EU – Biometrics Are Not Reliable, Says EU Data Protection Expert

The EU data protection supervisor Peter Hustinx has criticised the use of biometrics as unique identifiers for European citizens, saying fingerprint or DNA identifications can be inaccurate. In a report last week, Hustinx said that recent proposals to interconnect important EU data bases - notably to identify suspects in the fight against terrorism - raises a number of questions in relation to data protection. The data supervisor discourages the use of biometric data, such as fingerprints - or perhaps even DNA - as a unique identification key. “It is regrettable that the protection of personal data has not been explored sufficiently as an inherent part of the improvement of the interoperability of relevant systems,” said Mr Hustinx. [Source] [EDPS Press Release] [EDPS Report]

JP – Foreigners’ Fingerprints Will Be Kept 70-80 Years

The Justice Ministry plans to keep foreigners’ fingerprints on file for as long as they live, officials said last week. As part of the ministry’s plan to fingerprint all foreigners aged 16 or older when they enter Japan, The records would be kept 70-80 years. [Source]

CA – Canada to Get Access To Swiss Flight Data

Swiss airlines flying to Canada will have to hand over passenger data to the Canadian authorities - the second deal of this kind after the United States. The move comes after Switzerland and Canada signed a memorandum of understanding on the transfer of passenger information last week. According to a Swiss Federal Civil Aviation Office statement, the agreement covers 25 types of information, including a person’s name, nationality, passport number and travel ticket data. Left out are “sensitive” details such as religious or political beliefs, medical information and dietary preferences, it said. [Source]

CA – Study: Canadians Divided On No-Fly Lists

Before drafting a “no-fly list” of banned airline passengers, the government must think carefully about how and why people land on the roster, a federal study carried out by Ekos warns. The internal report, prepared for the Transport Department based on focus group research, says Canadians are divided - though leaning toward supportive - about a list to bar suspected terrorists and other potentially dangerous people from flying. “Reactions range from complete opposition based on concerns for civil rights, to strong support based on personal and perceived Canadian interests (i.e. to be safeguarded from terrorism),” says the study. [Source]

CA – Info Watchdog Wants To Stay On The Job

Information Commissioner John Reid says he wants the Harper government to again extend his term so he can help usher in the Conservatives’ proposed changes to the federal information law. Mr. Reid’s second extension ends March 31. With the Conservatives poised to implement their promised federal accountability legislation and overhaul the information law, Mr. Reid says he wants to remain on the job for another year or 18 months to see it through. The former Trudeau-era cabinet minister says the modernization of the act would be a perfect way to end his term. As an MP, he had advocated for public access to government-held records and led a drive that resulted in the first Access to Information Act. “It would be kind of nice to cap off my career by being around for the amendments,” he said. “If it’s appropriate, I’d like to stay, but if not, I’m happy to go.” [Source]

CA – Privacy Laws Do Not Prevent Use of Surveillance, Federal Office Rules

A recent ruling by the Office of the Privacy Commissioner of Canada clarified that restrictions under the Personal Information Protection and Electronic Documents Act “do not prevent a litigant from conducting relevant surveillance on an opposing party in a lawsuit,” says law firm Ogilvy Renault. The case at issue involved a woman who was in a car crash and sued the driver of the other vehicle, claiming her injuries prevented her from performing domestic duties. [Source]

US – Survey: Americans Worry About Security of Their Personal Data

The Financial Services Forum, a group funded by financial institutions and headed by former Commerce Secretary Don Evans, released a poll found 71% of respondents have some concern about the security of their personal data. The poll of 1,000 adults nationwide also found that 63% favor congressional efforts to create a single national standard to protect sensitive data. The poll also showed that consumers overwhelmingly agree that their banks are adequately protecting their personal information. [Source]

WW – Study: Subscription Rates Increase When Default Boxes Are Pre-Checked

According to a Washington Post columnist notes that a study conducted by Eric Johnson at Columbia University’s Business School has shown that subscription rates increase by a 2-to-1 factor when the box the end of online order pages is already checked for a user. [Source]

