EU – Greece: Biometric Security Systems Are Unlawful

It is illegal for companies to operate security systems that use employees’ biometric data, including fingerprints, to check who is leaving or entering a building, Greece’s privacy watchdog has ruled. In a decision made public yesterday, the Hellenic Data Protection Authority (APPD) ruled that an unnamed plastics company had illegally installed fingerprint recognition devices at its premises. The firm argued that the extra security was necessary because highly flammable materials are stored at Its factory and there is a high risk of unsupervised visitors being electrocuted. The APPD rejected these arguments and said the security system was also used to monitor when employees arrived and left work. The watchdog said the use of biometric data for this purpose is illegal. [Source]

US – DHS Exploring Minority Report-Like System

Can technology identify someone thinking about committing a terrorist attack? The Department of Homeland Security is exploring that possibility. Last month, it queried researchers about designing a system that would detect deceptive behavior by flagging physiological and behavioral cues such as heartbeat, respiration and facial expression, using thermal imaging, infrared cameras and audio and eye-tracking, among other techniques. A related program, Project Hostile Intent, is exploring the use of involuntary facial and speech signals captured on video to identify people “involved in possible malicious or deceitful acts” - before they ever commit the crime. Homeland Security officials said yesterday that research was preliminary and stressed that, if the results were ever applied in airports, ports or border crossings, they would be one of many tools used to flag someone for further questioning, rather than as a sole arbiter of criminal intent. [Source]

CA – Alberta Privacy Commissioner Likes Cancer Board’s E-records System

Alberta’s privacy commissioner is giving thumbs up to the Alberta Cancer Board’s advancements in electronic reporting in health care. The new system which allows surgeons to immediately go online and fill in a survey style report to make comments was submitted to Frank Work for an evaluation of it’s commitment to patient privacy. In a release Tuesday, the privacy commission notes the Alberta web surgical medical record eliminates the need for transcription, collects only the minimum information needed to meet the program’s goals and restricts individual surgeons to access only the records of their own patients. Work says he’s very encouraged the system includes a privacy impact assessment and hopes other agencies and public bodies looking to use electronic records will learn from what the cancer board has created. [Source]

US – Google and Microsoft Plan Health Record Initiatives

Google and Microsoft, are working up their plans to improve the nation’s health care. By combining better Internet search tools, the vast resources of the Web and online personal health records, both companies are betting they can enable people to make smarter choices about their health habits and medical care. Google and Microsoft recognize the obstacles, and they concede that changing health care will take time. But the companies see the potential in attracting a large audience for health-related advertising and services. And both companies bring formidable advantages to the consumer market for such technology. Privacy concerns are another big obstacle, as both companies acknowledge. Most likely, they say, trust will build slowly, and the online records will include as much or as little personal information as users are comfortable divulging. [Source]

US – States Point Finger at Feds on Health Information Privacy

The State Alliance for e-Health is calling on the federal government to work with the states to remedy challenges in current federal statutory and regulatory requirements relating to the privacy of health information. The recommendation adopted at this week’s alliance meeting represents a turnaround of policy discussions about health information privacy as it relates to using electronic medical records on networks.[Source] Related Links: [Senators introduce stringent health records privacy bill] [Opinions divided on health info privacy] [E-health task force: Laws needed to protect interstate records exchange] [Workgroup may propose extending HIPAA to health info exchanges]

US – DOD Requires Mobile Data to Be Encrypted

The CIO for the US Department of Defense, John Grimes, has issued a memo requiring the encryption of all sensitive data stored on mobile devices. Mobile devices are defined as laptop PCs, personal digital assistants, USB thumb drives and other removable media devices such as compact discs. According to the memo, all mobile devices must be encrypted in accordance with the National Institute of Standards and Technology’s Federal Information Processing Standard 140-2. Dave Wennergren, DOD’s deputy CIO states, “The memo will help to ensure that we protect all DOD information on devices and media while outside a protected workplace” [Source]

EU – Data Protection Chief: Too Much Surveillance Threatens Privacy

Peter Schaar, Germany’s federal Data Protection Commissioner, is speaking out about the increasing invasions on personal privacy. In particular, Schaar is concerned about a plan that would allow covert online searches, which he views as “very profound encroachment(s) on the private sphere.” Chancellor Angela Merkel and Interior Minister Wolfgang Schäuble support the plan, which is part of anti-terror legislation, according to this Heise article. Schaar expressed concern about the increasing scrutiny of government and private organizations. He added that as surveillance and information gathering on individuals continues to expand, individuals need some aspect of their private lives to remain off-limits to scrutiny. [Source]

