WW – New Facial Recognition Technology Used To ID Unruly Bar Patrons

A new technology, BioBouncer, is helping some bar owners identify repeat rabble-rousers by snapping a picture of a customer’s face and then comparing it against a database of known thugs. The technology allows bars to share databases through a private network. Privacy groups object to the use of the software. [Source]

CA – Eminent Canadians Call for Review of Cases of Canadians Detained Abroad

In an open letter to Prime Minister Harper, a group of eminent Canadians have called for a thorough review and account of involvement by Canadian public officials. The letter was signed by: Warren Allmand (former Solicitor General); Lloyd Axworthy; Allan Blakeney; Ed Broadbent; Joe Clark; and others.

CA – Saskatchewan Private-Sector Privacy Law Proposed

Bill 207, The Personal Information Protection and Identify Theft Prevention Act is intended to be "substantially similar" to PIPEDA and is based on Alberta's PIPA.

US – California Lawmakers Consider Internet Ban On Sale Of Phone Records

Web sites that sell private cell phone records are the target of a legislative effort in California to crack down on the controversial practice. The bill would extend to cell phone users the same type of privacy protection that hardwired-telephone customers enjoy. The Federal Trade Commission and the Federal Communications Commission also are investigating how these Web-based companies obtained customers' private cell phone records. [Source]

WW – Interest Groups Unite to Oppose Bulk E-mailing Fee

A coalition of unlikely partners, including MoveOn.org Civic Action, Gun Owners of America and Association of Cancer Online Resources, have joined forces to fight AOL's plan to charge businesses for commercial e-mail. Calling the plan e-mail taxation, the 50-member coalition – with combined membership of more than 15 million – says e-mail from thousands of small businesses and non-profits could be blocked if they don't pay. [Source]

WW – AOL Vows to Institute Fee-Based E-Mail Despite Protests

AOL is vowing to carry out its plans to institute fees for mass senders of e-mail, despite protests from groups representing 15 million people that claim the move will stifle communications instead of merely halting spam. Political group MoveOn.org Civic Action, the AFL-CIO labour union, and other organizations have criticized the service, which will charge senders a fee to route their messages directly to AOL users' mailboxes without first passing through AOL junk mail filters. [Source]

EU – Data Protection Working Party Releases Email Screening Report

The European Union Data Protection Working Party has released new recommendations on email screening practices including screening for viruses, spam, and certain content. The report expresses concern with the false positive problem on spam filtering. Moreover, it is of the view that "email providers are prohibited from engaging in filtering, storage or any other kinds of interception of communications and the related traffic data for the purposes of detecting any predetermined content without the consent of the users of the services." [Source] [Report]

EU – Data Protection Supervisor Issues Opinion on Exchange of Police Information

The European Data Protection Supervisor (EDPS) has issued an Opinion on the proposal for a framework decision on the exchange of information under the principle of availability. Introduced by the Hague program, the principle of availability means that information that is available to law enforcement authorities in one Member State should also be made accessible for equivalent authorities in other Member States. The principle raises a number of data protection issues, notably because of the sensitivity of the data and the reduced control of the use of the information. [Opinion] [Source]

EU – UK Info Commissioner Offers Professionals Guidance about Recording Opinions

Teachers, social workers and doctors now have some new guidance about complying with the Data Protection Act when recording their professional opinions in people’s files. The deputy commissioner said that the act gives everyone the right to review information held about them, including opinions. The guidance instructs professionals to make it clear that the information is an opinion as well as who gave it and when. [Source]

UK – Man Fined For Violating Privacy Law

The Information Commissioner’s Office has fined a man who unlawfully obtained information related to an individual’s bank account. The man had pleaded guilty to violating the 1998 Data Protection Act. The 1998 Data Protection Act makes it an offense to “knowingly or recklessly, without the consent of the data controller, to obtain or disclose personal data.” [Source]

UK – Parents to Get Online Check of 8m Child Workers Records

The UK Government announces plans for a massive data, security and privacy own goal, in the shape of the Safeguarding Vulnerable Groups Bill. The Bill, which is intended to widen and centralise the vetting of people working with children (approximately 8 million individuals), will allow employers, including parents hiring nannies and childminders, to check the records of potential employees online. [Source]