WW – ITU Wants Codes of Conduct for Tackling Global Spam

A report from the International Telecommunication Union (ITU) on the spam issue considers that a more effective approach would be to require the establishment of enforceable codes of conduct by Internet service providers, but at the same time promoting anti-spam legislation in all the countries in the world. [Source] [Trends in Telecommunication Reform 2006: Regulating in the broadband world]

US – Minnesota AG Says Drivers License Data Sales Makes State Target For ID Theft

Minnesota is a prime target for identity theft crimes, because of its lax policies in selling driver’s license data, Attorney General Mike Hatch said Wednesday. Hatch held news conferences around the state about the privacy legislation he has championed in the Legislature. He would like to see Minnesotans contact their legislators to urge them to pass the legislation. “We have a huge identity theft problem in this state,” Hatch said. That’s partly because the state Department of Public Safety sells driver’s license information to a variety of Web sites which re-sell it online. Only six other states allow similar sales of such information about their residents. [Source] [Source]

CA – Canadian Database Project to Sort Out Census Secrets

A national project to understand Canada’s development by digitizing census data has turned researchers across the country into a team of teleworkers. Led by the University of Ottawa, the Canadian Century Research Infrastructure (CCRI) is using IBM’s DB2 relational database to correlate census records from 1871 onwards. The objective is to track demographic, social, political and cultural changes that led Canada to evolve from a British colony to a player on the world stage. Once completed, the CCRI’s work will be available in a series of “research data centres” to be used by various universities, said Dr. Chad Gaffield, CCRI’s principal investigator at the U of O. The real goal, however, will be to get information about Canada’s development into public policy debates, he said, so that legislators will be able to make the most evidence-based decisions possible. [Source]

US – Survey Shows Americans Worry About Security of Their Personal Data

The Financial Services Forum, a group funded by financial institutions and headed by a former Commerce Secretary, released a poll that found 71% of respondents have some concern about the security of their personal data. The poll of 1,000 adults nationwide also found that 63% favor congressional efforts to create a single national standard to protect sensitive data. The poll also showed that consumers overwhelmingly agree that their banks are adequately protecting their personal information. [Source]

HK – Survey: Most Ignore Web Privacy Data

More than 60 % of young internet users do not read privacy policy statements when surfing websites despite showing a high awareness of guarding their personal information, according to a survey. The 1,002 respondents aged between 15 and 29 were interviewed in a study conducted by the Hong Kong Office of the Privacy Commissioner for Personal Data. The findings showed that 95% of the respondents used the internet but that only 27% of them were willing to provide personal data and only 12% would give out their identity card number. [Source]

WW – Visa Warns Software May Store Customer Data

A popular software that retailers use to control debit-card transactions may inadvertently store sensitive customer information, including PIN codes, says Visa. [Source]

US – IRS Plans to Allow Preparers to Sell Data

The IRS is quietly moving to loosen the once-inviolable privacy of federal income-tax returns. If it succeeds, accountants and other tax-return preparers will be able to sell information from individual returns - or even entire returns - to marketers and data brokers. Critics call the changes a dangerous breach in personal and financial privacy. They say the requirement for signed consent would prove meaningless for many taxpayers, especially those hurriedly reviewing stacks of documents before a filing deadline. [Source] [Sale of Data by Tax Preparers Draws Protests]

US – Company Launches New Credit-Monitoring Services

Scott Mitic, cofounder of TrustedID, says his company offers services to consumers who want to proactively protect against ID theft. Critics question whether the company has adequate security to protect the personal information customers turn over to the company. TrustedID has hired a lobbyist to push for a federal law that would give consumers in all states the power to seek a credit freeze. The company joins a growing list of businesses offering consumers ID theft protection. [Source]

US – California Considers Bill Limiting Access to Divorce Records

A California Assembly committee is scheduled to consider a bill this week that would require a judge overseeing a divorce to redact the couple’s financial information from court records, if one of the spouses requests it. [Source]

UK – Civil Rights Group Slams DNA Data Call

A Scottish civil rights group has challenged plans by a Glasgow MSP to have the DNA of innocent people retained on a police database. GeneWatch told the Scottish Parliament’s Justice 2 Committee Paul Martin’s proposals would mean the information could be misused. [Source]

