Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

ONLINE PRIVACY

YouTube Developing Tool To Blur Faces (March 30, 2012)

YouTube is developing a tool that will allow faces in videos uploaded to the site to be blurred, addressing "privacy complaints from people featured without permission in other people's videos," InformationWeek reports. Victoria Grand, YouTube's director of global communications and policy, said currently, when such complaints are received, videos must be removed. "Once the blur tool is made available, video creators will have the option to edit the video in question so the complainant's face is blurred. This will allow the video to remain on YouTube," the report states. YouTube expects to have the technology available for use in online videos within a few months.
Full Story

ONLINE PRIVACY—U.S.

House Hearing Weighs Privacy vs. Innovation (March 30, 2012)
Officials from the Federal Trade Commission (FTC) and Department of Commerce (DoC) testified yesterday before a House Energy and Commerce subcommittee. FTC Chairman Jon Liebowitz said, "Our report is just best practices for companies...It doesn't impose any obligations upon companies," PCWorld reports. Some Congressional members expressed concern that the government is attempting to overregulate. Rep. Mary Bono Mack (R-CA) stated, "Before we do any possible harm to the Internet, we need to understand what harm is actually being done to the consumers." Association for Competitive Technology President Jonathan Zuck said the DoC multi-stakeholder process should not be open to the public, while the DoC's Lawrence Strickling said, "We don't think there is any substitute for openness and transparency." Rep. Ed Markey (D-MA) also pressed Liebowitz and Strickling on whether they would support a new bill that would implement a kids' do-not-track obligation.

PRIVACY LAW—U.S.

Senate Confirms Ohlhausen as Commissioner, Second Term for Leibowitz (March 30, 2012)

The U.S. Senate has confirmed President Barack Obama's nomination of Maureen K. Ohlhausen as FTC commissioner. Ohlhausen will fill a seat left vacant by William Kovacic when his term expired last September. Ohlhausen will fulfill a seven-year term as one of five commissioners. She has 12 years of previous experience with the FTC, having served as director of the Office of Policy Planning and as an advisor to former FTC Commissioner Orson Swindle. The Senate also confirmed the nomination of Jon Leibowitz to a second term as FTC chairman, The Hill reports.
Full Story

DATA LOSS—U.S.

Cartridges Lost in Transit, 800,000 Impacted (March 30, 2012)

Four data storage devices containing the sensitive personal information of about 800,000 individuals in California's child support system were lost in transit to a testing facility, potentially exposing names, Social Security numbers, addresses, driver's license numbers, employers' names and insurance information, the Associated Press reports. Christine Lally of the California Office of Technology Services said special technology would be needed to read the missing cartridges, should they be recovered. "A data cartridge is definitely not something that you or I could just pop into our laptop," she said. The California Department of Child Support Services has notified those affected.
Full Story

ONLINE PRIVACY—U.S.

Reassessing the Privacy Paradigm (March 30, 2012)

In a column for The Atlantic, Alexis Madrigal explores the influential privacy philosophy of New York University's Helen Nissenbaum. A recent presentation at Stanford University and her 2010 book Privacy in Context, among others, have contributed to "reshaping the way our country's top regulators think about consumer data," including an influence on the Federal Trade Commission's final privacy report, Madrigal writes. Nissenbaum reframes the privacy paradigm from data control and collection considerations to "the inappropriateness of the flow of information due to the mediation of technology" or what she calls "context-relative informational norms." Rather than placing privacy considerations in a public-private binary, Nissenbaum asserts that context and the social situation need to be considered. "Perhaps most importantly," writes Madrigal, "Nissenbaum's paradigm lays out ways in which sharing can be a good thing."
Full Story

DATA LOSS

Global Card Processor Reportedly Breached (March 30, 2012)

The Wall Street Journal reports on a security breach of Global Payments, Inc., potentially putting approximately 50,000 cardholders' account information at risk. Though the "full extent of the breach" is not yet known, Mastercard and Visa have been alerting customers of the incident, and, according to the report, law enforcement authorities--including the U.S. Secret Service--have been notified. A Mastercard spokesman said the company's "own systems have not been compromised in any manner," but it "will continue to both monitor this event and take steps to safeguard account information." Visa has also reportedly notified banks of a security breach "within a third-party payment processor" that may have occurred between January 21 and February 25. The notice said, "The network intrusion may have put some accounts at risk of being stolen." (Registration may be required to access this story.)
Full Story

FINANCIAL PRIVACY—NEW ZEALAND

Credit Reporting Changes Going Into Effect (March 30, 2012)

The Office of the Privacy Commissioner (OPC) has released information in conjunction with changes to New Zealand's credit reporting system.  Privacy Commissioner Marie Shroff explains, "Credit reporters will now be able to gather and share much more financial information about people." The changes to the law also include strengthened consumer protection and a right for New Zealanders to "freeze" their credit reports to "limit the real financial harm and stress that can result from identity fraud and enable people to protect themselves," Shroff notes. The OPC has published detailed fact sheets on key questions about the changes.
Full Story

PRIVACY LAW—U.S.

SCOTUS Finds No “Actual Damages” in Pilot’s Case (March 29, 2012)
By a split of five to three, with one justice not participating, the U.S. Supreme Court ruled Wednesday that a pilot whose health information "was improperly shared between government agencies cannot collect damages for the emotional distress he suffered when he was punished for hiding his medical condition," The New York Times reports. The decision, which focused on the statutory meaning of "actual damages," overturned an earlier appeals court ruling in the pilot's favor, the report states. Justice Samuel A. Alito, who wrote the majority opinion, noted, "The Privacy Act does not unequivocally authorize an award of damages for mental or emotional distress." (Registration may be required to access this story.)

PRIVACY—U.S.

White House Announces Big Data R&D Investments (March 29, 2012)

The Obama administration today announced that it will make a $200 million investment in research and development activities on Big Data. Six federal departments and agencies will receive funds toward Big Data-related initiatives. "In the same way that past federal investments in information technology R&D led to dramatic advances in supercomputing and the creation of the Internet, the initiative we are launching today promises to transform our ability to use Big Data for scientific discovery, environmental and biomedical research, education and national security," said John Holdren of the White House Office of Science and Technology Policy.
Full Story

PRIVACY LAW—CANADA

Final Spam Regulations Released (March 29, 2012)

The Canadian Radio-television and Telecommunications Commission (CRTC) has released the final regulations to be enforced under Canada's Anti-Spam Legislation (CASL), which was passed into law more than a year ago, reports ITBusiness.ca. The CRTC received comments on the legislation from about 60 groups and 10 individuals, resulting in changes to the amount of contact information necessary in marketing e-mails and eliminating the two-click opt-out requirement. The law now reads, "any unsubscribe mechanism should be accessed without difficulty or delay and should be simple, quick and easy for the consumer to use." The law applies to all electronic messages, including instant messages and telephone accounts--and is expected to be enforced imminently, according to the report.
Full Story

DATA PROTECTION—EU

Article 29 WP Releases Opinion on EC Proposals (March 29, 2012)

The Article 29 Working Party (WP) has adopted a "general positive stance" in its opinion on the European Commission's (EC) data protection reform proposals; however, it says in a WP press release that parts "need clarification and improvement." The release lauds the EC's initiatives that "seek to reinforce the position of data subjects, to enhance the responsibility of controllers and to strengthen the position of supervisory authorities, both nationally and internationally." Conversely, the WP calls out the "strong role" of the EC and the lack of "ambition" in provisions directed towards the retention, transparency and accuracy of information held by authorities as concerns.
Full Story

PRIVACY LAW—U.S.

House Holds Hearing on Privacy Bill of Rights (March 29, 2012)

The House Subcommittee on Commerce, Manufacturing and Trade is hosting a hearing today to investigate whether the Obama administration's Privacy Bill of Rights adequately balances privacy with innovation, ABC News reports. Headlining the hearing--titled "Balancing Privacy and Innovation: Does the President's Proposal Tip the Scale?"--are Federal Trade Commission Chairman Jon Liebowitz and Department of Commerce Assistant Secretary for Communication and Information Lawrence Strickling. The panel also includes privacy advocates and industry representatives.
Full Story

PRIVACY LAW—EU

Reding Urges MEPs To Back Reforms (March 29, 2012)

Speaking at an EU Parliament "Privacy Platform" event yesterday, EU Commission Vice President Viviane Reding urged Members of the European Parliament to adopt the proposed reforms to the EU data protection framework, EUobserver reports. Reding added that citizens "can't wait two years for adoption" and the reforms would "improve certainty, reduce fragmentation and increase trust." European Data Protection Supervisor Peter Hustinx said the reforms are "a huge step forward for data regulation," making data controllers "more responsible and accountable." Hustinx, along with Article 29 Working Party Vice Chairman Christopher Graham, did say the reforms do not leave "enough discretion for national authorities." According to the European Voice, Reding said the biggest obstacle for the reform's approval would be opposition from EU interior ministers, adding, "We need to do a lot of work with ministers of the interior."
Full Story

PRIVACY LAW—GERMANY

Bundesrat Concerned About Data Protection Regulation (March 29, 2012)

The Upper House of the German Parliament (Bundesrat) has released a paper indicating the Bundesrat's EU Committee, Committee on Internal Affairs and Legal Committee take the view that the European Commission's proposed General Data Protection Regulation "contradicts the principle of proportionality and the principle of subsidiarity contained in Article 5(3) of the Treaty on European Union (TEU) and exceeds the legislative powers of the EU," according to Bird & Bird's analysis of the paper, which explains, "The committees therefore recommended to the Bundesrat to exercise its right to subsidiarity complaints." Bird & Bird Associate Gabriel Voisin notes, "there is a similar movement in the Netherlands and Belgium." (Article in German.)
Full Story

GENETIC PRIVACY—U.S.

Presidential Commission Seeks Feedback on Privacy (March 29, 2012)

The Presidential Commission for the Study of Bioethical Issues is seeking public comment on the "ethical issues raised by the ready availability of large-scale human genome sequence data with regard to privacy and data access and the balancing of individual and societal interests." The commission, established in 2009 by President Barack Obama, published a call for comments in the Federal Register this week. The comment period ends on May 25.
Full Story

ONLINE PRIVACY

Yahoo Do Not Track Coming Soon (March 29, 2012)

Yahoo says it will implement a do-not-track system by early summer, The Wall Street Journal reports. The tool has been in development for several months, the report states, and it "is in accordance with the Digital Advertising Alliance's principles." In its privacy report issued earlier this week, the U.S. Federal Trade Commission urged commercial data collectors to step up efforts to implement do-not-track mechanisms by year's end. Yahoo said the tool will provide an easy way for users to state their ad preferences. (Registration may be required to access this story.)
Full Story

CHILDREN’S PRIVACY—U.S.

FTC Reaches Settlement with Social Game Site (March 28, 2012)
In a press release, the Federal Trade Commission (FTC) announced it has reached a settlement with social game site RockYou for failing "to protect the privacy of its users, allowing hackers to access the personal information of 32 million users" and for allegedly violating the COPPA Rule. The FTC alleges the site collected data from approximately 179,000 children under the age of 13 without parental consent. The settlement bars the company from making "future deceptive claims" about its privacy and data security as well as violating the COPPA Rule. Additionally, the company must pay a $250,000 civil penalty in light of the COPPA violations. FTC Chief Technologist Ed Felton notes the site had "several security problems." In addition to collecting too much information from users, Felton said the site "had several vulnerabilities" and its "internal data management practices were weak."

TRAVELER’S PRIVACY—EU & U.S.

EU Lawmakers Back PNR Deal (March 28, 2012)

In a highly contested vote, European Union lawmakers agreed to back the passenger name record (PNR) deal with the U.S. Department of Homeland Security (DHS), The Wall Street Journal reports. The European Parliament's Civil Liberties Committee voted 31 to 23 in favor of the deal, which would allow the personal information of Europeans traveling to the U.S. to be shared with the DHS. The PNR agreement is now slated to go before the European Parliament on April 19 for a vote. Member of the European Parliament (MEP) Sophie in 't Veld said, "it is highly regrettable that the fundamental rights of EU citizens have been bargained away under pressure." MEP Axel Voss said, though the agreement didn't "100-percent reflect the EU's position, the U.S. have made major concessions, in particular on the storage period, the method of transferring data, legal protection and the handling of sensitive data." (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—U.S.

Rodriguez: More Breaches Means More Enforcement (March 28, 2012)

More intensive enforcement of the Health Information Portability and Accountability Act (HIPAA) will come as a result of increasing numbers of patient data breaches, HHS Office for Civil Rights Director Leon Rodriguez said at an event in Washington, DC, on Monday, FierceHealthIT reports. "The environment needs to change," Rodriguez noted, adding, "The same vigilance that providers bring to the fraud and abuse environment they should apply to the HIPAA environment." Rodriguez said the majority of health data breaches--76 percent--involve electronic data, not paper records, and that human error is most often to blame. "Enforcement tells a story that explains to others not to do this," Rodriguez said.
Full Story

PRIVACY LAW—U.S.