[Source]

US – Florida Justices Hold Hearings to Explore Privacy Impacts of Technology

As the Supreme Court in Florida considers a plan to link all courts electronically and make court records available online, justices are considering the delicate balance of providing public access while safeguarding personal privacy. Among the questions the justices have to decide are which records would be open to public inspection and which ones should remain private. They also must consider whether to make a distinction between public records in court clerks' offices and those available for public inspection on the Internet. [Source]

US – Online Medical Records Raise Privacy and Security Concerns

Individuals' medical records are slated to begin migration to online systems in Florida this year. Some are touting the benefits of a system that will put medical records online so they can be monitored and accessed by pharmacists and patients. Physicians will be able to file prescriptions online and see what other medications an individual is presently prescribed. This could help alert pharmacists to possible drug interactions and aid physicians when patients arrive at hospitals unconscious. Others are concerned about the privacy issues presented by having medical records available online. If the records were to become public, people could potentially lose jobs and be denied insurance coverage. [Source]

US – Bill to Promote Electronic Health Records

In an effort to dramatically expand the use of "electronic health records," a key US House chairman said he will propose legislation to promote their use in the federal employee health insurance program. Rep. Jon C. Porter (R-Nev.), chairman of the House federal workforce subcommittee, wants to create an e-health records system for nearly 8 million federal workers and their families. Creating a system for this many workers would encourage insurance companies to expand the concept for private-sector patients, according to Porter. The bill would provide some start-up financing for the insurance companies. Porter noted that the Health and Human Services Department and the Office of Personnel Management are working to strengthen privacy-protection rules for an e-medical records system. [Source] [Source]

US – Bush Official Lauds California Health-Tech Plan

Dr. David J. Brailer, President Bush's National Coordinator for Health Information Technology, recently praised the California Regional Health Information Organization for its progress in linking health-care data networks. Brailer noted that he favors the approach that involves expanding partnerships among state and regional efforts to achieve progress in linking hospitals, doctors and pharmacies. Brailer warned that supporters of the "organic' approach must demonstrate progress - while building confidence that the system includes safeguards for patient privacy - within two years. By then, pressure in Washington is likely to mount in favor of a top-down, government-mandated approach to creating the system. [Source]

US – Ernst & Young Reveals 5 Laptops Stolen Contained Personal Information

Ernst & Young has acknowledged that it has lost a laptop computer containing customer data, including Social Security numbers. The company informed affected customers of the loss and potential data security breach, but the loss was not made public until recently. The computer was stolen from an employee's locked car. Scott MacNealy, Sun Microsystems CEO, was reportedly among those affected. Speaking at the RSA security conference, MacNealy indicated that he had been notified that his data were among some lost, and added that the company that lost the data is employed by Sun to determine its Sarbanes-Oxley compliance. In addition, four Ernst & Young laptop computers were stolen from a conference room on February 9, 2006. A surveillance camera caught footage of the laptop thieves, who were able to enter the room due to a built-in delay in the room's door locking mechanism. [Source] [Source] [Source] [Source] [Source]

WW – IBM-LED Project Aims To Fight Identity Theft

A group led by IBM has unveiled a project to develop software that will allow people to manage their personal information on the Internet, the latest effort to combat identity theft and simplify how users access Web-based services. The open-source software project, dubbed Higgins, comes a few weeks after Microsoft announced a similar approach called InfoCard. Both efforts aim to help people secure their online identities by managing personal information, bank accounts, and contact lists. [Source]

WW – Project Higgins: IBM Security to Help Users Control Access to Their Data

IBM says that users should have more control of the information that businesses store about them. IBM is working on the project with open-source software vendor Novell, Harvard Law School’s Berkman Center for Internet & Society and a Boston startup company, Parity Communications. [Source] [Source] [News Release] [IBM Blog]

