From the KnowPrivacy Web Site:
Key Findings
+ Users are concerned about data collection online and want greater control over their personal information.
+ Users lack awareness of some data collection practices.
+ Users don’t know who to complain to.
Source: KnowPrivacy
See Also: The NY Times Summarizes the Report
Review of the European Data Protection Directive
The Information Commissioner’s Office (ICO) asked a multidisciplinary international research team led by RAND Europe with time-lex and GNKS-Consult to review the strengths and weaknesses of the European Data Protection Directive 95/46/EC and propose avenues for improvement.
The Directive can be regarded as a unique legal instrument in how it supports the exercise of a right to privacy and rules for personal data protection. Its principles are regarded in many quarters as a gold standard or reference model for personal data protection in Europe and beyond. However, the Directive must remain valid in the face of new challenges, including globalisation, the ongoing march of technological capability and the changing ways that personal data is used. Although the flexibility of the Directive helps it to remain current, its effectiveness is undermined by the complexity of the cultural and national differences across which it must operate.
In order to understand the strengths and weaknesses of the Directive and to suggest ways in which European data protection arrangements may remain fit for purpose, the study team reviewed the relevant literature, conducted 50 interviews with privacy practitioners and regulators, experts and academics, and ran a scenario-based workshop to explore and evaluate potential avenues for improvement.
The ideas presented here provide some food for thought on how to improve the data protection regime for citizens living in European countries and are intended to spark debate and interaction between policy-makers, industry and experts. Such a review cannot claim to be the last word.
+ Summary (PDF; 200 KB)
+ Full Document (PDF; 700 KB)
Source: RAND Corporation
CDT Recommends Standards for Use of Analytics Tools on Federal Web Sites
CDT and EFF today released a joint report examining the use of analytics tools on federal agency Web sites. Analytics typically track user behavior on a site; the data is used to create a better user experience. The report analyzes existing policy and makes recommendations for how federal agency Web sites can use analytics tools while protecting citizen privacy. Agency Web sites will play a key role in the Administration’s plan to create an environment that fosters a more participatory government, but new uses of technology must be approached with special attention given to privacy.
+ Full Report (PDF: 304 KB)
Source: Center for Democracy and Technology and the Electronic Freedom Foundation
Hat tip: PW
LexisNexis says its data was used by fraudsters
LexisNexis acknowledged Friday that criminals used its information retrieval service for more than three years to gather data that was used to commit credit card fraud.
LexisNexis has started warning about 32,000 people that “a few” customers used its service to help them illegally obtain credit cards. “These individuals were operating businesses that at one time were both ChoicePoint and LexisNexis customers,” the company said in a notification letter that it began sending out Friday.
To perpetrate the scam, the fraudsters would set up fake mail boxes and then use information obtained on LexisNexis to open credit cards in the victims’ names. The criminals were able to obtain names, dates of birth, and even Social Security numbers from the data broker.
Source: Network World
Hat tip: PW
The Federal Trade Commission has launched a Web site to help entities covered by the Red Flags Rule design and implement identity theft prevention programs. The Rule requires “creditors” and “financial institutions” to develop written programs to identify the warning signs of ID theft, spot them when they occur, and take appropriate steps to respond to those warning “red flags.”
The FTC and the federal financial regulatory agencies developed the Red Flags Rule under the Fair and Accurate Credit Transactions Act of 2003. The Rule is designed to reduce the overall incidence and impact of identity theft. “Fighting Fraud with the Red Flags Rule: A How-To Guide for Business,”
available at www.ftc.gov/redflagsrule, describes the entities that are covered by the Rule and provides information to help them develop identity theft prevention programs. The Web site also offers articles and guidance on specific elements of the Rule.
Source: Federal Trade Commission
Shazam is the very popular service for several smartphones and other devices and that will quickly identify a song (artist, track title, etc) from millions of songs in their database. Simply point the phone at a speaker and in about 10 seconds the answer appears.
What often goes unnoticed is Shazam’s searchable music database that contains data about over 8 million tracks. It’s definitely worth a look. You can also take a peak at what tracks are currently being ‘tagged’ by users. Shazam also provides charts of the most popular tracks. Archives are also available. Here’s a look at what the artist page for No Doubt looks like.
Perhaps the ‘coolest’ web site feature is the Music Explorer. It’s a very ’social’.
Music Explorer is powered and updated by the real iDing activities of over 20 million users and provides you with a diversity of tracks or artists you might be interested in, based on the starting point of your journey.
Explorer gives you this as a ‘map’ of related artists, tracks or users based on how many other members have tagged these as well as your original track or artist.