UK – House of Lords Committee: UK Needs Security Breach Notification Law

The House of Lords Science and Technology Committee is calling on the government to begin an immediate consultation on the scope of a security breach notification law. A security breach law is one of the most critical improvements the UK could undertake to improve Internet security, according to the committee. In its Personal Internet Security report, the committee said the UK could “learn from the successes and failures of the many state laws in force in the United States.” [Source]

EU – European Union Sponsors Global Malware Study

The European Union is to sponsor a global study into malware with the aim of finding out more about its sources around the world. The project, called the Worldwide Observatory of Malicious Behaviour and Attack Tools (WOMBAT), will last for three years and has been given a grant of US$7.1 million by the European Union and various corporate sponsors. The goal of the project is to correlate data relating to malware from various sources and researchers, and analyse it to spot trends that might indicate the source of malware and how it proliferates. [Source] [Source]

US – U.S. Consumers Suffer $7 Billion Price Tag for Viruses, Phishing

Online consumers face a 25% chance of becoming a victim of cybercrime, according to a recently released study by Consumer Reports. The survey of 2,000 households with Internet access also found that 38% of those questioned had suffered from a computer virus. The study indicated that phishing attacks on average cost U.S. households $200 per incident. Over the past two years, viruses, spyware and phishing have cost U.S. consumers $7 billion, according to InformationWeek coverage of the State of the Net survey [Source] [Consumer Reports State of the Net Survey]

US – FOIA Docs: Soldiers Rarely Blog Information that Threatens Military Operations

According to documents released to the Electronic Frontier Foundation (EFF) by the Army and Defense Department, soldier journalists post far less information that could harm military operations than official .mil websites do. These documents call into question the need for new restrictions on soldiers' online speech, which some critics say will cause military bloggers to cut back on their posts or shut down their sites altogether. [Source]

EU – Ireland Minister to Press Ahead with DNA Database

JUSTICE Minister Brian Lenihan is pressing ahead with plans to set up a national DNA database, despite concerns it is a threat to human rights. Mr Lenihan is going to examine the views of the official human rights watchdog as he finalises his plans for the database. The Irish Human Rights Commission (IHRC) says the proposal is an unacceptable invasion of the right to privacy. It says the Government’s proposals fall short of European and international standards and need further safeguards to avoid potential miscarriages of justice. Genetic identities of hundreds of thousands of people will be stored indefinitely on the database. [Source]

CA – PEI: Cabbie Wins Right to Private Medical Records

P.E.I.’s privacy commissioner has ruled in favour of a taxi driver who sought to keep his medical records private from government regulators. The ruling by the privacy commissioner could affect anyone who drives professionally. Currently people who drive buses, trucks or taxis not only need a doctor to say they’re fit for the road, they also have to sign a waiver that gives the government access to their medical records. Charlottetown taxi driver Neil Harpham thought that went too far, so he filed a complaint with the privacy commissioner and won his case. The privacy commissioner ruled that demanding blanket access to a person’s medical records was too intrusive. [Source]

UK – Police Database Containing Terrorist Evidence Stolen

Police in the United Kingdom are investigating the theft of a server containing a database of highly confidential mobile phone records used by the police in investigating crimes relating to terrorist and organised criminal gangs. The server was stolen from the offices of a private company, Forensic Telecommunications Services (FTS), whose clients include Scotland Yard, The Police Service of Northern Ireland, HM Revenue and Customs and the Crown Prosecution Service. FTS reported a break in at their offices over the weekend which resulted in pieces of IT equipment, including the server, being stolen. [Source] [Source] [Source] [Source]

NO – Hackers in Huge ID Heist In Norway

Hackers have stolen confidential data on 60,000 Norwegians, including the head of the responsible agency for safeguarding them. The hackers used a weakness on the Web site of the telecoms company Tele2 to procure the national personal identity numbers and addresses of subscribers, amounting to 1.3 per cent of the country’s population. [Source]

US – Residents Find Boxes of Medical, Payroll Records Near Bankrupt Hospital

Hundreds of boxes of abandoned medical and payroll records have been found in a vacant dealership near the bankrupt Greater Detroit Hospital, according to an article in the Detroit Free Press. The records contain credit card and Social Security numbers. The Michigan Department of Community Health is investigating the incident. [Source] See also: [Pfizer Reports Second Data Breach In Two Months]