US – Group Dissects ID Theft to Help Individuals, Companies

A group of ID theft experts from law enforcement and other disciplines have formed the Identity Theft Prevention Special Interest Group. One of the group’s first goals was to break down the loosely used term ID theft into specific ID theft crimes. For example, one way criminals commit ID theft is to take over existing accounts. Another method involves the use of someone’s identity to open up new accounts. The group is tackling prevention by making free documents available to individuals and businesses that explain best practices for the receipt, communication and storage of personally identifiable information. [Source]

WW – Cyber Crooks Use Keylogging Programs More Frequently

Phishing is not the scam of choice among some cybercriminals who have turned their attention instead to malicious software programs that secretly capture keystrokes of computer users. In Brazil, federal police recently arrested 55 people involved in an alleged crime ring that stole about $4.7 million from 200 bank accounts as a result of keylogging programs. [Source]

AU – Australian Committee Issues TPM Implementation Report

The Australian House Standing Committee on Legal and Constitutional Affairs has released its report on the inquiry into technological protection measures exceptions entitled Review of technological protection measures exceptions. The report takes a strong user perspective incorporating 37 recommendations for exceptions and consumer protections. [Report]

WW – Google Acknowledges New Search Software Could Pose Potential Privacy Risk

Google said last week that his company’s new “Search Across Computers” feature could compromise a user’s privacy. However, the potential data leaks were a problem for IT administrators to handle. Businesses must adopt security policies and strategies to keep internal data from leaking out - especially as the line blurs between personal and work use of computers, he maintained. [Source]

US – As Tax Season Approaches, Fake IRS E-mails Proliferate

Marketing pitches masquerading as the 1099 forms detailing non-payroll income have been arriving in taxpayer mailboxes, while e-mails that appear to be from the Internal Revenue Service are really identity theft scams designed to collect personal financial information. Government officials say they are currently seeing about one widespread IRS-themed e-mail scam a week, but Internet security experts expect them to escalate as the April 15 tax deadline nears. [Source]

AU – Corruption Watchdog Subject of Privacy Commissioner’s First Compliance Notice

Victoria’s privacy commissioner has issued an 82-page report detailing the Office of Police Integrity’s (OPI) breach of privacy principles. The compliance notice is the first since the state’s privacy commission was established five years ago. Under the order, the OPI must hire independent experts to audit data security. The breach occurred when the OPI released 90 individuals’ files to a woman who had asked the agency to investigate whether police had inappropriately accessed her records. [Source]

US – CardSystems Agrees to Tighter Security After Data Theft

A data breach that left 40 million customer accounts vulnerable to hackers will lead to tighter security measures to protect millions of credit and debit card users, Federal Trade Commission officials said. CardSystems Solutions Inc. has settled charges that the company broke the law by failing to ensure adequate safeguards for sensitive customer information. [Source]

US – Senators Press for Details of NSA Spying

US senators have accused the Bush administration of "stonewalling" a congressional investigation into the legality of the National Security Agency's domestic spying. The domestic spying program, which was publicly disclosed in December, involves using the NSA and perhaps other government agencies to eavesdrop on international phone calls and Internet activities of people within the US, without the approval of the court. [Source]

US – NY Times Files Suite Against Defense Dep’t Over Spying

The New York Times sued the U.S. Defense Department on Monday demanding that it hand over documents about the National Security Agency's domestic spying program. The Times wants a list of documents including all internal memos and e-mails about the program of monitoring phone calls without court approval. It also seeks the names of the people or groups identified by it. [Source]

US - Government Not Entitled to Google Records, CDT Argues

In the dispute over the federal government's demand that Google turn over millions of search terms to assist the government in its defense of an Internet censorship law, CDT filed a brief arguing that, in its search function, Google is covered by the Electronic Communications Privacy Act, which prohibits certain online service providers from disclosing customer records under the kind of subpoena the government is using in this case. see also Department of Justice brief, Law Professors' brief, Google brief. [Source]

