UK – Biometric Fingerprint Checks for UK Visas
All applicants for visas to enter the UK will face biometric fingerprint checks from the end of this month. The fingerprint database contains the records of more than one million previous visa applicants. The system will cover 133 countries, three-quarters of the world’s population, and has already uncovered 10,000 visa applicants connected to earlier immigration cases and asylum requests and detected 500 cases of identity swapping. Immigration minister Liam Byrne congratulated Border and Immigration Agency officials and set out 10 milestones to strengthen border protection this year, which include introducing compulsory ID cards for foreign nationals who want to stay in the UK and introducing spot fines for employers not carrying out right-to-work checks. [Source]
US – FBI Prepares Vast Biometrics Database: $1 Billion Project
The FBI is embarking on a $1 billion effort to build the world’s largest computer database of peoples’ physical characteristics, a project that would give the government unprecedented abilities to identify individuals in the United States and abroad. Digital images of faces, fingerprints and palm patterns are already flowing into FBI systems in a climate-controlled, secure basement here. Next month, the FBI intends to award a 10-year contract that would significantly expand the amount and kinds of biometric information it receives. And in the coming years, law enforcement authorities around the world will be able to rely on iris patterns, face-shape data, scars and perhaps even the unique ways people walk and talk, to solve crimes and identify criminals and terrorists. The FBI will also retain, upon request by employers, the fingerprints of employees who have undergone criminal background checks so the employers can be notified if employees have brushes with the law. “Bigger. Faster. Better. That’s the bottom line,” said the assistant director of the FBI’s Criminal Justice Information Services Division. [Source] [U.S. Seeks Support for International Biometrics Database] [NZ may join FBI-led global database to fight crime, terror]
CA – Privacy Commissioner Summarizes Contribution Program Research Projects
The Office of the Privacy Commissioner of Canada (OPC) has posted abstracts of the 25 privacy-related research studies - by Canadian academics, privacy advocates and the business community - funded through their Contributions Program since 2004. During the first three years, researchers funded by the Contributions Program examined implementation of the PIPEDA. They studied medical privacy issues, including genetics and automated health care records. They looked at an array of other new technologies and how they can “creep” into our private lives. And they researched workplace privacy issues from the perspectives of both employees and employers. In 2007, the OPC is focusing Contributions Program research on privacy over the Internet, as well to the challenges inherent in securing identification and authentication where, increasingly, we have to give up our once assumed anonymity to simply move about or communicate. A third stream of research will evaluate the intersection of the public and private sectors regarding the collection and use of personal information, such as the increasing availability of our consumer records to government authorities. [Source] [Adobe Version]
CA – Newfoundland Government to Proclaim Privacy Provisions of ATIPP Act
The Newfoundland & Labrador Government has announced that the privacy provisions of The Access to Information and Protection of Privacy Act (ATIPP) will be proclaimed this week. Under the privacy provisions of the ATIPP Act protocols are to be followed by all Provincial Government departments and public bodies that collect, use and disclose personal information of citizens such as a date of birth or social insurance number. As well, the privacy provisions allow citizens the right to request access to, and correction of, their personal information as well as the right to know why their information is being collected and how it is used. [Source]
CA – Advocacy Group Urges Ottawa to Draft Data Breach Notification Law
Responding to an Industry Canada request for public consultation on data security laws, the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic (CIPPIC) this week recommended that mandatory reporting of data breaches to a public registry is the most effective way to persuade corporations to shore up their potential security risks. CIPPIC also recommended the need for future law reform to address what they called “PIPEDA’s woefully inadequate redress and enforcement regime.” Lawson referred to a 2006 CIPPIC study that showed widespread non-compliance with data protection legislation by Canadian companies. “There’s a rule that says companies shouldn’t be collecting more than necessary, but many of them are and nobody is calling them to account. The act needs to be amended to provide more effective recourse for individuals and others to hold companies accountable.” [Source] [CIPPIC submission] [CIPPIC press release] [CIPPIC webpage on PIPEDA Reform]
