CA – Passport Database to Use Facial Imaging to Catch Terrorists

A high-tech system to prevent terrorists and other criminals from obtaining passports will eventually contain the photographs of about 21 million Canadians, according to newly available documents. Passport Canada has officially begun looking for a vendor to supply a computerized tool to screen applicant photos against images of suspects on security watch lists. The facial-recognition project represents one of the first large-scale federal forays into the sphere of biometrics. [Source]

CA – OPC Publishes PIPEDA Review Discussion Document

The Office of the Privacy Commissioner (OPC) has published a discussion document entitled “Protecting Privacy in an Intrusive World“ that describes several issues they identified as warranting consideration in the upcoming PIPEDA review. The OPC welcomes input and comment by September 7, 2006, in order to develop its submission to Parliament during the formal review of PIPEDA. The document discusses the following issues: Commissioner’s Powers; Consent (varia); Disclosure of Personal Information before Transfer of Businesses; Work Product; Duty to Notify; Transborder Flows of Personal Information; and

Sharing Information with Other Data Protection Authorities. (Source)

CA – OPC Awards $388,319 for Research on Privacy Issues

The OPC announced that 11 organizations will be awarded a total of $388,319 for research into emerging privacy issues, including: surveillance technologies; privacy policies aimed at children; the use of DNA by law enforcement; the certification of privacy professionals; digital rights management technology; health privacy; and the de-identification of personal information. This is the largest amount of funding that has been awarded to researchers in the Program’s history and twice as many institutions are being funded in comparison with last year. [Source] [Backgrounder]

CA – Nova Scotia Re-Enacts PATRIOT ACT Legislation

After dying on the Order Paper with the announcement of a June election, the Government of Nova Scotia has re-enacted the Personal Information International Disclosure Protection Act. The bill received second reading on July 6; was considered by Committee on July 10-11; and passed by the Committee of the Whole House on July 13, 2006. [Full text of legislation] [Text of second reading debate]

CA – Some Passport Exemptions Likely: U.S. Homeland Security Boss

The U.S. Secretary of Homeland Security said while in Edmonton last week that certain types of travel will be exempt from new regulations on border crossings between Canada and the U.S. While speaking to legislators and business leaders from both sides of the border at the Pacific NorthWest Economic Region’s annual summit, Michael Chertoff said a “practical approach” is necessary. [Source] [Source]

CA – New Software in Use to Create Reports About Government Employees

A new business intelligence system that is compiling reports on government employees’ salary information, retirement eligibility and other personal data, may create privacy risks for workers, according to a privacy impact assessment summary done by the Treasury Board of Canada Secretariat. The OPC also conducted a review of the software, but a spokeswoman declined to comment publicly on what feedback it provided to the Treasury Board. [Source]

US – Opinion: Less is More When it Comes to Collecting Customer Data

Larry Ponemon, president of the Ponemon Institute, explores the perils businesses face by collecting too much information. He said that “most American companies still collect too much personal information from their customers without giving them a choice on how this data is used, shared, sold or retained.” A new study by the Ponemon Institute found that just more than half of large U.S.-based companies offer their customers the choice to opt-out. The study also found that 23% of these companies offer a consent or opt-in approach. This piece concludes with steps companies should take to foster trust with customers with the use of reliable privacy and security safeguards. [Source] [See also: Privacy and security of customer data needs attention]

US – CDT, CAP Issue Report on Consumer Privacy and Protection

The Center for Democracy and technology (CDT) Joined with the Center for American Progress (CAP) to release a new report about online privacy and consumer protection. “Protecting Consumers Online: Key Issues in Preventing Internet Privacy Intrusions, Fraud and Abuse,” identifies measures essential to safeguarding consumer privacy in the digital age. The report was issued in conjunction with an event to frame upcoming FTC hearings on consumer protection. [Consumer Privacy Report]

UK – U.K. Government Looks at Strengthening Anti-Spam Law

The UK department of Trade and Industry is considering strengthening its Privacy and Electronic Communications Regulations antispam legislation introduced in 2003. A loophole in the law currently limits ability to prosecute people sending unsolicited junk e-mails to businesses. [Source]

