Privacy News Highlights
31 August–07 September 2007
Contents:
JP –
Japan to Start Collecting Photos and Fingerprints from All Visitors
CA – Ontario Adoption Disclosure Law Comes Into Effect
Sept 17
NZ – New Zealand Anti-Spam Law Takes Effect September 5
US – Large Databases Are Not Safe Enough, Says Expert
CA – ING Insurance Using Voltage E-Mail Encryption
UK – ICO Publishes Guidance to Restrict Driver and
Vehicle License Data Sharing
US – U.S. May Invoke State Secrets to Block Swift Suit
CA – CIHR Introduces New Open Access Policy
US – Medicare to Reveal Data About Doctors
UK – Put all British Citizens, Visitors in DNA Database:
Judge
US – FBI Faces DNA Backlog Nearing 200,000
US – Personal info on 150,000 job seekers at USAJobs
stolen
US – Pfizer Confirms Third Breach Involving Employee Data
Since June
US – Connecticut’s Revenue Agency Laptop Stolen
US – Hard drive containing Arkansas Democratic Party Data
Sold on eBay
CA – Younger Alberta Travellers Now Eligible For Photo ID
Cards
WW – At Rapleaf, Personals Are Public
EU – Germany Defends Plan to Use Spyware in Terror
Investigations
NZ – New Zealand Cops Using National Database to Snoop
WW – Facebook Opens Profiles to Public
AU – Australia Privacy Commish: Breach ‘Name-and-Shame’
More Harm than Good
AU – Australia Survey: National ID Support Up / Privacy
Fears Up
US – Federal Court Strikes Down NSL Statute
US – Judge Dismisses Privacy Lawsuit Over Computer
Breaches
US – Report: 10 Steps to a Multi Layered Privacy Notice
US – California Senate Blocks Mandatory ID Implants In
Employees
NZ – Privacy Commissioner Warns of Privacy Threat from
RFID Use
CA – Coming Soon to Canada: Mobile Hackers - Report
US – New Licenses, ID Cards at Risk of Security Breaches
AU – Schools Adopt Swipe Cards for Toilet Breaks
US – Judge: Court Order Needed Before ISPs Turn Over User
Info Without Notification
US – Real ID Will ‘Strengthen’ Americans’ Privacy,
Chertoff Says
US – GAO: US-VISIT Management Out of Whack
US – ACLU Calls for End to ATS-P Screening Program
US – California Bill Would Place Burden of Breach Costs
on Retailers
US – NASA Facility Employees Sue Over New Background
Check Requirements
US – New York Taxi Drivers Strike Over GPS
All visitors to Japan will soon be subjected to tough
new checks as part of a series of anti-terrorism measures by Tokyo. They will
have their pictures and fingerprints taken on entering the country beginning
November 20. [Source]
Ontario is proceeding with a new, more open adoption
information disclosure system that will make it easier for adult adoptees and
birth parents to learn about their past, Minister of Community and Social
Services Madeleine Meilleur announced this week. On September 17, 2007, the
Ontario government will be implementing the last phase of Bill 183, the Adoption
Information Disclosure Act, 2005. At that time, adult adoptees and birth
parents, whose adoptions were finalized in Ontario, will be able to apply for
information in adoption orders and original birth records. [Source]
Businesses in New Zealand are scrambling to obtain
consumers’ permission to send commercial email before a new anti-spam law takes
effect on Wednesday, September 5. The Unsolicited
Commercial Messages Act prohibits the sending of spam messages through
texting or email without the recipient’s consent. Companies may choose to
obtain consent either through direct communication or through inference of a
pre-established relationship that permitted the messages to be sent. Companies
are not permitted to send opt-out emails and assume that no response indicates
consent to receive the messages. Companies are encouraged to obtain express
consent to avoid misunderstandings. All messages must contain clear
instructions for unsubscribe procedures. Companies violating the new law could
face penalties of A$500,000; individuals could be fined up to A$200,000. [Source]
Large databases do not adequately protect sensitive
personal information according to a statistics professor in the US who says
that individuals can still be identified despite attempts to anonymise them. George
Duncan is a statistics professor at Carnegie Mellon University in Pittsburgh,
Pennsylvania. He writes in the journal Science
that traditional methods of anonymising people’s database records are not good
enough. He said that databases “de-identify” people by masking important
information such as their Social Security number or their birthday, but that
this does not render them unidentifiable. Anyone who can access more than one
characteristic of a person in a database has a chance at identifying the
person, he said. The problem is that the very information that most closely
identifies a person is likely to be that in which the organisation behind the
database is interested, he wrote, meaning that it cannot be deleted or masked.
