CA – CBSA Denies Canada using U.S. Traveller Screening System

The U.S. Department of Homeland Security says the Canadian Border Services Agency (CBSA) is using a controversial U.S. screening program to assess the terrorism risk of everyone entering Canada by air, but a border agency spokesman flatly denied the claim. According to a Nov. 22 document posted on the Homeland Security Web site: “Canada is currently the only foreign country that accesses data directly using” the Automated Targeting System. “CBSA users can only view Canadian data provided by Canada,” the document adds. It does not say if U.S. security officials can also access Canadian data. [Source]

CA – Money Laundering Law Requires FINTRAC Compliance with Privacy Act

The Privacy Commissioner of Canada, Jennifer Stoddart, has new oversight responsibilities under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (Bill C-25), which just received Royal Assent. Under this new legislation, the Commissioner’s Office is now required to regularly review the Financial Transactions and Reports Analysis Centre’s (FINTRAC’s) compliance with the Privacy Act, which gives the OPC powers to audit the personal information-handling practices of federal departments and agencies. However, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act specifically mandates the Office to review and report to Parliament on FINTRAC’s activities every two years. The Commissioner’s Office had already planned to conduct an audit of FINTRAC in 2007-08. [Source]

CA – Newfoundland Transparency and Accountability Act Proclaimed

“The Transparency and Accountability Act is a flagship piece of legislation for our government,” said Newfoundland Premier Danny Williams this week. “This act reflects our commitment to provide the legislative framework for the conduct of fiscal policy, better decision-making processes and most important, strengthened accountability, openness and transparency. We remain committed to ensuring that government is fully accountable to the people who have entrusted us to run the province.” The act covers strategic planning and annual reporting, financial forecasts, public entity borrowing, and performance-based contracts for senior officials. It requires public release of a wide variety of information so that it is accessible to the people of the province. This legislation applies to all government departments and public entities, with the exception of provincial courts. [Source]

CA – Commissioner Urges Holiday Shoppers to Protect Their Personal Information

Holiday shoppers should protect their personal information to reduce the risk of becoming victims of fraud and to avoid unwanted telemarketing calls and junk mail, according to the Privacy Commissioner of Canada, Jennifer Stoddart. At a time of the year when many people are shopping for gifts and Boxing Day bargains, there are several privacy issues they should be aware of as they make their purchases. “Canada’s private-sector privacy law requires retailers to limit how much personal information they collect and also to adequately protect that information,” Ms. Stoddart said. “Consumers need to be aware of their rights. They need to ask questions when they have doubts about requests from retailers for their personal information or about how that information is being handled.” The Office of the Privacy Commissioner of Canada (OPC) has concerns related to a certain retail-related issues, including the practice of printing credit card numbers on receipts. [Source]

EU – FEDMA Adopts Spyware Code

The Federation of European Direct and Interactive Marketing (FEDMA) has adopted a code on spyware and other intrusive downloads to help its members avoid unacceptable downloads when marketing online. The code says marketers should not install, have installed or use software or similar technology on a computer or similar device that initiates deceptive practices such as: Taking control of a computer; Deceptively modifying or disabling security or browser settings; Preventing the user’s efforts to disable or uninstall the software. FEDMA also has revised its teleservices code. [Source] [Spyware Code]

US – OMB to Release Metrics for 18 e-Gov Projects

The Office of Management and Budget released the performance metrics of 18 of 25 e-government initiatives as a part of the annual E-Government Report. Karen Evans, OMB’s e-government and IT administrator, said her office and the project leaders have been working on the metrics for most of 2006 and have come to agreement on what outcome metrics the initiatives should meet. “We are trying to measure what success means,” she said. “We want measures that show results. We want to increase the usage of the 25 initiatives.” OMB and the project managers have analyzed what that means, and came up with three areas the metrics will focus on: Customer satisfaction Adoption and participation Usage [Source] [OMB e-Government Scorecard Lacks Essential Citizens’ Perspective]

