Medical Problems Could Include Identity Theft

The last time federal data on the crime was collected, for a 2007 report, more than 250,000 Americans a year were victims of medical identity theft. That number has almost certainly increased since then, because of the increased use of electronic medical records systems built without extensive safeguards, said Pam Dixon, executive director of the nonprofit World Privacy Forum and author of a report on medical identity theft.

And uncountable, Ms. Dixon said, are the people who do not yet know they are victims. They may not know that their medical information has been tampered with for months or even years….

Source: New York Times

From the KnowPrivacy Web Site:

Key Findings
+ Users are concerned about data collection online and want greater control over their personal information.

+ Users lack awareness of some data collection practices.

+ Users don’t know who to complain to.

Direct to Complete Report

Source: KnowPrivacy

See Also: The NY Times Summarizes the Report

Review of the European Data Protection Directive

The Information Commissioner’s Office (ICO) asked a multidisciplinary international research team led by RAND Europe with time-lex and GNKS-Consult to review the strengths and weaknesses of the European Data Protection Directive 95/46/EC and propose avenues for improvement.

The Directive can be regarded as a unique legal instrument in how it supports the exercise of a right to privacy and rules for personal data protection. Its principles are regarded in many quarters as a gold standard or reference model for personal data protection in Europe and beyond. However, the Directive must remain valid in the face of new challenges, including globalisation, the ongoing march of technological capability and the changing ways that personal data is used. Although the flexibility of the Directive helps it to remain current, its effectiveness is undermined by the complexity of the cultural and national differences across which it must operate.

In order to understand the strengths and weaknesses of the Directive and to suggest ways in which European data protection arrangements may remain fit for purpose, the study team reviewed the relevant literature, conducted 50 interviews with privacy practitioners and regulators, experts and academics, and ran a scenario-based workshop to explore and evaluate potential avenues for improvement.

The ideas presented here provide some food for thought on how to improve the data protection regime for citizens living in European countries and are intended to spark debate and interaction between policy-makers, industry and experts. Such a review cannot claim to be the last word.

+ Summary (PDF; 200 KB)
+ Full Document (PDF; 700 KB)

Source: RAND Corporation

CDT Recommends Standards for Use of Analytics Tools on Federal Web Sites

CDT and EFF today released a joint report examining the use of analytics tools on federal agency Web sites. Analytics typically track user behavior on a site; the data is used to create a better user experience. The report analyzes existing policy and makes recommendations for how federal agency Web sites can use analytics tools while protecting citizen privacy. Agency Web sites will play a key role in the Administration’s plan to create an environment that fosters a more participatory government, but new uses of technology must be approached with special attention given to privacy.

+ Full Report (PDF: 304 KB)

Source: Center for Democracy and Technology and the Electronic Freedom Foundation

Hat tip: PW

LexisNexis says its data was used by fraudsters

LexisNexis acknowledged Friday that criminals used its information retrieval service for more than three years to gather data that was used to commit credit card fraud.

LexisNexis has started warning about 32,000 people that “a few” customers used its service to help them illegally obtain credit cards. “These individuals were operating businesses that at one time were both ChoicePoint and LexisNexis customers,” the company said in a notification letter that it began sending out Friday.

To perpetrate the scam, the fraudsters would set up fake mail boxes and then use information obtained on LexisNexis to open credit cards in the victims’ names. The criminals were able to obtain names, dates of birth, and even Social Security numbers from the data broker.

Source: Network World

Hat tip: PW

FTC Offers ‘Red Flags’ Web Site To Help Creditors and Financial Institutions Design Identity Theft Prevention Programs

The Federal Trade Commission has launched a Web site to help entities covered by the Red Flags Rule design and implement identity theft prevention programs. The Rule requires “creditors” and “financial institutions” to develop written programs to identify the warning signs of ID theft, spot them when they occur, and take appropriate steps to respond to those warning “red flags.”

The FTC and the federal financial regulatory agencies developed the Red Flags Rule under the Fair and Accurate Credit Transactions Act of 2003. The Rule is designed to reduce the overall incidence and impact of identity theft. “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business,”
available at www.ftc.gov/redflagsrule, describes the entities that are covered by the Rule and provides information to help them develop identity theft prevention programs. The Web site also offers articles and guidance on specific elements of the Rule.

Source: Federal Trade Commission

Shazam is the very popular service for several smartphones and other devices and that will quickly identify a song (artist, track title, etc) from millions of songs in their database. Simply point the phone at a speaker and in about 10 seconds the answer appears.