“The question is, how can data be made useful for research purposes without
compromising the confidentiality of those who provided the data?” Duncan said
in a statement. Duncan said that it would be possible to build systems which
make this kind of identity reconstruction impossible. He also said that further
user-specific restrictions on the use of information in databases would go some
way to solving the problem. It is, said Duncan, a difficult problem to solve.
“Achieving ‘adequate’ privacy will require engineering innovation, managerial
commitment, information cooperation of data subjects and social controls
(legislation, regulation, codes of conduct by professional associations and
response to reactions of the public),” Duncan wrote in Science. [Source] [Source]
[ScienceMag]
Insurance claims contain confidential information that
companies such as ING Insurance Co. of Canada must protect carefully. So ING
claims adjusters are used to encrypting such documents when e-mailing them.
Until recently, they used cumbersome and costly PKI technology that requires
the recipient to have special software in order to be able to decode the
message. ING wanted a way to allow anyone in the company to send secure e-mail
messages to anyone else inside or outside ING. So roughly 40 ING employees are
now testing SecureMail, e-mail encryption software from Voltage Security Inc.,
in Palo Alto, Calif. Now, they can encrypt messages and send them to anyone.
The first time someone is sent encrypted mail, it comes with an attachment that
opens in the recipient’s Web browser and prompts the person to create a
password and sign in to read the message. [Source]
The UK Information Commissioner’s Office (ICO) has
published guidelines outlining how motorists’ personal data can be used by the
Driver and Vehicle Licensing Agency (DVLA). The ICO guide attempts to explain
the circumstances where the DVLA is allowed to share their personal details
with third parties without breaking data protection rules. The DVLA can pass on
an individual’s personal details to a third party if there is “reasonable
cause” to do so - such as the prevention or detection of crime - according to
the guidance published by the ICO. But the DVLA does not have to ask permission
from registered vehicle keepers before passing on any details to other parties.
[Source]
[ICO
Guidance] background [News
item] [News
item] [News
item]
The Bush administration is signaling that it plans to
turn once again to a favorite legal tool known as the “state secrets” privilege
to try to shut down a lawsuit brought against a Belgium banking cooperative
that secretly supplied millions of private financial records to the U.S.
