Manchester has implemented what it claims is the UK’s first biometric access control system based on iris recognition. The system officially went live just before Christmas, and is used to control access to secure parts of the airport for airport workers. [Source]

US – Indiana: Black-Box Bill Seeks Full Disclosure to Car Owners

Indiana state Representative Earl Harris has sponsored a House Bill 1324 that would require companies selling, leasing or renting new cars to provide disclosure of the presence of an event data recorder – more commonly known as a “black box” – in the vehicle. House Bill 1324 also would require disclosure of the type of recorder, the type of data stored or transmitted, and the length of time the information is retained. Some have expressed concern that the data collected by black boxes will be used by insurance companies to determine rates. [Source] [Full list of vehicles with data recorders]

UK – British Retailer Ordered to Encrypt All Laptop Hard Drives

After the theft of a laptop with personal information on 26,000 employees, British retailer Marks & Spencer has been given two months to encrypt all its notebook hard drives. The order, from the Information Commissioner’s Office (ICO), follows the theft of an unencrypted laptop from an M & S contractor with details of the pension arrangements of the retailer’s employees. The ICO has issued M&S with an enforcement notice which orders the company to ensure that all laptop hard drives are fully encrypted by April. Failure to comply with the notice is a criminal offense and may result in the ICO taking further action against the company. [Source]

EU – Majority of Europeans Worried About Online Privacy

European Union Commissioner of Justice and Home Affairs, Franco Frattini, says that three out of four Europeans are worried about posting personal information online. The statistic was taken from the preliminary results of a poll conducted by the EU. Financial services firms, medical organizations, government agencies and employers were trusted by most Europeans to securely handle their information, while credit card companies, market and opinion research firms, mail order companies and travel agencies were not. [Source]

UK – Privacy Commissioner Wants New Criminal Offence

Information Commissioner Richard Thomas has asked the UK Government to create a new offence of recklessly or knowing breaching data protection principles punishable by unlimited fines. He has also asked for other powers to be strengthened. In a paper presented to Government Thomas said that while the Data Protection Act (DPA) carried a duty for data controllers to comply with the principles of the Act there was no punishment for not doing so. “The precise form any penalty might take will require careful consideration. The creation of a new criminal offence is an obvious option,” said the paper. Thomas has also asked for the power to stop immediately any data processing his office finds that is “seriously unlawful”. Thomas also repeats his request for the power to audit a company’s data processing without its permission. Until recently the ICO needed permission to audit any body’s practices. The Commissioner also requested other new powers, including the power to force an organisation to provide him with a report by ‘“a skilled person”, such as that enjoyed by financial regulator the Financial Services Authority, and the power to serve notices on people other than data controllers. [Source] [Paper Submitted to Government]

EU – Privacy Law Limits About to be Set by Top Courts of UK and Europe

The House of Lords will rule on what exactly is meant by the term ‘personal data’, while the European Court of Human Rights will decide whether the police can retain details of non-criminals on the UK’s national DNA database. These are vital questions which could alter the boundaries of the rules governing what law enforcement agencies and companies will be able to do with the increasing amounts of personal information they are processing. [Source]

EU – Irish Companies Don’t Take Privacy Seriously

According to a new study by Ernst & Young, Irish companies lag well behind their peers from other countries when it comes to data privacy practices. The average of companies polled who cited privacy protection as a top three influence on information security is 57 percent, but only 25 percent for Irish companies. Although Irish organizations rank well with overall security practice, 19 percent of data security personnel say they have no role in their company’s privacy practices as compared to a 4 percent overall average.[Source]

WW – January 28 was Data Privacy Day 2008

January 28th is Data Privacy Day in North America and 27 European countries. Some resources:

IAPP has provided some free materials and some links to other resources.
TRUSTe has provided a Parent and Teacher Guide to Privacy
Rebecca Herold has posted some good ideas for activities as well as links to podcasts that you can use if you do not have time to create your own
The Council of Europe provides information and a way to see what’s happening in other countries
Google Blog also links to some materials and resources
Check this site’s calendar for Data Privacy Day events in your area [Source]

CA – Child Advocates Demand Tougher Rules for ISPs

Saying that tougher rules are needed to protect children from exploitation, child safety advocate Rosalind Prober of Beyond Borders, wants Canada to pass new legislation requiring ISPs to collect and retain information on subscribers who access child pornography. The Canadian Association of Internet Providers says that most ISPs already take steps to block access to Web sites with such content, and that the industry is working to bring all providers in line with the practice. Prober says ISPs fear being sued by customers if their identities are turned over to authorities. [Source]

CA – Ontario Becomes First Canadian Jurisdiction With Credit Alert Legislation

The Ontario government has given consumers the ability to place an alert on their personal credit file. As of January 1, 2008, Ontario’s new credit alert requirements ensure that lenders who receive information from a consumer’s file will be told if there is an alert in place. Once informed of the alert, they must take action to verify the identity of the person before proceeding with transactions. Ontarians can direct a credit reporting agency to place a credit alert on their files for a nominal charge. The Consumer Protection Branch of the Ministry of Government and Consumer Services will continue to monitor reporting agencies’ compliance with all aspects of the Consumer Reporting Act. [Source] [Ontario Consumer Protection website at ontario.ca/consumerprotection]

US – Mayor Bloomberg Proposes DNA Data Bank

New York City Mayor Michael Bloomberg’s proposed DNA data bank, which would amass the genetic signatures of virtually all criminal suspects, goes well beyond current standard practice of cataloguing the DNA only of those convicted of felonies. The proposal, made during Bloomberg’s “State of the City” address, is fraught with problems. With more than 375,000 felony and misdemeanour arrests last year alone, the program would likely overwhelm the police, while the privacy implications would draw challenges from privacy advocates and civil libertarians. [Source] See also: [Project to Map DNA of 1,000 People]

CA – Doctors’ Billing Firm Passes Test on Privacy: IPC Report

The Ontario Information and Privacy Commissioner’s office says it is satisfied with steps taken by a private sector company that helps doctors collect billings from patients. The investigation into Healthscreen Solutions, which was under scrutiny for failing to disclose its involvement in doctor billings to up to 2 million Ontario patients, has ended. [Source] [IPC Report] See also: [Digital Health Records Increase Privacy Risk]

WW – Potentially the Biggest Privacy Breach at Myspace To Date

A 17-gigabyte file purporting to contain more than half a million images lifted from private MySpace profiles has shown up on BitTorrent, potentially making it the biggest privacy breach yet on the top social networking site. The creator of the file says he compiled the photos earlier this month using the MySpace security hole, still unacknowledged by the News Corporation-owned site, allowed voyeurs to peek inside the photo galleries of some MySpace users who had set their profiles to “private,” despite MySpace’s assurances that such images could only be seen by people on a user’s friends’ list. “I think the greatest motivator was simply to prove that it could be done,” said file creator “DMaul” in an e-mail interview. “I made it public that I was saving these images. However, I am certain there are mischievous individuals using these hacks for nefarious purposes.” The MySpace hole surfaced last fall, and it was quickly seized upon by the self-described pedophiles and ordinary voyeurs who used it, among other things, to target 14- and 15-year-old users who’d caught their eye online. A YouTube video showed how to use the bug to retrieve private profile photos. The bug also spawned a number of ad-supported sites that made it easy to retrieve photos. One such site reported more than 77,000 queries before MySpace closed the hole last Friday following Wired News’ report. [Source]

US – Credit Issuer Says Data Lost For 650,000 Customers

Credit card issuer GE Money said that a computer tape containing personal data of 650,000 customers of about 230 retailers including J.C. Penney is missing. A spokesman for the General Electric unit said a backup computer tape being stored at a facility operated by Iron Mountain, an information protection and storage company, had been lost. He added that Social Security numbers of about 150,000 people were also included on the tape. [CNET]