CA – Service Canada — Applying for a SIN: Fast, Simple, Secure

Diane Finley, Minister of Human Resources and Social Development Canada, announced the launch of an improved service that cuts the amount of time it takes to get a Social Insurance Number (SIN) from weeks to hours. Social Insurance Number: Fast, Simple, Secure will benefit those who need to apply for the first time, replace their card, or amend their records. With the appropriate documents in hand, such as a birth certificate, people can now visit any Service Canada Centre across the country, where an agent will help them submit their application online, answer questions, and then issue their new SIN right on the spot. The card will be sent by mail in five working days. A SIN is needed to work in Canada, as well as receive benefits and services from government programs. The Government of Canada issues 1.3 million Social Insurance Numbers per year. [Source]

WW – Microsoft Stops Sale of Hotmail Addresses to Spammers

Microsoft has stopped a U.K. man from selling lists of e-mail addresses that were then being used by spammers. The technology giant took to court Paul Martin McDonald, who through his company Bizads sold e-mail addresses that were then used as spam lists. [Source]

WW – More Sophisticated Phishing Emails Lead to Increase in Fraud

Bogus emails designed to collect personal information to commit fraud are becoming more difficult to detect, according to experts. Research group Gartner, Inc., estimates that phishing scams will cost American consumers more than $2.8 billion this year. The average victim is out $1,244 compared to $257 in 2005. This MSNBC.com story details specific strategies the phishers use to trick recipients. [Source]

UK – E-Health Record: Now You Can Opt out

The UK government gave a categorical assurance this week that NHS patients would have an absolute right of veto on any part of their medical records being uploaded to a national database. The health minister Lord Warner confirmed a report in the Guardian on Saturday that the government was abandoning an attempt to oblige GPs to provide a medical summary on every patient for a centralized electronic record. He acknowledged changing the policy over the past few weeks in response to the concerns of patients who feared unauthorized disclosure of their medical histories. He said the fears were groundless but offered assurances that were firmer than in the briefing to the Guardian last week. [Source]

US – Online Fraudsters Get Jail Time; Police Unable to Access Encrypted Records

Three men found guilty on various charges in connection with an identity fraud scheme have received jail sentences, but law enforcement authorities remain unable to crack the encryption on the gang’s computer records. The gang stole credit card numbers, used them to make fraudulent purchases of expensive items and resold the items on eBay. The inability of law enforcement to crack the encryption means the true scope of the scheme may never be known. [Source]

EU – Greek Privacy Authority Fines Vodafone $100 Million

As a result of the scandal related to the wiretapping of phone conversations of several Greek officials, Vodafone was fined 76 million euro by the Greek privacy committee for not having protected its network against hacking activities, and for obstructing its investigation and failing to report the installation of the surveillance software. The Greek unit of Vodafone considers the action as groundless and intends to contest the decision at the independent committee of the Council of State, Greece’s highest court of arbitration. [Source] [Background]

WW – Visa Incentive Program Rewards PCI Data Security Standard Compliance

Visa USA has announced a US$20 million incentive program aimed at ensuring that merchants are in compliance with the Payment Card Industry (PCI) data security standard. “Acquiring” financial institutions – those that provide approval to merchants to accept credit cards – will receive a monetary reward if all their members are in compliance with the PCI standard by August 31, 2007 and they have not experienced a data security breach. Institutions whose members are not in compliance by September 30, 2007 will face a fine of US$5,000 for each non-compliant merchant; after December 31, 2007, that fine will increase to US$25,000 for each non-compliant merchant. The compliance validation process includes demonstrating that all magnetic stripe, Card Verification Value and PIN data have been removed from point-of-sale and other systems. [Source] [Source]

US – SEC Extends Sarbanes-Oxley Compliance Deadlines for Smaller Public Companies

The US Securities and Exchange Commission (SEC) has extended the deadline for complying with Sarbanes-Oxley financial reporting requirements for smaller public companies. Those companies, defined as having less than US$75 million in publicly held stock, will not be required to “provide a management assessment of internal controls over financial reporting in annual reports for fiscal years ending December 15, 2007 or later.” They will also have “to have an auditor attest to the management assessment of the effectiveness of internal controls” starting with reports filed for fiscal years ending December 15, 2008 and later. The previous deadline was July 15, 2007. The SEC recently said it would provide guidelines for smaller businesses to help ease the burden of compliance, allowing them to focus on aspects of their businesses that have a greater impact on the accuracy of financial reporting. The deadlines may be extended again if the SEC does not provide the guidelines in a timely manner. [Source] [Source] [Source]