Partisan Differences Revealed in Cybersecurity Acts (March 28, 2012)

Reps. Mary Bono Mack (R-CA) and Marsha Blackburn (R-TN) introduced on Tuesday the House version of Sen. John McCain's (R-AZ) SECURE IT Act, which excludes government mandates over infrastructure owners, a response to the bipartisan Cybersecurity Act of 2012, reports GovInfoSecurity. Some are pointing to the bill as a symbol of the growing partisan divide on what was believed to have been a bipartisan effort. Bono Mack says the GOP bill will allow for industry innovation to develop safety standards without "creating a new bureaucracy and spending money that we don't have," but Sen. Jim Langevin (D-RI) says, "Cybersecurity legislation without critical infrastructure protection is dangerously inadequate."
Full Story

SOCIAL NETWORKING

Policy Report Corrected (March 28, 2012)

A media report suggesting Facebook had delayed the implementation of a new privacy policy last week has been corrected to reflect that the privacy policy was not at issue. A correction added to the report published by ZDNet last week states, "This article previously incorrectly referred to the document as the privacy policy. Facebook is updating its terms of service, not its privacy policy. Facebook last updated its terms of service in April 2011. The company updated its privacy policy in September 2011, and that's when the name was changed to Data Use Policy." A Facebook spokesman said the company is reviewing and analyzing the comments received and will keep users updated on next steps through the Facebook Site Governance Page.
Full Story

PRIVACY LAW—U.S.

Breach Study on Most Likely To Get Sued (March 28, 2012)

A study by Carnegie Mellon's Heinz College of Public Policy and Information Technology and Temple University's Beasley School of Law has found that breaches having occurred due to "unauthorized disclosure of disposal" of data are twice as likely to result in lawsuits as those that occur due to a hacking incident, reports Dark Reading. In "Empirical Analysis of Data Breach Litigation" the researchers say this suggests "plaintiffs respond more to the careless or negligent handling by a firm of their personal information than to the firm's inability to withstand a cyber-attack." The study looked at 200 federal data breaches and also found plaintiffs' financial loss and proof of harm to be a determining factor in whether companies settled suits.
Full Story

ONLINE PRIVACY

Expert Takes Aim at Cloud Myths (March 28, 2012)

In a feature for The Privacy Advisor, Prof. Lothar Determann explores "a dozen myths that tend to cloud the decision-making process regarding data privacy compliance challenges related to hosted solutions." He writes that the concept that "cloud computing is somehow bad or risky for privacy or that it raises insurmountable compliance hurdles" is false, suggesting, instead, that "data is far more secure and protected in some clouds than on traditional systems and devices and that compliance requirements are often very manageable--if approached reasonably from the vendor and customer side." (Must be an IAPP member and logged in to view.)
Full Story

PRIVACY LAW—U.S.

Court Upholds Dismissal of Joe the Plumber’s Suit (March 28, 2012)

The Sixth U.S. Circuit Court of Appeals in Cincinnati on Tuesday upheld a lower court's decision to dismiss Samuel J. Wurzelbacher's lawsuit against Ohio state officials, saying that Wurzelbacher, who became known as "Joe the Plumber" during the 2008 presidential campaign, failed to show "a sufficient adverse action" and that his First Amendment rights were not violated, the Associated Press reports. A federal court in Ohio dismissed the suit in August 2010, saying Wurzelbacher's claims that state employees' violated his privacy by conducting database checks on him without a legitimate purpose did not amount to constitutional violations.
Full Story

PRIVACY LAW—U.S.

Lawmakers, Experts React to Final Report (March 27, 2012)
Following the release yesterday of the Federal Trade Commission's (FTC) final privacy report, several members of Congress joined the FTC in calling for broad-based privacy legislation, The Hill reports. Sen. John Kerry (D-MA) said "we'd be wise to act now rather than defer decisions until future Congresses." Sen. Patrick Leahy (D-VT) said, "Today's FTC report highlights the need for Congress to finally enact this necessary legislation." Future of Privacy Forum Co-Chair Christopher Wolf said the agency's "definition of the scope of privacy legislation is flexible and sensible..." Meanwhile, a representative from the Software & Information Industry Association commented, "In light of the FTC's substantial authority" the industry group does "not believe there is a need for new privacy legislation." Center for Democracy & Technology President Leslie Harris welcomed the report, adding, "Today, the FTC joins the administration in a growing chorus of support for baseline consumer privacy legislation."

PRIVACY LAW—NEW ZEALAND

Overhaul Planned for Privacy Laws (March 27, 2012)

Justice Minister Judith Collins has announced the government will "repeal and re-enact the Privacy Act 1993 following a Law Commission report released last year" and amidst ''huge changes to technology,'' Stuff.co.nz reports. Privacy Commissioner Marie Shroff welcomed the plan to update the privacy act, stating "Things have changed enormously since the Privacy Act was passed nearly 20 years ago...The need for reform is urgent. We want people to trust the new ways in which business and government work. They won't do that unless they're sure that their personal information is properly safeguarded."
Full Story

PRIVACY LAW—JAPAN & U.S.

Court Orders Terms Deleted from Search Feature (March 27, 2012)

The Japan Times reports on the Tokyo District Court's approval of a petition to require Google to delete terms from its auto-complete search feature. The petition alleges the feature breached one man's privacy and resulted in the loss of his employment, according to his attorney. The report notes the individual believes that because the auto-complete function provided "words suggesting criminal acts, which he is unfamiliar with" when his name was typed into a browser search that he lost his job and struggled to find employment. "Google has rejected the order, saying that its U.S. headquarters will not be regulated by Japanese law," the report states.
Full Story

HEALTHCARE PRIVACY—U.S.

HIPAA Rule Nears Publication (March 27, 2012)

Health Data Management reports the Department of Health and Human Services Office for Civil Rights has forwarded the final HIPAA omnibus rule to the Office of Management and Budget (OMB) for review. The OMB review of the rule's economic and regulatory impact marks one of the final steps before publication. "Major changes in the rule could include eliminating or amending the 'harm threshold' provision that currently enables covered entities to not report on breaches determined to not be harmful, making business associates and subcontractors liable for breaches as covered entities are and requiring some degree of data encryption," the report states.
Full Story

SURVEILLANCE—U.S.

NCTC Defends Data Retention Extension (March 27, 2012)

In a report for PBS Newshour, Margaret Warner interviews the first director of the National Counterterrorism Center (NCTC), Michael Leiter, and author James Bamford about new guidelines set forth by the Obama administration increasing the length of time the center can retain data on U.S. residents from six months to five years. Leiter said that information collected "would be considered private," but added, "It is only information that is lawfully collected, either by the FBI or Department of Homeland Security, and these new guidelines simply allow NCTC, that already had access to that information, to retain this information for a longer period of time." Bradford expressed concern that the government is collecting too much information about its citizens. The government "isn't able to find the terrorists," Bradford said, "because there's too much information, not too little information."
Full Story

SURVEILLANCE—U.S.

Opinion: Counterterrorism Guidelines Go Too Far (March 27, 2012)

According to Andrew Rosenthal's blog post for The New York Times, government agencies have in the past responded to concerns over increasing surveillance tactics by saying if you've done nothing wrong, you have nothing to fear. Rosenthal calls this attitude "cold comfort" and goes on to express his disappointment in new guidelines for the National Counterterrorism Center signed last week increasing the center's ability to collect and retain data on Americans--including those without terrorist connections. The guidelines also mean the center can more easily replicate and analyze other agencies' databases. (Registration may be required to access this story.)
Full Story

SOCIAL NETWORKING—U.S.

Juror Posts Spark Privacy Debate (March 27, 2012)

The Sacramento Bee reports on Juror Number One v. The Superior Court. California's Third District Court of Appeal is hearing arguments as to whether a juror must turn over Facebook posts that allegedly discussed the juror's ongoing thoughts during a murder trial. Justice Harry E. Hull said the juror's posts violated the trial judge's ruling for jurors not to discuss the case with anyone other than the jurors during deliberations. An attorney representing one of the defendants in the murder case said the posts prove the juror was prejudiced, the report states. Facebook was subpoenaed to turn over the juror's posts but won out because the forced disclosure would breach the federal Stored Communications Act. The defense attorney in the murder case, however, says preventing the disclosure of the posts violates his client's right to a fair trial.
Full Story

DATA LOSS—U.S.

Firm To Pay Civil Penalty After Laptop Theft (March 27, 2012)

A Massachusetts property management company will pay $15,000 in civil penalties after the theft of an employee's laptop that contained the unencrypted information of up to 621 residents. Attorney General Martha Coakley said in her announcement, "It is incredibly important that businesses ensure that laptops and other technology have the necessary encryption to protect consumers from identity theft." The company is also required to enhance the security of data on portable devices, including by using encryption and properly training employees. The company has found no evidence that the data was inappropriately accessed.
Full Story

PRIVACY LAW—U.S.

FTC Releases Final Privacy Framework (March 26, 2012)
At a press conference today, the Federal Trade Commission (FTC) released its final privacy report, which calls on Congress to "consider baseline privacy legislation and for measures on data security and data brokers." The report also includes best practices for industry--including the "complete implementation" of a do-not-track system--and presents its recommendations in three main principles--Privacy by Design, simplified consumer choice and increased transparency about data processing. The report also focuses on mobile privacy and calls on companies to create an industry standard for mobile data collection practices, The Washington Post reports. FTC Commissioner Thomas Rosch dissented from the other three commissioners, saying the report "would install 'Big Brother' as the watchdog" in the online and offline world. In a blog post, FTC Chief Technologist Ed Felton highlights four topics that are included in the staff report for "techies" to consider--de-identified data, sensitive data, mobile disclosures and do not track. (Registration may be required to access this story.)

ONLINE PRIVACY

In: Congressional Inquiries; Out: UDID Access (March 26, 2012)

Apple has begun rejecting apps that access UDIDs--the unique identifiers of users' devices, TechCrunch reports. The company noted last summer that it would begin phasing out UDID access, but "it looks like Apple is moving ahead of schedule with pressure from lawmakers and the media," according to the report. "It's really critical that Apple provide guidance about what developers can use for analytics and ad targeting, or we're likely to see even less privacy-friendly alternatives emerge," says Jules Polonetsky, CIPP/US, of the Future of Privacy Forum, which is teaming up with Stanford Law on an app developer privacy event next month. "Analytics companies and networks are at a loss about how to provide users with controls over tracking when the app platforms haven't yet made user privacy functions available," Polonetsky told The Daily Dashboard.
Full Story

TRAVELERS’ PRIVACY—EU & U.S.

MEP Calls for PNR Deal’s Rejection (March 26, 2012)

"The European Parliament looks set to reject an agreement with the U.S. to hand over personal data of airline passengers," IDG News Service reports in advance of a vote on the latest passenger name record (PNR) draft in the Justice and Civil Liberties Committee. The report cites MEP concerns and a University of Luxembourg study highlighting such issues as the scope of collection of data and lack of enforcement for data subjects' rights. The EU-U.S. PNR agreement "will almost certainly be rejected by the justice committee next week, but it will then be put to the Parliament as a whole in April," the report states.
Full Story

PRIVACY LAW—U.S.

Subcommittee To Convene This Week on Privacy Proposals (March 26, 2012)

The House Committee on Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will hold a hearing on Thursday to discuss the Obama administration's proposals for consumer privacy. The "Balancing Privacy and Innovation: Does the President's Proposal Tip the Scale?" hearing will begin at 10 a.m. in 2123 Rayburn House Office Building. "Witnesses will be announced and are by invitation only," according to the committee's hearing notice.
Full Story

IDENTITY THEFT—U.S.

Social Media, Smartphones Contribute to Thefts (March 26, 2012)

In 2011, approximately 12 million U.S. residents were victims of identity fraud--an increase of 13 percent from the prior year, The Wall Street Journal reports. One of the causes of that increase, a recent Javelin Strategy & Research survey indicates, is the growing use of social media and smartphones, the report states. The survey of 5,000 consumers indicated that those who used smartphones were "about one-third more likely to fall prey to identity fraud than the general public," the report states, "because smartphones are minicomputers that store vast quantities of personal information, yet many users don't protect their smartphones the way they do laptops and PCs." (Registration may be required to access this story.)
Full Story

DATA LOSS—U.S.

Employee Details, Medical Data Exposed in Breaches (March 26, 2012)

News of two breaches has come to light. SC Magazine reports that the personal information of 1,300 public employees of Wayne County, Michigan, was forwarded to union members when a staff member in the county department of human resources attached a spreadsheet containing names, Social Security numbers, birth dates, addresses and employee ID numbers to a mass e-mail. County officials have notified those affected. CVS Caremark Corp. is notifying 3,500 Tufts Health Plan members that due to a "programming error," information about them and their medical conditions was sent to other members of the plan, The Boston Globe reports.  (Registration may be required to access this article.
Full Story

SOCIAL NETWORKING—U.S.