UK – U.K. Tories Caution Against ‘Costly White Elephant’ (National ID Card)

The U.K.’s Conservative Party has reiterated that it will scrap the government’s ₤5.3 billion ID cards scheme as ministers announced that the delayed procurement for the program had finally begun. A tender notice for the National Identity Scheme (NIS) strategic supplier framework has now been published, covering most of the scheme’s requirements. But speaking after the announcement, shadow home secretary David Davis, said: “This project will do nothing to improve our security. In fact independent experts like Microsoft and the London School of Economics have pointed out that it could well make our security worse while costing the tax payer 20 billion pounds in the process. “This is why we have written to the cabinet secretary and the major companies likely to be involved in the bidding process putting them on formal notice that the Conservatives would scrap this costly white elephant.” [Source]

WW – Group Unveils Identity Management System

A little-known group of government contractors and public- and private-sector organizations has released a global infrastructure capable of authenticating the identity of participants within member organizations. Known as the Federation for Identity and Cross-Credentialing Systems (FiXs), the new system may be used on a global basis in local or remote locations in wireless or wired environments,. Mike Mestrovich, President of FiXs, said the “federated solution aids in privacy because there is no central database and individual data can be stored in only one (vetted) place.” The group, which was founded in 2004 and based in Fairfax, Va., counts among its members the Department of Defense (DoD), Wells Fargo, Lockheed Martin, EDS, and several others, is open to new organizations. [Source] [Source]

WW – Spock.com Hopes to Become the Google of People Searches

A new web search service has launched, but this one doesn’t provide results for the entire web-it only provides results about people. Spock.com went into public beta this week after several months of private testing and prides itself in providing the “richest people search experience on the web.” “Searching for people is one of the most important applications on the web; however, the user experience is highly fragmented and unsatisfying today,” claims the Spock CEO. That’s why the site’s sole purpose is to index and gather information about individuals and offer that data when users search for general terms such as “blogger,” “actor,” or even specific names. Spock.com allows users to manage their own “profiles” on the site by allowing them to import information from any number of places, such as LinkedIn, Friendster, and MySpace. Users can also add tags about themselves, upload pictures, and list contact information if they so choose. However, the general public can also add tags, pictures, and other information about you as well, possibly leaving the integrity of the personal profile in doubt. [Source] See also: [Astonishing! Spock Thinks You’re a Pedophile]

WW – Study Finds Facebook Users Expose Personal Info to Strangers

Some Facebook Inc. users are exposing personal information to strangers, increasing their risks of identity theft, virus attacks or other problems, according to a study to released this week. Sophos PLC, a computer-security firm, found 41% of Facebook users were willing to divulge personal information -- such as phone numbers, home addresses and email addresses – to a complete stranger. [Source] [Source] See also: [Facebook: Posting your digits online can be a call for harassment] [New identity fraud fears as Facebook secret code leaked online] and [Video Editorial: Does what happens in the Facebook stay in the Facebook?]

WW – See Who’s Editing Wikipedia - Diebold, the CIA, a Presidential Campaign?

On November 17th, 2005, an anonymous Wikipedia user deleted 15 paragraphs from an article on e-voting machine-vendor Diebold, excising an entire section critical of the company’s machines. While anonymous, such changes typically leave behind digital fingerprints offering hints about the contributor, such as the location of the computer used to make the edits. In this case, the changes came from an IP address reserved for the corporate offices of Diebold itself. And it is far from an isolated case. A new data-mining service launched Monday traces millions of Wikipedia entries to their corporate sources, and for the first time puts comprehensive data behind longstanding suspicions of manipulation, which until now have surfaced only piecemeal in investigations of specific allegations. [Source] [Wikipedia Scanner]

UK – Server with Top-Secret Data Stolen From UK Telecommunications Services

UK Based Forensic Telecommunications Services (FTS) has confirmed the theft of a computer server containing thousands of top-secret mobile phone records and evidence from undercover terrorism and organised crime investigations. The company - whose clients include Scotland Yard and the Crown Prosecution Service - has assured the public that the server is security protected, and the breach will not compromise ongoing police operations. [Source]

KR – Korean ISPs Suspected Of Massive Identity Theft

Police are investigating South Korea’s two biggest ISPs on suspicion that they broke identity theft laws on more than seven million occasions. The two companies, KT and Hanaro Telecom Inc, are suspected of signing up more than seven million customers for services without their permission, according to police sources cited by local media today. Many of the company’s internet service customers were apparently illegally signed up for additional services by telephone sales agents, who did not obtain the written consent required under law, police say. Reports say the two ISPs may have illegally signed up 7.3 million of the 10 million households and businesses in the country that rely on them for internet service. [Source]