CA – OPC Releases Fact Sheet: The Risks of Metadata

Extract: “Over the past several years, there have been a number of incidents in which “document metadata” has caused professional and political embarrassment. The metadata reveals, sometimes to the contrary of public assertions, how, when and by whom a document was created and into whose hands it travelled. In this fact sheet, we look at the risks associated with metadata and we offer some suggestions on how you can minimize those risks.” [Source]

UK – Doctors Attack NHS IT System: Patient Confidentiality at Risk

Doctors have spoken out against the controversial £12.4bn NHS IT system that is over budget and behind schedule, claiming that patient confidentiality is being put at risk by the system. Writing in the British Medical Journal, a series of doctors have said that it is unwise to put the medical records of the entire population on one computer. The news comes just days after an investigation by the Parliament’s Public Accounts Committee (PAC) painted a picture of a project in crisis. [Source]

UK – Department of Health Minister Announces Taskforce for Electronic Records

The aim of the Taskforce is to aid the introduction of the first phase of the NHS Care Records Service by addressing outstanding issues and concerns of patients and the clinical profession about the creation of the summary care record. In conjunction with NHS Connecting for Health, it will draw up an agreed plan for the implementation of the nationally available summary record. At the end of November it will report to Ministers. [Source] [First Set of Certified E-Health Records Available]

US – New Program Promotes Design of Innovative Personal Health Record Systems

The Robert Wood Johnson Foundation (RWJF) has announced Project HealthDesign: Rethinking the Power and Potential of Personal Health Records, a new $3.5 million national program to stimulate innovations in personal health information technology. Project HealthDesign encourages health and technology pioneers to imagine a next generation of personal health record (PHR) systems that would empower patients to better manage their health and health care. The Call for Proposals (CFP) invites applicants to create consumer-focused personal health applications and test prototypes with target populations. Details at: www.projecthealthdesign.org .

UK – Information Commissioner Issues Annual Report

Richard Thomas stressed in his annual report that government initiatives that involve sharing information have clear benefits, but public trust and confidence are key ingredients for success. Thomas said he does “not want data protection to be wrongly blamed for preventing sensible information sharing.” Citizens also must be informed about how the government is using their information and given choice, when feasible. [Source]

US – Ponemon Survey: Will Privacy Concerns Thwart Personalization Efforts?

A recent Ponemon Institute survey examined the relationship between consumers’ privacy preferences and their attitudes about the personalization of Internet content. The findings provide evidence that personalization is not viewed as a diminishment of privacy. In fact, it appears that people who care the most about privacy see real value in receiving content that is tailored to their interests and purchasing preferences. Some results:

· 8% of Americans are privacy-centric. Daily events that reduce confidence in their sense of privacy or the safety of their sensitive personal information will have a significant impact on their actions.

· 72% of Americans are privacy-sensitive. Privacy is important to them, but they will not change their behaviors or information-sharing practices.

· About 20% of Americans are privacy-complacent. They really don’t care very much about the sharing or selling of their most sensitive personal information, such as Social Security numbers. [Source]

WW – CDT Launches Technology Policy Blog

CDT has launched PolicyBeta, a new blog dedicated to expanding the dialogue about technology policy, civil liberties and preserving democratic values in the digital age. PolicyBeta will feature regular posts on issues ranging from domestic surveillance to spyware, and will provide CDT experts an opportunity to discuss in detail the latest trends and developments affecting the technology policy debate. CDT is encouraging journalists, technologists, academics and interested individuals to visit the blog regularly and participate in the discussion. [PolicyBeta] [Press Release]

WW – Austria Joins Privacy International’s SWIFT campaign

The international financial surveillance programme run by the US government and involving the European company SWIFT continues to raise discussion in several countries in Europe. According to SWIFT’s Austrian board member 150 million data sets of transactions were forwarded to US intelligence services. Organizations in UK, Germany and Austria have begun to investigate the scope of the damage caused by the SWIFT tapping. Letters to local banks and SWIFT board members have been prepared and published. Every company, business and individual is advised to demand a clarification about the intercepted data on the basis of data protection laws. Furthermore legal steps are being prepared against the SWIFT board since they gave customer details away without mutual consent. [PI launches campaign to suspend unlawful activities of finance giant] [An Open Letter to the CEO of SWIFT on other covert programmes for access to financial data] [Terrorist Finance Tracking Program raises privacy questions]