US – Some US Counties Purging Sensitive Personal Info from Web Sites

The Orange County (FL) comptroller’s office spent US$750,000 over 18 months to remove personally identifiable information from public records posted on its web site. Many county web sites across the US contain public records such as title deeds, tax liens and court papers that include individuals’ SSNs and banking and credit card account information. Other counties are beginning to follow Orange County’s lead. The Kings County recorder’s office must by virtue of an ordinance remove access to title deed documents. Grant County has removed documents images from the Internet in response to a lawsuit. [Source]

UK – White Paper Looks At Privacy in Genetic Research

The National Human Genome Research Institute commissioned a white paper on “Privacy, Confidentiality and Identifiability in Genomic Research,” that concludes that researchers must respect and protect data subjects. Protecting the data should be a responsibility for everybody involved in the data collection, distribution and use. The paper also stresses that special attention is necessary when data is matched, linked or profiled because non-identifiable data can allow an individual to be identified. The paper recommends that release agreements be used more to place the responsibility for protecting data privacy and confidentiality on the individuals who access the information. [Source] [White Paper]

CA – Widespread Canadian EHR Implementation Still Several Years Away: Study

The Branham Group, in its second annual e-Health in Canada survey, reported that a majority of Canadian hospitals have, at the very least, implemented basic administrative, financial and clinical applications and that most have plans to implement more advanced clinical and business systems. Based on that data, Branham concluded that e-health has “crossed the chasm” from the early adopters to the mainstream market. The data was gathered through two primary methods: extensive background research, including healthcare organizations’ business plans, annual reports and RFPs, as well as about 150 interviews with industry leaders, said a Branham Group director. [Source] [Press Release] [Background] [Background]

US – Systems to Monitor Flu Pandemic Not Ready

Computerized monitoring of healthcare data is crucial in preparing for an influenza pandemic, but the tools are not in place yet, according to medical experts. This week, the White House released a status report on implementation of the nation’s strategy for a pandemic. The action plan, issued six months ago, directs federal agencies to complete goals for preventing, monitoring and responding to a global flu outbreak. 92% of all actions due within six months have been completed, according to the update, but doctors said biosurveillance work is still under way. [Source]

UK – Government Reacts to Opt Out Campaign from Central Medical Database

English health minister Lord Warner has reacted to TheBigOptOut.org, a campaign to mobilize citizens to opt out from a proposed national medical database. He is offering patients an opt-out from one part of the new system - a synopsis for emergency care, which contains things like your prescriptions and whether you are diabetic. He is not offering an easy opt-out from the full database. The plan is to upload data from family doctors and hospitals over the next year or two, to regional hosting centres. Custody of the data will then pass from doctors to the Chief Medical Officer (a gov’t official). The campaign is now focused on persuading people to forbid their doctors from uploading the data in the first place. A November poll showed that most general practitioners would not upload data without patient consent; another showed that a majority of patients did not approve of a compulsory central database. [The Big Opt Out] [Latest media coverage] [Campaign launched in UK to opt out of central medical database] [Source] [Source]

US – Boulder Security Breach Exposes Personal Data of 17,500 Individuals

A hacker accessed the records of 17,500 people who attended orientation at the University of Colorado at Boulder between 2002 and 2004. Officials, who discovered the breach Dec. 8, said there is no evidence to suggest that the hacker who accessed the database that contained names and Social Security numbers has used the data in “a nefarious way,” according to this Colorado Daily story. University officials are contacting the affected students. [Source]

