EU – New Biometric Passports for Finland

The Finnish Interior Ministry said this week that the country will introduce new biometric passports in August. The new passports will be more secure because of biometric identifiers, including the person’s facial image and fingerprints. The new passports will be valid for five years. [Source]

CA – Quebec to Introduce Patriot Act Privacy Protection

Quebec has become the latest province to introduce legislation to guard against Patriot Act misuse of Canadian personal information. The legislation reportedly will include mandatory disclosures of security breaches and increased fines for companies that fail to comply with the law. [Source] [Source] [Source]

CA – Federal Privacy Commissioner Reports on PIPEDA

According to the federal privacy commissioner, Canadians have never felt more threatened about their loss of privacy and the misuse of their personal information. The observation came in a report by commissioner Jennifer Stoddart on PIPEDA, which is being reviewed by Parliament this year. The report terms the need for the review “vital” and urges Parliament to reassess the capacity of the act to protect the rights of Canadians. [Source] [Biggest challenge to privacy is apathy says P.Commish]

CA – Federal Privacy Commissioner Reports: The Privacy Act is Nearly Irrelevant

The federal privacy commissioner, in her latest annual report, argues that the Privacy Act has become a outdated in the face of new information technologies; and over time it has become almost entirely irrelevant, “severely restricting my office’s ability to protect the privacy rights of Canadians.” [Source] [Cdn P.Commish tables report urging Privacy Act reform]

CA – Moncton Group Stops Posting “John” Licence Plates

A community group fighting prostitution in downtown Moncton has stopped posting information about cars belonging to suspected johns on its website because of privacy concerns. Residents Against Street Solicitation (RASS) had been posting partial licence plate numbers and vehicle descriptions online to embarrass johns, and let them know their behaviour isn’t anonymous. [Source]

CA – Dispute Over War Amps Key Tags in Alberta Settled

The Alberta government has settled a long-standing dispute with the War Amps over its key tag program.

But the change will likely mean the end of the War Amps program in Alberta and the loss of hundreds of thousands of dollars in donations for the organization’s services. Because of privacy concerns, people will now be asked if they want to provide their personal information to the association when they renew their driver’s licence. [Source]

CA – Federal Anti-Terror Law to Face Major Test in Coming Prosecutions

The federal Anti-Terrorism Act is about to get a tough test in the courts. Among the possible points of contention are defining terrorism as a crime aimed at further a political, ideological or religious objective. “It’s unusual to try to criminalize acts committed with a particular motivation,’’ says one law professor. Controversial provisions on “preventive detention,’’ and “investigative hearing’’ may be called into question, along with sections that criminalize mere membership in a proscribed group, something critics say could violate freedom of association. Also contentious are sections that outlaw financial support for a terrorist cause and allow seizure of assets based on secret intelligence. Critics have also objected to broad wiretap and electronic eavesdropping powers under the law. [Source]

US – Survey: Americans Concerned About Info Offshoring

A majority of the U.S. consumers do not want U.S. companies to share their personal information with the overseas outsourcing service providers, finds a study by Ponemon Institute. According to the study, 83% expressed negative opinions about their health records being shared with offshore outsourcing service providers. 73% stated their unwillingness to pay higher prices for the products and services to ensure their personal information is not offshored. In addition, 82% of the respondents expressed an opinion that new regulations are needed in the U.S. to ensure that offshore companies have adequate security and privacy safeguards in place. Canada, Ireland and India received the topmost rankings for the trust pertaining to the adequacy of steps that overseas companies are taking to safeguard their personal information while Philippines, Mexico, Haiti and Russia received the least rankings. [Source]

AU – Telemarketing Tops Privacy Gripe List

A two-day phone-in conducted by the Australian Law Reform Commission uncovered widespread criticism of telemarketing calls. The phone-in was held to gauge the public’s concerns and views on privacy protection. Other issues that came up during the phone-in included the government’s handling of personal information, the security of health records and camera surveillance in public places. [Source]

WW – Encryption Software May Halt Wire Tapping

The creator of the most popular e-mail encryption program has a new application for Voice-over-Internet-Protocol phone calls. E-mail encryption creator Phil Zimmermann hopes to bring the same level of privacy to Voice-over-Internet-Protocol phone calls. [Source]

EU - Hopes Grow for Deal on Airline Passenger Data

US and European officials hope that legal tweaks can be made to a pact that gives US authorities access to detailed information on passengers flying from Europe to the US, in order to prevent the imposition of measures that could slow down transatlantic air travel. European Commission officials said they believed they could leave the substance of the agreement largely untouched, as long as member states did not change their mind about the pact. [Source]