What often goes unnoticed is Shazam’s searchable music database that contains data about over 8 million tracks. It’s definitely worth a look. You can also take a peak at what tracks are currently being ‘tagged’ by users. Shazam also provides charts of the most popular tracks. Archives are also available. Here’s a look at what the artist page for No Doubt looks like.

Perhaps the ‘coolest’ web site feature is the Music Explorer. It’s a very ’social’.

Music Explorer is powered and updated by the real iDing activities of over 20 million users and provides you with a diversity of tracks or artists you might be interested in, based on the starting point of your journey.

Explorer gives you this as a ‘map’ of related artists, tracks or users based on how many other members have tagged these as well as your original track or artist.

See Also: AllMusic.com

Time for a Data Diet? Deciding What Customer Information to Keep — and What to Toss

Heartland Payment Systems, a credit card processor, may have had up to 100 million records exposed to malicious hackers. Payment processors CheckFree and RBS Worldpay, and employment site Monster.com have all reported data breaches in recent months, as have universities and government agencies. Experts at Wharton say that personal data is increasingly a liability for companies, and suggest that part of the solution may be minimizing the customer information these companies keep.

Indeed, according to Wharton marketing professors Eric Bradlow and Peter Fader companies should deploy a technique called “data minimization.” The concept: Keep the customer data a company needs for competitive advantage and purge the rest. “I think there is a fear and paranoia among companies that … if they don’t keep every little piece of information on a customer, they [can't function],” says Bradlow. “Companies continue to squirrel away data for a rainy day. We’re not saying throw data away meaninglessly, but use what you need for forecasting and get rid of the rest.”

The problem with the data hoarding approach is that companies can’t use most of the information they keep, adds Fader. Meanwhile, they become data pack rats, chasing an illusory dream of one-to-one marketing, which he says “is a myth.

Source: Knowledge@Wharton

Virtual Worlds and Kids: Mapping the Risks

Virtual worlds – online “places” where people use graphic characters known as avatars to represent themselves – can expose children and teenagers to inappropriate activity or violence. To help parents protect their children and understand these virtual places, the Federal Trade Commission has developed a new FTC Consumer Alert, Virtual Worlds and Kids: Mapping the Risks.

To learn more about the risks for kids in virtual worlds, go to
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt038.shtm.

Source: Federal Trade Commission

TMI? TrueScoop Offers Free Public Record Search on Facebook

If you already think social networks give you a bit more information than you want about some people, TrueScoop’s new Facebook application might make you cringe. It’s completely free public records search, a service that lots of websites charge for, usually so potential employers can do background checks. But now, that information is in everyone’s hands, ready to expose your embarrassing run-ins with the law and financial missteps.

The application itself is essentially just a search tool – enter someone’s name and see a listing of their traffic stops, places lived, and rulings against them – like owing money to someone. There is also a listing of the most popular searches conducted with the application, which, not surprisingly, includes lots of celebrities like Anderson Cooper and Kobe Bryant. When you do a search, it’s broadcast to Facebook’s News Feed.
Source: Mashable

Privacy Practices: The Challenge of Safeguarding Digital Data

Privacy once meant drawing the drapes.

Privacy once meant drawing the drapes. Now that we depend on technology to do the world’s business, privacy means securing data, protecting personal information and keeping hackers at bay. Drawing the drapes in an electronic sense will call for a complex system of safeguards and require policymakers to create guidelines.

Before leaving for her new post as Secretary of Homeland Security, Arizona governor Janet Napolitano signed a proclamation declaring January 28 Data Privacy Day, observed across the U.S., Canada and 27 European nations. The W. P. Carey School of Business celebrated the day with a symposium for privacy leaders in the public, private and academic arenas. The event was hosted by the Center for Advancing Business Through Information Technology (CABIT) and Intel.

Moderator and center Director Julie Smith David challenged speakers and audience members to identify the hurdles impeding privacy assurance and to suggest solutions for security breaches that plague information systems from computers to smart phones.

Source: Knowledge@W.P. Carey

Enhancing Child Safety and Online Technologies
From Executive Summary (PDF; 188 KB):

The Task Force remains optimistic about the development of technologies to enhance protections for minors online and to support institutions and individuals involved in protecting minors, but cautions against overreliance on technology in isolation or on a single technological approach. Technology can play a helpful role, but there is no one technological solution or specific combination of technological solutions to the problem of online safety for minors.