UK – Identity Card Plan Spark Fears over Data Security

The computer database behind the UK government’s controversial ID card scheme will be an amalgamation of existing IT networks, rather then one built from scratch, John Reid announced this week. Originally, the record system, known as the national identity register, was to have been entirely newly-built, in order to avoid contamination from errors in existing database files on individuals. But, in a 33-page progress report on the timetable for an identity card scheme, the home secretary revealed that instead the database would be compiled from amalgamated information from three separate Whitehall databases. The “action plan“ announced this week would also see the creation next year of 69 regional offices for citizens to supply their biometric and iris details. Some of these could be provided by the private sector, the Home Office document suggests. Despite claims from critics that the bill for ID cards will balloon to £20bn eventually, this week’s report insists that the costs over the next decade will only be £5.4bn. The plan also suggests that the ID card itself, which will initially be manufactured in-house by the Home Office, should be compatible with chip-and-pin technology, and that the database will not be connected directly to the internet, to prevent hacking. Any interference with the database will carry a maximum 10-year prison sentence. An independent commissioner will report back to the home secretary and to parliament on the implementation and any abuses of the NIR. New primary legislation would be required to make carrying an identity card compulsory, but at present the timetable will see some foreign nationals required to register for biometric details next year, the first “voluntary” ID cards issued alongside passports from 2009. Concurrent with the action plan, Mr Reid also announced proposals to force foreigners already in the UK to register their biometrics, such as fingerprints and iris scans. [Source] [Strategic Action Plan for the National Identity Scheme - Safeguarding your identity] [Borders, Immigration and Identity Action Plan - Using the National Identity Scheme to strengthen our borders and enforce compliance within the UK] [Commentary] [Source]

UK – ID Cards Will Have to Share Old Databases

The Government was accused last night of misleading the country over its ID card scheme after ministers abandoned plans to set up a ‘‘clean” database from scratch and opted to link the system to existing computer networks instead. Opponents said this was a retreat from promises made when the legislation was going through parliament that the information would be kept separate from other departments. The change became apparent only yesterday when John Reid, the Home Secretary, set out a timetable for introducing ID cards from 2009. [Source]

US – Arizona Leads All 50 States In ID Theft

The Better Business Bureau of Southern Arizona this week released its “Dirty Dozen” list of scams. Topping the list was identity theft. The state had the highest number of ID theft complaints last year - 9,000 reports, according to the FTC. The FTC estimates that it takes consumers an average of 600 hours to reverse the damage done by ID theft. This story looks at the damage suffered by one family, including the credit woes encountered by a 13-year-old whose Social Security number was stolen when she was just 8 years old. [Source]

UK – Identity Fraud: Impersonation of Dead People May Get Killed by IT

A joint consultation paper on proposals aimed at stopping fraudsters from using the identities of dead people has been issued yesterday by the Registrars General for England and Wales, Northern Ireland and Scotland. Identity fraud, of which Impersonation of the Deceased (IOD) fraud is a type, costs the UK economy in excess of £1 billion a year. Fraudsters can obtain sufficient information to impersonate the deceased before organizations with which the deceased had financial dealings become aware of the death. But Registrars General can disclose death registration information to assist in the prevention, detection, investigation, or prosecution of offences. The Registrars General are seeking views on how the information should be released. Death registration information is in the public domain as soon as a death is registered, however it is not currently provided in a format that can be easily used to assist the police, other law enforcement bodies and public and private sector organizations to deal with offences and identify cases of attempted fraud by criminals using the personal details of the deceased. [Source]

CA – Retail Receipts Often Contain Entire Credit Card Numbers: OPC

The Privacy Commissioner of Canada monitors the printing of credit card information on receipts. Heather Black, the Assistant Privacy Commissioner, told The Chronicle Herald in Halifax that the office is concerned whenever retailers expose the sensitive credit card information on the receipts. However, one of Canada’s leading payment processing companies has informed the office that it is replacing older machines with updated versions that mask the information. [Source]

US – Sony BMG Settles State A.G. Suits Over CDs

Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle U.S. lawsuits over music CDs that installed a hidden copy-protection program on consumers’ computers. Not only did the program itself open up a security hole on computers, but attempts to remove the software by some customers also damaged the PCs. [Source] [Texas settlement agreement]

WW – Study: 4% of Search Results Can Lead Users to Sites That Pose Security Risks

Ben Edelman, a security expert who works as an adviser to McAfee, said that the overall all risk presented by search engines has declined by 12% since May. However, 4.4% of the results still lead to sites that carry warnings by the security software vendor’s SiteAdvisor service, which rates sites based on whether they contain spyware, viruses, spam and other threats. Search engine companies have taken steps to reduce the risk. [Source]