US – Survey Reviews Trust in U.S. Gov’t Department e-Security

The Ponemon Institute has issued its 2006 Privacy Trust Study of the United States Government. The report ranks public perception of the privacy protection practices of 57 federal agencies, based on responses to various survey questions. The least-trusted federal agencies, starting from the bottom, are: the Department of Homeland Security, the Transport Security Administration, the CIA, the Department of Justice, the Office of the Attorney General, the National Security Agency, the Bureau of Citizenship & Immigration, and the Federal Bureau of Prisons. The Ponemon Institute’s government privacy study has found that Americans rate the U.S. Postal Service as the No. 1 government agency for protecting personal privacy. [Source] [Source]

CA – Canada May Face Shortage of RFID Implementers

Lack of qualified personnel could slow technology's progress – Experts warn that we can expect a shortage of qualified personnel to install and run RFID when demand for the technology begins to peak over the next few years. Canada is still in an evaluation phase with radio frequency identification technology, with some companies testing the waters and experimenting with beta-level projects. "There's relatively few people getting hands-on experience right now. There's lots of people looking and following what's happening but there's a much smaller number of people who are directly involved." [Source]

US – Panel Participants: Data Security Key to Success of RFID

Howard Beales, associate professor of strategic management and public policy at George Washington University School of Business, and Lee Tien, senior staff attorney at the Electronic Frontier Foundation, were participants recently at the AIM Global conference. Beales, a former senior member of the Federal Trade Commission, cautioned that RFID companies need to “worry upfront” about information security. Tien said laws have not kept up with technology’s impact on privacy. [Source]

WW – Panelists: Expansion of RFID Technology Increases Privacy, Security Risks

Speakers tackled the issue of consumer privacy during a RFID World show discussion about the expanded use of technology that will track goods. Executives warned that the technology's increased success is closely linked to resolving privacy issues and giving consumers notice of its use and the choice to deactivate the tags. [Source]

EU – Spain Implements National Electronic ID Card

BNA's Electronic Commerce & Law Report reports that the Spanish government Feb. 16 put into place its electronic national identity card certification system, which will allow citizens to use chip-equipped national identity cards for electronic transactions starting as early as March. By replacing the standard national identity card with the obligatory electronic version, the government said citizens will be able to carry out transactions that previously required their physical presence. [Source]

CA – Privacy Commissioner of Canada Issues Video Surveillance Guidelines

“OPC Guidelines for surveillance of public places by police and law enforcement authorities”

US – Justice Department Rejects Google's Privacy Concerns

In an 18-page brief filed last week, the Justice Department said Google’s refusal to turn over millions of its users’ search queries on privacy grounds was unwarranted. The Justice Department noted that it is not seeking to link the documents to specific users. And by trying to block the government's efforts to review a week's worth of search terms, Google is holding up efforts to protect children from pornography, according to the Justice Department brief. [Source] [Source]

US – Arizona Senate Approves Security Breach Notification Measure

Arizona lawmakers are taking steps toward approving a law that would require the notification of consumers after a security breach. The state has the highest per-capita rate of identity theft complaints, according to the Federal Trade Commission. The measure now goes to the House. [Source]

US – Minnesota AG, Lawmakers Set to Unveil ‘Consumer Privacy Protection Package’

A package of legislative proposals in Minnesota designed to help protect consumers from ID theft will be introduced soon. The package will contain the Telecommunications Records Privacy Act; the Social Security Number Protection Act; the Security Breach Notification Act; and the Security Freeze Act. [Source]

US – New Montana Privacy Law Takes Effect March 1^st

Businesses in Montana will have to alter how they handle their customers’ personal information under a new law. The law requires businesses to notify consumers if their information is compromised by a security breach. It also requires businesses to shred or destroy documents to prevent anyone from using the discarded documents for ID theft crimes. Businesses that accept credit cards may print no more than the last five digits on the receipt. [Source]

WW – Corporations Fail to Enforce Net Acceptable Usage Policies

Employees are ignoring Internet Acceptable Usage Policies, according to a survey published this week by network security provider SmoothWall. Despite the recognition by seven out of 10 companies that an AUP is crucial to the security of IT systems, 38% of employees that are governed by a policy are unaware of its contents. [Source]

--------