate piece of legislation." Bermuda's situation is different from the EU's effort to weave laws from 27 countries, ElAmin asserts, asking lawmakers to "get with it" and provide Bermuda's residents with the "right to be forgotten."
Full Story

DATA LOSS—U.S.

Hospital Alerts 130,000 of Data Breach (July 1, 2010)

A New York hospital is notifying some 130,000 patients that their personal information may have been compromised. Patient information stored on seven CDs belonging to New York's Lincoln Medical and Mental Health Center was lost in transit after a hospital contractor shipped them, Bloomberg reports. The unencrypted data includes Social Security numbers, dates of birth, drivers' license numbers and procedure information. In a letter sent to victims earlier this month, the hospital suggested the CDs may have been displaced at a shipping facility and destroyed.
Full Story