EU – German Doctors Say No to Centrally Stored Patient Records
Recent reports about incidents of data loss in the British healthcare system have alarmed medical doctors in other European countries. In Germany, the national association of 20,000 doctors in private practice (NAV Virchow Bund) has adopted a stance advocating the complete abandonment of all concepts of central data storage in the German national health IT project. The doctors’ body is now calling for the German Ministry of Health to halt all plans for centrally-stored shared electronic patient records, due to the potential risks to patient confidentiality. As an alternative, the German private doctors’ body is suggesting the use of encrypted USB-sticks. These could be handed over to patients and would carry all relevant patient data, including digital images such as radiographs or CT-scans. What is needed in addition is a health IT infrastructure that collects only references about the institutions where the documents were generated. In case of loss or destruction of the USB-stick, the EPR could then be re-established by contacting the individual doctors..[Source]
WW – January 28th is Data Privacy Day: Spreading Awareness of Data Privacy
Data Privacy Day 2008 will be January 28th. North America and 27 European countries will be celebrating Data Privacy Day 2008 and holding a variety of events. As part of the events going on that day, Duke University is hosting a conference, “Data Privacy in Transatlantic perspective: Conflict or Cooperation?” The IAPP is encouraging privacy professionals to contact local schools, colleges and universities and offer to give a presentation on or during the week of January 28 about privacy using the materials provided. Our goal is to have privacy professionals all over the country giving presentations to students about the importance of privacy today. [Source] [IAPP Privacy Day Materials]
US – Florida Bans Hats, Hoods, and Sunglasses in Banks
Florida’s top bankers group rolled out a security dress code last week that, if adopted by the industry, would mean “hats off” for banking customers in the Sunshine State. The what-not-to-wear policy would also prohibit sunglasses, caps and hoods – anything that might obscure a person’s identity, according to the Florida Bankers Association, the industry’s statewide trade group. Citing Florida’s recent plague of bank robberies – which increased 40% in 2007 -- the industry group touted its “No Hats, No Hoods, No Sunglasses” program as a deterrent that has worked in other states because potential robbers are more easily identified when their heads or faces are not covered. [Source]
UK – Carphone Warehouse in Fix After Breach
British mobile phone retailer Carphone Warehouse and sister company TalkTalk have been ordered to bring data privacy and security practices in line with the Information Commissioner’s Office demands, or face “unlimited fines” following the recent discovery of a data breach that has put the personal information of thousands of customers at risk. As a result of the breach, information provided by Carphone Warehouse to credit bureaus was incorrect, debt collections were initiated against innocent customers, and credit accounts were erroneously opened in some customers’ names. [Source]
UK – Scottish DVLA Sells 5m Driver Registration Details
The Scottish DVLA’s sale of driver details to anyone with £2.50 to spare must stop, says the Scottish National Party, having uncovered just how many peoples’ records have been sold by the department.. Scottish MP Grahame used a FOI request to discover the DVLA has sold 5.3m driver records since 2002/2003 when it was first allowed to sell the data. She accused the department of failing to check up on the companies it sells the records to and demanded a government review of the practice. Private firms with “reasonable cause” can buy individual records for £2.50 each. If you want more than who the keeper of a vehicle was at a specific time - like a copy of documents or extra information about the vehicle’s keeper - the DVLA will charge you £5. Last year the DVLA sold 1.3m records to private companies - a 54% increase in five years. [Source]
US – Donor Privacy at Issue with University of Virginia
The University of Virginia has asked that state’s legislature to exempt it from provisions of the Freedom of Information Act in order to help it maintain the privacy of 450,000 potential donors contained within a highly detailed database. In the midst of a $3 billion fund-raising campaign, officials say that they have an obligation to protect individuals on the fundraising list. Opponents argue that, as a state institution, the university and the state have an obligation to maintain openness and accountability. [Source]