Senators Seek Password-Sharing Investigation (March 26, 2012)

U.S. Senators Charles Schumer (D-NY) and Richard Blumenthal (D-CT) are calling on the Department of Justice and the Equal Employment Opportunity Commission to investigate the practice of employers requiring employees and job applicants to share their social networking passwords, PCWorld reports. Both lawmakers want the agencies to determine whether the practice violates federal laws such as the Stored Communications Act and the Computer Fraud and Abuse Act. Meanwhile, a New Jersey assemblyman is filing legislation to ban the practice as is a California state senator. Future of Privacy Forum Director Jules Polonetsky, CIPP/US, expressed concern of overreaction. "The risk of all these five-alarm level outbursts," he said, "is that people will become inured about privacy and miss real privacy issues because of crying wolf when nothing is actually going on."
Full Story

IDENTITY THEFT—U.S. & BELARUS

Call Service Creator Sentenced to 33 Months (March 26, 2012)

One of the creators of CallService.biz, a site that facilitates identity theft, has been sentenced to 33 months in prison in New York, Wired reports. The service helped identity thieves go around bank authentication systems in cases where the bank calls the account holder via phone. Identity thieves would provide stolen personal information--including names, Social Security and account numbers and answers to security questions--to CallService.biz to trick the financial institution. According to the report, more than 2,000 identity thieves used the service to conduct more than 5,000 fraudulent acts. A U.S. attorney involved with the case said the defendant "served as a middleman for a network of identity thieves," adding, "This case is another example of how cybercrime knows no geographic boundaries..."
Full Story

SURVEILLANCE—U.S.

NCTC To Keep Citizen Data for Five Years (March 23, 2012)
The Washington Post reports on new Obama administration guidelines that will allow the National Counterterrorism Center (NCTC) to retain data on American citizens who have no ties to terrorism for up to five years. Prior to the new guidelines, the NCTC needed to immediately destroy data on citizens not linked to terrorism. National Intelligence Director James Clapper said the "counterterrorism community concluded it is vital for the NCTC to be provided with a variety of datasets from various agencies that contain terrorism information," adding, the guidelines "will enable NCTC to accomplish its mission more practically and effectively." Privacy advocates are worried about potential data mining on innocent citizens. Electronic Privacy Information Center Executive Director Marc Rotenberg called the changes "very disturbing," adding, "It is a vast expansion of the government's surveillance authority." (Registration may be required to access this story.)

MOBILE PRIVACY—U.S.

Lawmakers Question App Makers on Privacy (March 23, 2012)

Reps. Henry Waxman (D-CA) and G.K.Butterfield (D-NC) have sent letters to 34 iPhone app developers to probe the companies' data collection practices, Forbes reports. In the letters, the lawmakers wrote, "the members are seeking to better understand what, if any, information these particular apps gather, what they do with it and what notice they provide to app users." The information gathered from the investigation will help build "a fact-based understanding of the privacy and security practices in the app marketplace." The app developers have until April 12 to respond, the report states.
Full Story

EMPLOYEE PRIVACY

Facebook Speaks Out on Password Demands (March 23, 2012)

This week's news has been rife with stories about employers requesting--sometimes requiring--employees and prospective employees to hand over their social networking passwords. Lawmakers in at least two states are proposing legislation to ban that practice. And now, the world's largest social network is also speaking out against it. In a company blog post today, Facebook Chief Privacy Officer Erin Egan said, "This practice undermines the privacy expectations and the security of both the user and the user's friends. It also potentially exposes the employer who seeks this access to unanticipated legal liability."
Full Story

SOCIAL NETWORKING

Facebook Delays Policy Changes (March 23, 2012)

Facebook has received enough comments about planned changes to its privacy policy that is has delayed its implementation, ZDNet reports. Approximately 526 comments were made in English, while 36,878 comments were made in German, according to the report. German officials have been critical of the proposed changes, claiming they violate German and EU privacy laws. In a press release, data protection authorities in Hamburg and Schleswig-Holstein said the changes place more of the privacy responsibilities on the users rather than the company. Mortiz Karg, a spokesman for Hamburg's data protection authority, said, "It's the user's right to decide what happens to their data." Officials are also skeptical of the company's use of facial recognition technology, PCWorld reports. Karg added, "We are actually working on an order to change that."
Full Story

MOBILE PRIVACY

LBS Privacy Fears Persist (March 23, 2012)

COMPUTERWORLD UK reports on the persistence of privacy concerns even as location-based mobile services continue to profit and suggestions by some industry leaders that more must be done to ease consumers' worries. Speaking at a conference this week, experts suggested "recent scandals have not helped the cause," the report states. One executive pointed to lack of transparency as a cause for some of the problems. Meanwhile, Google has been awarded a patent to deliver ads based on "background noise," prompting one expert to suggest while there could be a privacy issue with the technology, "if you look at it that way, there is a privacy issue with everything that is on your phone."
Full Story

DATA LOSS

Verizon: 97 Percent of 2011 Breaches Were Avoidable (March 23, 2012)

Verizon has released its annual report for 2011 on data breaches, COMPUTERWORLD reports. The report was compiled with help from global law enforcement officials and the U.S. Secret Service. The report suggests companies are "continuing to overlook fundamental security precautions." Verizon studied 850 data breaches to compile the report, finding that "97 percent were avoidable" and that, despite companies' claims that hackers' increasing sophistication is what allows breaches to take place, 96 percent of the attacks "were not highly difficult" for the hackers. "Not enough has been done to...force (organizations) to spend" significant amounts on prevention, said Verizon security analyst Marc Spitler.
Full Story

DATA PROTECTION

Big Data, IT Risks and Privacy Meet in the Boardroom (March 23, 2012)

In three separate articles, Financial Times reports on large-scale privacy and security issues faced by organisations around the world. The rise of big data "poses a challenge for businesses" on "how to manage the ever-increasing--and increasingly disparate--data that we generate every day and how we use it." Utilising consumer data is "business critical," but data management poses security risks for IT departments. Several recent data breaches "underscore a key principle for boards: IT risks are business risks. Poorly managed, they can and will exceed corporate risk tolerances," the report states. In light of these recent breaches, chief financial officers "should be kept awake worrying about accountability at the business level." One report adds, "The key to data security is not what your IT department does, it is the policies you set in the boardroom." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—U.S.

Google Customers File Suits (March 22, 2012)
Google customers have filed lawsuits in U.S. federal courts alleging the company's new privacy policy violates its earlier policies on user consent, COMPUTERWORLD reports. The lawsuits seek class-action status for Google account users and Android phone owners from August 2004 to February 29, 2012. A California suit alleges that not only did the new privacy policy rescind the company's earlier policy to not combine user data across Google services without consent but also did not provide an opt-out. A New York suit makes similar claims and asks for a universal opt-out. Google has not commented on the suits.

EMPLOYEE PRIVACY—U.S.

Blumenthal: Requiring Passwords Off Limits (March 22, 2012)

Sen. Richard Blumenthal (D-CT) is drafting legislation that will outlaw the employer practice of requiring job seekers to share access to their social networking passwords or profiles, POLITICO reports. Blumenthal says the practice is an "unreasonable invasion of privacy," and he is "very deeply troubled by the practices that seem to be spreading voraciously around the country." Saying the bill will be ready "in the very near future," Blumenthal added that employers have many avenues to find out about prospective employees. A George Washington law professor said the practice is "akin to requiring someone's house keys." States, including Illinois and Maryland, have already introduced such legislation.
Full Story

PRIVACY LAW—SWEDEN

Riksdag Approves EU Retention Rules (March 22, 2012)

After years of discussion in its parliament, Sweden has approved the EU Data Retention Directive, The Local reports. Sweden's implementation will require Internet service providers and telecommunications companies to retain customer data for six months. According to the report, 233 members voted in favor of the legislation, 41 members voted against it and 19 abstained. The new rule is slated to go into effect on May 1 of this year. The directive has been a controversial topic in Sweden. Green Party MP Maria Ferm said, "The data retention directive doesn't in any way live up to the standards we require of legislation...It's an infringement on personal privacy way out of proportion relative to its utility." Proponents say that retaining user data will help curb terrorism and fight crime.
Full Story

ONLINE PRIVACY

HTTPS By Default Headed Toward Users (March 22, 2012)

A Firefox bug that allowed users' search queries to be easily observed has been fixed, according to Mozilla. The bug was discovered by privacy researcher Christopher Soghoian last year, who reported to Mozilla that anyone with Deep Packet Inspection tools--namely ISPs and governments--could easily view a users' HTTP connections. Mozilla has since enabled HTTPS by default, "thereby making privacy protection available to all users of its browser," the report states. A Mozilla spokesperson said it is testing the change and it may be a few months before Firefox users see it. The Electronic Frontier Foundation has been encouraging such changes via its HTTPS Everywhere campaign, InformationWeek reports.
Full Story

ONLINE PRIVACY—U.S.

Sen. Kerry Calls for Activism (March 22, 2012)

In a guest blog for ThinkProgress, Sen. John Kerry (D-MA) writes that when it comes to Internet privacy, "I feel just a little bit like we're all starring in a remake of the movie 'Groundhog Day.'" Despite the fact that media repeatedly reports on various companies' misuse of customer data, he writes, nothing changes. The reason is a lack of activism, he says, noting President Richard Nixon didn't sign the Environmental Protection Act until people poured into the streets to protest, and, similarly, legislative action won't happen until citizens themselves start the movement. Calling for the passage of the Kerry-McCain Commercial Privacy Bill of Rights, Kerry says to those who want change, "That's up to you."
Full Story

SOCIAL NETWORKING

Facebook Is Changing Its Privacy Policy (March 22, 2012)

Social networking site Facebook is set to change its privacy policy and is accepting comments until tomorrow, PC World reports. In addition to changing the name of its privacy policy to a data-use policy, Facebook reserves the right to use all of the information you give it, according to ZDNet. The site says, "removed content may persist in backup copies for a reasonable period of time," and applications will reportedly get more access to personal data. "When you, or others who can see your content and information, use an application, your content and information is shared with the application," Facebook says. An attorney said, "In general, the changes reflect the fact that Facebook is extending its data-collecting tactics in all directions..." The company says it is updating the changes "to make our practices and policies more clear." Meanwhile, researchers have discovered a loophole in the site that reportedly allows stalkers to use a technique called "cloaking."
Full Story

PRIVACY LAW—U.S.

Expert: Could 2012 Be the Year for a Federal Cybersecurity Law? (March 22, 2012)

Amidst proposals from the Obama administration and Congress, the first months of 2012 have brought with them "a sense of urgency and strong bipartisan support for strengthening the nation's private and public infrastructure from cyber attack," Heidi Salow, CIPP/US, writes in this exclusive for The Privacy Advisor. However, she notes, "the parameters of any final legislation...remain very much in debate." In this feature, Salow discusses the need for telecommunications, defense, energy, transportation and information technology organizations "to monitor these developments closely and consider getting involved in the policy discussions." Editor's Note: Salow will provide overview and analysis of the pending bills during the upcoming IAPP Web Conference, Federal Cybersecurity Legislation--Momentum Is Building on March 29.
Full Story

EMPLOYEE PRIVACY—U.S.

Illinois, Maryland Propose Legislation for Job Seekers (March 21, 2012)
Lawmakers in Illinois and Maryland have proposed legislation that would bar the employer practice of requiring prospective employees to provide total access to their social network profiles, the Chicago Tribune reports. State Rep. La Shawn Ford (D-Chicago) has proposed legislation to make the request illegal. Ford said, "It is just violating a person's right to privacy." The legislation would provide a safeguard for those who "feel they would be fired or they wouldn't really get a fair shot at employment," he said. Illinois Chamber of Commerce Employment Law Council Executive Director Jay Shattuck said he is looking into whether exceptions will be needed. "There's some law enforcement and other areas," he said, "that might require a higher level of security in making sure the employees they are hiring are who they say they are."

DATA PROTECTION

Are Companies Ready for the Influx of Big Data? (March 21, 2012)

CIO reports on "Big Data" and the "widening gap between companies that understand and exploit Big Data and companies that are aware of it but don't know what to do about it." Collecting such vast amounts of data and making it accessible for various business uses means organizations need to be serious about securing it, one expert says. "I believe the biggest mistake that most people make with security is they leave thinking about it until the very end, until they've done everything else: architecture, design and, in some cases, development. That is always a mistake," he says, adding every piece of data should be considered an asset worth protecting.
Full Story

DATA LOSS—UK

E-mail Addresses of 8,000 Students Mistakenly Sent (March 21, 2012)

The e-mail addresses of more than 8,000 students were accidentally sent out in a mass e-mail by Student Finance England, The Telegraph reports. The intention of the e-mail was to remind students that they had yet to complete their grant application forms, and, the report states, staff mistakenly included an attachment containing all the student e-mail addresses. Big Brother Watch Director Nick Pickles said, "Just because this information didn't contain bank details, it doesn't mean it isn't useful to people." The loan agency has apologized to those affected and said no additional information was compromised, adding, "The integrity and security of student accounts and the protection of personal information is vital to us, and we apologize to all of the students involved."
Full Story

PRIVACY LAW—U.S.