CH – Survey: Chinese Expect More Privacy

Changes in China that have led to a thriving middle-class have contributed to placing a greater emphasis on personal privacy. China’s citizens are fed up with leaks of their personal information, leading to increased public pressure for stronger privacy legislation. According to a newspaper survey, more than 90% of Chinese people were concerned about the unauthorized disclosure of their personal information. The survey also found that 74% favored legislation to protect their personal information. [Source]

US – Judge in At&T Suit To Examine Classified Documents

The district court judge presiding over the class-action lawsuit over AT&T said it would examine classified government documents to determine if they warrant state secrets protection. The documents relate to a lawsuit filed by privacy advocate Electronic Frontier Foundation in US District Court accusing AT&T of illegally cooperating with the National Security Agency to make information on communications on its networks available to the spy agency without warrants. [Source]

US – Plan to Build Children’s DNA Database Raises Concerns

Why do some children become obese when they eat junk food, while others don’t? Which kids are most susceptible to asthma? Attempting to answer such questions, the Children’s Hospital of Philadelphia, the nation’s oldest pediatric medical center, is launching a major effort to collect and analyze detailed DNA profiles on as many as 100,000 of its child patients, the first effort to collect DNA on so many children. CHOP plans to create a database which hospital researchers can use to study children’s genetic profiles, research that could guide the development of diagnostic tests and drugs. [Source]

US – Connecticut Governor Vetoes Legislation on Adoptees’ Access to Birth Records

Gov. M. Jodi Rell has vetoed legislation that would have allowed adopted children to obtain their birth certificates when they turn 21, a move criticized by a key lawmaker as an insult to adoptees and their parents. The legislation would have applied to people whose adoptions are finalized after Oct. 1 of this year. Rell called the bill “well-intentioned and much needed in certain respects,” but said it could have led to the violation of privacy rights of birth mothers who place their children up for adoption believing their identities would remain confidential. [Source] [Source]

US – Three Years Later: No Fines but Plenty of Complaints

It has been three years since HIPAA guaranteed Americans a national standard to govern the confidentiality of their medical records. Despite nearly 20,000 complaints, federal authorities have prosecuted just two criminal cases and have not levied any civil fines. The head of the Department of Health and Human Services’ Office of Civil Rights, which enforces the law, said the agency works toward voluntary compliance. Privacy advocates, however, are dismayed about the approach, questioning whether providers and insurers are becoming complacent about following the law. [Source]

US – Lost Ernst & Young Laptop Contained Hotels.com Customer Data

Hotels.com says Ernst & Young has informed them that a laptop computer stolen from an employee contained data belonging to 243,000 Hotels.com customers. Hotels.com and E&Y, the company’s outside auditor, sent a joint letter notifying those affected by the data security breach. A number of E&Y laptops have been reported stolen this year, affecting employees of Sun, IBM and other companies. It is not known if the Hotels.com data were on one of these computers or if there has been another theft. [Source]

US – Lost Laptop Contained Retirees’ Personal Data

A laptop computer containing the pension data of former employees of supermarket chains Stop & Shop, Giant and Tops, including their Social Security numbers, was stolen during a commercial flight, according to the supermarkets’ parent company. The U.S. subsidiary of Dutch parent company Royal Ahold NV and a contractor whose employee lost the computer early last month declined to say how many former supermarket employees were affected. [Source] [Source]

US – Thief Makes Off With Laptop From YMCA

Debit card, credit card and Social Security numbers for 68,000 YMCA members in Greater Providence, R.I., have been compromised after the theft of a laptop from a locked office. The computer also contained the names, addresses and other information for children who attend the Y’s day care programs, according to a spokeswoman. There is no indication that any of the information has been misused, but police are investigating the theft, which employees discovered on May 24. [Source] [When it comes to laptop security, we’re all disasters waiting to happen] [Source]

US – Photo ID Now Required for Cold Medicine in Hawaii

Anyone buying common cold medicines that contain pseudoephedrine, used to make crystal methamphetamine, will have to show photo identification and sign a logbook at the store, under a new Hawaiian law signed this week. [Source]

CA – Hundreds of Canadian Artists Call for Balanced Copyright

More than 500 members of the Canadian art community have established a new coalition to call for balanced copyright reform. The group, featuring dozens of award winners from the art world, are seeking fair use provisions and a rejection of anti-circumvention provisions. [Open letter]