government, court documents show. The lawsuit against the banking consortium,
which is known as Swift, threatens to disrupt the operations of a vital
national security program and to reveal “highly classified information” if it
is allowed to continue, the Justice Department said in several recent court
filings asserting its strong interest in seeing the lawsuit dismissed. [Source]
U.S. consumers may soon have more information to help
them select a doctor when they need an operation or other serious medical
procedure. A recent U.S. federal court decision requires the government to make
public Medicare claims information about individual doctors and the procedures
they perform, a ruling that could spur development of online reference tools
that help patients evaluate physicians based on the volume of procedures they
do. [Washington Post]
The DNA of every British citizen and visitor to the country
should be included in the national database to ensure equality and fairness in
the justice system, a senior judge said Wednesday. In an interview with the BBC
on Wednesday, Lord Justice Stephen Sedley said the current database of nearly
four million samples - currently the world’s largest - is insufficient, and
that ethnic minorities are disproportionately included. “We have a situation
where if you happen to have been in the hands of the police, then your DNA is
on permanent record. If you haven’t, it isn’t. … That’s broadly the picture,”
Sedley said [Source]
See also [Police
DNA Database ‘Risks Criminalising Non-Offenders] and [Irish
Human Rights Commissioner Warns Against DNA Database]
The FBI has fallen behind in processing DNA from
nearly 200,000 convicted criminals – 85% of all samples it has collected since
2001 – Justice Department records show. The backlog, which expands monthly,
means most of the biological samples the bureau collects have not been stored
in the national DNA database and used to solve crimes. DNA from 34,000 convicts
has been added to the database since 2001, resulting in 600 matches to unsolved
crimes, according to statistics furnished by the Justice Department to the
Senate Judiciary Committee. At the same rate, adding the unloaded samples the
FBI has collected could solve an additional 3,200 crimes. The backlog expanded
by about 80,000 samples in 2006, when a law took effect requiring that all
federal convicts, rather than just violent felons, submit DNA samples. A new
law requiring DNA to be taken from about 500,000 federal arrestees and
detainees could greatly swell the backlog. Rules for implementing that law are
due early next year, according to OMB documents. [Source] See also: [DNA
Testing Safeguards for expanding Maryland’s DNA database]
Identity thieves who hit Monster.com’s database
earlier this month also stole the personal information of 146,000 people who
use USAJobs, the federal government’s official job search site. [Source]
For the third time since June, Pfizer has disclosed a
data breach involving sensitive information about employees. As many as 34,000
workers were affected this time. [Source]
[Pfizer
Offers Credit Monitoring to Individuals Affected by Third Breach]
A laptop containing data on 106,000 Connecticut
taxpayers is missing, prompting the state’s governor to order IT officials to
implement new controls for protecting data by Sept. 7. [Source]
A laptop drive offered for sale as new on eBay turned
out to have come from the laptop of an Arkansas Democratic Party official --
and still contained sensitive information when the buyer received it. [Source]
FOR A ACCOUNT OF RECENT REPORTED DATA BREACHES, VISIT [Data DysProtection]
Albertans age 12 and older planning to travel by air
can now obtain a government-issued photo identification card from the
province’s registry agents. Under new Transport Canada rules, effective
September 18, 2007, all airline passengers travelling within Canada who appear
to be 12 years of age or older must show one piece of government-issued photo
identification or two pieces of government-issued non-photo identification. At
least one piece of identification must show the individual’s name, date of
birth and gender. Parents are reminded that government-issued identification
cards are favourite targets for identity thieves. ID cards and other important
documents (passport, birth certificate and SIN card) should be treated with
extreme care and carried only when absolutely necessary. [Source]
A CNET article profiles a start-up company called
Rapleaf, which is aggregating social-networking profiles and, through another
outfit called TrustFuse, opening up the possibility of selling that information
to marketers. Rapleaf is among a new generation of people search engines that
take advantage of the troves of public data on the Net, much of it posted on
social-networking sites and personal blogs. [Source]
[Revisions
to Privacy Policy Follow Reporter’s Inquiry to Rapleaf] SEE ALSO: [PC Mag: Info,
Reference, and Search] and [The
Privacy Market Has Many Sellers, but Few Buyers]
German officials last week defended a proposal to use
“Trojan horse” software to secretly monitor potential terror suspects’ hard
drives, amid fierce debate over whether the measures violate civil liberties.
Interior Minister Wolfgang Schaeuble wants to include the measure in a broader
security law being considered by conservative Chancellor Angela Merkel’s
coalition government. [Source]
[German
Left Slam E-Mail Spy Plan] [Source]
[Source] [Source]
[Debate
rages over controversial German plan]
Five police officers have lost their jobs and 20 have
been formally disciplined for using the police national database to snoop on
law-abiding New Zealanders. Figures released this week under the Official Information Act show that, as
of January 30 this year, a further 7 staff had resigned before police took
disciplinary action. The revelations have sparked calls from Privacy
Commissioner Marie Shroff for tighter controls to stop prying police using the
database for non-police business. She was unsure as to exactly why police
officers would access confidential files, but said it could be a case of an
officer wanting to find out about a potential business partner, or their
daughter’s new boyfriend. She was disappointed officers would abuse the “implicit
social contract they had with the public” by improperly accessing the national
database. Private investigators said they believed officers were often asked
for information by firms looking into the backgrounds of individuals. In some
cases, private investigators would pay officers “under the table” for
information that could assist with their inquiries, one investigator said.