US – Congress Investigates Financial Surveillance Program

The Bush administration failed to adequately inform Congress of the recently revealed secret banking surveillance program by briefing only a handful of members, according to the chairwoman of the Subcommittee on Oversight and Investigations of the House Committee on Financial Services. At a hearing about the program Tuesday, N.Y. Rep. Sue Kelly said she has asked for a GAO investigation of the program. The government is using broad, secret subpoenas to review confidential financial transactions from a banking consortium that routes data in more than 200 countries. [Hearing Information on “The Terror Finance Tracking Program] [Washington Defends Banking Surveillance] [Other: Bank Of Canada Governor Says He Was Not Briefed On U.S. Program ] [OPC cannot ignore border privacy activist]

UK – British Banks Get Power to Investigate, Cancel Cards Used for Net Child Porn

U.K. banks, as well as savings and loan associations, have been given new powers to find out the credit cards they’ve issued are being used to access illegal material online. Under an amendment to the Data Protection Act of 1988 approved last week, British police will be able to give card issuers information on people suspected or convicted of Internet child pornography offenses. [Source]

US – US Wants Passenger Info Before Overseas Departures

Homeland security officials proposed last week making airlines transmit passenger names and other information to the government before an international departure, a change designed to keep suspected terrorists off U.S.-bound flights. If approved, the security initiative would reverse current policy of requiring that manifests for flights originating in foreign countries be transmitted shortly after takeoff. The proposal seeks to improve security as well as end the inconvenient and sometimes embarrassing practice of ordering flights diverted or turned around if manifest information raises suspicion with U.S. authorities or is incomplete. The change also should relieve airlines operating international flights of having to screen their passengers against security watch lists or “no fly” lists maintained by the U.S. government, homeland security officials said. [Source]

UK – Police DNA Database ‘Is Spiralling Out of Control’

The security of the police National DNA Database is in question following the disclosure of confidential emails which reveal that a private firm has secretly been keeping the genetic samples and personal details of hundreds of thousands of arrested people. Police forces use the company LGC to analyse DNA samples taken from people they arrest. LGC then supplies the information to the National DNA Database. Yet rather than destroy this afterwards, the firm has kept copies, together with highly personal demographic details of the individuals including their names, ages, skin colour and addresses. In a separate twist, evidence has emerged that the Home Office has given permission for a controversial genetic study to be undertaken using the DNA samples on the police database to see if it is possible to predict a suspect’s ethnic background or skin colour from them. Permission has been given for the DNA being collected on the police database to be used in 20 research studies. These latest disclosures, which were unearthed following a series of Freedom of Information Act requests by The Observer and the campaign group GeneWatch, will give rise to fears that many DNA samples being collected by police from innocent people could be misused. ‘Britain’s DNA database is spiralling out of control,’ said GeneWatch. ‘Thousands of innocent people, including children and victims of crime, are taking part in controversial genetic research without their knowledge or consent.’ [Source]

AU – Unsecured E-Mail Sparks Dispute Among Australian Doctors

A Melbourne hospital is sending out sensitive health information as unencrypted e-mail, following a decision by the hospital that the benefits of rapid communication outweigh the risks to patient confidentiality. Doctors are complaining, but other doctors find using encrypted email too difficult to use. [Source]

US – Public Computer May Have Exposed More than 100,000 Private Records

Hampton City officials believe a security breach that made residents’ personal information – including SSNs – available on a public computer in the city courthouse may have given users access to more than 100,000 records. “I don’t know how many Social Security numbers are in there, because there are duplicates, but you’re talking about the whole darn thing,” the Hampton Commission of Revenue said. Hampton’s treasurer and police chief ripped the computer out of the Hampton Circuit Court building last week after they found hundreds of Social Security numbers on display. [Source]

US – Northwestern Notifies Affected Students and Applicants of Data Security Breach

Cyber intruders accessed 9 desktop computers at Northwestern University’s Office of Admissions and Financial Aid. School officials are notifying approximately 17,000 students and applicants whose personal data were held on those computers. The intrusion was detected in May and has been under investigation for two months. The breach occurred after troubleshooting software, which allowed remote computer access, was installed in the machines. [Source] [Source]