CA – New Alberta Government Website Tackles Online Luring

The Alberta government is tackling online luring by providing teens with information about online safety in movie theatres and through a new website. The website, www.weron2u.ca, is written from a peer-to-peer perspective and empowers teens to stay safe online. The site includes information on predator tactics, safety tips and true stories. It also includes downloadable banners that can be used on blogs or as instant messenger icons to let predators know these teens are educated about online safety. [Source]

CA – Canadian Officials Monitored Chat Rooms in Terror Bust

When a shadowy group of disaffected urban youth began talking in an Internet chat room in the fall of 2004 espousing anti-Western views, the Canadian Security Intelligence Service was listening. The spy agency, and an alphabet soup of other security agencies across the continent, closely monitor such sites, where talk may sometimes turn to buildings and bombs and bringing global jihad home to North America, to Canada. [Source] [Source] [NYT: Terror Arrests Reveal Reach of Canada's Surveillance Powers] “Once it has authorization, the C.S.E.'s powers are sweeping. Rather than being restricted to intercepting the calls and e-mail of a specific person or group, the agency is allowed under law to broadly monitor "activities" with possible terrorist implications.”

WW – Brin Says Google Compromised Principles

Google co-founder Sergey Brin acknowledged that Google has compromised its principles by accommodating Chinese censorship demands. Brin also addressed Internet users’ expectations of privacy in an era of increased government surveillance, saying Americans misunderstand the limited safeguards of their personal electronic information. “I think it’s interesting that the expectations of people with respect to what happens to their data seems to be different than what is actually happening,” he said. [Source]

US – Colleges Fail Online Privacy Test

How well do educational sites handle people’s private information? To find out, researchers assessed the privacy practices of the top 236 U.S. colleges. The findings: most colleges’ privacy practices don’t get a passing grade. Researchers found only 36% of schools studied “had a privacy notice that could be easily accessed from the homepage.” [Source]

US – Senate Won't Probe Telco Spying

The U.S. Senate is backing away from plans to ask the heads of major telecommunications companies to testify about the National Security Agency's domestic spying program. Verizon, BellSouth and AT&T were accused in a USA Today report last month of sharing customer data with the NSA. [Source]

US – New federal Rule: No Informed Consent in Public Crisis

In a public health emergency, suspected victims would no longer have to give permission before experimental tests could be run to determine why they're sick, under a federal rule published Wednesday. Privacy experts called the exception unnecessary, ripe for abuse and an override of state informed-consent laws. [Source]

US – Gartner Analyst: Data Breach vs. Data Protection – Do The Math

Gartner Analyst Avivah Litan said recently that data protection, such as encryption, is markedly less expensive than cleaning up after a breach. Litan, who testified during a Senate hearing after the Department of Veterans Affairs’ laptop breach, estimated that a company with at least 10,000 accounts to protect would spend about $6 per customer account to encrypt data. Litan recommends that companies and government agencies should invest in data encryption rather than pay the estimated $90 per customer account after data is exposed during a breach. [Source]

CA – Wal-Mart Canada to Test RFID Tags

Wal-Mart Canada Corp. will launch a test this fall of controversial new technology that can track products from the supplier to the store, in an attempt to ensure that the shelves are never empty. Looking to improve its bottom line, the discount retailer will roll out the pilot in 20 of its 272 stores and one distribution centre, a spokeswoman said in an interview. About 16 suppliers will be asked to volunteer, picked from among a number who are already participating in similar U.S. tests of the tiny electronic chips. [Source]

US –Tucson, Arizona Schools Considering RFID BusPass

In the Tucson Unified School District (TUSD), one of the nation’s largest school systems, students might be carrying RFID-enabled ID cards as soon as next fall. The TUSD is testing a system called BusPass. that combines RFID and GPS to track when and where students board each school bus, and where and when they get off. With 120 schools and 60,000 students, the district is interested in deploying the technology to bolster children’s safety by better accounting for their locations outside of school premises. Parents could arrange to receive text phone messages or e-mail alerts telling then when their children’s bus will arrive, or if their children fail to catch the bus. [Source]

US – Wisconsin Governor Signs ‘Chip Implant’ Bill

In Wisconsin, it is now illegal for anyone-including employers or government agencies-to implant RFID microchips into people without their consent. Anyone who does will face fines of up to $10,000. The state became the first to institute such legislation when Gov. Jim Doyle signed it into law on May 31. [Source]