Another Auckland private investigator said: “It’s not something we do, but I
have no doubt that it goes on.” [Source]
Popular social networking site Facebook has added a
public-facing search function in a move which is likely to anger privacy
advocates. The function will initially allow anyone who is not registered with
the site to search for a specific person. More controversially, in a month’s
time, the feature will also allow people to track down Facebook members via
search engines such as Google. The firm said that the information being
revealed is minimal. The public search listing will show the thumbnail picture
thumbnail of a Facebook member from their profile page as well as links
allowing people to interact with them. But, in order to add someone as a friend
or send them a message, the person will have to be registered with Facebook.
Users who want to restrict what information is available to the public or opt
out of the feature altogether can change their privacy settings. They have a
month to do so. Despite assurances from Facebook, critics have expressed
disappointment at the move. [Source]
Australian federal privacy commissioner Karen Curtis
is warning that calls for Australian companies to be subject to a compulsory
name-and-shame data breach regime could backfire and create a compliance
nightmare. The statement is the strongest indication yet that a looming
shake-up of the private sector provisions of the Privacy Act in Australia will not take the lead of US regulators,
which have compelled corporations and government agencies to publish details of
even minor infractions against customer data protection laws. The warning comes
as New Zealand organisations get to grips with our own Privacy Commissioner’s
draft data breach disclosure guidelines, unveiled last week. Privacy
Commissioner Marie Shroff has indicated she will consider whether breach
guidelines should become a mandatory. Curtis says serious consideration is
being given to publicly identifying companies or agencies involved in incidents
when there was a tangible risk of harm to consumers. This is backed by research
undertaken by her office over the past nine years that shows consumers favour
pragmatism and common sense over onerous bureaucracy. “The guts of it is that
mandatory reporting for breaches should be examined, but you have to find the
right threshold,” Curtis says. “We think there is merit, but not in all
circumstances. Direct comparisons [with the US] are not ideal.” [Source]
Support for a unique identifier for dealing with
government agencies has risen, but there is less tolerance for the misuse of
personal information, a Privacy Commissioner’s survey has found. The survey of
more than 1500 people concludes Australians believe the internet is not as
secure as traditional means of providing information, such as in hard-copy or
over the phone. Respondents also were less than keen on the growing practice of
businesses, pubs and clubs scanning or copying identity documents. While 80%
were happy to show drivers’ licences and the like upon entry to licensed
premises, only 18% were happy about their documents being copied. Public
support for a government ID number increased to 62% in the survey, Community
Attitudes to Privacy 2007, up from 53% in a similar survey in 2004. The
increase was driven by those who strongly agreed with the proposal – 33% this
year compared with only 25% three years ago. More people are prepared to allow
cross-referencing or sharing of information between agencies (80% vs 71%) in
certain circumstances: fraud and other crime, updating contact details and for
efficiency. But respondents strongly objected to agencies asking for irrelevant
information (87%); using information for other purposes, and monitoring their
activities on the internet (86% each). Support for a national health database
of personal medical records depends on voluntary participation, with 76% taking
this stance, up from 64% in 2004. Only 21% believe that all medical records
should be included in a national network. Sensitivity over health professionals
sharing patient information was also expressed, with 35% of respondents
believing only information relevant to the condition being treated should be
shared. 17% supported information sharing if the condition was serious or
life-threatening, while 32% said health information should only be shared with
the patient’s consent. However, there was a vote of confidence in medical
practitioners: health service providers are believed trustworthy by 91% (up
from 89% in 2004). In contrast, government departments are believed trustworthy
by 73% (up from 64%) - higher than financial institutions, which suffered a
decline in confidence to 58% (down from 66%). 96% regarded business monitoring
of internet activity a misuse of personal information. Asking for irrelevant
personal information and using information for another purpose also annoyed
customers, at 94% each. And 93% objected to personal information being obtained
by businesses with which there was no relationship. Identity fraud and theft
are seen as growing problems, with 9% claiming to have been victims, while 17%
say they know someone who has been a victim. Web-browsing, online shopping and
internet banking are regarded as the riskiest activities. Half the respondents
are more concerned about providing information over the internet than they were
two years ago, with 31% as concerned. Only 11% were less concerned. [Source]
[Survey Report:
Community Attitudes to Privacy, 2007]
A federal district court has struck down as
unconstitutional a statute that allows the government to obtain – without a
prior court order – extensive records of telephone and Internet communications.