See Also: AllMusic.com
Time for a Data Diet? Deciding What Customer Information to Keep — and What to Toss
Heartland Payment Systems, a credit card processor, may have had up to 100 million records exposed to malicious hackers. Payment processors CheckFree and RBS Worldpay, and employment site Monster.com have all reported data breaches in recent months, as have universities and government agencies. Experts at Wharton say that personal data is increasingly a liability for companies, and suggest that part of the solution may be minimizing the customer information these companies keep.
Indeed, according to Wharton marketing professors Eric Bradlow and Peter Fader companies should deploy a technique called “data minimization.” The concept: Keep the customer data a company needs for competitive advantage and purge the rest. “I think there is a fear and paranoia among companies that … if they don’t keep every little piece of information on a customer, they [can't function],” says Bradlow. “Companies continue to squirrel away data for a rainy day. We’re not saying throw data away meaninglessly, but use what you need for forecasting and get rid of the rest.”
The problem with the data hoarding approach is that companies can’t use most of the information they keep, adds Fader. Meanwhile, they become data pack rats, chasing an illusory dream of one-to-one marketing, which he says “is a myth.
Source: Knowledge@Wharton
Virtual Worlds and Kids: Mapping the Risks
Virtual worlds – online “places” where people use graphic characters known as avatars to represent themselves – can expose children and teenagers to inappropriate activity or violence. To help parents protect their children and understand these virtual places, the Federal Trade Commission has developed a new FTC Consumer Alert, Virtual Worlds and Kids: Mapping the Risks.
To learn more about the risks for kids in virtual worlds, go to
http://www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt038.shtm.
Source: Federal Trade Commission
Privacy Practices: The Challenge of Safeguarding Digital Data
Privacy once meant drawing the drapes.
Privacy once meant drawing the drapes. Now that we depend on technology to do the world’s business, privacy means securing data, protecting personal information and keeping hackers at bay. Drawing the drapes in an electronic sense will call for a complex system of safeguards and require policymakers to create guidelines.
Before leaving for her new post as Secretary of Homeland Security, Arizona governor Janet Napolitano signed a proclamation declaring January 28 Data Privacy Day, observed across the U.S., Canada and 27 European nations. The W. P. Carey School of Business celebrated the day with a symposium for privacy leaders in the public, private and academic arenas. The event was hosted by the Center for Advancing Business Through Information Technology (CABIT) and Intel.
Moderator and center Director Julie Smith David challenged speakers and audience members to identify the hurdles impeding privacy assurance and to suggest solutions for security breaches that plague information systems from computers to smart phones.
Source: Knowledge@W.P. Carey
Cyber Liability & Higher Education — Aon Professional Risk Solutions White Paper (PDF; 226 KB)
Due to the nature and complexity of operations and the academic culture of open access, educational institutions, and in particular, large research-oriented universities, face unique exposures related to the internet and information security and privacy. An overriding challenge that educational institutions face when dealing with privacy and security risks continues to be the fundamental conflict between a culture that values an unfettered exchange of ideas, and the security and privacy of sensitive or private information.
Source: Aon
Border Searches of Laptop Computers and Other Electronic Storage Devices (PDF; 108 KB)
As a general rule, the Fourth Amendment of the U.S. Constitution requires government-conducted searches and seizures to be supported by probable cause and a warrant. Federal courts have long recognized that there are many exceptions to this presumptive warrant requirement, one of which is the border search exception. The border search exception permits government officials, in most “routine” circumstances, to conduct searches based on no suspicion of wrongdoing whatsoever. On the other hand, warrantless searches are permissible in some “non-routine” and particularly invasive situations only when customs officials have “reasonable suspicion” to conduct the search.
The federal courts have universally held that the border search exception applies to laptop computer searches conducted at the border. Although the Supreme Court has not directly addressed the degree of suspicion needed to conduct a warrantless laptop border search, the federal appellate courts that have addressed the issue appear to have concluded that reasonable suspicion is not needed to justify such a search. The Ninth Circuit, in United States v. Arnold, explicitly held that reasonable suspicion is not required to conduct a warrantless search of a laptop at the border.
Two related bills introduced in the 110th Congress, H.R. 6702 and H.R. 6588, would impose more rigorous standards for laptop searches than those the federal courts have determined are constitutionally required.
Source: Congressional Research Service (via Federation of American Scientists)
Facebook pages in National Archives?
Say you’re a hopeful applicant for a job in the new Obama administration, and you’ve dutifully filled out the seven-page, 63-question disclosure questionnaire mandated by the transition office.
In it, you revealed the content of your Facebook page — after deleting those New Year’s Eve photos from 2005! – that mole you had removed from your neck a couple of months ago and the details of your inheritance from Great Aunt Edna.
You hit the send button.