EPIC Files Brief on Gov’t Access To Cell Records (March 21, 2012)

The Electronic Privacy and Information Center (EPIC) has filed a friend of the court in the Fifth Circuit "urging the court to uphold Fourth Amendment protections for cell phone users," EPIC writes. In "U.S. for Historical Cell-Site Data," EPIC asks that courts deny government requests for citizens' cell phone data histories without a warrant, especially in light of the recent Supreme Court ruling in United States v. Jones, where five justices concluded that "month-long location tracking of a vehicle violated an individual's reasonable expectation of privacy," EPIC writes, adding, "this court should hold that individuals have a reasonable expectation of privacy in two months of historical cell phone location records."
Full Story

DATA LOSS—U.S.

City Breach Affects Nearly 3,000 Retirees (March 21, 2012)

The city of Providence, RI, mistakenly released sensitive personal information of approximately 3,000 former employees. The media outlet GOLOCALProv filed an Access to Public Records Act request to obtain information about city pension recipients. The city sent the media source a file listing the pension information, but the document included the former employees' Social Security and employee identification numbers. According to the report, the sensitive data appeared to be redacted, but upon closer inspection, the numbers "were clearly on display." The city filed for a restraining order to prevent the story from being published, but a judge said, though the documents should be deleted, there was no reason to prevent the source from publishing the story.
Full Story

DATA PROTECTION

Malicious Breaches Rising, Recovery Costs Falling (March 21, 2012)

Ars Technica reports on a new study of data breaches that found criminal activity and malicious attacks are increasingly behind data breaches. The Ponemon Institute survey--which was sponsored by Symantec and followed 49 organizations with more than 400 IT, compliance and security professionals--found that such attacks accounted for 37 percent of data breaches last year, up six percent from the year before. More than two-thirds of the attacks were electronic. Twenty-eight percent involved physical theft. Additionally, 33 percent of malicious attacks involved company insiders. Meanwhile, a second study found that the cost of breaches is falling for the first time in seven years.
Full Story

PRIVACY LAW—EU & U.S.

Officials Discuss the Future of Privacy, Cooperation (March 20, 2012)
At the High Level Conference on Privacy and Protection of Personal Data, held simultaneously in Brussels and Washington, DC, on Monday, European and U.S. leaders discussed the development of online privacy rules on both sides of the Atlantic and opined on what must happen between the two to protect online users and facilitate innovation and trade critical to the world economy, The Hill reports. EU Justice Commissioner Viviane Reding and U.S. Commerce Secretary John Bryson issued a joint statement pledging to work together, but some experts say that may be tricky. U.S. FTC Commissioner Julie Brill said, however, that the U.S. and EU share common principles on privacy. Reding said an EU-U.S. agreement is "the missing piece."

ONLINE PRIVACY—FRANCE

CNIL Asks Google to Answer Dozens of Policy Questions (March 20, 2012)

In the wake of concerns raised by regulators across the globe regarding the use of cookies on mobile devices, France's data protection authority, the CNIL, is asking Google to answer "69 questions on its privacy policy before April 5," Bloomberg reports. In a letter to the company, the CNIL writes that the questions "reflect the need for legal clarifications on your new privacy policy and in particular on the sharing of user data across Google services." Google has responded that it is "confident that our new simple, clear and transparent privacy policy respects all European data protection laws and principles," the report states.
Full Story

PRIVACY LAW—PHILIPPINES

Senate Passes Data Privacy Act (March 20, 2012)

The Senate has passed the Data Privacy Act. The bill is based on European Directive 95/46/EC and requires certain data security standards in addition to provisions on the handling of data by business process outsourcers (BPOs), ABS-CBNnews.com reports. The bill's author, Sen. Edgardo Angara, feels it will help spur investment in the Philippines BPO and IT sectors. The act would establish a National Privacy Commission in charge of implementation and enforcement. "Generally, the commission will be mandated to enforce policies that balance the right of the private person to privacy with the need to speed up the utilization of the Internet," Angara said.
Full Story

PERSONAL PRIVACY

Study: Many Unwilling To Pay for Privacy (March 20, 2012)

A study conducted in Germany revealed that a majority of respondents preferred to keep their data private but only 29 percent were willing to pay to keep it private, The New York Times reports. Conducted at the German Institute for Economic Research and the University of Cambridge, the study asked 443 German participants to buy movie tickets from one of two online companies. Both asked for personal data, but one company asked for extra personal data while charging less money for the tickets. Less than one in three participants were willing to pay the extra money. (Registration may be required to access this story.)
Full Story

ONLINE PRIVACY—U.S.

Researchers Discover Security Hole in Apps (March 20, 2012)

Ars Technica reports on a research team's finding that many of the libraries used in free Android applications to display ads pose a threat to privacy. The North Carolina State University researchers found that cyber attackers can use the libraries to circumvent Android security. The researchers, led by Xuxian Jiang, examined 100,000 apps and found that almost half tracked users' GPS locations and one in 23 "allowed that data to be passed back to the advertiser." In some cases, users' call logs and phone numbers were listed, the report states. Such allowances could invite malicious codes to be installed, the researchers say.
Full Story

DATA THEFT

Site Starts Breach Monitoring Service (March 20, 2012)

Forbes reports on Pwned List, which aims to help users find out if their e-mail addresses and passwords have been published online, and its move toward becoming a business. The site contains approximately 12 million compromised credentials and offers users a free service to find out if their credentials are among those compromised. The site is now offering a system, paid for by individual and corporate users, that will automatically notify subscribers that their data has been breached. Pwned List's chief executive said, "We may not catch absolutely everything, but we can catch the vast majority of credentials stolen and shared by hackers," adding, "Our goal is to be our customers' eyes and ears and take a chunk out of their risk of data theft."
Full Story

PRIVACY LAW—SINGAPORE

MICA Issues Paper on Personal Data Protection Bill (March 20, 2012)

The Ministry of Information, Communications and the Arts (MICA) has issued a consultation paper on Singapore's Personal Data Protection Bill, following up on two exercises held last year to gather feedback on the proposed consumer data protection framework and Do Not Call Registry. MICA reports it has included its "responses and clarifications on key feedback received in the previous consultations, as well as detailed proposals for the proposed Personal Data Protection Bill" in the consultation paper. MICA will accept written comments on the paper until April 30.
Full Story

DATA LOSS—CHINA & U.S.

Company Shuts Down Business To Investigate Breach (March 19, 2012)
The Wall Street Journal reports that commercial information provider Dun & Bradstreet will "temporarily suspend a China-based business as it investigates whether its data-collection practices violated local consumer privacy laws." The U.S. Justice Department and U.S. Securities and Exchange Commission are involved, as are local investigators, the report states, after a report last week alleging private data was collected on 150 million consumers. The Shanghai police confirmed an investigation is ongoing but declined to provide details. (Registration may be required to access this story.)

ONLINE PRIVACY—U.S.

Advocates, Regulators Have Appetite for Better App Policies (March 19, 2012)

The number of apps available to smartphone users is exploding, Mercury News reports. Accompanying them are privacy policies and terms of service that privacy advocates and regulators say need to be more clear and transparent. "For most of us, it's really challenging to read this stuff and make sense out of it...it would take you more than a whole other day to read them all. It's not physically possible," said an Electronic Frontier Foundation attorney. Meanwhile, California's special assistant attorney general says that even for sites with a privacy policy, "you have to go on a treasure hunt to find them."
Full Story

ONLINE PRIVACY

Oink Owner Says No Breach Occurred (March 19, 2012)

The founder of Oink and Milk, Inc., says a reported privacy breach wasn't a breach at all, PC Magazine reports. A woman discovered that she--and anyone else--could instantly download any photos and ratings that a user had uploaded to website Oink, which allowed users to rate "the best things in the places around you." Founder Kevin Rose says there was no data breach because the information was intentionally public all along. "There might have been some confusion...but in this case, it has always been public data," he said, adding the data will be deleted at month's end. The site has been shut down for unrelated reasons, the report states.
Full Story

ONLINE PRIVACY—U.S.

Presidential Campaign Utilizes Behavioral Targeting (March 19, 2012)

The Obama reelection campaign has built a centralized digital database containing information about prospective voters, POLITICO reports. By merging offline data--like voter files and information purchased from data brokers--with online data from social networking sites, among others, the campaign is attempting to target voters with specific messages, and, the report states, Republican campaigns are using similar practices. Privacy advocates say the practice runs counter to last month's proposed Privacy Bill of Rights. An Obama campaign official said, "This campaign has always and will continue to be an organization that respects and takes care to protect information that people share with us...We go to great lengths to make sure that supporters have the ability to opt out of communication and contact from the campaign."
Full Story

BEHAVIORAL TARGETING

Opinion: From Data Collection to Persuasive Technologies (March 19, 2012)

In The Atlantic, Alexander Furnas writes about the collectivization of online data, the cost of which "will be felt at a societal scale," adding, "in aggregate, this knowledge is powerful, and we are granting those who gather our data far more than we realize." Furnas notes privacy advocates worry about what social media sites, among others, do with consumer data but says we need to look at the bigger picture. "Rather than caring about what they know about me, we should care about what they know about us." The combination of detailed online data with aggregate data on human behavior grants companies "incredible power" and "provides a roadmap for designing persuasive technologies." Furnas adds, "the ethical implications of widespread deployment of persuasive technologies remains unexamined."
Full Story

PRIVACY LAW—EU & U.S.

Privacy Probes Could Mean “Years of Legal Battles” (March 16, 2012)
The Wall Street Journal reports on investigations by regulators in the U.S. and EU into whether Google circumvented the privacy settings of Apple Safari browser users by placing tracking cookies on their devices. "The investigations--which span U.S. federal and state agencies as well as a pan-European effort led by France--could embroil Google in years of legal battles and result in hefty fines for privacy violations," the report states. "We will of course cooperate with any officials who have questions," a Google spokeswoman said, adding, "it's important to remember that we didn't anticipate this would happen, and we have been removing these advertising cookies from Safari browsers." (Registration may be required to access this story.)

PRIVACY LAW—SOUTH AFRICA

POPI Enactment Expected This Year (March 16, 2012)

ITWeb reports on South Africa's Protection of Personal Information Bill, which is expected to be enacted this year. Daniella Kafouris, a risk manager at Deloitte, says the bill is heavy on compliance duties--more so than any other global data privacy legislation--meaning organizations will be faced with many new responsibilities, according to the report. Consulting firm PwC notes that the bill contains subjective terms--"reasonable," "unnecessarily,"  "reasonably practicable," for example--that might increase organizations' challenges when it comes to creating policies around the law.
Full Story

DATA LOSS—U.S.

TRICARE Breach Victims Report Account Fraud (March 16, 2012)

iHealthBeat reports that several victims of last year's TRICARE breach are finding potentially fraudulent activity on their accounts. The breach involved the loss of backup computer tapes containing personal data on 4.9 million TRICARE beneficiaries by a Department of Defense (DOD) contractor. A class-action suit was filed against the DOD in October, and attorneys have now filed an amended complaint "claiming that several plaintiffs noticed fraudulent activity in their financial accounts after the theft," the report states, noting the plaintiffs have indicated they have had to cancel accounts, open new ones and stop deposits and electronic payments as a result.
Full Story

ONLINE PRIVACY—EU

Study: Consumers Value Privacy But Won’t Pay Much (March 16, 2012)

A study released by the European Network and Information Sharing Agency (ENISA) has found that online shoppers are not willing to pay a high premium to protect their privacy, threatpost reports. Researchers from DIW Berlin, the German Institute for Economic Research and the UK's University of Cambridge recently released their ENISA-sponsored "Study on Monetising Privacy: An Economic Model for Pricing Personal Information," which found "consumers consistently prefer companies that protect the privacy of their data over companies that don't," but that they were "reluctant to spend more than a €.50 (65-cent) premium to protect information like their e-mail address and cell phone number from marketers," the report states.
Full Story

DATA LOSS—U.S.

UT Notifying 30,000 of Breach (March 16, 2012)

Officials at the University of Tampa (UT) are notifying about 30,000 students, alumni, faculty and staff that their personal data may have been compromised. FOX reports that the breach occurred as a result of three data files being made public. According to a statement on UT's website, a "server management error" is to blame, and there has been no evidence of malicious use. The files included such information as names, Social Security numbers, UT identification numbers, photos and, in some instances, dates of birth. The university is providing identity protection services.
Full Story

PRIVACY LAW—U.S.