UK – British ID Card Plan Stalls

Plans for a mandatory national ID card in the United Kingdom have stalled after internal emails revealing severe problems with the plan were leaked from the UK’s Home Office. The plan, originally scheduled to roll out in 2008, is now subject to further review and likely rescheduling, according to the government. Opponents of the plan, however, are pointing to the delay as evidence that the plan is unworkable. [Source] [Emails from Whitehall officials in charge of ID cards] [UK ID card scheme near collapse, as Blair pushes cut-down ‘variant’] [Not delayed, not sleeping, dead - UK ID card scheme goes under] [Home Office stands by ID cards] [Info Commissioner concerned about scheme]

NZ – New Zealand Examines Voluntary ID System

The New Zealand government is working on a voluntary token-based identity authentication system for people dealing with government and possibly with private businesses as well. The Identity Verification Service project is being headed by the Department of Internal Affairs, which has released a tender for research on the potential uptake “in the work and private lives of the public” for such a scheme. [Source]

CA – Identity in a Dangerous Time: Why Canadians Need a National Identity Card

Don Lenihan, president of Crossing Boundaries, argues that far from being an Orwellian concept, a single smart I.D. card could eliminate layers of bureaucracy from municipal, provincial and federal government services. The British government, as he points out, will require national I.D. cards by 2013, not just to avert terror threats, but because this is part of Tony Blair’s vision of government in the new century. “Denial will not change the course of history,” Lenihan concludes. “Just as the Luddites failed to slow - let alone stop - industrialization, burying our heads in the sand will not stop new technologies from changing how we do things.” [Source]

EU – Dutch Court Rules for Protecting File-Sharers’ Identities

In a verdict on 13 July 2006, the court of appeals in Amsterdam upheld a lower court ruling about the question whether ISPs have an obligation to hand over a user’s identity when accused of illegal uploading by copyright holders. The lower court had concluded that ISPs can be ordered by a judge to hand over the identity of their users, when there is no reasonable doubt that those users whose identity is sought in fact did upload unauthorized files. This fairly strong criterion couldn’t be met by the Dutch Protection Rights Entertainment Industry, who had made the appeal, seeking the name and addresses of 42 users, suspected of infringement of copyright through unauthorized uploads. [Source] [See also: RIAA File Sharing Suit Against Mother Dismissed]

WW – Study: Americans Trust Canada With Their Personal Data

A recent survey by the Ponemon Institute shows that Americans have significant reservations regarding the offshoring of personal information. The survey found that 42% of Americans are concerned about overseas data processing. Interestingly, the location where data is processed can increase or decrease a consumer’s concern – with Canada, India and Ireland creating greater trust, and Russia and the Philippines raising greater fears. [Source]

WW – Congressional Hearing Focuses on Problems of Social Networking Sites

MySpace.com and other immensely popular social networking sites on the Internet were portrayed as emerging playgrounds for sexual predators as lawmakers considered a measure to restrict their access in publicly funded schools and libraries. “This is the hottest issue of the day,” Texas Attorney General Greg Abbott told reporters after testifying before a House subcommittee examining possible new federal restrictions to protect young Internet users from pedophiles. State attorneys general have called for such communities, particularly MySpace, to improve age and identity checks. MySpace’s safety czar says any technical solution must be part of a set that includes education and cooperation with law enforcement. [Age Verification at Social networking Sites] [Source] [Background] [MySpace hold talks with parents over paedophile fears] [Networking sites could help hackers] [MySpace parent company pledges millions for safety campaign] [Thieves Find Easy Pickings on Social Sites] [NCH Study: Parents Ignorant of Children’s Net use] [Hacked Ad Seen on MySpace Served Spyware to a Million] [Source]

US – Illinois Callers Take Advantage of ID Theft Hotline

A new identity theft hotline in Illinois has generated almost 3,000 calls since it began in February. The biggest problem reported to the hotline is credit card theft - with 511 complaints of new credit card accounts opened with stolen identities and 212 complaints about fraudulent charges. Nearly 300 complaints were made about debt resulting from someone using a stolen identity, including one case where a person received medical treatment but the bills were charged to the victim. [Source]