US – New Jersey Appeals Court Upholds DNA Databanks

An appellate court ruled this week that the state’s criminal DNA base is constitutional and can be retained – and not be expunged – when an offender completes his or her sentence. [Source]

CA – EPIC Warns Alberta Government that Netcare Database Would Lure Hackers

A U.S. internet security expert is warning Alberta that its plan to move private health-care information to an online database will provide an irresistible draw for computer hackers. [Source]

AU – Privacy Consent Dispute in Australian Health Project

Mounting privacy and consent issues threaten to derail NSW Health’s long-awaited electronic health records pilot, due to start in the Hunter region this week. NSW acting privacy commissioner John Dickie met NSW Health over concerns that some aspects of the trial may be in breach of the state’s health record and information privacy law. Mr Dickie said a regulation gazetted on March 10 negated a requirement that informed consent be obtained before any patient was enrolled in a trial. [Source] [Source]

US – Federal Legislation for Database of Health Records Steeped in Privacy Worries

Privacy advocates warned a congressional subcommittee that proposed federal legislation to set up a national database of e-medical records would supersede stronger state laws that protect patients’ privacy. Florida, Georgia, North Carolina, Ohio and Texas are among the states that have tougher safeguards for protecting medical records, patient privacy advocates told lawmakers. Health care industry representatives made it clear to lawmakers that federal legislation is absolutely critical to set up a national database of medical records. [Source]

US – Fidelity Laptop With 196,000 HP Employees’ ID Stolen

A laptop computer containing the names, Social Security numbers, compensation and other information for 196,000 current and former Hewlett-Packard employees was stolen a week ago, HP confirmed this week. The employees were all participants in HP’s company-sponsored retirement plans administered by Fidelity Investments. Fidelity sent e-mails and letters overnight Tuesday to the retirement plan participants notifying them that the Fidelity laptop had been swiped. [Source] [Source]

UK – Identity Cards a ‘Present’ to Terrorists and Criminals, Spy Heroine Says

A national identity card scheme will be a “present” to terrorists, criminal gangs and foreign spies, one of Britain’s most respected former intelligence agents has told ministers. [Source]

UK – Lords Defeats ID Cards Bill for Fourth Time

A constitutional crisis is looming after peers hardened their opposition to identity cards, throwing out the controversial scheme for the fourth time. [Source] [Source] [Government slams Lords over ID card blocking tactics]

US – U.S. Ambassador: Officials Examining Border ID Cards

High-level officials in Washington are examining a U.S. security law that will require some kind of official border ID card, U.S. Ambassador David Wilkins said last week. He didn’t mention President George Bush when commenting on the contentious security measure, but indicated the issue was receiving high-profile attention. “I promise you that issue is being talked about at the highest levels in Washington,’’ said Wilkins during a luncheon hosted by the Canadian Institute of International Affairs attended by about 200 people. He didn’t say outright there were moves afoot to change the law, but indicated the United States is aware there are concerns on both sides of the border about possible trade and tourism impacts. “No one wants to impede trade or tourism,’’ Wilkins said. “That would hurt both countries.’’ [Source]

US – The Photographer vs. The Photographed: Whose Rights Prevail?

A New York State Supreme Court judge last month threw out a lawsuit filed by a New Jersey man who sued a photographer for taking a picture of him as he passed through Times Square. The man sued the photographer for exhibiting and publishing his picture without permission and for profiting from it. In a case that surprised many artists because of how far it made it through the court system, the judge ruled that the photographer’s right to artistic expression outweighed the man’s privacy rights. [Source]

WW – Watchdog Group Releases Software Report

A corporate-backed watchdog group that monitors software for deceptive and abusive practices this week named a widely used file-sharing program and three other applications as violators of its guidelines. Kazaa, which its producer Sharman Networks claims is the most popular program for sharing files over the Internet, “misleadingly advertises itself as spyware-free, does not completely remove all components during the uninstall process, interferes with computer use, and makes undisclosed modifications to other software,” according to a report from the group StopBadware.org. [Source]

