US – More Retail Stores Are Offering Biometrics as a Payment Option

San Francisco-based company Pay By Touch has enrolled more than 2 million people who surrendered their fingerprints, which are then used as a surrogate for checks and credit cards at more than 2,000 stores. Some privacy advocates object to the use of biometrics, but for many consumers, paying for purchases with a fingerprint is becoming commonplace. [Source]

CA – Federal Privacy Commissioner Renews Privacy Research Program

The federal Privacy Commissioner has announced the renewal of privacy research funding through the Office’s Contributions Program. This year’s program will focus on the following key priority areas:

• The protection of personal health information

• Strategies for making individuals more aware of their privacy rights.

• The professionalization of privacy specialists

• The storage and retention of personal information

• Aspects of surveillance, e.g. new technologies, public awareness, workplace, internet usage

The Office will also consider requests to fund research on issues that fall outside the priority areas.

[News Release] [2006-2007 Program Summary] [2006-2007 Applicant’s Guide]

BC – B.C. May Amend Outsourcing Under FIPPA - More Flexibility Sought

In 2004, Bill 73 amended the B.C. Freedom of Information and Protection of Privacy Act, which made the province the first to protect personal information from other jurisdictions’ laws. The law prohibits the government from storing, accessing or disclosing personal data beyond Canada’s borders. However, ministries are having difficulty signing contracts and are seeking some changes to the law to lower the standard. Lawmakers are expected to introduce legislation during the current session, which ends May 18.

[Source]

CA – Canadians Participate In ‘Shred It Day’

On Saturday 24 March Toronto police and other law enforcement officers sponsored national “Shred It Day” to tackle the fastest growing kind of consumer fraud - identity theft. The event, which drew people with boxes of old personal documents they wanted to discard, was designed to raise awareness about the importance of keeping personal documents out of the hands of ID thieves. [Source]

CA – Federal Commissioner Says Outdated Privacy Act Needs Overhaul

Privacy Commissioner Jennifer Stoddart is calling on the Harper government to overhaul the 25-year-old Privacy Act as part of its much-touted accountability agenda so Canadians know how departments are handling their personal records. Ms. Stoddart said the Privacy Act needs the same kind of reform that the Conservatives are promising for the access to information law in its proposed accountability legislation. The two bills were passed about the same time. [Source]

CA – Newfoundland Delays Privacy Laws Until 2007

The Williams administration is delaying new privacy laws until mid-2007 at the earliest, according to Justice Minister Tom Marshall. The province earlier pledged to have the privacy provisions enacted by now. The law was actually passed in 2002, but until it is proclaimed, it does not come into effect. Marshall said officials have been busy dealing with new access to information laws, which were brought into effect in January 2005. To date, the government has received 390 requests for information. The new privacy laws were part of the same legislation, but their enactment was postponed. In the House of Assembly on Dec. 13, 2004, Marshall said the delay would last one year - “to allow all bodies covered by the act to educate and equip themselves to adequately implement the privacy protection provisions of the act.” [Source]

CA – Study: Travel Requirements for Cross-Border Trips Not Well Understood

According to a new survey by the Tourism Industry Association of Canada (TIAC), there is considerable confusion in the U.S. and Canada about what is currently required to travel to the other country, a new survey indicates, with about three in ten people mistakenly believing that they must present a valid passport to customs officials. [Source]

CA – TBS Publishes Backgrounder on Federal Outsourcing Strategy

Canada’s federal Treasury Board Secretariat (TBS) has published a short backgrounder on the federal outsourcing, entitled “Backgrounder - Privacy Matters: The Federal Strategy to Address Concerns About the USA PATRIOT Act and Transborder Data Flows.” [Source]

AU – Australian Government Releases Plan for E-Government, Hails Single Sign-On

Australian government agencies are working on a single sign-on approach to deliver e-government services, according to a newly released e-government strategy, entitled ‘Responsive Government - A New Service Agenda‘. The strategy details how e-government services will be improved between now and 2010. E-government delivery had at times been “ad hoc” and “uncoordinated”. However, the new strategy introduces a number of new initiatives to make online government services simpler for citizens. Chief among these is the development of a single framework whereby individuals need only log in once to a government Web site to access e-government services provided by a range of agencies. “Authentication and personal or business information will need to be provided only once through a simplified government sign-on, to access government information and services and for ongoing interactions, transactions and updates,” the report said. [Source] [Source]

AU – Australia Establishes Binding ISP Code to Crackdown on Spam

ISPs could face huge fines if they do not provide spam filtering or impose email sending limits under new rules set down by a communications watchdog. The Australian Communications and Media Authority today registered the world’s first legislative code of practice for internet and email service providers. The watchdog could seek penalties in the Federal Court of up to $10 million for a breach of an industry code. [Source] [Source]