US – Ministry of Defence Loses Recruit Info on 600,000

A laptop computer belonging to the Ministry of Defence and containing personal information on 600,000 potential armed forces recruits was stolen from a Royal Navy officer. The information commissioner, Richard Thomas, has demanded assurances from the MoD that it is improving data security following the theft. [Source] [Guardian] See also: [UK: Laptops containing protected data banned from leaving public sector offices]

CA – Newfoundland Government Suffers Second Data Breach

For the second time in as many months, private information from a Newfoundland and Labrador agency has been exposed over the internet. In late November, the provincial government disclosed that lab test results had leaked out after an external consultant removed a computer from the Provincial Public Health Laboratory and then installed a file-sharing program. In the new instance, data from the Workplace Health, Safety and Compensation Commission may have been exposed, as well as justice department files related to occupational health and safety. [CBC]

US – Personal Data of 38,000 Georgetown University Students, Faculty Stolen

A hard drive containing the SSNs of nearly 40,000 Georgetown students, alumni, faculty and staff was reported stolen from the office of Student Affairs on Jan. 3, potentially exposing thousands of students to identity theft. The external hard drive was used to back up a computer that contained billing information for various student services, including activities fees and student health insurance. [Source]

US – New Jersey Wants Investigation After Blue Cross Breach

New Jersey state legislators have called for a formal inquiry into a data breach at Horizon Blue Cross in which the personal information of 300,000 individuals was compromised. Horizon Blue Cross began notifying its members this week after reporting the theft of a laptop computer from an employee’s home in Newark. Information on the laptop, which Horizon says was taken in violation of company protocol, was not encrypted. The company has not provided details of the kind of information affected other than to say it included names, addresses and SSNs. [Source]

US – Stolen HMO Laptop Contained PII

A stolen laptop computer belonging to Massachusetts-based Fallon Community Health Plan (FCHP) contained the personally identifiable information of as many as 30,000 of the HMO’s subscribers, the Worcester Telegram & Gazette reports. The types of compromised PII includes names, Social Security numbers and dates of birth, but not financial information, and was not protected by passwords or encryption, the HMO said. The computer had been transferred to an unidentified data analysis firm working to ensure Medicaid claims were being processed properly when the theft occurred. FCHP has notified the subscribers affected by the breach, offered to pay for one year of credit monitoring, and is working with law enforcement to investigate the theft. [Source]

CA – Discussion Paper: Role of Identity in Society and Related Privacy Issues

Identity issues are poorly understood by all but a relatively small community of experts, and this is having an impact on how Canadians react to proposals for increased security measures, notes Privacy Commissioner Jennifer Stoddart. The Commissioner this week released Identity, Privacy and the Need of Others to Know Who You Are, a discussion paper that hopes to inform Canadians about the role of identity in society and the privacy issues related to identity. The paper describes the core concepts of identity, including identification, authentication, attributes, common identifiers and tokens. With this information, Canadians can begin to evaluate critical issues that will affect their lives - such as a proposal for a national identification card. [Source] [Paper]

CA – Edmonton Women Charged for Having 30,000 Fake IDs

Edmonton police have arrested a pair of 26-year-old women in connection with a massive credit card and fraud scheme where the women allegedly stole mail and pieces of identification, and obtained more than 30,000 credit card files from across the country. [Source]

CA – Canadian Privacy Commissioner Warns Against Copyright Reform

Canada’s privacy commissioner, Jennifer Stoddart, is expressing her concerns over digital rights management to her colleagues in the Canadian government. Because DRM has been used to collect personal information and transmit that data to the copyright owner - as happened with Sony BMG - Stoddart is wary of pending legislation that would protect DRM. Such a copyright reform bill has been offered by Jim Prentice, Canadian Minister of Industry, prompting Stoddart’s response. Prentice’s bill is opposed by law professor Michael Geist. [Toronto Star]