WW – CDT Report Identifies Large Corporate Adware Funders

Large well-respected companies are helping to fund the virulent spread of unwanted and potentially harmful “adware” by paying for advertisements generated by those programs, a new report by CDT finds. In “Following the Money: How Advertising Dollars Encourage Nuisance and Harmful Adware and What Can be Done to Reverse the Trend,” CDT details how – through a complicated network of intermediaries – major advertisers pay to have their products and services advertised though pop-ups and other ads generated by unwanted advertising software or “adware.” The report dissects the financial relationships behind those arrangements and identifies a number of mainstream companies that advertise through one particularly unscrupulous adware distributor. [CDT Adware Report] [Press release]

US – Court Says Fliers Can’t Balk at Search

The U.S. 9^th Circuit Court of Appeals ruled that travelers who walk through the airport metal detector implicitly consent to a search of their persons and bags, and they can’t revoke that consent once the process has started. [Source] [Judgement]

US – Judge: Google Must Turn Over Some Records to Justice Department

A federal judge has ruled that Google must turn over some search-related documents to the Justice Department, who wants the records to bolster its efforts to defend an online pornography law. The records, prosecutors say, will help analyze how well web filters work to keep children away from pornography. The judge made his decision after federal prosecutors significantly reduced the scope of its initial request for documents. The judge said he planned to issue a final ruling soon that would detail exactly what information the company must turn over to the government. [Source]

US – Google Wins Ruling on Turning Over Search Queries to Government

Google won a partial victory in a battle with the government when a federal judge ruled yesterday that the company didn’t have to turn over customer search queries to the U.S. Justice Department. A U.S. District Judge in California refused to make Google give the agency 5,000 search queries as part of an effort to defend a law aimed at keeping children from accessing Internet pornography. The judge did rule Google had to comply with the U.S. demand for 50,000 Web addresses from its index of Web sites. [Source] [Source [Source]

US – Judge OKs Subpoena for Defendant’s Complete Gmail Account

What: In a lawsuit brought by the FTC, a subpoena is sent to Google for the complete contents of a Gmail account, including deleted e-mail messages. This is unrelated to the Department of Justice’s own subpoena to Google for search terms and excerpts from its search database. When: a U.S. Magistrate Judge in San Francisco ruled on Jan. 31 and March 13. Outcome: Judge grants subpoena and orders that all e-mail messages, including deleted ones, be divulged. [Source]

NZ – Plan to Tag and Number Children in a Central Database

The New Zealand Government is examining a proposal to have children tagged and numbered in a central database to stem abuse and failure at school. Personal details of every New Zealand child, including welfare and health concerns, would be entered into the database, to be shared by schools, social agencies and health authorities. It would be similar to Scottish and British initiatives, with a single ID number issued for each child, enabling authorities to be alerted to potential problems. [Source] [Source]

NZ – MP Calls for Prostitute’s Register to Be Shredded

A New Zealand MP is calling for Archives New Zealand not to preserve registers of prostitutes. “The registers must be shredded to protect the privacy of those on the list,” the MP said. “Some waffly argument about protecting our nation’s history doesn’t wash in light of the violation of privacy this action represents.” [Source]

WW – RFID Viruses? Don’t Panic, Say Experts

An Anti-Virus firm has claimed that viruses can’t be spread through RFID tags and the “sky is not falling”. British firm Sophos said that a University of Amsterdam paper was theoretical and “full of assumptions that have to be realised before it is possible to create a virus that will use RFID tags to spread”. [Source] [Source]

EU – EC Should Extend Privacy Regulations to RFID, Says Bar Code Chief

The organization which runs the bar code systems has backed the extension of EU privacy rules to cover RFID technologies. EC commissioner Viviane Reding earlier this month launched a consultation on RFID, saying that while there was a level of hysteria over the technology’s perceived threat to privacy she was prepared to extend EC privacy legislation to cover the technology. Jim Bracken, chief executive of GS1 Ireland, said RFID and its associated technologies should indeed be brought under the existing privacy regime. GS1 has administered the bar code system for 30 years and also oversees the electronic product code standards which will underpin the expected explosive growth of RFID. [Source]

CA – IBM Survey: Cybercrime Tops List of Canadian Business Concerns

IBM conducted a study that tapped 151 CIOs and other IT experts in the healthcare, financial, retail and manufacturing industries. The survey found that 95% of the executives believe that organized criminal groups are becoming more of a threat than lone hackers. The survey also found that nearly 70% of respondents said threats to corporate security are originating from within their organizations. [Source]