Congressmen Want Answers From Apple (March 15, 2012)
Two U.S. congressmen have sent Apple a letter asking for a response about privacy problems within the company's iTunes App Store, The New York Times reports. Reps. Henry Waxman (D-CA) and G.K. Butterfield (D-NC) have asked Apple CEO Timothy Cook to explain how iPhone, iPad and iPod Touch applications can access photos without a user's knowledge. The representatives sent an inquiry last month as well, asking the company why app developers had access to users' address books, but Waxman and Butterfield were not satisfied with the company's response, the report states. The congressmen are now requesting a meeting with the company rather than a written response. (Registration may be required to access this story.)

MOBILE PRIVACY—U.S.

Class-Action Filed Over App Makers’ Data Collection (March 15, 2012)

A class-action suit filed in a Texas court this week alleges that some popular mobile applications access users' address book information without their consent or knowledge, reports the Austin American-Statesman. The suit--which represents 13 people and challenges almost 20 app developers--was sparked by a recent article in The New York Times and seeks to stop technology companies from collecting data without permission. Citing an industry publication that estimates the price per record between 60 cents and several dollars, the suit also seeks financial compensation. One lawyer for the plaintiffs says, "The idea that you play a video game and your address book is given away is really disconcerting." The case is expected to go to court next year.
Full Story

IDENTITY THEFT—U.S.

FTC Says ID Theft Response Protocols Could Improve (March 15, 2012)

The Federal Trade Commission (FTC) has issued a report based on a survey of identity theft victims, which indicated areas where response protocols could improve, NetworkWorld reports. The FTC survey found that most victims were generally satisfied with experiences dealing with credit reporting agencies. However, improvements can be made, including consumer reporting agencies making it easier for a victim to reach a live person and improving the amount of time it takes to release a credit report, and the FTC and other agencies better informing victims about their rights under the law. Identity theft was the number one problem reported in the FTC's recent release of top complaints in 2011.
Full Story

ONLINE PRIVACY—EU

E-Retailers Give Cookie Law a Thumbs Down (March 15, 2012)

A recent Econsultancy survey has found that the majority of e-retailers in Europe think the new cookie law is bad for the web, Internet Retailer reports. The survey asked 739 retailers earlier this month what they thought about the law--to take effect this spring--which will require e-retailers to gain consumer consent before installing cookies on their computers in order to track online behavior. Eighteen percent of survey respondents said the law would be good for the web. One survey respondent commented that there is "total confusion on how to apply it."
Full Story

HEALTHCARE PRIVACY—CHINA

Real-Name Policy Sparks Debate (March 15, 2012)

China Daily reports on citizens' concerns about health-related data privacy issues that have emerged on the heels of a policy proposal that requires patients submitting to voluntary HIV screening to provide their real names. The results of a recent survey of Chinese web users suggest the vast majority would forego the screening for fear of data leakage. China's Communicable Disease Prevention Act requires local centers for disease control to release the names, addresses, ID numbers and workplace information to a central body. Lu Hongzhou said the data needs to be recorded "because the situation will get out of control if we lose track of the source of infection. Then, it will no longer be about someone's privacy, it will be a problem for society."
Full Story

SOCIAL NETWORKING—U.S.

Facebook Adds to Privacy Staff (March 15, 2012)

Facebook has appointed a six-year Yahoo veteran as co-lead privacy counsel. Joshua Smith, CIPP/US, will share the role with Edward Palmieri, CIPP/US, reports Corporate Counsel. "Working on privacy issues at Facebook is a tremendous professional opportunity, and it's one that will be full of interesting and cutting-edge legal issues," Smith said.
Full Story

PRIVACY LAW—U.S.

HHS, Insurer Reach First Settlement Under HITECH (March 14, 2012)
A Tennessee insurer will pay a $1.5 million settlement to the U.S. Department of Health and Human Services (HHS) for HIPAA violations related to its 2009 data breach, COMPUTERWORLD reports. BlueCross BlueShield of Tennessee has already paid $17 million in costs related to the breach, the report states, and now must regularly train employees on HIPAA requirements and review and revise its privacy policies. The settlement is the first enforcement action taken under the HITECH Act and an HHS Office for Civil Rights (OCR) spokesman said it "sends an important message that OCR expects health plans and healthcare providers to have in place a carefully designed, delivered and monitored HIPAA compliance program."

BEHAVIORAL TARGETING—U.S.

Regulator Questions Do Not Track’s Feasibility (March 14, 2012)

A Federal Trade Commission (FTC) official has expressed concerns that a do-not-track (DNT) solution is not currently available. FTC Commissioner Thomas Rosch told Reuters that he doesn't "see any of the 'do-not-track' solutions as ready for prime time." According to the report, lobbyists on both sides of the debate say the absence of a consensus on a DNT solution has contributed to a delay in the FTC's staff report. Rosch says that implementing DNT technologically will be difficult and has asked the FTC to look into what data online advertisers collect and use before pushing for a DNT solution. According to POLITICO, "A policy gulf still separates" stakeholders--including regulators, privacy advocates and industry representatives--on how consumers should be tracked online.  
Full Story

DATA LOSS—NEW ZEALAND

ACC Coping with Breach Fallout, Commissioner Issues Victim Advice (March 14, 2012)

Following its admission that about 9,000 records containing personal information were e-mailed to an unauthorized recipient, the Accident Compensation Corporation (ACC)  is apologizing to nearly 7,000 affected claimants, and ACC Minister Judith Collins says her agency "poorly handled" its response to the breach, reports The New Zealand Herald. Privacy Commissioner Marie Shroff is investigating the incident, a move the Green Party requested citing the ACC's "regular breaching of people's privacy." Meanwhile, Shroff's office has issued advice to affected ACC claimants assuring them that the information has since been destroyed and suggesting that claimants unwilling to wait for ACC to confirm whether they've been affected call a toll-free number for help or file a complaint with the ACC directly.
Full Story

PRIVACY

With New Rules, Data Protection Officers Needed (March 14, 2012)

Google Global Privacy Counsel Peter Fleischer has warned that "there are not enough experienced data protection officers (DPOs) to meet the impending legal requirements and that more need to be trained," InformationWeek reports. In the wake of the EU's proposed reforms of its 1995 Data Protection Directive and the Obama administration's calls for a Consumer Privacy Bill of Rights, Fleischer wrote last week that "Soon, many thousands of companies operating in Europe will be looking to appoint (data protection officers) to meet legal obligations, and since there is no available pool of such people, companies need to start thinking now about how to recruit, train and resource a DPO, and/or an entire DPO team, for the large companies."
Full Story

DATA LOSS—UK

ICO Fines Police £70,000 for Breach (March 14, 2012)

The Information Commissioner's Office (ICO) has fined the Lancashire Constabulary £70,000 after a report containing sensitive information about a missing 15-year-old girl and details on 14 other people was found on a public street, computing.co.uk reports. This marks the first such fine for a police force in England and Wales, the report states. The information had been found by a member of the public and given to a newspaper. "The fact that information as sensitive as this could go missing without anybody realizing is extremely worrying and shows that Lancashire Constabulary failed to have the necessary governance, policies and suitable training in place to keep the personal information they handle secure," an ICO spokesman said.
Full Story

BEHAVIORAL TARGETING—U.S.

Health-Related Web Activity Drives Some Advertising (March 14, 2012)

Microsoft recently updated its privacy policy to state that it targets health-related ads to consumers based on their online browsing habits, MediaPost News reports. The company says on its website, "Microsoft personalizes ads on many different segments, including those that are health-related." The privacy policy change comes after a new Network Advertising Initiative (NAI) rule that requires members to provide transparency around health-related targeting. NAI Executive Director Marc Groman, CIPP/US, says the organization plans to enforce the policy this year. Meanwhile, privacy advocates are calling for explicit consent around health-related targeting. "If people start seeing online ads from third-party ad networks targeted to medical 'research,'" says the Center for Democracy & Technology's Justin Brookman, "they may be deterred from similar research in the future, which would be a terrible result."
Full Story

HEALTHCARE PRIVACY—U.S.

Can Patient Privacy and Medical Research Coexist? (March 14, 2012)

Medical researcher Kathryn Segesser is interested in studying anorexia and bulimia across centuries to prove the theory that the disorders aren't related to modern cultural norms. But she says her research is being impeded by healthcare privacy laws, reports Philly.com. Segesser isn't alone in her assertion that medical research is hampered by privacy laws such as HIPAA, which is why two researchers at the University of Massachusetts Lowell are using a recent $700,000 National Institutes of Health grant to try and resolve that tension. In this exclusive for The Privacy Advisor, the professors discuss their development of "data-masking technology," which aims to facilitate research while maintaining patient privacy.
Full Story

DATA LOSS—U.S.

Breach Leads to Firm’s Bankruptcy (March 13, 2012)
A medical records firm has filed for bankruptcy after its headquarters in San Diego, CA, was burglarized last New Year's Eve, The Wall Street Journal reports. Medical records of approximately 14,000 patients--including addresses, Social Security numbers and medical diagnoses--were compromised in the incident. A spokesman for the affected firm, Impairment Resources LLC, said, "The cost of dealing with the breach was prohibitive." Authorities have yet to catch the assailants and the Department of Labor is still investigating the incident, the reports states. (Registration may be required to access this story.)

DATA LOSS—NEW ZEALAND

Commissioner Wants Response After Breach (March 13, 2012)

Privacy Commissioner Marie Shroff is asking the Accident Compensation Corporation (ACC) for a formal response regarding an incident involving thousands of claimants' information e-mailed to an unauthorized recipient, reports The New Zealand Herald. About 9,000 records--137 of which pertained to sensitive claims--on approximately 6,000 individuals were mailed, confirms ACC Chief Executive Ralph Stewart, adding that the information has since been destroyed by the recipient. "Clearly, we must review our internal processes to ensure this type of event doesn't occur again. Can I reiterate ACC's concern, and I'd like to apologize to all ACC clients," he said.  
Full Story

HEALTHCARE PRIVACY—U.S.

Insurance Exchange Guidelines Address Privacy (March 13, 2012)

The Department of Health and Human Services has released a final rule that creates guidelines--including privacy and security provisions--for state insurance exchanges. GovInfoSecurity reports that the exchanges, which are called for under current healthcare reforms, aim to facilitate insurance coverage shopping for small businesses and individuals. Under the guidelines, the exchanges must use reasonable measures to protect consumer healthcare data and will be subject to civil fines of up to $25,000 per entity per use as well as other possible penalties, according to the report. The exchanges are also required to give individuals access to their data and the ability to make decisions over the collection and handling of it.
Full Story

FINANCIAL PRIVACY—U.S.

CFPB Proposes Clarified Bank Confidentiality Rule (March 13, 2012)

Seeking to quell worries expressed by financial firms, the Consumer Financial Protection Bureau (CFPB) has proposed a rule to clarify the protection of sensitive documents submitted to the agency, reports The Wall Street Journal. Citing a lack of clarity in the 2010 Frank-Dodd law, financial firms worry that lawyers and third parties could access submitted sensitive documents, which could place the firms at risk of lawsuits. The proposed rule states that submission of private legal documents "shall not be construed" as waiving the privacy protections of the documents, the report states. CFPB Director Richard Cordray said the rule will help promote "the flow of information between the bureau and its supervised entities." The proposal is open for public comments for 30 days. (Registration may be required to access this story.)
Full Story

HEALTHCARE PRIVACY—EU

Concerns Surround E-Records Transition (March 13, 2012)

EUobserver reports on the global transition to electronic health records (EHRs) and the privacy concerns therein. According to a European Commission study, two-thirds of European hospitals have a system in place for EHRs. Assistant European Data Protection Supervisor Giovanni Buttarelli says the creation of a large-scale central database could be a "monster" and prone to data breaches. "Security is something you can look for but not ensure," he said. He suggests data should only be available on a "need-to-know basis" and calls for the harmonization of standards on data access. One expert said, however, that the transition is imminent. "It is the future, we cannot stop it," he said. 
Full Story

ONLINE PRIVACY—U.S.