WW – Aetna Shows How Insurers Can Protect Genetic Privacy
Aetna, one of the (US) nation’s largest health insurers, has begun offering confidential genetic counselling for certain cancers over the phone and through the Internet. The service is available only to members whose coverage includes in-person genetic counselling, but the program could greatly expand patients’ access to their genetic history. There are fewer than 2,000 board-certified genetic counsellors nationwide. This makes it difficult for many patients to meet face-to-face with qualified professionals. There also is great concern about whether genetic information could be used by insurers to deny coverage or raise rates. Aetna contracts with Informed Medical Decisions, a third party, to provide its genetic counselling. Test results and counselling sessions are not shared with Aetna or the patient’s employer. [Source]
US – Medical Credit Score Plan Raises Hackles
MSNBC’s Bob Sullivan, in his Red Tape Chronicles column, writes of a plan by business intelligence firm Fair Isaac to develop a medical credit score, similar to the FICO credit rating system developed by the company. Dubbed “medFICO,” the plan is drawing sharp criticism from all quarters, as consumer, privacy, and healthcare advocates see no practical need for such a score and fear it will be used to influence decision-making by healthcare institutions and insurers. “This is a bad idea and I don’t think this benefits the consumer at all,” Pam Dixon of the World Privacy Forum told Sullivan. “And what about victims of medical ID theft? Are we going to deny treatment to these people because they have a terrible MedFICO score?” [Source]
US – CMS to Initiate On-Site HIPAA Reviews
The Centers for Medicare and Medicaid Services will begin conducting on-site reviews of healthcare facilities’ compliance with the Health Insurance Portability and Accountability Act. CMS expects to complete reviews of between 10 and 20 facilities over the next nine months. The compliance checks will initially focus on hospitals from which the agency has received complaints. CMS will publish a report upon completion of the site checks in order to provide a “lessons learned” analysis of their findings. Hospitals checked for compliance will not be named in the report. [Source]
US – Vermont Prescription Data Base “Goes Too Far”
A statewide database filled with information on every prescription filled in Vermont, created two years ago to help stop illegal drug prescriptions, potentially puts the medical privacy of Vermonters at risk, lawmakers are now saying. According to members of Vermont’s House Human Services Committee, language in the law directing the commissioner of public health to share the information with the commissioner of public safety goes beyond what was originally envisioned when the database was first envisioned. [Source]
US – Iron Mountain Loses GE Money Data Tape
It was disclosed on Friday that a data storage tape belonging to GE Money, and containing credit card data for about 650,000 customers of J.C. Penney and other retailers, was reported missing from an Iron Mountain information storage facility in October. Personally identifiable information, including Social Security numbers for about 150,000 consumers, was put at risk as a result of the breach. A GE Money spokesperson said there was no indication that the tape had been stolen, but the company is paying for 12 months of credit monitoring for those whose SSNs were on the tape as a precaution. [Source]
CA – Privacy Commissioner of Canada Voices Copyright Concerns
Canada’s Privacy Commissioner has written to Ministers responsible for copyright policy regarding the privacy implications of possible amendments to the Copyright Act. The Commissioner notes that proposed anti-circumvention laws and ISP obligations to retain subscriber information both raise significant privacy issues. [Source]
WW – MySpace Getting Tougher On Security
MySpace and a group of U.S. law enforcement agencies representing 49 states last week announced a slew of new measures designed to make use of the social networking site safer for minors. MySpace will add several new protections and work toward developing new technologies, including an age-verification system, in an effort to stamp out misuse of the site by sexual predators and identity thieves. The site said it will make structural changes and accept independent monitoring. MySpace plans to:
§ Make the default privacy setting “private” on the site for 16- and 17-year-old users.
§ Devote more staff to classifying photographs and discussion groups.
§ Respond to complaints about inappropriate behaviour within 72 hours.
§ Strengthen software to find underage users.
§ Create a high-school section for users who are under 18.