WW – Zimmerman Unveils Zfone Encryption Program

Phil Zimmermann, the man who released the PGP e-mail encryption program to the world in 1991 has now developed easy-to-use software to cloak internet phone calls. On March 14, Zimmermann released a beta version of the widely anticipated Zfone. The open-source software manages cryptographic handshakes invisibly, and encrypts and decrypts voice calls as the traffic leaves and enters the computer. Operation is simple, and users don’t have to agree in advance on an encryption key or type out long passcodes to make it work. [Source]

US – Survey: More than Half Believe Encryption of ‘Data at Rest’ Is Critical

Ingrian Networks, a provider of data privacy solutions, conducted a survey of 112 IT executives in the financial services industry. The survey found that 54% of financial services IT executives agreed or strongly agreed that their organization designated encryption of “data at rest” as a high priority. Compliance is one of the main reasons why companies are choosing to encrypt sensitive information. [Source]

UK – ID Cards to be Mandatory By 2010

Law makers have agreed to a compromise proposal that will see ID cards become mandatory for passport holders by 2010. Previously the ID cards bill, which the House of Lords has rejected five times over the past few weeks, required anyone renewing a passport to also receive an ID card by 2008. The amendments mean that until 2010 those renewing passports will be able to opt out of receiving an ID card but will still have their biometric and other personal details entered into the National Identity Register - the database which ID card opponents have objected to along with the issuing of the actual cards. Lords approved the amended proposal by 287 to 60 while MPs passed it 301 to 84. [Source] [Source]

UK – New ID Cards Agency Set Up

The government has wasted no time in starting work on the controversial ID card scheme after the bill became law this week, and has set up a new agency that will be tasked with introducing ID cards. The new Identity and Passport Service, which will be in charge of managing the ID cards scheme, will become operational from 1 April 2006. [Source]

EU – Commission Progress Report on Electronic Signatures

The reluctant take-up of electronic signature tools is slowing down the growth of trade in goods and services via the internet, says the Commission in a progress report. However, growing use of electronic ID cards and the use of e-signatures in e-government services, such as on-line income tax returns, are expected to drive demand in the future. The report also confirms that the 1999 Directive on a Community framework for electronic signatures continues to provide, for the moment, a valid basis for electronic signatures in the internal market. [Source]

CA – IAPP Privacy Academy 2006 to be Held in Toronto

The IAPP is seeking speaking proposals for programming at the Privacy Academy 2006, October 18-20, in Toronto, Canada. And is seeking proposal submissions of 100 words or less for the panel or presentation. The IAPP is seeking proposals for a broad range of topics, including international issues, GLB, HIPAA. Proposals may be emailed to Conference Director Amy Sherwood at amy@privacyassociation.org [More Information on Speaker Submissions]

WW – Google Accused of Bio-Piracy

Search giant Google has been accused of being the “biggest threat to genetic privacy” for its alleged plan to create a searchable database of genetic information. Google was presented with an award as part of the Captain Hook Awards for Biopiracy in Curitiba, Brazil, this week. The organizers allege that Google’s collaboration with genomic research institute J. Craig Venter, to create a searchable online database of all the genes on the planet, is a clear example of biopiracy. Biopiracy refers to the “monopolisation of genetic resources” according to the show’s organizers. It is also defined as the unauthorized use of biological resources by organizations such as corporations, universities and governments. [Source] [Website]

AU – Australia Pushes E-Medical Records System Despite Privacy Objections

Australian Health Minister John Hatzistergos told the state parliament that he would not allow the plan to create lifetime electronic medical records to be “hijacked by a handful of privacy zealots.” Despite some political support, a motion from opponents to change the system’s trial consent from opt-in to opt-out failed earlier this week. Hatzistergos said the system - which will employ strong security provisions - will enhance a patient’s control over their medical records. [Source]

US – Partners Healthcare Considers Selling Patient Data

No decision has been made on a plan to sell aggregated patient data to the government, pharmaceutical and biotech companies, insurance companies and publishers, according to Partners Healthcare CEO Tom Glynn. The “data commercialization project” is under consideration by the Boston hospital giant and other academic hospitals. Partners executives say they are concerned about patient confidentiality. [Source]

US – L.A. County Department Warns 94,000 People of Possible ID Theft

L.A. County’s Department of Public Social Services has sent letters to 94,000 people warning them of possible ID theft after documents containing their personal information were recycled at an office in Exposition Park. The documents contained names, addresses, Social Security numbers and medical information. The department’s director said the incident highlighted the need for the agency to review document disposal policies. [Source]

AU – Customer Privacy Breach at Sydney ISP

A security shortfall in Australian Internet provider Astratel’s online account management system allowed users to view billing information and call records for other customers. The company had received complaints from several customers. A company spokesman said that it was experiencing difficulty with “security locks.” [Source]