EU – Data Regulator Says Net Addresses Are Personal Information

The head of the EU’s group of data privacy regulators said yesterday that IP addresses should generally be regarded as personal information. Germany’s data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google, Yahoo, Microsoft, and others comply with EU privacy law. His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is. [Source] [EU debates privacy of IP numbers] [EU Statement]

EU – Swiss Data Protection Commissioner Warns Against Tracking File Sharers

Switzerland has warned a company that tracks file sharers for copyright violations that its tactics violate the country’s telecommunication law. Logistep, which supplies information on suspected file sharers to law firms around the world for use in copyright violation cases, has until Feb. 9 to respond to the Federal Data Protection and Information Commissioner (FDPIC), said Marc Schaefer, the agency’s legal advisor. [InfoWorld] See also: [FCC Seeks Comments Regarding Comcast P2P Practices]

WW – Realplayer Labeled As ‘Badware’

An industry-academia group designed to raise public awareness about software that violates fair information and privacy practices has labeled recent versions of RealPlayer video streaming software as “badware,” charging that the software surreptitiously installs pop-up ad serving software as well as the Rhapsody media player engine. Stopbadware.org issued an alert about two software titles from RealNetworks - RealPlayer 10.5 and RealPlayer 11, saying each violated the group’s badware guidelines. [Washington Post]

UK – Information Commissioner’s Office Investigates Facebook

The BBC reports that the Information Commissioner’s Office will look into complaints by former Facebook users who said they were unable to entirely delete their profiles after quitting the social networking utility. Some worry that, because some personal information remains on Facebook’s computers, the company may use the information without consent. Facebook says it believes it is in full compliance with UK privacy law, but that it is taking the ICO’s inquiry seriously and will cooperate with the office. [Source] [BBC] See also: [Your boss could own your Facebook profile - If it was created in the course of business] [Facebook shrugs off privacy fears with plan for targeted advertising]

WW – 90% of Facebook Apps Have Unnecessary Access to Private Data

University of Virginia researchers have discovered that 90.7% of Facebook’s most popular applications have access to users’ private data, whether they need it or not – leaving users exposed to targeted phishing attacks and identity theft. So a UVA researcher is currently building a “privacy-by-proxy” prototype aimed at hiding a user’s private information on Facebook from these apps. [Source] [Facebook App Dev Program Is Privacy Risk] See also: [Social networking sites pose danger to law firms]

WW – Google Spars with European Lawmakers Over Privacy

Internet search and advertising giant Google is on the offensive following an investigation by European Union regulators into the privacy implications of the company’s pending merger with ad tracking company DoubleClick. The merger, already approved by the U.S. Federal Trade Commission, is now being challenged in Europe on the grounds that Internet-related privacy issues are too pervasive to be ignored. Google says its critics are merely shopping their argument in Europe after losing in the U.S. Dutch parliamentarian Sophie in ‘t Veld says for one company to have so much data about individuals is a competitive consideration. [Source] [EU Likely To OK GoogleClick]

WW – Privacy Advocates Sound Alarms Over Microsoft’s Bid to Buy Yahoo

The mere specter of a merger between Microsoft Corp. and Yahoo Inc. is sounding alarms among some privacy advocates, who say that any union of the two companies should be permitted only after a thorough investigation of how it would affect online privacy. The privacy-related concerns raised after Microsoft announced its $44.6 billion offer for Yahoo are similar to the ones that have been voiced in connection with Google’s planned purchase of online ad-serving vendor DoubleClick Inc. In both cases, the concerns center on the possibility of vast amounts of consumer tracking information being consolidated in the hands of a single vendor. [Source] See also:

US – Company Collects, Sells Payroll Data

Payroll data for more than 46 million American workers - one-third of the U.S. workforce - is collected each month by a little known organization called The Work Number, part of credit monitoring firm Equifax. The Work Number warehouses salary, Social Security numbers, and job title information and sells the information to employers and lenders conducting background checks. The Work Number says it maintains rigid security and strict procedures to protect the data, but others charge that the type and volume of information the company collects creates a high risk profile. [Source]

US – Groups Claim Ask.com’s Eraser Not as Advertised

A number of privacy watchdog groups have complained to the FTC that the AskEraser feature of Ask.com, which is supposed to facilitate anonymous use of the company’s search engine, does not function as advertised. Worse, EPIC, one of the groups participating in the complaint, says the product can actually be used to track user activity and provide behavioral data to advertisers, such as Google. Ironically, Ask.com developed the anonymization tool in an effort to claim a privacy leadership position among search engine companies. [Source] [Complaint] [Dec 20 letter] [Jan 23 letter] [Ask.com Responds To AskEraser Critics]

AU – New Push for Aussie Data Breach Law

Computerworld Australia reports that Privacy Commissioner Karen Curtis is pushing for Australia to draft and pass a data breach law. While Australian companies deal with an increasing number of breaches affecting consumers, there is no law requiring notice. Curtis says the lack of a notice law means Australian companies lack the incentive of public pressure to address the issue of lax data protection expeditiously. “While reporting would need to be proportional to the severity of the breach, it would provide organisations with a strong market incentive to adequately secure their databases,” Curtis said. [Source]

US – HP, Intuit & AOL Named 3 Most Trusted Companies by Ponemon, TRUSTe

TRUSTe, in conjunction with the Ponemon Institute, have announced that HP, Intuit and AOL have been honored as the Most Trusted Companies for Privacy for 2007. The winners were announced on Tuesday evening, January 29, in Washington DC at the Congressional Internet Caucus faculty reception. The award is designed to celebrate the companies who take active measures to protect and inform their consumers and to encourage a safer online ecosystem. [Source] [Report]

CA – Ontario Privacy Commissioner Backs RFID In Health Care

The Ontario Information Privacy Commissioner Ann Cavoukian, in association with computer maker Hewlett-Packard (Canada), released a new guide designed to help health care professionals understand the benefits and privacy concerns of RFID technology and how its electronic tagging and tracking properties can help make their administrative lives easier while saving lives. The joint whitepaper entitled “RFID and Privacy: Guidance for Health-Care Providers” deals with the implications of employing the tags when they are used to track people, things and things associated with people. [Source] [Source] [Paper]

CA – Is the City of Toronto Using RFID to Track Your Recycling Habits?

Video report on Toronto’s new recycling bins. The spokesman talks about how the City of Toronto’s new recycling bins contain a bar code - that, “...allows us to tie a particular bin to a particular address.” “They also contain an RFID tag.” Reporter asks him to elaborate - he glances off camera and says “I’m not sure I’m supposed to, but I will anyway”. Goes on to explain that the recycling bin contains an RFID tag in the handle that can be read by various instruments. “It gives us a tool to manage the bins and see how well we’re doing in terms of recycling. We know on a particular street how many bins are put out at a particular time - that kind of stuff. That information is built into the cart.” [Source]

WW – Where Do Data Leaks Start? Check the IT Dept

Tech folks concerned about their companies’ ability to secure information need to look closely in the mirror. According to a recent study by Orthus, a security consultancy, the biggest source of all data leaks are, yes, IT departments. The London-based company evaluated more than 100,000 hours of user activity and identified the ways that users accessed, processed, stored and transmitted sensitive corporate information, including personal information, financial information and intellectual property. The evaluation identified which users were removing sensitive data, where they worked and exactly how and when it was removed. The research identified if and when sensitive information was sent or copied to an unauthorized device (such as a PDA, MP3 player, USB flash drive or mobile phone) or if it was uploaded or transferred through an unauthorized application (for instance, IM or social networking sites). IT personnel were responsible for an overwhelming 30% of all incidents of data leakage identified during the research. So it’s disconcerting that those entrusted with keeping information secure seem least likely to follow security best practices. [Source] [In Pictures - Worst CyberSecurity Meltdowns]