WW – Ask.com Said to Be Most Privacy-Protective Search Engine

In the last few months, the search engine business has experienced its own version of cutthroat competition: a privacy policy war, with Google, Ask.com and Microsoft vying to outdo one another in protecting their users' personal information. But it's been difficult to make direct comparisons, in part because privacy policies tend to be written by lawyers for lawyers. So CNET News.com did some of the work for you by surveying the five leading search companies. Starting on August 6, we asked them eight questions, including how long they retain search data, how they eventually dispose of it, whether they engage in behavioral targeting, and whether they use information they have from user sign-ups to guide which ads are displayed. [Source] [Survey Results]

WW – Google Maps’ Photo Features Raises Privacy Questions

Last week, Google began expanding its Google Maps program to Southern California. The additions from Los Angeles, San Diego and some Orange County cities, as well as Houston and Orlando, expands an online service that thrilled some digital-map buffs but freaked out privacy advocates when it launched in May in the San Francisco Bay area, New York, Las Vegas, Denver and Miami. The photos can help people scout out places they plan to visit. But when Google’s camera shutters click, they capture more than buildings. Within hours of the first release, bloggers had found and posted photographs, which are often sharp enough to identify the people in them, of vulnerable moments: students sunbathing in bikinis, motorists being ticketed by police, a man walking into an adult bookstore, even a man picking his nose on a park bench. In Los Angeles, it could create a new sport: celebrity hunting on Google Maps. “It is a visual reminder of how our private spaces are really shrinking,” said Pam Dixon, executive director of the World Privacy Forum. “We’ve never had the expectation of privacy in public places, but it’s the technology that causes us to re-examine this. Computers have very long memories.” Google’s product manager for Street View said the company would take down images if it received complaints, and it offers an online feedback tool that lets user report “inappropriate” images, including ones that create personal security concerns or violate privacy. Some of the photos taken off the site showed nudity or people publicly urinating. [Source] [Smile you’re on Google Candid Camera] [Submit your favourite Google urban Image!] and [Google Maps Australia Alters Sydney Images]

AU – Australian Democrats to introduce data disclosure bill

Democrats Senator Natasha Stott Despoja will introduce to Federal Parliament this week a proposed amendment to the Federal Privacy Act that introduces data disclosure laws to Australia. Despoja gave notice of her intention to introduce The Privacy (Data Security Breach Notification) Amendment Bill 2007, which would obligate a corporation or government agency to inform individuals affected by any release of personal and financial data to unauthorised parties. Despoja said that the current privacy legislation (Privacy Act 1988) is deficient as there is no legal requirement forcing the public notification of data breaches by corporations and government agencies. The Private Senator’s Bill uses principles from the original Privacy Act to define what constitutes private information, and further defines a data breach to include “any authorised acquisition, transmission use or disclosure of personal information involving an unauthorised party”. [Source] See also: [Australian data-breach shift puts heat on NZ]

PH – Philippines National ID Plan Revived

Muntinlupa City Rep. Rozzano Rufino Biazon is reviving a proposal to create a national identification system covering Filipinos at least 18 years old. The lawmaker, son of Senator Rodolfo Biazon who is former military chief, revived the proposal in his House Bill 54. His National Identification card will contain the cardholders’ full name, residence address, date of birth, sex, height and weight, nationality and signature. [Source]

US – TJX Discloses New Breach Cost Figure

The financial impact of a security breach at TJX Cos. became more clear yesterday as the company filed its second-quarter earnings report. The company reported that breach-related costs have reached $256 million so far - more than 10 times the $25 million figure the company estimated three months ago. Avivah Litan, a Security Analyst for Gartner Inc., said this incident proves that data breaches are survivable, but they “can go right to your bottom line.” [Source]

US – Appeals Court May Let NSA Lawsuits Proceed

A federal appeals court on Wednesday appeared unwilling to end a pair of lawsuits that claim the Bush administration engaged in widespread illegal surveillance of Americans. The 9th U.S. Circuit Court of Appeals repeatedly pressed Gregory Garre, the Bush administration’s deputy solicitor general, to justify his requests to toss out the suits on grounds they could endanger national security by possibly revealing “state secrets.” [Source] [Commentary: Nation’s Soul Is at Stake in NSA Surveillance Case]