US – DHS Report Questions RFID Privacy Risks; AeA Questions DHS

A leading industry group blasted a DHS draft report that highlighted potential privacy problems with RFID technology and downplayed the value of the wireless technology. Concluded the DHS’ Emerging Applications and Technology Subcommittee in a 15-page report: “RFID technology may have a small benefit in terms of speeding identification processes, but it is no more resistant to forgery or tampering than any other digital technology … The use of RFID would predispose identification systems to surveillance uses. Use of RFID in identification would tend to deprive individuals of the ability to control when they are identified and what information identification processes transfer. Finally, RFID exposes identification processes to security weaknesses that non-radio-based processes do not share.” The American Electronics Association, said the DHS draft report fails to note that certain RF-enabled technologies actually enhance the security and privacy of Americans’ personal information and data. “Although the high-tech industry takes great exception to the tenor and tone of the draft report,” said an AeA spokesperson, “we nevertheless applaud DHS’ efforts to establish a solid policy foundation and strong best practices when implementing any technology for use in identification credentials. Any policy statement should reinforce, ‘Don’t ban technology, ban bad behavior.’ “ [Source]

CA – “VeriChip” Privacy Raised at Edmonton Conference

The ethics behind planting microchips in humans is under debate at the Access and Privacy Conference being held from June 7 to 9 in a downtown Edmonton hotel. Attendees include privacy commissionaires from across Canada, academics and advocacy groups. Ian Kerr is an expert in ethics, law and technology at the University of Ottawa. He said it's difficult to say how soon the technology could be approved for health-related use in Canada, but it raises privacy questions. [Source]

AU – RFID to Track Prisoners at Canberra's First Prison

Inmates at Canberra's first prison will wear radio frequency identification (RFID) bracelets or anklets to track their location, under plans by government. [Source]

US – Veterans’ Group Files Lawsuit Stemming From Laptop Breach

Claiming their privacy rights were violated after a laptop was stolen that contained the personal information of 26.5 million veterans, a coalition of veterans’ groups this week filed a class-action suit against the federal government in U.S. District Court in Washington. The lawsuit seeks the disclosure of which veterans were affected by the data breach and $1,000 damages for each individual, which totals $26.5 billion. The lawsuit also seeks a court order to prevent the Department of Veterans Affairs from using sensitive data until an independent analysis determines what measures are needed to better safeguard the information. [Source] See also: Groups Urge Review of Veterans Data Practices [Leavitt Letter] [CDT Policy Post][Coverage] [2.2 Million People Affected] [Loss of Laptop May Spark Privacy legislation]

US - Special Publication: Information Security Handbook: A Guide for Managers

This Information Security Handbook provides a broad overview of information security program elements to assist managers in understanding how to establish and implement an information security program. The purpose of this publication is to inform members of the information security management team [agency heads, chief information officers, senior agency information security officers, and security managers] about various aspects of information security that they will be expected to implement and oversee in their respective organizations. This handbook summarizes and augments a number of existing NIST standard and guidance documents and provides additional information on related topics. [Source]

WW – Common Sense Steps to Avoid a Privacy Debacle When Traveling

PCWorld’s Contributing Editor James A. Martin offers laptop users some common-sense precautions to thwart thieves and avoid jeopardizing sensitive data in the first of this two-part series. Martin offers some examples of laptop thefts, including an armed holdup in San Francisco that left a computer user with a stab wound. He then follows with tips, including how to protect your computer at an airport security checkpoint or inside a hotel room. [Source] [Part II]

AU – Privacy Commissioner Warns New Smart Card Could Be Used for Surveillance

Victorian Privacy Commissioner Paul Chadwick is warning the public that the new government Access Card could be used to help conduct surveillance in crowds. Chadwick made the comments last week, pointing out that there are cameras that could pick a face out of a crowd and then identify the person after linking it with a picture held on a database. [Source] The federal government’s new smartcard will reduce fraud but may pose a risk to privacy, a business report says. Human Services Minister Joe Hockey released KPMG’s business case for the new health and social services smartcard. [Source] [Smartcard Taskforce includes past privacy commissioner]

UK – New Software Puts Surveillance CCTV on Steroids

Nice Systems, an Israel software company, has developed a program that automatically scans CCTV footage for suspicious behaviour and matches it with mugshots. The new software can alert police when it detects loitering, crowd gathering, people running when they should be walking, tailgating, parking in the wrong place, unauthorized entry, or any sort of behaviour the police want to track. Said a consultant for public safety at Nice Systems: “We are looking for British police to do a beta trial.” Police forces are already using older versions of Nice’s software, which can now also be used to spy on telephone conversations and internet traffic. Prisons, casinos, airports, banks, call centres, transport networks and 75% of the Fortune 100 companies use the system for these purposes, as well as analysing CCTV footage for suspicious behaviour. The new software would take advantage of the “vast amounts of data” being collected by voice and video surveillance systems operated by companies and intelligence agencies. “By employing software-based analytics on unstructured multimedia content, companies are able to detect customer intent, often through near real-time interactions where a customer may express concerns, desires or provide other signals of their intentions,” said a company statement. [Source]