The law – part of the PATRIOT Act – authorized FBI agents to use “National
Security Letters” to obtain “transactional records,” including telephone dialling
information, “to” and “from” lines of e-mail messages, and information about
web site visits. The decision confirms CDT’s long-held view that Congress
should amend the NSL statute to require prior judicial approval of such
government demands. [Source] [Judge
Scolds U.S. on Wiretapping Records]
A judge dismissed a lawsuit by two Ohio University
graduates whose Social Security numbers were among thousands exposed in a
series of security breaches involving school computers. The lawsuit asked a judge
to order the school to pay for credit monitoring services for the people whose
personal information may have been compromised. Judge J. Craig Wright of the
Ohio Court of Claims granted a motion by the university to dismiss the case,
saying the plaintiffs failed to prove they suffered damages for which they
could be compensated. [Source]
The Center for Information Policy Leadership recently
published a framework for creating a multi layered privacy notice, whose
benefits they outline in the introductory paragraph: “Experts agree that good
privacy begins with effective transparency. Transparency requires privacy
notices that are easy to understand, facilitate comparison, and are actionable.
Privacy notices must also comply with legal requirements that may differ from
country to country, and jurisdiction to jurisdiction. Research on how people
learn has shown that for notices to be easy to read and understand, they must
be short, use plain language, and be presented in a common format. Complete
notices tend to be longer and more complex, so it is impossible to have both
sets of requirements in one document. A multilayered notice is made up of a
condensed notice that contains all the key factors in a way that is easy to
understand and is actionable, and a complete notice with all the legal
requirements. A growing number of privacy officials and experts agree that
multilayered notices meet the transparency objective. Corporate and government
sponsored research shows that multilayered notices build both trust and
compliance.” [Source]
[Framework]
Tackling a dilemma right out of a science fiction
novel, the state Senate passed legislation last week that would bar employers
from requiring workers to have identification devices implanted under their
skin. State Sen. Joe Simitian (D-Palo Alto) proposed the measure after at least
one company began marketing radio frequency identification devices for use in
humans. “RFID is a minor miracle, with all sorts of good uses,” Simitian said.