Instead, a combination of technologies, in concert with parental oversight, education, social services, law enforcement, and sound policies by social network sites and service providers may assist in addressing specific problems that minors face online. All stakeholders must continue to work in a cooperative and collaborative manner, sharing information and ideas to achieve the common goal of making the Internet as safe as possible for minors.

The Task Force does not believe that the Attorneys General should endorse any one technology or set of technologies to protect minors online. Instead, the Attorneys General should continue to work collaboratively with all stakeholders in pursuing a multifaceted approach to enhance safety for minors online. The Task Force makes specific recommendations in Part VII to the Internet community and to parents, as well as recommendations regarding the allocation of resources….

+ Full Report (PDF; 2.7 MB)

Source: Internet Safety Technical Task Force to the Multi-State Working Group on Social Networking of State Attorneys General of the United States

Cyber Liability & Higher Education — Aon Professional Risk Solutions White Paper (PDF; 226 KB)

Due to the nature and complexity of operations and the academic culture of open access, educational institutions, and in particular, large research-oriented universities, face unique exposures related to the internet and information security and privacy. An overriding challenge that educational institutions face when dealing with privacy and security risks continues to be the fundamental conflict between a culture that values an unfettered exchange of ideas, and the security and privacy of sensitive or private information.

Source: Aon

Border Searches of Laptop Computers and Other Electronic Storage Devices (PDF; 108 KB)

As a general rule, the Fourth Amendment of the U.S. Constitution requires government-conducted searches and seizures to be supported by probable cause and a warrant. Federal courts have long recognized that there are many exceptions to this presumptive warrant requirement, one of which is the border search exception. The border search exception permits government officials, in most “routine” circumstances, to conduct searches based on no suspicion of wrongdoing whatsoever. On the other hand, warrantless searches are permissible in some “non-routine” and particularly invasive situations only when customs officials have “reasonable suspicion” to conduct the search.

The federal courts have universally held that the border search exception applies to laptop computer searches conducted at the border. Although the Supreme Court has not directly addressed the degree of suspicion needed to conduct a warrantless laptop border search, the federal appellate courts that have addressed the issue appear to have concluded that reasonable suspicion is not needed to justify such a search. The Ninth Circuit, in United States v. Arnold, explicitly held that reasonable suspicion is not required to conduct a warrantless search of a laptop at the border.

Two related bills introduced in the 110th Congress, H.R. 6702 and H.R. 6588, would impose more rigorous standards for laptop searches than those the federal courts have determined are constitutionally required.

Source: Congressional Research Service (via Federation of American Scientists)

Sony BMG Music Settles Charges Its Music Fan Websites Violated the Children’s Online Privacy Protection Act

Sony BMG Music Entertainment (Sony Music) has agreed to pay $1 million as part of a settlement to resolve Federal Trade Commission charges that it violated the Children’s Online Privacy Protection Act (COPPA) and the Commission’s implementing Rule. The Commission’s complaint alleges that, through its music fan Web sites, Sony Music improperly collected, maintained and disclosed personal information from thousands of children under the age of 13, without their parents’ consent. The civil penalty to be paid by Sony Music matches the largest penalty ever in a COPPA case.

Sony BMG Music Entertainment, a subsidiary of Sony Corporation of America, represents hundreds of popular musicians and entertainers, including numerous artists popular with children and teenagers. The company operates over 1,000 Web sites for its musical artists and labels. Sony Music requires users to submit a broad range of personal information, together with date of birth, in order to register for these sites. On 196 of these sites, Sony Music knowingly collected personal information from at least 30,000 underage children without first obtaining their parents’ consent, in violation of COPPA. Many of these sites also enable children to create personal fan pages, review artists’ albums, upload photos or videos, post comments on message boards and in online forums, and engage in private messaging. In this way, children were able to interact with Sony Music fans of all ages, including adults.

“Sites with social networking features, like any Web sites, need to get parental consent before collecting kids’ personal information,” said FTC Chairman William E. Kovacic. “Sony Music is paying the penalty for falling down on its COPPA obligations.”

+ United States of America (For the Federal Trade Commission), Plaintiff, v. Sony BMG Music Entertainment
+ How to Protect Kids’ Privacy Online
+ OnGuard Online: Social Networking Sites
+ Facts for Businesses: How to Comply With The Children’s Online Privacy Protection Rule

Source: Federal Trade Commission