CA – Manitoba ID Theft Prevention Website Launched

A new website provides tips about protecting against identity theft and what to do if it should happen, Finance Minister Greg Selinger, minister responsible for the Consumers’ Bureau, announced this week. “Business and government are working together to help prevent identity theft,” said Selinger. “Consumers, however, are key to shutting down this kind of fraud. The critical first step is for consumers to protect their own personal information.” [Source] [Source]

US – Online Community Organizes Neighborhood Watch

Anti-spyware toolmaker Sunbelt Software and CastleCops, an online security community, have joined forces to launch a volunteer group to take reports from consumers about suspected phishing Web sites. The Phishing Incident Reporting and Termination Squad is working around the clock to take the sites down. The goal is to take down the sites just hours after the volunteers receive the complaint. Some security experts believe the group will have difficulty accomplishing its mission because of the sheer volume of phishing scams, as well as other challenges. [Source]

US – Virginia Schools Required to Teach Students Internet Safety

Virginia public schools will be required to teach students about Internet safety under a law passed by the General Assembly and signed by Gov. Timothy M. Kaine. The law, which takes effect July 1, is designed to ensure that tech-savvy children understand the dangers lurking in cyberspace. [Source]

FR – Une start-up française relance la géolocalisation des enfants

Les clients de l’opérateur Orange peuvent désormais localiser le mobile de leur enfant via un service proposé par Illico.net, une start-up parisienne. Un service de «géocontrôle parental» agrémenté par la Cnil. La société française Ilico.net lance, sur le réseau d’Orange, un service de géolocalisation des enfants via leur téléphone mobile. Ce système de «géocontrôle parental» repose sur un principe simple: l’adulte s’inscrit à un service en ligne, baptisé «ootay», et y enregistre les nom et coordonnées téléphoniques de son enfant. [Source]

BC – Loukidelis, Government Publish Reports on Auction of Citizens’ Data

The B.C. Government and the B.C. Information and Privacy Commissioner have both published reports of their investigations into the auction and disclosure of personal information on computer data tapes. Loukidelis recommended a centrally managed policy for the destruction of personal information. A policy that starts from a central authority helps to maintain consistent practices and can provide clear support for decentralized implementation. The government report agreed with this recommendation and includes a central management plan to perform audits and checks to ensure compliance. The Commissioner also recommended an encryption strategy for the storage and handling of electronic personal information, and the government has committed to evaluating the feasibility of encryption procedures. It was also recommended in the government report that a policy be instituted requiring employees to report a loss of portable media devices within 24 hours. As well, the B.C. government will look at issuing a policy that prevents the storage of personal information on any media device outside of government protected networks [Full report by the B.C. Information and Privacy Commissioner] [Full report by the provincial government]

WW – Anti-Spyware Coalition Releases Documents; Unveils Agenda

The Anti-Spyware Coalition has released two new “tip sheets” to help consumers and enterprises better protect themselves against spyware and unwanted adware. The coalition also unveiled final plans for an international workshop slated to take place in Ottawa on May 16. Coordinated by CDT, the Anti-Spyware Coalition consists of academics, public interest advocates and the world’s largest distributors of anti-spyware technology. [Press Release] [Anti-Spyware Tip Sheets] [Ottawa Meeting Agenda]

AU – Privacy Chief: Privacy Is Good For Business

Australia’s Privacy Commissioner Karen Curtis said in a recent forum that privacy helps businesses prevent damage to their brands, cut down on customer and business partner attrition and build trust with customers. Curtis advised organizations to take proactive steps to protect personal information, saying privacy is “a simple notion about respect, choice and common sense.” [Source]

NZ – Survey: New Zealanders Concerned About Privacy Invasions

A public opinion survey commissioned by Privacy Commissioner Marie Shroff found that 93% of people said it was important for businesses to protect their information. The telephone survey of 750 New Zealanders also found that 56% said they were concerned about individual privacy in general - an increase from 47% of respondents who expressed concern in a similar survey five years ago. [Source]

NZ – Privacy Law Needs Update

The Government has announced plans to update privacy laws amid growing criticism that personal information is being misused. New Zealand’s Associate Justice Minister Clayton Cosgrove said that amendments are needed to the 13-year-old Privacy Act because of technology advances and other reasons. The plans to reform the law include adopting an information-sharing policy that mirrors Europe’s approach as well as limits to the availability of public information. [Source]

UK – Parents to Get Online Check of 8m Child Workers Records

The UK Government announced plans for a massive data, security and privacy project, in the shape of the Safeguarding Vulnerable Groups Bill. The Bill, which is intended to widen and centralize the vetting of people working with children (approximately 8 million individuals), will allow employers, including parents hiring nannies and childminders, to check the records of potential employees online. [Source]