US – Maine High Court Backs Law on Driver Drug Tests

The state’s highest court upheld a Maine statute this week that mandates blood alcohol and drug testing of drivers when a motor vehicle accident results in a fatality. Chief Justice Leigh Saufley wrote that the statute itself is constitutional and that the test results are admissible in court if the state demonstrates that the defendant consented to the test or there was probable cause to believe the driver was operating under the influence of drugs or alcohol. Saufley further wrote that the state’s need to obtain information about the intoxication of drivers involved in fatal accidents has to be balanced against the privacy interest of motorists. “We conclude that the state’s interest in gathering information to assist in addressing the problem of intoxicated driving outweighs the privacy interest of drivers in the content of their blood,” he wrote. [Source]

AU – Biometrics Institute Seeks Smartcard Privacy Resolution

A plan to tackle privacy and security issues that continue to hamper the launch of the Australian Government's A$1.1 billion Access Card was released by the Biometrics Institute. Members of the Institute, which represents more than 100 biometric users, believe public acceptance of the proposed Access Card needs a boost, especially in privacy matters. In a submission to the Senate Committee examining the Access Card legislation, the Biometrics Institute has proposed a six point plan. [Source]

US – San Francisco Public Housing Cameras No Help In Homicide Arrests

The 178 video cameras that keep watch on San Francisco public housing developments have never helped police officers arrest a homicide suspect even though about a quarter of the city’s homicides occur on or near public housing property, city officials say. Nobody monitors the cameras, and the videos are seen only if police specifically request it from San Francisco Housing Authority officials. The cameras have occasionally managed to miss crimes happening in front of them because they were trained in another direction, and footage is particularly grainy at night when most crime occurs, according to police and city officials. Similar concerns have been raised about the 70 city-owned cameras located at high-crime locations around San Francisco. [Source] See [Omaha Surveillance Camera Plan Expected to Cut Crime] See also: [Ottawa Police Chief: Cameras would cut crime] and [CCTV in Montreal: 'Big Brother's' crime stopper?]

CA – Aliant Unveils Tracking Devices for Your Loved Ones

Aliant customers in Atlantic Canada can now use tracking devices to pinpoint their loved ones or employees. The company is launching four new services that use technologies like satellites and cellphone towers for instant access, providing immediate gratification but also raising privacy issues. Parents can use Seek & Find, for example, to locate their children via cellphone or PDA. The screen displays a map of their whereabouts, sometimes right down to the very spot. Users can even set up regular alerts to coincide with arrivals from work or school. A similar service called GoTrax is aimed at businesses, so employers can better manage their fleets and locate employees. Prices for the services vary, with location hits averaging 50 cents apiece. The two other services allow users to instantly order a cab anywhere in Canada and to have their vehicles tracked for roadside assistance. [Source]

CN – China Enacting a High-Tech Plan to Track People

At least 20,000 police surveillance cameras are being installed along streets in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity. Starting this month residency cards fitted with powerful computer chips programmed by the same company will be issued to citizens. Data on the chip will include not just the citizen’s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord’s phone number. Even personal reproductive history will be included, for enforcement of China’s controversial “one child” policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card. Security experts describe China’s plans as the world’s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights.[NYT Source]

US – Homeland Security Revives Air Passenger Screening Program

A proposed revamp of the U.S. Department of Homeland Security’s air passenger screening program offers improved personal privacy, but still falls short of acceptable protection standards, according to a leading privacy advocate. DHS last week announced initial plans for an overhaul of its Secure Flight program, with the agency no longer assigning risk scores to passengers or using predictive behaviour technology, DHS Secretary Michael Chertoff said. But the TSA, part of DHS, will have direct control of checking domestic passenger lists against terrorist watch lists, instead of the airlines. DHS has made progress on privacy issues, said Marc Rotenberg, executive director of EPIC. “DHS is right to focus on matching passenger names to terrorist watch lists instead of trying to predict behaviour, he said. “Instead of open-ended profiling ... the revamped Secure Flight focuses on the problem at hand,” he said. But privacy problems remain: air passengers still cannot see the reasons why they’re targeted for extensive searches or kept off flights, and they cannot correct bad information on the terrorist watch lists, he said. “The problems with the watch list are still valid and are not going away.” Chertoff defended the program. “Secure Flight will not do any harm to personal privacy,” he said. “It’s not going to rely on collecting commercial data; it’s not going to assign a risk score to passengers; it’s not going to try to predict behaviour. It’s only designed to collect a minimum amount of personal identifying information so that we can do an effective job of matching the traveler to a person whose name and identity are on a watch list.” [Source] [U.S. Considers Lowering Passenger Data Requirements] See also: [ACLU Sues TSA Official, JetBlue for Discriminating Against Passenger Wearing Arabic T-Shirt] and [US Court Says Travelers Can’t Avoid Airport Searches by leaving the airport] [Decision]