SXSW Panel Explores “Big Data” (March 13, 2012)

Representatives with opposing views on "big data" collection and privacy debated on Sunday over whether the Obama administration's Consumer Privacy Bill of Rights is needed to protect Internet users. IDG News Service reports that the panel at SXSW lacked industry representatives, however. "Facebook didn't feel it had any staff at SXSW who could speak on the issue," and Google's privacy counsel "bowed out, citing ongoing litigation," the report states. The panel still captured the contention around the issue, according to the report, as members debated "the collection and increasingly sophisticated analysis of large amounts of user data" in light of whether regulation is needed.
Full Story

EMPLOYEE PRIVACY

HR Experts Say Watch What You Post (March 13, 2012)

According to a Proskauer Rose report, 43 percent of businesses have had to handle incidents of misuse of social networks, and a human resources expert says she "doesn't know any recruiter who doesn't Google prospective hires." An article in The Wall Street Journal explores company policies and employee practices surrounding social networking use, noting that when using company equipment, there should be no expectation of privacy. Curtis Midkiff, director of social engagement at a Virginia-based professional group, says, "Don't post anything on social networks--whether on business or personal matters--that you would not want to take responsibility for in an all-staff meeting." (Registration may be required to access this story.)
Full Story

MOBILE PRIVACY

Networking Apps Raise Concerns (March 13, 2012)

"I'm completely convinced that in five or 10 years you'll be able to walk into a room and know everyone's name, where everyone works and what people you know in common," Paul Davison, founder of Highlight, tells Businessweek of the ambient social networking app, which connects to Facebook and alerts users when they are in range of their online friends--or friends of friends. Highlight is one of many such apps, The Sydney Morning Herald reports, noting that an ambient social networking app "knows the locations of all its users" and, when users are close by, "checks for commonalities...or hidden social connections, like sharing a group of friends."
Full Story

PRIVACY LAW—HUNGARY & U.S.

Hungary Files DPC Amendment (March 13, 2012)
The Hungarian government has filed new amendments following European Commission (EC) action last week to give Hungary one month to "take corrective action" on several laws or face being taken before the European Court of Justice. Among the latest changes, Hungary will "narrow the prime minister's room to fire the independent data protection commissioner," Bloomberg reports, aiming "to 'strengthen the independence' of the data protection agency" as called for by the EC. The amendments do not, however, address the EC's concerns over the previous commissioner's termination before his mandate expired, the report states.

PRIVACY LAW—U.S.

Student Sues School District for Alleged Violation (March 13, 2012)

Backed by the American Civil Liberties Union (ACLU), a Minnesota middle school student is suing her school district for violating her privacy rights after school employees searched her Facebook account and e-mails, CNN reports. Minnewaska School District denies wrongdoing in reference to the complaint, which alleges that the 12-year-old girl's First Amendment rights were violated when she was suspended for statements she made on her Facebook account and that she was also pressured to divulge her password to school officials, according to court documents. "Students do not shed their First Amendment rights at the school house gate," said an ACLU spokesman.
Full Story

PRIVACY LAW—U.S.

Judge: At This Point, comScore Need Not Disclose Certain Data (March 13, 2012)

The analytics company comScore need not disclose certain confidential information about its technology and clients at this time, according to a U.S. District Court ruling last week, MediaPost News reports. Northern District of Illinois Judge Young Kim said the plaintiffs must first have the suit certified as a class action. The suit alleges that comScore violated federal and state laws by collecting sensitive personal information of users without their knowledge, among other activities. Kim also ruled that the company must tell the plaintiffs' legal team what data it sold to clients, the report states.
Full Story

DATA LOSS—U.S.

IT Customers, Providers Concerned About Breach Liability (March 13, 2012)

Network World reports on the concerns of IT providers and customers alike over who is liable for data breaches. The report explores how data security liability has evolved from "a relatively straightforward issue"--where outsourcing customers were responsible for securing their data--to the current array of federal and state regulations that have resulted in IT service providers seeing "the price tag on unlimited liability skyrocket." The report also highlights the potential costs of a data breach, estimated to be as high as $214 per individual record. One expert suggests, "You have to do due diligence and conduct a significant risk assessment as to the real potential liability."
Full Story

SURVEILLANCE—NEW ZEALAND

Some Bullish, Others Cautious About Rising Use of CCTV (March 13, 2012)

Radio New Zealand reports on the increasing use of closed-circuit television (CCTV) in public places such as taxis, bars and hotels. The reporter interviews citizens, law enforcement, businesspeople, an academic and others about its use. New Zealand Privacy Commissioner Marie Shroff says CCTV's prevalence in the country combined with the ease of posting CCTV footage to the Internet has created a "convergence issue." She says establishments using CCTV should have robust plans and practices in place for handling and storing the footage gleaned, and recommends users heed the CCTV guidelines released by her office in 2009.
Full Story

PRIVACY LAW—U.S.

Experts Examine Privacy Bill of Rights Enforceability (March 13, 2012)

A ReadWriteWeb report examines the Obama administration's call for a Consumer Privacy Bill of Rights, specifically quoting the framework document as stating, "There is no Federal regulation at the end of the process, and codes will not bind any companies unless they choose to adopt them." The report questions how this self-regulatory approach would be enforced with input from multiple legal experts. The Department of Commerce National Telecommunications and Information Administration is seeking public comment on that question through March 26, noting it "expects that a company's public commitment to follow a code of conduct will be legally enforceable, provided the company is subject to the Federal Trade Commission's jurisdiction," the report states.
Full Story

ONLINE PRIVACY—U.S.

The Self-Regulation, Legislation, OBA Landscape (March 13, 2012)

Reuters reports on the current information privacy landscape in the U.S., including self-regulation, legislation and do-not-track proposals, and speculates what the Federal Trade Commission (FTC) will say in its soon-to-be-released privacy paper. The paper may "try to accelerate firms' adoption of...'do not track' technology," the report states. At the IAPP Global Privacy Summit last week in Washington, DC, FTC Commissioner Julie Brill said that from her perspective, it's very important that a do-not-track mechanism address data collection as well as data usage, adding that in the absence of addressing data collection, "it's not a do-not-track discussion, it's a do-not-target discussion, and that's not what we called for." Editor's note: The FTC privacy paper is expected in the coming days. The IAPP will host a web conference analysis of the paper soon after its release.
Full Story

ONLINE PRIVACY—U.S.

Brill Welcomes Pledge, Remains Vigilant (March 9, 2012)

Federal Trade Commissioner Julie Brill welcomes the advertising industry's movement to give online users more control of their data but will be watching to see how a Digital Advertising Alliance (DAA) self-regulatory program is implemented, the NationalJournal reports. Speaking at this week's IAPP Global Privacy Summit, Brill noted, "It's very important that a do-not-track mechanism addresses collection as well as use." The report also cites comments by the DAA's Stu Ingis on the industry's pledge "to honor consumers' choices" regarding data collection and targeted ads, and it highlights comments by the Commerce Department's Cameron Kerry that many in industry have asked the administration for "clear guidelines" or "rules of the road." Meanwhile, a TECHNEWSWORLD series examines calls for federal privacy legislation.
Full Story

ONLINE PRIVACY—BRAZIL & EU

Regulators Seeking Answers Over Privacy Policy (March 9, 2012)

Brazil is the latest in a growing list of countries raising concerns about Google's new privacy policy. Reuters reports that Brazil's Justice Ministry is seeking details on how Google handles users' personal information and "could launch an official investigation if Google did not provide a satisfactory response within 10 days," according to a statement released on Thursday. The UK Information Commissioner's Office is concerned the policy is "too vague,"while France's data protection authority, the CNIL, has commenced an EU-wide investigation into Google's use of personal data, the report states.
Full Story

PRIVACY—AUSTRALIA

Former Privacy Commissioner Wins 2012 Privacy Leadership Award (March 9, 2012)

Former Australian Privacy Commissioner Malcolm Crompton, CIPP/US, has been honored with the International Association of Privacy Professionals 2012 Privacy Leadership Award at the IAPP Global Privacy Summit on Thursday. IAPP President and CEO Trevor Hughes, CIPP/US, said Crompton "has consistently and effectively been a champion for privacy and accountability in Australia and around the world, and today we recognize his tremendous work and many years of leadership." Crompton, who is managing director of Information Integrity Solutions Pty Ltd., said, "I am privileged to receive this prestigious award from the IAPP. It is a true honor to be recognized by my peers and the association as a thought leader in the field of privacy. I look forward to continuing to contribute to the protection of privacy and user-controlled identity management."
Full Story

DATA THEFT—UK

Suspect Arrested for Clinic Hack (March 9, 2012)

Authorities have arrested a man suspected of breaching a British abortion services website and stealing personal information, reports The Associated Press. The British Pregnancy Advisory Service said the suspect did not obtain sensitive medical data but compromised approximately 9,000 records, including names, addresses and phone numbers of people who contacted the site, according to the report. A representative from the organization said the compromised information has not been uploaded to the Internet, adding, "We hope that women will be reassured that no data's been released." Detective Inspector Mark Raymond said, "It should be stressed that the stolen data did not contain the medical details of women who had received treatment or why individuals had contacted" the service.
Full Story

ONLINE PRIVACY—U.S.

Survey: Web Users Do Not Want To Be Tracked (March 9, 2012)

The Associated Press reports on the findings of a survey on search engine use released today by the Pew Internet & American Life Project that indicates the majority of respondents do not want search engines combing their personal data to deliver tailored results or targeted ads. The survey found that 73 percent of Internet users "would not be okay with a search engine keeping track of their searches and using that information to personalize future search results because they feel it is an invasion of privacy," and 68 percent "are not okay with targeted advertising because they don't like having their online behavior tracked and analyzed," a release on the February 2012 Pew Internet Project survey states.
Full Story

HEALTHCARE PRIVACY—CANADA & U.S.

Cavoukian Releases EHR Whitepaper (March 9, 2012)

Ontario Information and Privacy Commissioner Ann Cavoukian has released a whitepaper on embedding privacy into electronic health records (EHRs), ITWorld Canada reports. Embedding Privacy Into the Design of Electronic Health Records To Enable Multiple Functionalities--Win/Win calls on operators to build in privacy at every stage of the process. Cavoukian said, "The most important thing is the delivery of health records, quickly...But you can embed a cloak of privacy and security around it." Meanwhile, the New York Civil Liberties Union says there are privacy and security flaws in the state's EHR computer network and addresses the issue in a new report, Protection Patient Privacy: Strategies for Regulating Electronic Health Records Exchange.
Full Story

SOCIAL NETWORKING—EU & UK

Site Warns Directive “Could Stifle Innovation” (March 9, 2012)

At a London event earlier this week, a representative from Facebook said the new EU draft regulations may make social networks "unexciting" places and could limit innovation, MarketingWeek reports. Facebook UK Public Policy Director Simon Milner said the directive's "right to be forgotten" proposal is troubling. "It is a right that someone can delete what they have posted but should not be able to delete what someone has posted about you," he said, adding that some proposals--including a single EU-wide data protection authority--are worthwhile. Meanwhile, at the IAPP Global Privacy Summit, TRUSTe introduced an EU cookie audit service to help organizations have the information they need to be compliant with the "EU cookie directive" slated to go into effect in the UK this May.
Full Story

PERSONAL PRIVACY—CANADA & U.S.

Smart Grid “Privacy by Design” Paper Released (March 9, 2012)

Ontario's Office of the Information and Privacy Commissioner and San Diego Gas & Electric (SDG&E) have released a paper documenting "the incorporation of Privacy by Design into SDG&E's smart grid initiative," marking a first-of-its-kind partnership in the U.S., PR Newswire reports. "Privacy is a fundamental right of every one of our customers and a priority of the company," said Caroline Winn of SDG&E, who authored the paper with Ontario Information and Privacy Commissioner Ann Cavoukian. "I am very pleased to be working with SDG&E to ensure that our innovative privacy framework is an integral part of the smart grid deployment," Cavoukian said.
Full Story

PRIVACY—AUSTRALIA

Former Privacy Commissioner Wins 2012 Privacy Leadership Award (March 9, 2012)

Former Australian Privacy Commissioner Malcolm Crompton, CIPP/US, has been honored with the International Association of Privacy Professionals 2012 Privacy Leadership Award at the IAPP Global Privacy Summit on Thursday. IAPP President and CEO Trevor Hughes, CIPP/US, said Crompton "has consistently and effectively been a champion for privacy and accountability in Australia and around the world, and today we recognise his tremendous work and many years of leadership." Crompton, who is managing director of Information Integrity Solutions Pty Ltd., said, "I am privileged to receive this prestigious award from the IAPP. It is a true honor to be recognised by my peers and the association as a thought leader in the field of privacy. I look forward to continuing to contribute to the protection of privacy and user-controlled identity management."
Full Story

MOBILE PRIVACY—U.S.

Adequate App Protections Lacking (March 8, 2012)

POLITICO reports on increased concerns by lawmakers and regulators about the lack of consumer and privacy protections around mobile apps. Congress, the Federal Trade Commission (FTC) and the White House have all begun looking into the issue in recent weeks. Reed Smith's Amy Mushahwar said, "Our mobile devices nowadays really hold the sum total of our digital identity," adding that the interest taken by Capitol Hill, the FTC and the Obama administration "is simply a reflection that everyone is seeing the mobile phone becoming the primary screen." A spokesman from the Electronic Frontier Foundation said, "The last couple of weeks and months have been a rude awakening for app developers that privacy is an issue consumers care about."
Full Story

PRIVACY LAW—U.S.