US – E-Health Records in Peril

A computer administrator upset over the possibility of losing his job has been arrested for allegedly planting an electronic “bomb” in the systems of one of the largest prescription drug management companies in the U.S. Authorities say that if the so-called “logic bomb” had gone off at Medco Health Solutions Inc., it would have wiped out critical patient information. [Source]

CA – Sask. PI Fined for Accessing Police Computer System

Michael Robinson, a private investigator from Saskatoon, has pleaded guilty to unlawfully accessing a computer data base. Robinson has admitted he received protected information from an RCMP police computer system. He’s agreed to pay a $20,000 fine, which was recommended in a joint submission by the Crown and defence. Four years ago, Robinson’s firm, Robinson Investigations, was at the center of an extensive privacy investigation involving police and several government departments. Six government and Crown workers were suspended following the probe. Crown prosecutor Sandeep Baines said the case holds an important message for people responsible for sensitive data. “We are all responsible for information that we have in our hands in terms of the jobs that we do,” he said. “We have to be very careful in how we deal with that information” in terms of whom its given to and how it’s used. Robinson is facing similar charges in Saskatoon. [Source]

US – Congress Passes U.S. SAFE WEB Act

Congress passed S.1608, the “Undertaking Spam, Spyware, And Fraud Enforcement With Enforcers Beyond Borders Act of 2006” (U.S. SAFE WEB Act of 2006). The U.S. SAFE WEB Act bolsters the FTC’s efforts to protect consumers, specifically to combat spam, spyware, and Internet fraud and deception. Provisions of the legislation authorize the FTC to share information with criminal authorities, which will improve information sharing with foreign agencies that treat consumer fraud and deception as a criminal law enforcement issue. The legislation also permits the FTC to work with the Department of Justice to increase the resources relating to FTC-related foreign litigation, such as freezing foreign assets and enforcing U.S. court judgments abroad. [U.S. SAFE WEB Act] [Summary of the U.S. SAFE WEB Act]

US – DHS Privacy Office Steps Up Scrutiny of Technology Projects

The Homeland Security Department’s Privacy Office has started scrutinizing information technology projects and research initiatives more intensely, according to the office’s recently released report to Congress. In an effort to establish privacy protections during initial planning and development of IT systems, Privacy Office officials have strengthened their working relationship with the department’s chief information officer and officials in the Science and Technology Directorate, the report stated. [Source]

US – Administration to Drop Effort to Track if Visitors Leave

In a major blow to the Bush administration’s efforts to secure borders, domestic security officials have for now given up on plans to develop a facial or fingerprint recognition system to determine whether a vast majority of foreign visitors leave the country, officials say. Domestic security officials had described the system, known as U.S. Visit, as critical to security and important in efforts to curb illegal immigration. Similarly, one-third of the overall total of illegal immigrants are believed to have overstayed their visas, a Congressional report says. But in recent days, officials at the Homeland Security Department have conceded that they lack the financing and technology to meet their deadline to have exit-monitoring systems at the 50 busiest land border crossings by next December. A vast majority of foreign visitors enter and exit by land from Mexico and Canada, and the policy shift means that officials will remain unable to track the departures. A GAO report released this week restated those findings, reporting that the administration believes that it will take 5 to 10 years to develop technology that might allow for a cost-effective departure system. [Source] [Border Security: US-VISIT Program Faces Strategic, Operational, and Technological Challenges at Land Ports of Entry]

US – DHS Secretary Identifies Creation of National ID Cards a Priority In 2007

Department of Homeland Security Secretary Michael Chertoff said his agency will press ahead with plans to create an electronic federal identification card. Under the Real ID Act, Americans may be required to present the tamperproof cards to travel on an airplane, open a bank account or collect government benefits. Chertoff said in a speech at George Washington University that the cards are “an example of when security and privacy go hand in hand.” [Source]