US – DHS Gives States Millions to Create Camera Surveillance Networks

The Department of Homeland Security is funneling millions of dollars to local governments nationwide for purchasing high-tech video camera networks, accelerating the rise of a “surveillance society” in which the sense of freedom that stems from being anonymous in public will be lost, privacy rights advocates warn. [Source] [Commentary: Business in a “Surveillance Society]

US – DHS Announces 14 PIAs For New Projects

A Federal Register notice reveals that DHS has announced the online availability of 14 Privacy Impact Assessments (PIAs) for new projects. The PIAs reveal efforts to upgrade immigration and travel databases. One such change unveiled by Citizenship and Immigration Services reveals an attempt to “improve efficiency of user searches, facilitate information sharing, increase the quality and accuracy of the underlying data and increase the security if the information being shared among systems,” according to one of the notices. [Source] [DHS bares upgrades to immigration, travel databases] [Federal Register Notice]

US – U.S. to Expand Domestic Use of Spy Satellites

The U.S.’s top intelligence official has greatly expanded the range of federal and local authorities who can get access to information from the nation’s vast network of spy satellites in the U.S. The decision, made three months ago by Director of National Intelligence Michael McConnell, places for the first time some of the U.S.’s most powerful intelligence-gathering tools at the disposal of domestic security officials. [Source] See also: [US police agencies push for drone sky patrols] See also:

US – NSA Spying Program Argued at Court Hearing

A U.S. appeals court agreed this week to weigh a government motion to dismiss a lawsuit alleging the National Security Agency (NSA) monitored phone lines and e-mails without a warrant, but judges asked a government lawyer tough questions over the issue. The Electronic Frontier Foundation (EFF) filed a class-action lawsuit against AT&T Inc. claiming the company violated the privacy rights of its customers when it cooperated with an NSA program of monitoring AT&T customer phone calls and e-mail traffic without warrants. Deputy Solicitor General Gregory Garre, representing the government, argued that letting the case go to trial, "would reveal the sources, methods and operational details" of government intelligence activities. [Source] [NYT: U.S. Defends Surveillance to 3 Skeptical Judges]

US – DHS Inspector General: Weak Internal Controls Put Financial Data At Risk

The integrity of the Homeland Security Department’s financial data is at increased risk because of weak information technology internal controls related to financial management systems, the DHS Office of Inspector General has said in a report. The report covers the IT management controls that support the department’s financial statement for fiscal 2006. Internal controls reduce the risk of error or fraud in financial reporting. This is not the first time the IG has pointed out these weaknesses, which were the result of DHS not prioritizing the necessary corrective actions. The department has excessive access to and inadequate logical security controls for its key financial applications and support systems, in addition to incorrect or ineffective application change control processes, the IG said in the report. [Source] See also: [IG: Some at IRS still careless with taxpayer data]

US – Congress Enacts Sweeping Changes to Federal Wiretap Laws

Congress passed the “Protect America Act of 2007,” making significant changes to the Foreign Intelligence Surveillance Act (FISA). FISA was enacted in 1978 to regulate intelligence gathering following revelations of abusive uses of covert intelligence powers. The 1978 law created a secret FISA court to oversee this intelligence gathering. The new law removes some surveillance from the limited FISA court review, allows the government to create more surveillance programs with limited review, and immunizes from lawsuits telecommunications companies who participate in these programs. These powers are temporary, as the new law expires in 6 months. [Protect America Act of 2007] [EPIC’s FISA page]

UK – ICO Launches Framework for Data Sharing Practices

The UK Information Commissioner’s Office (ICO) has launched a consultation on its new framework code of practice for sharing personal information. It published a draft version of the code on 13 August 2007, with a deadline for submissions of 1 October. The code of practice is a mechanism for organizations to ensure compliance with the Data Protection Act. An ICO spokesman said an organization may decide to “adapt the framework wholesale or use it as a way of evaluating what they already have.” [Source] [Framework]

--------