Children’s Privacy Bill Wins Celebrity Support (March 8, 2012)

Proposed legislation to give children and their parents more control of their online data is gaining popular support, the NationalJournal reports. The bill, proposed by Reps. Joe Barton (R-TX) and Ed Markey (D-MA) to update the COPPA, has won an endorsement from television host Nick Cannon, who spoke at a Capitol Hill briefing, saying, "We wholeheartedly support the do-not-track legislation and hope Congress will pass it this session." The Markey-Barton bill seeks to prohibit the online tracking of children and teens to provide them with targeted ads unless they or their parents provide consent, the report states. Editor's Note: A recent report in The Privacy Advisor details efforts to update COPPA.
Full Story

DATA PROTECTION

Survey: InfoSec Increasingly Important (March 8, 2012)

Consumers are growing more aware and concerned about how companies protect their data, according to a survey released this week. Edelman Global Chair of Technology Pete Pedersen says companies should exercise transparency and be proactive if a breach occurs. The survey, conducted on behalf of Edelman by StrategyOne, sampled 4,050 adult consumers in seven countries and found that 90 percent of consumers are concerned about data security and 80 percent said they know more today about data protection than they did five years ago. Pedersen said one of the most surprising discoveries was that 84 percent of respondents said security was important to them, but only 33 percent said they expected companies to adequately protect their data.
Full Story

PRIVACY

Privacy Pro Garners All Five CIPP Certifications (March 8, 2012)

Shortly after the unveiling of the IAPP's newest certification--the CIPP/E--Accenture North American Director of Legal Services and Data Privacy Compliance Benjamin Hayes, CIPP/US, CIPP/G, CIPP/C, CIPP/IT, CIPP/E, became the first IAPP member to achieve all five certifications. In this exclusive for The Privacy Advisor, Hayes discusses what the certifications mean not only for his job but for aspiring privacy professionals and what achieving a "blackbelt" in privacy might mean.
Full Story

DATA LOSS—U.S.

Breaches Reported, Analyzed (March 8, 2012)

The Associated Press reports on a Connecticut Department of Social Services investigation into whether as many as 8,500 client identification numbers "were erroneously provided to another state agency and then to some state lawmakers and other organizations" in what could constitute a violation of federal law. Multiple breaches at other organizations have also been reported this week, including one at a Connecticut university and another involving an Oregon nursing assistant who posted photographs of patients on a social networking site. Meanwhile, SearchSecurity reports that a preview of Verizon's forthcoming Data Breach Investigation Report indicates "poor password management practices" made possible most of the 2011 breach reports investigated.
Full Story

PRIVACY LAW—GERMANY

Court: Social Network Users Retain Property Rights (March 7, 2012)
The Wall Street Journal reports that a German court has ruled against Facebook in a 2010 case sparked by concerns over the social network's use of members' e-mail addresses to solicit new users. "Facebook can't force users to grant the social network a comprehensive license to their content," the report states, noting the court found "users remain the owners of intellectual-property rights of their Facebook posts, pictures and other content posted on the site." A Facebook spokeswoman said, "We will take a close look into the details of today's court decision as soon as they are available and then decide on the next steps," adding that the social network "is committed to adhering to European data protection principles." (Registration may be required to access this story.)

PRIVACY LAW—EU

EDPS Releases Opinion on Data Protection Reforms (March 7, 2012)

European Data Protection Supervisor (EDPS) Peter Hustinx adopted an opinion today on the European Commission's proposed reform of EU data protection rules. While the EDPS is welcoming "the strengthening of the right to data protection in Europe...the proposals are disappointing in the law enforcement area and leave many existing EU data protection instruments untouched," Euroalert.net reports. In the opinion's executive summary, the EDPS notes that while the regulation "constitutes a huge step forward for data protection in Europe...the main weakness of the package as a whole is that it does not remedy the lack of comprehensiveness of the EU data protection rules."
Full Story

DATA THEFT—U.S.

Ubiquitous Hacking As Wake-Up Call (March 7, 2012)

The New York Times reports on what it calls "the bright side of being hacked." Experts speaking at last week's RSA conference in San Francisco, CA, noted that hacktivist groups like Anonymous raise alarm about the security of corporate computer systems. Booz Allen Senior Vice President Roger Cressey said, "Anonymous is a wake-up call...Any company that is patting themselves on the back and saying that they're not a target or not susceptible to attack is in complete and utter denial." Hacktivism draws public attention and, hence, corporate executives and stakeholders, according to the report. Meanwhile, the National Aeronautics and Space Administration says that in 13 breaches, hackers illegally accessed employee credentials and mission-critical projects, and a private school in Missouri is currently being plagued by hackers who are releasing sensitive data via a social networking site. (Registration may be required to access this story.)
Full Story

PRIVACY LAW—HUNGARY & EU

EC Gives Hungary One Month To Address Issues (March 7, 2012)

The European Commission today gave Hungary one month to "take corrective action" on several laws--including one affecting the data protection authority--to avoid being taken to the European Court of Justice, Europe Online Magazine reports. Noting that Hungary "has not answered all the questions that we have raised," the commission today sent "letters of formal warning" to Hungary, marking the second step in EU infringement procedures, the report states. When sending its response to the first step of the proceedings last month, Hungary had indicated it would "make concessions to guarantee the independence of the data protection authority."
Full Story

BEHAVIORAL TARGETING—EU

Article 29 Working Party Calls for DNT Protocol (March 7, 2012)

In a published letter, the Article 29 Working Party (A29 WP) indicated that the voluntary guidelines drafted by a European digital advertising industry group do not meet the consent and information requirements laid out in the ePrivacy Directive, PCWorld reports. The European Advertising Standard Alliance (EASA) backs an icon-based approach to inform users of how the targeted advertisement works. A29 WP Chairman Jacob Kohnstamm said, though the icon helps raise awareness, a browser-based do-not-track (DNT) protocol is needed, adding, "A DNT setting in a browser means that users should no longer be tracked instead of just not being shown targeted advertisements."  
Full Story

PRIVACY

2012 Salary Survey Examines Trends (March 7, 2012)

The IAPP's 2012 Privacy Professionals Role, Function and Salary Survey, which is being released at the Global Privacy Summit, examines compensation levels and key trends as reported by respondents from the organization's diverse membership. This year's survey includes data and comparisons on issues including how privacy professionals allocate their time across different responsibilities, what career paths they are pursuing and their placement within their organizations. Other information included in the survey includes which industry sectors are most represented by privacy professionals; the size of organizations with in-house privacy staff, and what privacy professionals report as the most time-consuming tasks they oversee in their work.
Full Story

PRIVACY

Opinion: Using the Privacy Richter Scale (March 7, 2012)

In a column for Computerworld, Minnesota Privacy Consultants President Jay Cline, CIPP/US, assesses Google's recent privacy policy changes and places the changes on what he calls the privacy Richter scale. "Not all privacy issues are created equal," he opines. Some events "make the news but pose no lasting harm," while others "can knock you down, level buildings and cause real and lasting damage." Events appearing at the top of the privacy Richter scale "make the all-time list and usually involve widespread destruction and loss of life." Cline says the next time a privacy story makes the headlines, ask yourself, "where it measures up on the privacy Richter scale."
Full Story

PRIVACY LAW—SPAIN & EU

Spain Seeks ECJ Guidance on Search Engine Cases (March 7, 2012)
PCWorld reports that Spain's National Court (AN) has asked the European Court of Justice (EJC) to provide jurisdiction clarification on cases involving privacy complaints brought against search engines. The AN said it is unclear who has the final decision-making authority in such matters. The Spanish Data Protection Authority (DPA) says that search engines are subject to European laws and "right to be forgotten" decisions should be made in national courts in the EU. Spain's DPA has started legal action against Google to delete index files of Spanish complainants. A Google spokesman said, "We welcome the Spanish national court's decision to refer this case to the European Court of Justice. We support the right to be forgotten, and we think there are ways to apply it to intermediaries like search engines in a way that protects both the right to privacy and the right to free expression."

PRIVACY LAW—UK & EU

Court of Appeal Upholds DEA Ruling (March 7, 2012)

The UK Court of Appeal has rejected claims that the Digital Economy Act (DEA)--aimed at fighting online copyright infringement--violates EU law, Out-Law.com reports. Two ISPs had argued that the DEA breached EU laws on data protection and privacy. "We are pleased the Appeal Court has upheld the original ruling that the Digital Economy Act is a lawful and proportionate response to the threat posed by online piracy," a government spokesperson said. One of the plaintiffs has responded, "We are reviewing this long and complex judgment and considering our options. Though we have lost this appeal, we will continue fighting to defend our customers' rights against this ill-judged legislation."
Full Story

MOBILE PRIVACY—U.S.

Schumer To Meet with Companies on Apps Issues (March 7, 2012)

Sen. Charles Schumer (D-NY) says Apple and Google have agreed to meet with him to discuss loopholes found on smartphones that allow apps developers access to users' personal information, The New York Times reports. Schumer said, "We asked them if they could find a way on their own to prevent apps from having access to private info...They were friendly and open to the idea that this ought to be changed." Schumer added that he is "optimistic that we can get this changed without any regulation...If it's not changed, then we'll look to the FTC, and if that doesn't work, then we'll look at legislative approach." (Registration may be required to access this story.)
Full Story

PRIVACY LAW—HUNGARY & EU

EC To Decide on Infringement Continuation (March 7, 2012)

Portfolio.hu reports on comments by EU Justice Commissioner Viviane Reding that the European Commission will decide Wednesday whether to continue infringement proceedings against Hungary over issues including the independence of its data protection authority. The commission sent formal notice to Hungary in January, and Hungary sent its response to the issues late last month. "The answers to the three infringement letters are much more vague," Reding said, noting, "on Wednesday, the commission is going to take a decision on what to do with the answers of the Hungarian government."
Full Story

MOBILE PRIVACY—U.S.

Concerns Prompt Call for Another Bill of Rights (March 7, 2012)

In the wake of the Obama administration's call for a Consumer Privacy Bill of Rights, the Electronic Frontier Foundation (EFF) is advocating a bill of rights for mobile users, PCWorld reports. Considering "the sensitivity of the data that many consumers store on their phones," the EFF states, "the stakes are even higher for manufacturers, carriers, app developers and mobile ad networks to respect user privacy in order to earn and retain the ever-important trust of the public." However, following the recent release of guidelines for mobile privacy, one analyst believes "the big players are likely to cherry pick," suggesting increased transparency and opt-outs "is obviously going to impact on their targeted advertising business models."
Full Story

HEALTHCARE PRIVACY—U.S.

ANSI Report Calls for Enhanced PHI Security (March 7, 2012)

The American National Standards Institute released a report Monday providing steps to help organizations assess personal health information (PHI) security risks and build a cogent business case to protect PHI, PR Newswire reports. The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security, which was part of the "PHI Project" and involved more than 100 healthcare industry leaders, found that lack of executive support and insufficient funding contributed to security breaches. Ponemon Institute Founder Larry Ponemon, CIPP/US, said, "Healthcare is one of the most-breached industries...This report will help them understand what they need to do to augment their efforts."
Full Story

SOCIAL NETWORKING—U.S.

Applicants Asked To Disclose Passwords (March 7, 2012)

Employers and colleges are increasingly asking applicants to disclose their social networking passwords, MSNBC reports. Job applicants have been reportedly asked to log in to their accounts during interviews so the interviewer can view their posts, friends, photos and other information. According to the report, student athletes are often asked to "friend" a coach or compliance officer, thereby granting access to "friends-only" material. Schools are also using monitoring software to automate social media vetting. A representative from the American Civil Liberties Union said that interviewers and schools "are also invading other people's privacy. They get access to that individual's posts and all their friends. There is a lot of private information there."
Full Story

ONLINE PRIVACY—U.S.

Brill: “Do Not Track Is…Do Not Collect” (March 5, 2012)
While advertising industry self-regulation standards allow for data collection after consumers have opted out of online behavioral targeting, Federal Trade Commissioner Julie Brill says a critical point of "Do Not Track" for her is that it "is not just Do Not Target...but also, when the consumer so chooses, Do Not Collect," reports MediaPost News. Brill also talks about the need for increased protections when companies use data to draw conclusions about customers, citing a recent case where an online retailer deduced customers' pregnancies and noting, "The same type of innocuous data could be used to make other predictions of a sensitive nature, like sexual orientation, financial status and the like." Editor's Note: Julie Brill will discuss the implications of the FTC's privacy report this week at the IAPP Global Privacy Summit.