“But we shouldn’t condone forced ‘tagging’ of humans. It’s the ultimate
invasion of privacy.” Simitian said he fears that the devices could be compromised
by persons with unauthorized scanners, facilitating identity theft and improper
tracking and surveillance. The bill has been approved by the state Assembly and
now goes to the governor. [Source] See
also: [SB-28:
DMV personal information] [SB-29:
Pupil attendance, electronic monitoring] [SB-31:
Identification documents] [SB-362:
Identification devices] [SB-388:
RFI tags]
RFID technology could become a major privacy threat,
warns Privacy Commissioner Marie Shroff. In a keynote address to last week’s
Privacy Awareness Week opening forum, she said although RFID might not present
a clear and immediate threat to personal privacy, the potential range of
applications left room for concern, as well as doubt about future uses. The
devices were promiscuous in that they could talk to any compatible reader, as
well as being stealthy and remotely readable. [Source]
Canadian smart phone users are less likely to get
hacked on their mobile devices than their Asian and European counterparts, but
that may soon change. Security researchers are uncovering more ways that
hackers can attack and steal information off these data-rich devices. User
behaviour will also play a huge part in whether mobile malware attacks will
increase in North America, according to McAfee Inc.’s Avert Labs. “If the users
are going to engage in the same kind of behaviour on the phone as they do on
the PC, you’re probably going to see a lot of the same types of malware on the
mobile phone as you are seeing on the PC.” McAfee has released a white paper
detailing various threats plaguing smart phones, specifically discussing
vulnerabilities associated with smart phones and PDAs running Windows Mobile,
based on the Microsoft Windows CE platform. [Source]
Despite an $11 billion price tag and the availability
of new security technologies, the millions of new driver’s licenses that states
will need to produce to comply with the Real ID Act may still be vulnerable to
counterfeiting and tampering, industry experts say. Recent emphasis in the
government identification card field has been on high-tech security features,
such as encryption of data on the microchip embedded in the cards. But the Real
ID Act cards that now exist may present greater low-tech risks. [Source]
Parents are pushing for a statewide roll-out of
electronic tracking of students to combat truancy. Swipe cards, SMS alerts to
parents and fingerprint logging are already in use in some schools and have led
to a dramatic drop in absenteeism. NSW Federation of Parents and Citizens
Association president said the success of the swipe-card and SMS systems should
lead to them being installed across the state. [Source]
A federal court today ruled
that the FBI can’t compel ISPs to turn over user records without notifying those
users unless it has a court order or a grand jury subpoena. A U.S.
District Court struck down part of the amended Patriot Act’s National Security Letter (NSL) provision, according
to the ACLU, which had filed a lawsuit challenging the provision (PDF).
The law had allowed the FBI to issue NSLs to ISPs demanding that they turn over
private information about people within the United States without court
approval and without telling the affected customers. NSLs can be used to get
access to subscriber, billing and other records from ISPs, as well as to obtain
other financial and credit documents from other companies -- including
telephone companies and even libraries. According to the court, the gag order
was unconstitutional because it prevented courts from engaging in meaningful
judicial review and violated the principles of separation of powers and free
speech. “In light of the seriousness of the potential intrusion into the
individual’s personal affairs and the significant possibility of a chilling
effect on speech and association -- particularly of expression that is critical
of the government or its policies – a compelling need exists to ensure that the
use of NSLs is subject to the safeguards of public accountability, checks and
balances and separation of powers that our Constitution prescribes,” said U.S.
District Court Judge Victor Marrero in the decision. “A statute that allows the
FBI to silence people without meaningful judicial oversight is
unconstitutional,” Jameel Jaffer, director of the ACLU’s National Security
Project, said in a statement. “The court today held that because the gag provisions
cannot be separated from the entire amended statute, the court was compelled to
strike down the entire statute.” [Source]
[Source]
[ruling] See also: [EFF:
Visit StoptheSpying.org and Fight
for Your Freedom Now!]
In another attempt to head off privacy advocates’
attacks on the Bush administration’s Real ID plans, Homeland Security Secretary
Michael Chertoff said the national-identification scheme will actually
“strengthen” personal privacy by providing added protection against identity
theft. In written testimony Chertoff submitted (PDF) on Wednesday to the U.S.
House of Representatives Homeland Security Committee, he made another pitch for
his department’s requirements, which generally say that starting on May 11,
2008, Americans will need a federally approved, “machine readable” ID card to
travel on an airplane, open a bank account, collect Social Security payments or
take advantage of nearly any government service. A Real ID-compliant document
will be of higher “quality” than existing driver’s licenses and other
state-issued identification cards, thus helping prevent terrorists and identity
thieves alike from committing forgery, Chertoff said in his testimony. [Source] [Testimony]
The Homeland Security Department’s U.S. Visitor and
Immigrant Status Indicator Technology program is top-heavy in management costs
but shows a persistent pattern of management shortcomings, according to a new
Government Accountability Office report. The 167-page report reviews progress
on U.S.-VISIT, which collects and validates biometric information from incoming
visitors to the United States. The GAO report describes a “longstanding lack of
strategic direction and management controls” affecting the U.S.-VISIT program,
including a lack of justification for high management costs and a failure to
plan and implement exit controls. [Source]
The ACLU is calling for the closure of a DHS
computerized screening program it says allocates terror risk scores to U.S.