US – Senators Threaten to Repeal Real ID Act

Two US senators have threatened to call for the repeal of the Real ID Act unless changes are made to enhance citizens’ privacy and lower the cost to state governments. The act requires that state identification cards and licenses meet certain technical requirements if they are to be considered valid for access to government buildings and boarding aircraft. The Real ID Act requires new systems to collect sensitive personal information including SSNs, biometric identifiers and proof-of-residence documents; the systems would need to be linked to systems in other states. A compromised database could provide identity thieves with a treasure trove of information. [Source] [Senator Akaka’s press Release] [Source] [Background] [The Identification Security Enhancement Act (S. 4117)] [The REAL ID Act of 2005 (Pub. L. 109-13):]

US – Florida Motorists Win US$50 Million Class Action Settlement

A US District Court has approved a class action settlement granting US$50 million to compensate Florida motorists whose personally identifiable data were sold by the state to Fidelity Federal Bank & Trust. The bank used the data to send information about loans to people who had recently purchased cars. Each affected motorist will receive US$160. The sale of the data violated federal anti-stalking laws. [Source]

US – Clinton Urges Review of Plan to Create RFID-Enabled Card For Frequent Travelers

Sen. Hillary Clinton, D-N.Y., is urging the Bush administration to launch a “rigorous and comprehensive” review of the plan to create a RFID-enabled Pass card that will serve as an alternative to passports for frequent travelers. Among the reasons Clinton is seeking the review is a concern about privacy related to the RFID technology the card will contain. Specifically, Clinton is concerned about the vicinity read radio frequency identification technology. She noted in her letter to the State Department that “a number of industry and privacy groups have voiced serious concerns that the RFID technology gives rise to several privacy and security concerns and that other options are preferable.” [Source]

US – Some US Counties Purging Sensitive Personal Info from Web Sites

US – Industry Wants Unified Set of Security Standards

The Coalition for Government Procurement is forming a Unified Standards Working Group that will examine federal security standards and make recommendations to the government. According to a CGP announcement released today, the impetus for the group’s formation was members’ belief that the government should have a unified set of security standards that it expects contractors to comply with. [Source]

US – Universities Vulnerable to ID Thieves

Universities have become attractive targets for hackers who are taking advantage of the openness of the schools’ networks, their decentralized security and the personal information they keep on millions of young adults. Universities account for more than 50 data breaches on a list of more than 300 so far this year as tracked by the Privacy Rights Clearinghouse. [Source]

AU – Australia Workshopping Welfare Smartcard

The federal Government will launch a series of workshops with some of the country’s leading financial services groups in January as it hammers out plans to use private sector infrastructure to deliver its $1.1 billion welfare access card. The government has also declared that it will align itself with the EMV smartcard standard favoured by the banking industry in a move that strengthens the likelihood that many access card transactions will be funnelled through existing eftpos networks. However, much of the detail of the access card is yet to be finalized and the government is still someway off establishing fee structures for processing access card payments using bank-owned infrastructure. [Source]

US – EFF Files Suit Over Travel Data Mining System

The EFF has filed a lawsuit against the U.S. Department of Homeland Security, demanding that the agency turn over information about an “invasive” data-mining system used to assess the terrorist threat posed by U.S. travelers. It asked the U.S. District Court for the District of Columbia for the expedited release of records related to the DHS Automated Targeting System, or ATS, a program that the DHS unveiled in a November privacy notice in the Federal Register. The EFF filed FOIA requests for information on the program on Nov. 7 and Dec. 6. [Source]

AU – Australia Cams Catch 2200 in Welfare Swoops

A crack team of private investigators spied on 2267 alleged welfare cheats with video cameras last financial year in an attempt to prove they were lying to the Government to claim extra benefits. About 80% of the welfare recipients were found guilty of ripping off taxpayers, saving the Government $24.1million. The prosecution rate was up from 71% in 2004-05, when investigators tailed 2319 people. Human Services Minister Joe Hockey said that in the year to July, Centrelink employed 15 private investigators to spy on people suspected of welfare fraud. He said investigators used optical surveillance to help collect evidence in cases where other methods were inappropriate or inconclusive. “Centrelink has come a long way in the manner it investigates welfare fraud and it’s progressively adding new techniques and systems to our already robust investigative resources,” Mr Hockey said. [Source]