The new rules come after months of negotiating by the site and a number of U.S. states. Monday’s agreement, called the “Joint Statement on Key Principles of Social Networking,” was announced in Manhattan by attorneys general from New Jersey, North Carolina, Connecticut, Pennsylvania, Ohio and New York. Whether MySpace will institute similar rules in Canada or elsewhere was not clear on Monday. Texas was the lone holdout in the agreement. [Source] [Joint Statement] See also: [MySpace Subpoenaed In Teen Suicide Case]
US – Connecticut Considers Search Engine Opt-Out Registry
Responding to constituent complaints over the appearance of personal information in search engines and online informational services, Connecticut Governor Jodi Rell has called for an “opt-out” registry for Nutmeg State residents. As currently conceived, the proposal would create a centralized registry available for Connecticut residents that would result in their names being removed from services such as whitepages.com, 411.com, as well as unsolicited credit card offers, other direct mail lists, and email listings. [Source]
CN – Beijing Demands Personal Data For Ceremony Tickets
Beijing Olympics organisers have told those who have secured seats for the opening and closing ceremonies to submit photographs and other personal information before they get their tickets. “To ensure security, eradicate fake tickets, control speculative ticket reselling, and safeguard the lawful interests of the majority of the buyers, a real-name entry system will be applied for the opening and closing ceremonies,” they said. Buyers living on the Chinese mainland needed to fill out a form with a recent photo on it, to be submitted to the Beijing Organising Committee of the Olympic Games (BOCOG) with a copy of their identification cards, BOCOG said in a statement on its Web site (www.beijing2008.cn). [Source]
US – Online Privacy Concerns Increase: USC Survey
According to the survey from the University of Southern California’s Center for the Digital Future, privacy concerns stemming from online shopping rose in 2007, as the loss or theft of credit card information and other personal data soared to unprecedented levels. The study found that 61% of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47% in 2006. Before last year, that figure had largely been dropping since 2001. [Source] [Report Highlights] [Press Release]
US – Data Privacy Day in North America: Spreading Awareness of Data Privacy
Duke University and the IAPP are collaborating to organize an inaugural Data Privacy Day in North America to promote the importance of data protection. The IAPP is encouraging privacy professionals to contact local schools, colleges and universities and offer to give a presentation on or during the week of January 28 about privacy. [Source] [NC Governor Proclaims “Data Privacy Day”]
EU – European Data Protection Supervisor Issues Opinion on RFID Privacy
Peter Hustinx, the European data protection supervisor, (EDPS) last month issued his Opinion on the Commission’s communication on RFID in Europe. The Opinion deals with the growing use of RFID chips in consumer products and other new applications affecting individuals.. “RFID systems could play a key role in the development of the European Information Society,” said Hustinx, “but the wide acceptance of RFID technologies should be facilitated by the benefits of consistent data protection safeguards. Self-regulation alone may not be enough to meet the challenge. Legal instruments may therefore be required to guarantee that the technical solutions to minimize the risks for data protection and privacy are in place.” More specifically, Hustinx calls on the Commission to consider the following recommendations:
- The provision of
a clear guidance, in close cooperation with relevant stakeholders,
on how to apply the current legal framework to the RFID environment. - The adoption of
a community legislation regulating the main issues of RFID usage
in case the effective implementation of the existing legal framework fails. - Such measures
should notably lay down the opt-in principle at the point of sale
as a precise and undeniable legal obligation. - The
identification of “Best Available Techniques” which will play a decisive
role
in the early adoption of the privacy-by-design principle. [Opinion] [Source]
EU – German Retailer Launches Item-Level RFID Pilot
German consumer goods and grocery retailer Metro Group has launched a pilot program at its Essen facility that will tag most nearly every item of clothing in the store with RFID chips allowing the store to capture information about which products are removed from shelves, tried on in dressing rooms, and whether or not the item is purchased or returned. The tags will be destroyed upon purchase. Metro Group believes the program will help streamline stocking, identify which fashions are most in demand, and even identify individual items that may defective. The program is expected to run for one year, but the current cost of RFID readers make it unlikely that the program will see broad implementation anytime soon. [Source] [IBM Announcement]
EU – World’s Largest Item-Level RFID Application Launches
A new
bookstore in Portugal uses RFID to track almost all merchandise in what it
indicates is the world’s largest item-level retail application in a single
store. Retailer Byblos Amoreiras has used Gen2 RFID tags to track 150,000
books, periodicals, CDs, and other merchandise since its new 35,000-square-foot
superstore opened in Lisbon in December. The system features a variety of
RFID-enabled kiosks, handheld readers, and portals that monitor 2,000 locations
in the store. “This isn’t a pilot. Byblos is using item-level RFID as part of
running their business. From a technology point of view, it is a complete
solution. … As far as we know, it’s the largest item-level deployment anywhere