AU – Privacy Commissioner Urges Risk Assessments

Karen Curtis, Australia’s privacy commissioner, is urging all government and private organizations to conduct immediate privacy risk assessments to determine if the kinds of data stored on computers requires encryption and other protections under the country’s Privacy Act. “The risk assessment should also consider whether and in what circumstances personal information is permitted to be removed from the office, be it in electronic form or not,” Curtis said. [Source]

WW – High [Privacy] Price Looms for High-Tech Habits: Deloitte Report

Although the rate of technological change will slow, people will realize the implications of the radical shifts of the last year. So says Deloitte in its annual forecast of media, technology and telecommunications. And many of these implications are negative, especially with privacy, accessibility and the environment. [Source]

UK – ID Card Scheme Put Off Until After Election

A compulsory identity card system for British citizens looks as if it will be deferred beyond the next election, according to documents leaked to the Conservatives. As recently as December the Home Office said the ID card system for UK citizens would be phased-in on a voluntary basis from 2009, but a national identity strategy paper, marked restricted, clearly shows the UK-citizens phase of the scheme will now not start until 2012. A voluntary scheme is due be introduced for those renewing passports from 2009. [Source]

US – Secret Directive Gives NSA Snoop Power Over Fed Networks

President George W. Bush earlier this month signed a directive that grants broad surveillance power over federal network communications to federal intelligence agencies. Contents of the directive are classified, but the Washington Post says the NSA specifically has been granted authority to monitor communications across all government networks to detect attempts to access information. Cyber attacks on networks operated by the State Department, Defense Department, DHS, Commerce Department and others have increased over the past 18 months, according to U.S. officials. [Source] See [Bruce Schneier: Opinion: What Our Top Spy Doesn’t Get: Security and Privacy Aren’t Opposites]

US – Congress Passes 15-Day Extension of Surveillance Law

The House and Senate this week approved a 15-day extension of an expiring intelligence surveillance law and the White House backed off a threatened veto, allowing more time to resolve a dispute over the administration’s proposal to immunize telephone companies from lawsuits stemming from their cooperation with warrantless wiretaps. [Source]

UK – Security Cameras Cannot Record Voice

According to Out-Law.com, the Information Commissioner’s Office has stated that, except in rare instances, operators of video surveillance cameras must not record conversations. The directive states that, “CCTV must not be used to record conversations between members of the public as this is highly intrusive and unlikely to be justified. You should choose a system without this facility if possible. If your system comes equipped with a sound recording facility then you should turn this off or disable it in some other way.” The UK has about 4.5 million surveillance cameras in operation, more than any other country. It is estimated that the average British citizen is captured by surveillance cameras 300 times per day. [Source] [Code of Practice]

UK – Phones Tapped at the Rate of 1,000 a Day

British Councils, police and intelligence services are tapping and intercepting the phone calls, emails and letters of hundreds of thousands of people every year, an official report said. Those being bugged include people suspected of illegal fly-tipping as councils use little known powers to carry out increasingly sophisticated surveillance to catch offenders. The report, by Sir Paul Kennedy, the Interception of Communications Commissioner, has fuelled fears that Britain is becoming a state where private communications are routinely monitored. It also found that more than 1,000 of the bugging operations were flawed. In some cases, the phones of innocent people were tapped simply because of administrative errors. The report shows that in the last nine months of 2006, there were 253,557 applications to intercept private communications under surveillance laws. It is understood that most were approved. In that period 122 local authorities sought to obtain people’s private communications in more than 1,600 cases. Councils are among more than 600 public bodies with the power to monitor people’s private communications. Sir Paul, a senior judge with access to secret intelligence material, also reported 1,088 incidents where public bodies broke the rules on surveillance operations. His report covers interception activities over a total of 264 days, during which time new applications for interception were made at a rate of 960 each day. A total of 653 state bodies - including 474 councils - have the power to intercept private communications. [Source] [Source]