HK – Hong Kong Gov’t Tweaks Wiretap Law to Address Privacy Fears

Government officials have revealed that they are working on a “limited” notification system for victims of wrongful surveillance. It is the first hint of such a move by the administration, which has until now brushed aside privacy concerns raised by lawmakers over a proposed covert surveillance law. They fear that targets of wrongful wiretaps will never know if they have been spied on. [Source] [Hopes rise for more privacy clout]

US – Justice Department Fails to Get Agreement on Data Retention

A meeting at the U.S. Justice Department to discuss forcing Internet providers to record Americans’ online activities ended without reaching an agreement, according to multiple participants. The meeting of about 15 industry representatives and 10 government officials followed an earlier one, at which Attorney General Alberto Gonzales and FBI Director Robert Mueller pressed Internet and telecommunications companies to store data on their users for two years. [Source] [TelCos and ISPs girding to fight user data retention] [Justice Dept Asks Companies ot Keep Internet Records for Investigators] [CDT Memo: Data Retention]

US – Congress Considers Several Data Protection Bills

The recent theft of the names, birth dates and Social Security numbers of 26.5 million veterans has given new urgency to congressional passage of data security legislation. One bill would give the Justice Department an array of new criminal tools with which to prosecute hackers and botnet creators. On May 25, the House Judiciary Committee passed the Cyber-Security Enhancement and Consumer Protection Act (H.R. 5318), a day after the House Financial Services and Energy and Commerce Committees voted to substitute their own bills (H.R. 3997 and H.R. 4127 ) for the other’s. In all three pieces of legislation, consumer notification of identity theft is the big political issue. [Source]

US – Counterterror Exemption Proposed for Privacy Act

A little-noticed proposal from the Senate intelligence committee would exempt federal agencies from important provisions of the Privacy Act in the name of the war on terrorism. The committee’s annual authorization bill, which was sent to the Senate last month after a unanimous vote, would initiate a three-year pilot program, during which U.S. intelligence agencies would be able to access personal information about Americans held by other federal departments or agencies if it is thought to be relevant to counterterrorism or counterproliferation. Said the ACLU: “If this is enacted, the Privacy Act will look like Swiss cheese.” [Source]

CA – Report: Border ID Cards Have a ‘long way to go’

A top U.S. government agency says that plans to force travellers crossing the U.S.-Canada border to use passports or a special type of secure ID are so far behind schedule that a delay in the Jan. 1, 2008, implementation date may be unavoidable. The GAO, an independent congressional agency said in a report released this week that both the DHS and the State Department have not made several key decisions that are essential for the plan to proceed. [Source] [Canadian privacy concerns could scuttle joint land-border card proposal]

US – New Illinois Law Requires Businesses to Notify about Possible ID Theft

Businesses must notify customers of computer-security breaches that could put them at risk for identity theft under a new law that goes into effect in Indiana July 1. “It doesn’t matter if it was one (customer) or 500,000 or a million, you have to disclose that to your customer,” said a spokeswoman for the Illinois attorney general’s office. “That will give the customer an opportunity to take ... precautions they need to protect themselves against identity theft.” [Source]

WW – Survey: Employers Routinely Read Staff E-mails

According to a new study, about a third of big companies in the United States and Britain hire employees to read and analyze outbound e-mail as they seek to guard against legal, financial or regulatory risk. More than a third of U.S. companies surveyed also said their business was hurt by the exposure of sensitive or embarrassing information in the past 12 months. According to Forrester Consulting, which conducted a survey, companies are firing and disciplining employees more often because of email violations. [Source] [Employers routinely read staff emails] [Source]

WW – Survey: Employees Give Employers Poor Marks for Privacy Protection

The Ponemon Institute LLC has released a report that shows employees don’t trust that their employers are protecting their privacy at work. Of the 945 people surveyed, less than half of them said they “strongly agree” or “agree” that their companies are concerned about their privacy. 46% of the respondents who were asked whether more government regulations are needed to protect workers’ privacy answered “yes” and 37% said “no.” [Source]

--------