in the world.” Byblos creates and applies its own RFID labels, and does not
rely on suppliers to provide them. Byblos plans to open four more RFID-enabled
superstores this year and five in 2009. [Source]
UK – Subcutaneous RFID Chips Planned for Convicts
UK Ministers are planning to implant “machine-readable” microchips under the skin of thousands of offenders as part of an expansion of the electronic tagging scheme that would create more space in British jails. The tags, labelled “spychips” by privacy campaigners, are already used around the world to keep track of dogs, cats, cattle and airport luggage, but there is no record of the technology being used to monitor offenders in the community. The chips are also being considered as a method of helping to keep order within prisons. A senior Ministry of Justice official has confirmed that the department hoped to go even further, by extending the geographical range of the internal chips through a link-up with satellite-tracking similar to the system used to trace stolen vehicles. “All the options are on the table, and this is one we would like to pursue,” the source added. [Source] [Source]
US – American Medical Directors Association to Study VeriChip’s VeriMed System
The American Medical Directors Association (AMDA), a professional association of medical directors and physicians practicing in long-term care, will kick off a study on Feb. 1 to test VeriChip’s glass-encased RFID tags, designed to be implanted in patients to make it easier to access their health records during an emergency. Directed by the AMDA Foundation, the research arm of AMDA, the study will be a randomized, comparative clinical study to evaluate whether VeriChip’s VeriMed Patient Identification System can improve patient outcomes, the acquisition of medical information and the sharing of medical documents among long-term care facilities and hospital emergency departments. The study will involve 10 facilities and 100 participants, and will last one year-or until the 100th hospitalization, whichever occurs later. [Source]
US – Wegmans Looks at Ways RFID May Help Dispense Prescription Drugs
Wegmans Food Market’s in-store pharmacies process about 2,400 prescriptions each week, though some handle up to 5,000. Pharmacists manually search drawers for completed orders, which can be time-consuming. Seeking to evaluate if RFID could make locating and ringing up drugs faster and more accurate, the 71-store chain is working on plans to test an RFID-based drug-tracking system utilizing the EPCglobal network architecture. Although final details and a timetable have yet to be firmed up, druggists will use the interrogators to read and write data on RFID inlays embedded in labels placed on prescriptions being filled. Each tag will be encoded with a serialized global trade item number (SGTIN), printed on a 2-D bar code on its adhesive label and associated with a patient’s contact and medical data. Pharmacists will place medication packets for completed orders in drawers fitted with RFID interrogators so that staff can locate particular orders by viewing a computer monitor. Customers will be encouraged to keep the bottle or packet inlays intact so the pharmacies can interrogate tags on empty bottles returned for refilling. The company, however, will install a tag kill station or set up a protocol to relabel prescriptions with non- RFID labels for consumers who don’t want a live tag. Wegmans is seeking technology partners for the trial, and intends to run a consumer awareness campaign before the launch. [Source]
US – Carolinas Medical Center Expands Its RFID Deployment
The hospital has added 26 RFID-enabled medical supply cabinets to its cardiac catheterization and electrophysiology labs, helping it cut inventory costs and improve operations. [Source]
US – Advocates and Activists Protest RFID Baby IDs
Privacy and anti-RFID activists in Ohio are expressing concern over the proliferation of RFID in the state’s birthing centers, where more than half of facilities now use radio-chipped identification bracelets to prevent abductions and mix-ups. Critics say that, nationally, such cases number between 0 and 12 per year, but worry that an over-reliance on RFID surveillance could actually result in an increase in lost of stolen babies as human caretakers become less vigilant. [Source]
WW – Deloitte: Security and Privacy Losing Ground
A new study released by Deloitte Global found that technology, media, and telecommunications companies in the UK are not making the necessary investments in data security to stay ahead of growing threats. According to Deloitte, “just seven per cent of TMT companies believe that they are prepared for future security threats.” The study found that 75% of security failures were a result of human error, and that two-thirds of companies don’t even track losses of customer data. [Source]
EU – Justice Minister Says No New Privacy Law for Two Years
Ireland’s Justice Minister Brian Lenihan announced last night that there would be no new privacy legislation introduced for at least two years. Lenihan made the statement during the official launch of the new Press Council and Office of the Press Ombudsman, saying that while serious breaches of privacy are taking place in the media, he wanted to give the new office time to respond to complaints before drafting any new laws. [Source]
UK – Employees Pose Data Security Threat to Businesses, Study Finds
New research from Vanson Bourne found that, of the organisations questioned, nearly half of UK business felt that their data was threatened by employee negligence. In addition, the study found that, of those that had suffered from security breaches, the average financial cost was between £10,000 and £100,000, with 14% losing in excess of £500,000. Despite the high profile risks associated with workers using laptops and other mobile devices, some 80% of businesses still fail to install adequate security measures on such technology, the study also found.[Source] See also: [10 Database Security Tips For Smaller Businesses]