CA – Surveillance Cameras to Monitor Toronto’s Yonge Street

Toronto police have announced plans to deploy three closed-circuit television (CCTV) cameras on Yonge St. near the Eaton Centre through Jan. 7. Cameras will be placed on the Downtown Yonge Business Improvement Area poles at the corners of Yonge and Dundas, Gould and Gerrard Sts. Mindful of privacy concerns, police have relied on video surveillance guidelines published in 2001 by the province’s Information and Privacy Commissioner. They call for the “public to know exactly what’s going on,” through the use of “clearly written signs,” Robinson said. The guidelines state every effort must be made to “minimize intrusion of privacy.” Police took similar steps before deploying cameras this summer during Caribana, the international AIDS conference and the annual Taste of the Danforth festival. Those events all went off “very peacefully,” Robinson noted. [Source]

US – US Government Gathering Data on Millions of Air Travellers

Senior Homeland Security official this week mocked as “paranoid” critics of a little-known U.S. government screening program that has assigned a terror-risk score to millions of Canadian and other foreign travellers entering the country. Stewart Baker, the assistant secretary for policy at the Department of Homeland Security, said privacy concerns raised by the Canadian travel industry are unfounded. He warned the U.S. would be deprived of a key terror-fighting tool if the controversial program is abandoned. “You have to ask yourself what is left to protect against terrorism? Are we supposed to pray?” Baker said in response to a brewing controversy in Washington over the automated targeting system (ATS). “This is by far our best and most sensitive tool for making decisions that are not discriminatory and (that) are based on actual data rather than guesses about peoples’ behaviour.” [Source] [Travel Industry Groups Oppose Risk Tests] [European officials seek answers on use of passenger data]

US – Congress Passes Law Banning Telephone Pretexting

In the last days of the session, Congress passed the Law Enforcement and Phone Privacy Protection Act. The bill, which will become law once signed by President Bush, creates federal criminal penalties for “pretexters” who access telephone records – including voice-over-IP calling records. The Law Enforcement and Phone Privacy Protection Act prohibits accessing phone records by making false and fraudulent representations, using false documents, or accessing the records online by fraud. The bill also targets data brokers that are in the business of selling pretexted telephone records. Lastly, individuals who receive or purchase telephone records are also punished. The bill does not place any restrictions or duties upon telephone companies holding the data, such as limitations on data retention or the creation of privacy safeguards. [Source] [Background] [EPIC testimony before the Senate Committee on Commerce, Science, and Transportation Subcommittee on Consumer Affairs, Product Safety, and Insurance at a hearing on “Protecting Consumers’ Phone Records”] [EPIC testimony before the House Committee on Energy and Commerce at a hearing on “Phone Records for Sale: Why Aren’t Phone Records Safe From Pretexting?”][Law Enforcement and Phone Privacy Protection Act (the final bill is version 4)] [California Attorney General’s Statement on Hewlett-Packard Settlement]

US – Group Urges Congress to Pass Federal Data Security Bill

Noting that more than 100 million personal records have been compromised since February 2005, the Cyber Security Industry Alliance is urging Congress to pass a federal data security bill that contains a single standard for breach notification, best practices and enforcement. The group is warning that the economy will suffer if lax data security continues to undermine consumer confidence. [Source] [Press Release] [Data-breach milestone stirs new call for action]

US – Lawmaker: Passage of Healthcare IT Bill Possible In 2007

Rep. Phil Gingrey (R-Ga.) predicts that passage of a healthcare IT bill is likely to pass in the 110th Congress. Gingrey said an e-medical records system needs to include financial incentives for physicians. Last year, Gingrey proposed a bill that included a tax incentive for doctors. The Democratic leadership agrees that healthcare IT is a priority. A Democratic staffer on the House Energy and Commerce Committee told Healthcare IT News that privacy remains a major concern in any bill. The staffer added that the federal government should lead privacy protection efforts. [Source]

US – Boeing Employee Fired Over Theft of Unencrypted Laptop

Boeing announced it fired an employee who it said violated company policy by downloading sensitive information onto a laptop without using encryption technology. Boeing took the action after learning the laptop, which contained personal information about 382,000 Boeing employees and retirees, had been stolen from a car. [Source]

--------