UK – UK Group Seeks To Model U.S. ID Theft Center

The National Consumer Council is recommending that the UK set up a support center to help ID theft victims after someone steals and uses their identity. A similar effort in the U.S., the Identity Theft Assistance Center, has helped 3,000 victims since 2004. The effort in the UK would be funded by industry but governed independently. Every year, more than 100,000 people are affected by ID theft in the UK, according to the Home Office. [Source]

AU – Australian Parliament Considers DNC Bill

If Parliament approves the Do Not Call Register Bill, Australians will be able to register their private and cell phone numbers on a list administered by the Australian Communications and Media Authority. Under the bill, telemarketers would be required to submit their list, pay a fee and then get their list back from the authority after the removal of all the registered numbers. Civil penalties for a first offense would be $220 and up to $1.1 million for a corporation with a previous offense. The Federal Court also could order an offender to compensate a victim for loss or damage. If passed, the bill also would require outsourced telemarketing agreements to include a provision that specifically requires the vendor and its employees to comply with the bill. [Source]

US – U.S. Regulators: Banks Need ID Theft Prevention Program

Federal regulators are inviting public comment on the “Red Flags Rule,” which would require lenders and creditors to have identity theft prevention programs in place. The plans must contain policies and procedures to respond to ID theft by flagging patterns and practices involving established accounts and account applications that indicate a consumer’s identity may be at risk. For example, an address change is one red flag that often indicates that an ID thief is seeking to get money, documents and other items sent to a new address assigned to the thief. The comments may be submitted through mid-September. The officials said this week that banks and creditors face risks to “their safety and soundness” when customers suffer from identity theft. [Federal Reserve Proposals for Comment Web page] [Source] [Source]

US – Homeland Security Names New Permanent Chief Privacy Officer

The DHS has named Hugo Teufel III as Chief Privacy Officer for the agency. The role was previously held by Nuala O’Connor Kelly, who left the post ten months ago. The interim CPO for the agency, Maureen Cooney, recently took a position with the Center for Information Policy Leadership. [Source]

US – Electronic Voting Machines Under Legal Attack

A coalition of groups that have filed lawsuits challenging e-voting machines. Lawsuits have been filed in at least nine states, alleging that the machines are wide open to computer hackers and prone to temperamental fits of technology that have assigned votes to the wrong candidate. [Source]

US – RFID Technology Captures Attention In U.S., U.K.

U.S. lawmakers last week held the first meeting of a new RFID Caucus in Washington, D.C. The session was devoted to exploring the technology to gain an understanding of how it works. In the E.U., executives at 31 organizations announced a new consortium, “Building Radio Frequency Identification Solutions for the Global Environment (BRIDGE).” The group has obtained more than $7.5 million in funding for research, development, training and demonstrations in the effective use of RFID technology. [Source] [Senators call for more RFID education]

US – Report Recommends Stronger Measures to Improve RFID Data Security At DHS

The inspector general at the DHS has found inadequacies in an RFID database that stores personal information. The report indicates the security shortfalls could allow unauthorized or undetected access to the sensitive information collected as part of the US-VISIT program. The Director of the US-VISIT Program said account management procedures have been strengthened already for the database. [Source]

WW – HP Introduces Tiny Radio Chips Capable of Large Data Storage

Researchers at Hewlett-Packard plan to introduce a wireless technology on Monday that they say enables a handheld electronic reader to give information about almost any object. The researchers have designed a system based on an experimental wireless chip that can be attached to a painting, a photo, a bracelet... The HP Memory Spots are new tiny chips that can store hundreds of thousands of bytes of information. While the chips are similar to RFID, the company said the new technology was intended to serve a different purpose than tracking products. The new chips reportedly have data protection features. [Source]

US – RFID Records to be Implanted in 280 Patients

RFID implant manufacturers VeriChip have announced that 280 patients from the New Jersey area will have health records chips inserted under their skin as part of a trial into the use of the technology to manage long-term conditions. Volunteers who are patients of the University Medical Center at Hackensack, NJ and suffer from chronic heart disease, epilepsy, diabetes or are recent recipients of organs, will have the RFID chips implanted above their right elbow. The passive chips will contain a 16-digit number that, when scanned at the medical centre, will link them to their e-patient record. [Source]