UK – ID Cards ‘Could Use Pin Numbers’

New national Identity Cards could come with Pin numbers to check holders’ identities, the Home Office says. Minister Andy Burnham said Pins could be used as an “intermediate” check. Anti-ID card campaigners say plans to use Pins show the cost of checking identities by fingerprints or iris scans would “bankrupt” the project. Meanwhile, the Identity Cards Bill is due to return to the House of Commons after suffering a third defeat in the House of Lords. It had previously been thought that banks, government departments and other businesses would use biometrics - including fingerprint, iris and face scans - to verify identities. [Source] [Source]

EU – EU Asks US to Declassify Air Data Rights Report

MEPs and the European commission are asking Washington to declassify a report into EU-US air data transfers and privacy rights. “We feel that our citizens have a right to know if their personal data are safe with the US authorities, if the PNR scheme is effective from a security point of view and if both parties fully comply with the undertakings in the agreement.” [Source]

US – Republican Senators Propose Law for NSA Wiretapping Oversight

Four Republican senators introduced legislation to expand congressional oversight of the Bush administration’s electronic eavesdropping program and require warrants for all surveillance after 45 days or an explanation of why a warrant isn’t appropriate. [Source] [Source]

US – NYPD Orders 505 Surveillance Cameras

Police Commissioner Ray Kelly this week unveiled an expanded, $9 million-plus plan to focus 505 state-of-the-art video cameras on 253 crime and tourist hot spots in a bid to catch crooks in the act. [Source] [Source]

UK – CCTV Code of Practice Update Due in the Summer

The UK Information Commissioner, who watches the CCTV watchers, said its updated advice for CCTV operators has been given a due date in the summer – six months late. A burgeoning of the high-tech surveillance systems that are being appointed sentinel over our public spaces has overwhelmed the authority charged with keeping them in check. The CCTV Code of Practice was originally written in 1999 when all CCTV cameras did was stick your grainy mug on a video cassette. [Source]

US – DHS Gets Another ‘F’ in Computer Security

Most federal agencies that play key roles in the war on terror are doing a dismal job of protecting their computers and information networks from hackers and viruses, according to portions of a report to be released by a key congressional oversight committee last week. The Department of Homeland Security, which is charged with setting the government’s cyber security agenda, earned a grade of F for the third straight year from the House Government Reform Committee. Other agencies whose failing marks went unchanged from 2004 include the departments of Agriculture, Defense, Energy, State, Health and Human Services, Transportation, and Veterans Affairs. [Source] [Source] [Source]

US – House Passes Bill to Override Strong State ID Theft Protection Laws

In what consumer advocates call the “worst data breach notice bill ever,” the House approved H.R.3997. Critics contend the bill:

-- establishes too high a trigger for data breach notification;

-- establishes a weak, but preemptive security freeze that only applies to victims;

-- undercuts the privacy protections of the federal Gramm Leach Bliley Act;

-- permanently preempts all state activities on financial privacy;

-- fails to even lightly regulate the activities of data brokers like ChoicePoint; and

-- expressly disallow state A-Gs from protecting their citizens from privacy invasions. [Source]

[Source]

US – Massachusetts House Passes “Black Box” Driver Privacy Bill

The Massachusetts House of Representatives has unanimously passed legislation to: require proper disclosure as to the presence and capabilities of black boxes in automobiles; give vehicle owners ownership of the information recorded by the black box. The bill must be acted on by the Senate before it can be sent to the governor for his signature. [Source]

US – Iowa Joins States Considering ‘ID Theft Passport’ To Help Victims

ID theft victims in Iowa may be able to rely on an “Identity Theft Passport” to show police or creditors. A victim would have to file a police report and then send a copy of it with a “passport” application form to the Iowa Attorney General’s Office. The bill has passed the House and is now headed to the Senate. [Source]

US – New Wisconsin Law Compels Businesses to Reveal Data Breaches

Under Wisconsin Senate Bill 164, signed into law last week by Governor Jim Doyle, businesses now are legally obligated to notify customers when their personal information has been stolen, a move that could require businesses to rethink the way they both protect information and track its use. [Source]

--------