MOBILE PRIVACY—U.S. & EU

Lawmaker, Regulator Concerned About Apps (March 5, 2012)

Following news that mobile apps on the Apple and Google mobile systems may access users' address books and photos, U.S. Sen. Charles Schumer (D-NY) is urging the Federal Trade Commission to investigate, The Economic Times reports. "These uses go well beyond what a reasonable user understands himself to be consenting to when he allows an app to access data on the phone for purposes of the app's functionality," writes Schumer. He questions whether the companies' terms of service are being breached and notes, "smartphone makers should be required to put in place safety measures to ensure third party applications are not able to violate a user's personal privacy..." Meanwhile, in light of similar findings in the UK, EU Justice Commissioner Viviane Reding said, "This really concerns me, and this is against the law because nobody has the right to get your personal data without you agreeing to this."
Full Story

PRIVACY LAW—ASIA PACIFIC

Authorities Want Answers From Google (March 5, 2012)

A working group of the Asia Pacific Privacy Authorities (APPA) has written a letter to Google to raise concerns about changes to its privacy policy. The APPA Technology Working Group says users should be able "to control the way in which their information is aggregated and shared online, especially members of minorities or at-risk groups." The group wants to know how the changes will affect existing users and if users will have easy access to privacy tools. It also wants clarification on policies on sensitive information and the timeframe for data deletion following a user request. Google responded that its "approach to privacy has not changed" and users' data remains private.
Full Story

ONLINE PRIVACY

Philosophical Questions at the Heart of OBA Issues (March 5, 2012)

In The Atlantic, Alexis Madrigal explores the relationship between our "digital and physical selves," which he says is at the heart of consumers' concerns about online data collection. Currently, data collectors do not connect your online tracking data to your name, but "If and when that wall breaks down, the numbers may overwhelm the name. The unconsciously created profile may mean more than the examined self I've sought to build," Madrigal writes. In an interview with The Inquirer, Jeffrey Rosen says this version of the future is not inevitable, but "Privacy is not for the passive...This is an area where civic engagement and protest work." For marketers, he says, "It's a constant tug-of-war. There is huge economic pressure to see how much tracking people will accept."
Full Story

SSN PRIVACY—U.S.

Connecticut Legislators Consider Privacy Bill (March 5, 2012)

Amidst concerns about Social Security numbers' (SSN) privacy at the federal level and in the wake of a breach of data including SSNs in another state, Connecticut legislators are poised to consider a new law "to help safeguard privacy and protect against identify theft," the Danbury Patch reports. On Wednesday, the House General Law Committee is scheduled to hold a public hearing on SB 315, which prohibits "the unnecessary collection of Social Security numbers," the report states, noting that the term "unnecessary collection" has not yet been defined but that the bill would not apply to "credit reporting agencies, identity verification measures, medical treatment, law enforcement and job related reasons including employment benefits.
Full Story

PRIVACY

CPO Provides Tips for Aspiring Privacy Pros (March 5, 2012)

In an interview with BankInfoSecurity, Nationwide Insurance Chief Privacy Officer Kirk Herath, CIPP/US, CIPP/G, shares three tips for new privacy professionals. Herath says it's important to find a mentor and to learn the laws and standards. "Learn them backwards and forwards," he says, "and then join an industry." Herath also notes that it's important to get certified, citing "the multitude of certifications" provided by the IAPP. "And don't ignore information security," he notes. "Information security is the yin to the privacy yang. It's very important to learn how privacy and information security intersect.
Full Story

DATA LOSS—AUSTRALIA

Soldiers’ Details Posted Online, Investigation Pending (March 5, 2012)

ABC News reports that the Australian Defense Force is under investigation for a privacy breach affecting up to 80 soldiers. Medical information, discipline records and psychology reports were posted online and publicly available for several months. "I got called crazy based on the stuff about my post traumatic stress disorder," one soldier said. Former New South Wales Privacy Commissioner Chris Puplick said, "From what I've seen, I think it's a shocking breach--the fact that this sort of information is so easily accessible to people who have no reason and indeed no right to have that." The soldier has complained to the Australian privacy commissioner, and an investigation is underway.
Full Story

PRIVACY LAW—U.S.

EPIC Files Suit To Block FERPA Amendments (March 2, 2012)
The Electronic Privacy Information Center (EPIC) and several co-plaintiffs have filed a lawsuit against the Department of Education (DoE) alleging its recent regulations to amend the Family Educational Rights and Privacy Act "exceed the agency's statutory authority and are contrary to law" and seeking to have the regulations set aside. Prior to the release of the regulations in December, the DoE had sought public comment on the changes, and EPIC notes it "submitted extensive comments, addressing the student privacy risks and the agency's lack of legal authority to make changes to the privacy law without explicit congressional intent."

SOCIAL NETWORKING

Tweet Sales: A Game-Changer? (March 2, 2012)

The Financial Post reports on Twitter's plans to sell archived tweets to two data mining companies. One company, DataSift, will "release Twitter data in packages that will encompass the last two years of activity for its customers to mine," the report states, while the company Gnip will offer a "short-term data package." While one advocate described the harvesting as "game-changing," another expert said, "The only privacy risk is marketers being able to do more with the data, faster." DataSift CEO Rob Bailey said, "The only information that we make available is what's public. We do not sell data for targeted advertising."
Full Story

ONLINE PRIVACY

Stoddart: Clearer Google Privacy Policy Needed (March 2, 2012)

In light of yesterday's implementation of Google's new consolidated privacy policy, Canada Privacy Commissioner Jennifer Stoddart has sent a letter to the company expressing privacy concerns, The Chronicle Herald reports. Noting the policy was "a step in the right direction," Stoddart added, "We strongly encourage you to make it clearer to users that if they are uncomfortable with these new uses of information, they can create separate accounts. This is not clearly stated in your privacy policy." Regulators and privacy advocates from around the globe are expressing similar concerns. EU Justice Commissioner Viviane Reding says the changes do not comply with EU data protection rules, and Privacy International's Alexander Hanff has filed a monetary claim against the company. Google Director of Privacy Alma Whitten has defended the company's changes.
Full Story

HEALTHCARE PRIVACY—AUSTRALIA

PCEHR Passes Lower House (March 2, 2012)

Australia's proposed user-controlled e-Health legislation passed the Lower House on Thursday, futureGov reports. The Personally Controlled Electronic Health Records (PCEHR) bill would establish a national eHealth network across all levels of government and healthcare services and would include an independent advisory council to advise on operational and policy issues. Australian Minister for Health Tanya Plibersek said, "At present, consumer health records are scattered over a range of locations in the clinics rather than being attached to the consumer and easily available at the point of care."  
Full Story

PRIVACY

Think Before Publicizing Privacy Policy Updates (March 2, 2012)

The privacy news of late has been rife with reports about privacy policies. In the March edition of The Privacy Advisor newsletter, IAPP members offer up advice to consider before publicizing privacy policy updates. "We recommend that you think about...five considerations when making changes to your privacy policy," say Mehmet Munur, CIPP, Sarah Branam and Matt Mrkobrad, CIPP/US/G, adding the considerations should "help you educate your users; be transparent and accurate in disclosing your practices, and steer clear of regulatory scrutiny." (IAPP member login required.)
Full Story

DATA LOSS—U.S.

Insurance Company Exposes E-mail Addresses (March 2, 2012)

The Winston-Salem Journal reports that human error caused the e-mail addresses of about 1,000 Blue Cross and Blue Shield customers to be exposed to all the recipients of an e-mail informing customers of changes in their billing cycle. The company contacted the customers once the error was discovered, and a spokesman said it will "implement additional safeguards, such as how e-mail addresses are entered, to reduce the chances of this occurring in the future." While in this instance no sensitive information was revealed, one customer notes the incident "eroded my confidence that my information is safe with them or with other institutions."
Full Story

PRIVACY LAW—CANADA

Commissioner: Kids’ Networking Site Breached Law (March 1, 2012)
Privacy Commissioner Jennifer Stoddart says her office's first investigation into a social networking site for youngsters has highlighted flaws that must be addressed in order to bring Nexopia into compliance with Canadian privacy law. "Our investigation found Nexopia has inappropriate default privacy settings; provided inadequate information about a number of privacy practices, and keeps personal information indefinitely--even after people select a 'Delete Account' option," Stoddart says.

MOBILE PRIVACY—U.S.

NTIA Identifies Mobile Privacy as Top Priority (March 1, 2012)

After the Obama administration whitepaper release last week, the Department of Commerce's National Telecommunications and Information Administration (NTIA) is making mobile privacy a potential top priority and is asking for public comment from stakeholders to develop privacy codes of conduct, PCAdvisor reports. The agency said, "Mobile devices pose distinct consumer data privacy issues, such as disclosing relevant information about personal data practices on a small display." NTIA Administrator Lawrence Strickling said the agency is seeking views "on what issues should be addressed through the multi-stakeholder process and how to structure these discussions so they are open, transparent and most productive." The agency is also seeking public comment on privacy issues related to location-based services as well as services targeting minors and cloud computing, the report states. Editor's Note: The IAPP is hosting a web conference today on the Obama administration's privacy whitepaper. 
Full Story

ONLINE PRIVACY

Google Implements New Privacy Policy (March 1, 2012)

Amidst concerns from privacy advocates and regulators, Google today implemented its new privacy policy, RTÉ reports. A group of U.S. and European consumer advocacy groups made last-minute appeals to the company to suspend the changes. Trans Atlantic Consumer Dialogue sent Google CEO Larry Page a letter appealing the move. "Going forward with this plan will be a mistake. We ask you to reconsider," the letter said. "You record virtually every event of a Google user, in far more detail than consumers understand...It is both unfair and unwise for you to 'change the terms of the bargain' as you propose to do." Ireland Data Protection Commissioner Billy Hawkes said there will be issues to consider, the report states. Meanwhile, Japan has expressed concern over the changes, and France's data protection authority has also sent a letter to Page, writing, "Our preliminary analysis shows that Google's new policy does not meet the requirements of the European directive on data protection, especially regarding the information provided to data subjects." Editor's Note: Irish Data Protection Commissioner Billy Hawkes will deliver a keynote address at the upcoming IAPP Data Protection Intensive in London.
Full Story

ONLINE PRIVACY—U.S.

Suit Filed for Circumventing Do Not Track (March 1, 2012)

In the wake of reports of companies "dropping cookies on Safari users" despite the browser's block on third-party cookies, a Texas resident has filed a lawsuit in U.S. District Court against an ad company and a search engine for allegedly "circumventing the no-tracking settings on the Safari browser," MediaPost News reports. Lourdes Villegas is seeking class-action status in the suit against PointRoll and Google, the report states, accusing the companies of violating federal computer fraud and wiretap laws and California state laws. The companies involved had previously said they had stopped tracking users or were in the process of deleting the cookies, the report states.
Full Story

PRIVACY LAW—MALAYSIA

Data Protection Act Will Safeguard Personal Data (March 1, 2012)

Expected to go into effect in June, the Malaysian Personal Data Protection Act will make such practices as disclosing or processing personal data without consent; selling data; unlawful collection of data, and failure to register data punishable offenses, reports Bernama. Organizations found in violation of the act will be subject to fines of up to RM500,000 and up to three years in prison, depending on the type of incident. "The newly-appointed Director-General of the Personal Data Protection Department, Abu Hassan Ismail, said the department accepted the challenges in implementing the act," the report states.
Full Story

PRIVACY LAW—U.S.

Bill of Rights To Impact Smart Grid Regulation? (March 1, 2012)

Michael Pryor of Dow Lohnes PLLC reports on the implications the White House's Consumer Bill of Rights could have on smart grid privacy regulations. It seems clear that the framework would apply to the highly granular data collected and transmitted by smart meters, Pryor writes, citing the recently released White House report, which says, under the bill, the term personal data "refers to any data, including aggregations of data, which is linkable to a specific individual." The framework has potential to establish privately-generated, uniform and enforceable privacy policies "that would provide certainty to the industry while creating trust among consumers that their personal private information will be protected," Pryor says. (Registration may be required to access this story.)
Full Story

DATA PROTECTION

Experts: C-Suite Realizing Breaches’ Effect on Bottom Line (March 1, 2012)

C-suite officers are now understanding the impact on earnings that cyber threats and breaches can have and are asking about the state of preparedness. That's according to a panel of experts at the RSA Conference in California on Wednesday, including Computer Sciences Corp.'s David McCue, who said security pros "must understand how to communicate effectively with their bosses to not only explain the threats but also to make the case for budget," reports SC Magazine. Discussions with head management need to be more business-oriented and less jargon-filled, said another expert.
Full Story

ONLINE PRIVACY

Mozilla Offers New Web-Tracking Tool (March 1, 2012)

In Forbes, Kashmir Hill describes a new tool released by Firefox browser provider Mozilla. Called Collusion, the tool lets a user view how he or she is being tracked online. Mozilla CEO Gary Kovacs said, "We are being watched. It's now time for us to watch the watchers." Though the new tool does not describe what each tracker does, Hill breaks down various tracking tools and widgets that are found on the Forbes site when a user visits to read her articles. Editor's Note: The IAPP will host the web conference Online Behavioral Advertising--The Current Global Landscape on Thursday, March 22.
Full Story