travelers. The Automated Targeting System (Passenger), or ATS-P program, “violates
a congressional mandate barring Homeland Security from assigning risk levels to
ordinary Americans,” the ACLU said this week. ATS-P “uses secret criteria and
computer algorithms to calculate the security risks (posed by) ordinary
Americans.” The statement accompanied formal comments filed with the
department’s Privacy Officer Hugo Teufel, who last month posted regulatory
filings for the system required under federal law. ATS-P “assists U.S. Customs
and Border Protection frontline officers in frustrating the ability of
terrorists to gain entry into the United States,” Teufel said. The system “does
not profile by race, ethnicity or arbitrary assumptions,” and “does not replace
human decision making” by customs and immigration officials. “Congress has
banned this type of program with good reason: It rates the potential for
terrorism of every traveler and violates every American’s right to privacy,”
said Barry Steinhardt. “The judgments about Americans calculated by ATS-P will
be stored for years, and we have no idea how they may be used in the future.
The benefit to the government is extremely questionable, but the consequences
for Americans are simply dangerous.” [Source]
See also: [DHS ends
criticized data-mining program] and [U.S. may invoke
‘state secrets’ to squelch suit against Swift]
California’s state Senate Appropriation Committee last
week approved a measure that would require retailers to bear responsibility for
costs incurred by banks and credit unions as a result of data breaches. The
State Assembly approved the Consumer Data
Protection Act (AB 779) in June by a vote of 58-2. Retailers have been
actively lobbying legislators to vote against the bill. The bill is expected to
go before the full Senate in about a week. If it is approved, it will then go
to Governor Schwarzenegger. Under the bill, retailers would reimburse banks and
credit unions for the costs of notifying customers of data breaches and issuing
new cards. Retailers would also be required to employ strong data protection
measures surrounding credit card information. Retailers would also have to
provide details about breaches, including precisely what type of information
was compromised. [Source]
Workers at the Jet Propulsion Laboratory in
California, which is operated for NASA by the California Institute of
Technology, are suing over new security measures, which require nongovernmental
workers to provide background information and sign waivers to allow for in-depth
checks of past employment, interviews with neighbors and other security
measures. The lawsuit alleges that the practices invade the workers’ privacy
and violate other rights, according to coverage of the federal lawsuit in The
New York Times. [Source]
A group of taxi drivers launched a two-day strike
Wednesday, right in the middle of the New York Fashion Week and the U.S. Open
tennis tournament, to protest a city plan to require GPS tracking in cabs. The
New York Taxi Workers Alliance called the strike in the nation’s largest city
to protest new rules requiring all cabs to have global positioning systems and
touch-screen monitors that will let passengers pay by credit card. Some cabbies
fear the GPS systems could be used to track their movements and that they could
get stuck paying hefty fees for credit card processing. [Source]
[NYC
Taxi Dispute Over GPS Turns Ugly] [New York Mayor
Vows to Install Surveillance Devices in Taxis]
Schools Chancellor Joel Klein this week fired a
veteran worker whose movements were tracked for five months through the GPS
device in his cellphone, leading to charges that he was repeatedly cutting out
early. “This individual was getting paid for not working,” said schools
spokeswoman Margie Feinberg, explaining Klein’s decision to accept an
administrative law judge’s recommendation to ax John Halpin, a longtime
supervisor of carpenters. Halpin had worked in the school system for 21 years
and was conscientious enough to show up as much as two hours early for his 8
a.m.-to-3:30 p.m. shift. He said he was never told that the cellphone he was
given in 2005 could be used to monitor his every move and questioned the
accuracy of the data it produced. [Source]
--------