US – Regulators: Improve Financial Privacy Notices

Complicated financial privacy notices need an overhaul because consumers neither read nor understand them. Federal regulators commissioned the consumer research as part of their ongoing efforts to develop improved financial privacy notices. The report, Evolution of a Prototype Financial Privacy Notice, ends the first phase of an interagency project. The findings suggest that effective privacy notices can be drafted to include all the information required by law in a format consumers can understand. A second phase of the research will involve interviewing consumers throughout the U.S. to gauge the prototype’s effectiveness and other examples of notices. [Source] [Press release] [Full Report]

JP – Japan Issues E-Passports

Last week, Japan started issuing its first electronic passports (e-passports). Every five-year, 10-year and diplomatic passport the government issues will now include an RFID tag. The country expects to dispense more than 3.5 million e-passports within the next 12 months, with all Japanese passports will expected to carry an RFID chip within the next 10 years. [Source]

US – Better Business Bureau Teams Up With Privacy Experts to Help Small Businesses

The Council of Better Business Bureaus has joined with Alan F. Westin, founder of Privacy & American Business, and Lance J. Hoffman, founder/director of George Washington University Cyberspace Policy Institute, to create a program to help small businesses improve their data security and privacy efforts. Small businesses have access to a downloadable security and privacy toolkit, a 22-page document that offers tips to help small companies protect data. [Source] [Security and Privacy Toolkit]

EU – Portuguese Government Tests New eID Card

The results of the first tests on the new Portuguese ID card (Cartão do Cidadão) were presented at an official ceremony, on 8 March 2006. The Cartão will include an electronic chip containing all data visible on the ID document, as well as the digital signature necessary for the electronic identification and authentication of the card-holder. The new card can, therefore, be used as an eID card, providing access to a great number of administrative services available on-line. It will also aggregate and replace five of the other existing ID cards: the social security card, the public health service card, the tax-payer’s card, the elector’s card and, of course, the current ID card or Bilhete de Identidade. [Source]

AU – Australians Continue Debate Over Introduction of New ‘Smartcards’

Prime Minister John Howard says a smartcard containing the personal identity details of more than 17 million Australians has merit. However, the PM cautioned that the debate over the introductions of the cards is not done yet. The card would replace existing Medicare cards and be used to access government social services. [Source]

US – DOJ Sent Subpoenas to 34 Companies Seeking Data

Information Week reports that the Department of Justice’s widely reported issuance of subpoenas to Internet search companies AOL, MSN, Google, and Yahoo for information on search practices is just the tip of the iceberg. The government has demanded information from at least 34 Internet service providers, search companies, and security software firms in its effort to uphold the 1998 Child Online Protection Act. [Source]

US – Personal Data More Vulnerable With Mobile Devices

Security breaches resulting from lost or stolen computer disks, laptops, CD-ROMS, back-up tapes and the use of smaller devices are on the rise. Just this week, Fidelity Investments announced that the data of 196,000 current and former Hewlett-Packard employees was stored on a stolen laptop. The company said it has made encryption technology a priority for its laptops, but the project was not done when the laptop was stolen March 15. [Source]

US – GAO Reports: Agencies Not Protecting Privacy Rights

Government agencies that use private information services for law enforcement, counterterrorism and other investigations often do not follow federal rules to protect Americans' privacy, according to new reports by the Government Accountability Office. [Source] [Report GAO-06-609T] [Report GAO-06-421]

US – New IRS Rule Would Allow Third-Party Sale of Tax Info with Consent

A hearing will be held April 8 on a new rule that would allow accountants to release private taxpayer information to third parties, including data brokers, with a taxpayer’s consent. Privacy and consumer advocates are expected to submit comments beforehand or attend the meeting to voice their objections to the proposed rule change. Privacy advocates contend that the consent taxpayers would be required to sign may not be voluntary and informed - especially in the rush before a tax filing deadline. [Source] [Source] [Attorneys General Opposed Proposed IRS Rule Change]

US – Compromise Reached on DATA Act

Five months after a subcommittee of a House committee approved the Data Accountability and Trust Act (DATA Act), lawmakers have reached a compromise that would trigger public disclosure based on a company’s assessment that a “significant risk” of identity theft existed after the breach. The U.S. House Energy and Commerce Committee approved the Act by a 41-0 vote. The full House will take up the bill, but no vote has been scheduled yet. The DATA Act also would require data brokers to adopt “reasonable” procedures to make sure the information they collect is accurate. [Source] [Source]

US – More Companies Limiting Employees’ Use of Internet Services

Companies are clamping down on employees’ workplace use of the expanding range of free Internet services, such as instant messaging and video downloading, to protect themselves from viruses, communications traffic jams and regulatory missteps. As the spread of broadband technology makes it possible for millions of Americans to watch TV on the Web or make cheap phone calls, companies, government agencies and universities are concerned about the possible side effects – including the threat of a worm or other bit of malicious code sneaking into their computer systems. [Source]

--------