WW – Microsoft Shutters Windows Private Folders

Following an outcry from corporate customers, Microsoft is removing an add-on feature to Windows that allowed users to create password-protected folders. The feature was introduced as a free download last week. Almost immediately, people raised questions over how businesses would grapple with the ability of individual workers to encrypt their data. [Source]

WW – Security Vendor: Hackers Striking Databases in Record Numbers

Hackers are striking databases in record numbers, trying to pilfer a rich trove of personal and financial data, a security vendor said. SecureWorks is detecting up to 8,000 attacks per day on databases owned by its clients, up from an average 100-200 attacks per day in the first 3 months of this year. [Source]

CA – Survey: Companies Tell Employees to Leave Devices At Home

In a survey of 259 companies Sun Microsystems Canada commissioned from Ipsos-Reid, 30% of the businesses had policies that banned MP3 players from workplaces. The theft and loss of employee laptops have raised the concern among executives who have elevated data security on their list of concerns, according to the firm’s research. The increased risk posed by small digital devices capable of storing large quantities of data has led companies to adopt policies seeking to bolster data security. [Source]

CA – Fears as Canadian ISP spies on its customers

A statement by a major Canadian internet service provider that it will be monitoring customers’ cyber activities for possible reporting to government agencies has sparked concern among privacy advocates.

In its new service agreement, which took effect on June 15, Bell Sympatico told customers it “reserves the right from time to time to monitor the service electronically, monitor or investigate content or the use of the service provider’s networks”. Bell Sympatico, the statement went on to say, would “disclose any information necessary to satisfy any laws, regulations or other government request”. [Source] [Source]

AU – Australia Smartcard Gurus Appointed

Global technology consultancy Booz Allen Hamilton has been appointed lead advisor to the Office of Access Card and will act as project manager for the $1.1 billion implementation. Human Services Minister Joe Hockey said “the access card is being approached as a critical piece of national infrastructure.” [Source] [Source]

US – GSA to Seek Smart Card for Social Security

The General Services Administration (GSA) will issue solicitations seeking smart-card services and devices next month on behalf of the Social Security Administration. In recent notices, GSA said it will release the requests for proposals by Aug. 4. The RFPs will be issued more than two months before the late October deadline for agencies to start issuing Personal Identity Verification cards to new employees under Homeland Security Presidential Directive 12. The cards must meet FIPS 201-1, and there is widespread concern that many agencies will struggle to meet the upcoming deadline. [Source] [EDS to Provide ID management services for GSA]

CA – Hidden Cameras Discovered at Toronto Police Association Headquarters

Toronto police union staffers were left stunned last week after learning that tiny spy cameras were hidden in exit signs in union headquarters. Three pinhole video cameras -- each focused on strategic areas on the second-floor of the Toronto Police Association’s offices – were removed from their exit sign housings when staff raised concerns, sources say. It is believed the spy cameras were put in by a Toronto security company two years ago by order of a union director. [Source]

US – Privacy Lawsuit Against Alleged AT&T / NSA Collaboration Receives Green Light

A federal court judge denied the government’s and AT&T’s motions to dismiss the a lawsuit filed by the Electronic Frontier Foundation against AT&T alleging collaboration with the NSA in a massive and illegal surveillance program, violating privacy. [Source] [Source] [Source] [Background] [See also: AT&T Agrees To Pay $500,000 to End FCC Probe into Breach of Customer Privacy]

US – Groups Appeals Government Eavesdropping Ruling

A coalition of civil liberties groups and technology companies, including Pulver.com and Sun Microsystems, is appealing a federal court ruling that forces ISPs to create backdoors for government wiretapping. That 2-1 ruling said that Internet providers must rewire their networks and follow a complex scheme of eavesdropping regulations. The deadline is set for May 2007. [Source]

US – Bush Blocked Internal Probe of Domestic-Surveillance Program

US Attorney General Alberto Gonzales said yesterday that President Bush personally blocked Justice Department lawyers from pursuing an internal probe of the warrantless eavesdropping program that monitors Americans’ international calls and emails when terrorism is suspected. Under sharp questioning from Senate Judiciary Committee chairman Arlen Specter, Mr. Gonzales said that President Bush would not grant the access needed to allow the probe to move forward. [Source] [Coverage] [Coverage]