US – DHS Releases Final Regulations for REAL ID Act
On January 11th, the Department of Homeland Security released its final regulations to implement the REAL ID Act. Based on the proposed regulations published last March, the final rules direct how states will issue driver’s licenses but do not provide meaningful privacy and security requirements for personal information collected, stored and shared within the REAL ID system. [Final REAL ID regulations--Part 1, January 11, 2008][Final REAL ID regulations--Part 2, January 11, 2008] [REAL ID Privacy Impact Assessment by DHS Privacy Office, January 11, 2008] See also: [DHS Official Blog: “Let’s get Real”] [DHS Suggests a REAL ID Could be Necessary for Medicine]
US – DHS Urged to Take Leadership Role in CCTV Deployment
The Department of Homeland Security has a responsibility to ensure that video surveillance systems paid for with federal taxpayer dollars don’t erode privacy and civil liberties, CDT said in comments filed today. Given evidence that video cameras do not enhance security in many situations, the first step is for DHS to develop a system to evaluate the likely effectiveness of proposed CCTV installations by state and local governments seeking federal grants. Further, DHS should impose conditions on the grants it does make, to ensure that agencies follow privacy “best practices” regarding the use and storage of video feeds. [CDT Comments to DHS on Developing CCTV Best Practices, January 18, 2008]
US – DHS Funding Development of Advanced Screening Tech
According to a Computerworld report, the Department of Homeland Security is funding the development of advanced surveillance and screening technology that will use real-time data input to detect high-risk travelers at security checkpoints. The Project Hostile Intent effort, called Future Attribute Screening Technologies Mobile Module, will collect information about an individual’s facial expressions, voice patterns, body language, internal temperature, and other data to judge whether the individual warrants further screening. [Source]
US – Missouri Latest State to Protest Real ID
The Missouri state legislature last week became the latest to pass a law prohibiting the state from complying with provisions of the Real ID Act, creating a set of standard identification elements for all state drivers’ licenses. Rep. Jim Guest, who sponsored the Missouri bill, said the Real ID Act is an example of federal government “out of control,” and believes requirements that licenses be machine readable will create a greater risk for identity theft. More than 20 states now have laws opposing Real ID, and Guest is working to encourage others to follow suit. [Source]
US – TSA Site Put Travelers at Risk of ID Theft
A Web site established by the Transportation Security Administration to help travelers lodge complaints agency may have exposed individuals to ID theft, according to a report issued by Congress. An investigation, begun last year after some media outlets raised concerns, found that a DHS official awarded a no-bid contract to Desyne Web Service, a firm for which he had previously worked, and that the site accepted travelers’ personally identifiable information without encrypting the data. [Source]
US – New Hampshire Balks at RFID Product Tracking Bill
A bill that would require New Hampshire stores to post warnings to consumers over the presence of RFID chips on products or packaging within stores has been sent to committee for further study. A similar bill, filed in 2006, would have prohibited most uses of RFID by the Granite State, but that bill was changed to create a committee to further study RFID; the committee’s report is expected at the end of the year. “We hope they give us a strong bill in keeping with New Hampshire’s commitment to respect privacy,” said Rep. Marjorie Smith, co-sponsor of the bill. “We have to be vigilant in protecting it. Once you lose privacy there is no way to regain it.” [Source]
US – New Law Requires Online Dating Sites to Disclose Background Procedures
New Jersey will be the first state in the country to ensure security for online dating. The new legislation, S1977, would mandate online dating companies to reveal the amount of their security features. This would include if the company performs background screenings on members who desire to date others. The legislation was signed into law by Governor John Corzine on January 14th. According to the new measure, companies will have one hundred and twenty days to institute these protective measures. The legislation also urges that companies initiate these procedures before the legislation officially becomes law. New Jersey is setting the example for other states to follow by being the first state in the nation to pass a law pertaining to online dating. New York and Pennsylvania are also considering passing similar legislation. The bill, dubbed, “Internet Dating Safety Act” is also intended to limit the amount of criminal offenders that are on these dating sites. [S1977] . [Source]
US – Court Extends Injunction Against NASA Background Checks
The Appeals Court for the Ninth Circuit last week extended an injunction against NASA that temporarily prevents it from requiring certain contractors to submit to a new background check process as part of a mandatory smart card credentialing program. In arriving at its decision, a three-judge panel for the Ninth Circuit noted that the background check process raised serious privacy issues and was far too broad in scope to meet any legitimate government need. It ruled that 28 contractors who had sued NASA in Los Angeles District Court last August over the background checks did not need to submit to those checks for the duration of the court proceedings. [Source]
--------