UK – Watchdog Sides With Mi5 to Reject Phone-Tap Evidence

The prospect of phone-tap evidence being used in a UK court, an issue at the heart of the dispute over proposed anti-terrorism measures, received a blow this week when the prime minister’s eavesdropping watchdog opposed the idea. Sir Paul Kennedy, an appeal court judge who monitors communications intercepts, said in his first official report that he was firmly of the opinion that the benefits of any change in the law in intercept evidence are heavily outweighed by the disadvantages. [Guardian]

US – Court Bars Company from Selling Phone Records Online

A U.S. court in Wyoming has ordered a Web-based information broker to stop selling telephone records without owners’ consent and to turn over nearly $200,000 in profits from the operation, the U.S. FTC announced today. Vendors working with AccuSearch, which does business as Abika.com, and owner Jay Patel used “false pretenses, fraudulent statements, fraudulent or stolen documents or other misrepresentations” to induce telecommunications carriers to disclose the confidential records, the FTC said in a news release. The FTC accused the company of using outside vendors that obtained phone records through illegal means. Abika.com has argued that it simply provided a search engine where customers seeking information could connect to “researchers.” [Source] [Source]

US – Directory of Cell Phone Numbers Raises Concerns

Consumers, wireless carriers, politicians and privacy advocates have expressed concern over an online database of cellular telephone numbers made available by Intelius. More than 90 million private cell phone numbers are contained within the directory, and each is available for sale. Verizon Wireless, an opponent of mobile phone number directories when the industry proposed the idea a few years ago, said it would pursue litigation and any other means necessary to protect its customers and prevent Intelius from continuing the practice. Intelius says it built its database by obtaining publicly available information. [Source]

EU – New Data Collection and Storage Rules for Irish ISPs

The Irish Times reports that new rules dictating the collection and storage of email, instant messaging, and log-on/log-off data of Irish citizens must go into effect within a month. The directive to Internet service providers was issued by the Department of Justice as a result of a new European Union data retention rule. The data, which does not include content, but IP addresses of senders and recipients of messages transmitted via the Internet, the size of messages and files transmitted, and the date and time of the transmission, must be retained for three years. [Source] See also: [EU Supreme Court: not compulsory for ISPs to disclose their customers’ names in civil lawsuits]

US – Travelers, Politicians Say Terror Watch List Redress Ineffective

The system established by the federal government to assist travelers whose names erroneously appear on terror watch lists is not working, say travelers and members of congress. The Traveler Redress Inquiry Program operated by the Department of Homeland Security was established a year ago to address issues of identity for those with names, such as John Thompson and James Wilson that match names from among the more than 700,000 names contained on the lists. Those seeking to be removed from the terror watch list report a difficult process and no change on subsequent flights. [Source]

US – OMB to Review Federal Agency FISMA Compliance Records

The Office of Management and Budget (OMB) plans this year to begin reviewing the privacy compliance records of federal agencies under the Federal Information Security Management Act (FISMA). Agencies will be required to submit records pertaining to the types of privacy reviews performed, what recommendations were made by senior privacy officials, and actions taken on privacy complaints received. [Source]

US – NY Legislation Targets Online Predators

New York sex offenders would be required to reveal their online aliases to the state under legislation that aims to protect users of MySpace, FaceBook, and other Web hangouts from Internet predators. The identities would then be shared with social-networking sites, according to the bill written by Attorney General Andrew Cuomo’s office. [Source] See also: [Mo Governor Urges Lawmakers To Pass Net Harassment Protections] and also [Police Urge Internet Providers to Report Online Child Abuse]

--------