And then you think: Just who’s going to be reading this? And when similar information from all of the Obama applicants has been gathered, creating one of the largest treasure troves of personal secrets of powerful people in the world, exactly who will own that database?
Don’t ask the Obama team, it’s not saying.
A spokesman for the presidential transition declined to reveal the number of people who’ll have access to the disclosure information, where it will be kept and what will be done with it at the end of the transition. “I can’t comment at all on that,” said Obama spokesman Reid Cherlin.
Clearly, the database being built by the Obama team will be of enormous interest to people on the transition staff and beyond. It will be especially interesting to people the Obama team would least like to have access to it — hackers, political dirty tricksters and hostile foreign governments, among others.
“There may be 10,000 or 15,000 people who fill these things out, but I can think of 10 [million] or 15 million people who’d like to read them,” said Paul Light, a professor of public service at New York University who wrote the textbook on government service.
Source: Politico
10 Top Tips: A Consumer’s Guide to Id Theft Awareness and Avoidance
The FTC estimates that as many as nine million Americans have their identities stolen each year, so chances are high that you or someone you know has fallen victim to what has become one of America’s fastest-growing crimes. While there are no guarantees as far as prevention, there are certain steps every consumer can and should be taking – before and after the fact – to greatly reduce their potential risk.
ID theft expert Brian Lapidus, chief operating officer of Kroll’s Fraud Solutions, has unique frontline experience helping today’s businesses and consumers safeguard against and respond to data breaches. Below he offers some important advice that every consumer should know about protecting themselves from the damages of fraud. At Kroll, Lapidus oversees a highly-skilled team that includes veteran licensed investigators specializing in supporting breach victims and restoring individuals’ identities to pre-theft status.
See also: Top 10 Tips for Businesses: A Guide to Data Breach Prevention and Response
Source: Kroll Fraud Solutions
Consumer Watchdog Exposes Google Privacy Problems & Calls For Attorneys General Investigation
Consumer Watchdog has created a You Tube video showing how your computer could be having an unnoticed conversation about you with Google. The nonprofit group has called on Google’s founders and directors to adopt new privacy safeguards that allow for anonymous internet and software use. Watch the video here and read the letter to Google’s founders here.
Earlier this month Consumer Watchdog wrote the Justice Department to block Google’s proposed advertising alliance with Yahoo based on these privacy concerns; an announcment about the deal is expected later this week. The letter notes that the introduction of Google’s new browser, known as “Chrome,” without new privacy protections, poses an unprecedented threat to consumers. (Read it by clicking here.)
Source: Consumer Watchdog (formerly The Foundation for Taxpayer and Consumer Rights)
Internet browser developers are increasingly competing to offer the most robust privacy controls, a new report by the Center for Democracy & Technology finds. This new competitive focus on privacy represents a boon to consumers who can now base their Web surfing decisions on which browser best suits their personal privacy needs.
The report reviews and compares the privacy tools available for the latest versions of Mozilla Firefox, Microsoft Internet Explorer, Google Chrome and Apple’s Safari. The report compares the browsers in their offering of three key tools — privacy mode, cookie controls and object controls – which can greatly reduce the amount of personal information users give up online and leave behind on their computers.
+ Full Report (PDF: 10.7 MB)
Source: Center for Democracy & Technology
New Data Privacy Laws Set For Firms
Nevada is the first of several states adopting new laws that will force businesses — from hair stylists to hospitals — to revamp the way they protect customer data. Starting in January, Massachusetts will require businesses that collect information about that state’s residents to encrypt sensitive data stored on laptop computers and other portable devices. Michigan and Washington state are considering similar regulations.
While just a few states have adopted such measures so far, the new patchwork of regulations is something many businesses will have to navigate, since the laws apply to out-of-state companies with operations or customers in those states.
+ Wall Street Journal
Consumers Warned to Avoid Fake E-mails Tied to Bank Mergers
Online scammers are taking advantage of tough economic times. While e-mails phishing for sensitive data are nothing new, scammers are taking advantage of upheavals in the financial marketplace to confuse consumers into parting with valuable personal information.
The Federal Trade Commission urges caution regarding e-mails that look as if they come from a financial institution that recently acquired a consumer’s bank, savings and loan, or mortgage. In fact, these messages may be from “phishers” looking to use personal information – account numbers, passwords, Social Security numbers – to run up bills or commit other crimes in a consumer’s name.
+ Bank Failures, Mergers and Takeovers: A ‘Phish-erman’s Special
Subscribe to the
ResourceShelf
Newsletter »
Also check out DocuTicker, a compendium of 'grey literature' (reports published by government agencies, think tanks, research institutes and other public interest groups) available for free on the web.
You are currently browsing the archives for the Privacy category.