CA – Toronto Wifi Set to Launch in September

A plan to bring wifi connectivity to Toronto will launch in September. The deployment has been delayed due in part to law enforcement concerns about identifying network users. [Source] [Network could be invitation to Big Brother] [ID Trail blog]

US – Court Rules that Californians’ Calls Can’t be Secretly Recorded

The California state Supreme Court has unanimously ruled that Californians’ privacy rights are violated when their telephone conversations are secretly recorded by out-of-state callers. The justices sided with plaintiffs who sued Smith Barney for secretly recording phone conversations between Atlanta-based brokers and California customers. [Source]

US – Veterans Affairs Faulted in Data Theft

In a blistering report, the inspector general’s office in the Department of Veterans Affairs said a series of missteps led to theft of hardware containing data on millions of veterans and held up response after the fact. The report, published Tuesday, blames agency officials for acting “with indifference and little sense of urgency” after the loss of the computer hardware in a house robbery. [Source] [

US – Bush Administration Withdraws Free Credit Monitoring for Veterans

The U.S. government said last week that it would no longer offer free credit monitoring for up to 26.5 million veterans whose sensitive information was stolen since the data had been recovered. The announcement came one week after the FBI determined with what it said was a “high degree of confidence” that the information stored on a Veterans Affairs employee’s laptop and external drive had not been accessed. [Source]

US – White House Sets Deadline for Data Encryption

The White House has set an early August deadline for government agencies to encrypt sensitive data after the embarrassing theft of millions of veterans’ personal information, but experts warn a quick technology fix will not cure security problems. While encryption and other security technology can help, slipshod handling of data and equipment, poor training and the slow moving government bureaucracy are seen as the main causes of vulnerability. [Source]

US – OMB: Data Security Incidents Must Be Reported Within One Hour

In an effort to improve the federal response to data breaches putting personal information such as SSNs at risk, the OMB is eliminating the distinction between suspected and confirmed breaches for reporting purposes. In a July 12 memorandum to all CIOs, Karen Evans, administrator of OMB’s Electronic Government and Information Technology division, said that U.S. agencies and departments are now required to report all incidents involving personally identifiable information to US-CERT, which is located within the DHS, within one hour of discovering the incident. [Source] [July 12th Memorandum from Karen Evans] [Gartner: New US Gov’t Breach Notification Guidelines Need Clarity]

US – Lawmakers Agree on Internet Database of Sex Offenders

Key members of Congress have agreed on a sweeping bill that would create the first national Internet database and laws designed to improve the tracking of convicted sex offenders. The bill aims to help police locate more than 100,000 offenders who are registered but haven’t updated their whereabouts. [Source] Related: [Child Internet Porn Law Finally Going to Trial] [Most Internet Child Abuse Traced to U.S.] [House Panel Sends Child Porn Suspects’ Names to States]

US – Groups Oppose Vote on Weak Data Breach Bill

A group of public interest advocates are opposing an attempt by the House of Representatives to pass a weak data breach bill that would roll back important consumer protections. In a letter sent to House leaders, lawmakers are urged not to vote on H.R. 3997, a Financial Services Committee bill which does more to protect banks than consumers. Instead the groups urged lawmakers to vote on H.R. 4127, an Energy and Commerce Committee bill which contains stronger provisions for notifying consumers after data breaches and enables consumers to find out what is in their data broker files. [Joint Letter]

CA – Study Examines Efficacy of Privacy Protection Policies, Monitoring Techniques

A new study by Ryerson University Professor Avner Levin, entitled “Under the Radar: The Employer Perspective on Workplace Privacy“ has found that, using a variety of sophisticated techniques, Canadian companies have the capacity to monitor the movements of their employees, both offline and on-line. Levin says, “Technology is in place for pretty much every employer to monitor activities and messages that their employees are putting out”. [Source]

US – Study: More Workers Fired for Misuse of Email

According to a new survey by the American Management Association and the ePolicy Institute, Employers are increasingly firing workers who violate computer privileges in response to escalating legal problems. About 24% of companies have had employee emails subpoenaed by a court or regulator, up from 20% two years ago, and 15% have gone to court to defend against lawsuits triggered by an employee email, up from 13%. [Source]

--------