Privacy News Highlights
16–23 November 2007
Contents:
EU – Fingerprint System Fails to Identify Black-Listed Soccer Fans
US – Pay By Touch in Bankruptcy Proceedings
JP – Anger as Japan Moves to Fingerprint Foreigners
CA – Legislative review of BC's Personal Information Protection Act Begins
CA – Ann Cavoukian Named as One of Canada’s Top 100 most Powerful Women
CA – Tories Introduce Legislation to Crack Down On Identity Theft
EU – EC Report Warns Governments on E-Trust, ID Cards, and Biometrics
US – Senator Seeks to Add Privacy Amendment to Health IT Bill
US – N.H. Lawmakers Set to Consider Electronic Prescription Drug Monitoring
EU – Greece’s Privacy Watchdog Resigns Over Government Surveillance of Protest Rally
UK – Info Watchdog Raises Concern Over Privacy Impacts of Government Policies
EU – Dutch Justice Ministry Blocks Employees from Using Wikipedia
US – Report: States Making Limited Progress to Enhance Public’s Right to Know
EU – Personal Data is Not a Bar to FOI Disclosure, Rules European Court
US – Genetic Privacy Bill Stalled In Senate
EU – French Constitutional Court Approves DNA Tests for Immigrants
CA – Canadians Want Strong Protections for Health Data: Survey
CA – Ontarian’s Private Data Going to Firm Working for MDs
UK – UK Gov’t Loses Personal Data on 25 Million People, UK Families Put on Fraud Alert
UK: Department that Lost Disks Had Over 2,111 Data Breaches in the Last Year
UK – One million UK Employees Admit to Losing Confidential Data
US – US Bank’s Personal Information Breached
CA – Private Information Stolen from Civil Servant’s Home
US – Gemalto Testifies on Privacy and Security of Government ID Credentials
UK – Facebook Faces UK Data Probe
UK – Information Commissioner Issues Guidance on Social Networking Privacy
US – New Jersey Seeks Tougher Law on Online Dating Sites
TH – Thailand Set to Introduce Child Privacy Protection Law
CN – Nine In Ten Chinese Want Law to Protect Personal Information
US – Ponemon Survey Reveals Opinions on Top Presidential Privacy Contenders
US – Federal Judge: Vets Can Sue For Security Breach
US – FDA Works on Draft ID System for Medical Devices, Supplies
US – VeriChip’s VeriTrace Platform Used to Identify Human Remains
CA – Survey Finds 1/5 Execs Say Their Companies Don’t Use Anti-Virus Software
CA – Canadian Firms Admit Data Protection Challenges
WW – Database Exposure Survey 2007 Finds Unprotected Databases on the Rise
EU – EU Member States to Use New Smart-Card Resident Permit from 2010
US – No Escape from Security Cameras
US – House Passes Surveillance Bill Without Phone Companies Immunity
US – Senate Approves Identity Theft and Restitution Act
US – Newspaper Reveals Boeing’s Employee Surveillance Tactics
Dutch researchers tested the reliability of fingerprint biometrics by placing finger print scanner at three Dutch soccer stadiums for the purpose of identifying more than 6,000 “black listed” volunteers. The fingerprint system failed to spot 15–20% of those on a volunteer black-list, and was easily fooled by simple spoofing techniques. The Dutch researchers described these results as “unexpected, with serious implications for a lot of other negative identification scenarios.” [Source]
Onetime retail biometric leader Pay By Touch is involved in a Chapter 11 bankruptcy protection proceeding, after four of its employees filed an involuntary petition in Los Angeles. The company is in the process of retaining bankruptcy counsel. It is also seeking financing to cover its cash flow needs including past, present, and future payroll obligations. John Rogers, a founder of PayByTouch and the owner of 64% of the company’s stock, has filed for personal bankruptcy. Pay By Touch has raised $190 million in three rounds of funding since 2005. [Source] [Source] [Source]
Japan is to fingerprint and photograph foreigners entering the country starting November 30, in an anti-terrorism policy that is stirring anger among foreign residents and human rights activists. Anyone considered to be a terrorist -- or refusing to cooperate -- will be denied entry and deported. The checks are similar to the “US Visit” system. But Japan, unlike the U.S., will require resident foreigners as well as visitors to be fingerprinted and photographed every time they re-enter the country. There are more than two million foreigners registered as resident in Japan, of whom 40% are classed as permanent residents. The pictures and fingerprints obtained by immigration officials will be made available to police and may be shared with foreign immigration authorities and governments. The new system is being introduced as Japan campaigns to attract more tourists. [Source]
Legislative review of BC's Personal Information Protection Act gets in gear: All-party committee calls for submissions The special committee to review BC's Personal Information Protection Act (PIPA) has issued a call for written submissions. The deadline is February 12, 2008. This is the first review of BC's since it was passed in 2003. [Committee website] [Call for Submissions]
Dr. Ann Cavoukian, Ontario’s Information and Privacy Commissioner, was honoured today with an award marking her selection as one of Canada’s most powerful women. The Women’s Executive Network, in its annual list of the top 100 most powerful women in Canada, named the Commissioner as one of the honourees in the “Trailblazers and Trendsetters” category for her groundbreaking work in protecting privacy. Dr. Cavoukian, who has won a number of awards both in Canada and internationally, is recognized as one of the leading privacy experts in the world. [Source] [List of Winners]
The Canadian federal Conservative government introduced legislation this week to amend the Criminal Code to crack down on those who steal people’s identity information. If passed, the bill would give police extra tools to catch those in possession of people’s ID information before fraud has been committed. The proposed legislation would create three new offences, all carrying maximum five-year prison sentences:
Currently, using someone else’s information to commit a forgery or make fake identification is against the law. But it’s not illegal to collect, possess or traffic other people’s identity documents, such as passports, credit cards and driver’s licences, as long as the information is not used to commit a crime. [Source] [Text of bill C-27] COMMENTARY: [Privacy Commissioner comments on Government Identity Theft Measures] [Geist: Canada’s Identity Theft Bill: What It Says and What’s Missing] [CIPPIC: Feds ID theft legislation good enough, but not enough, expert says] [Vendors say Feds should enforce data encryption]
An EC-funded report has found that governments across Europe need to address the issue of trust in technology systems used by public authorities and warns that high-tech ID cards are not a panacea. ECOTEC Research and Consulting said trust and security should go hand-in-hand, and that in order for governments to achieve the right balance, a “clear pact” needed to be established with citizens. The paper argues that such transparency would foster a better relationship with citizens that in turn could improve trust among those individuals who have expressed concern over how their data is stored. The authors also highlighted what it considered to be a number of critical issues associated with the technology systems used by government, noting that there is a risk that even electronic ID cards can potentially be misused. As a result, verification in critical applications should combine card ‘possession’ with declaration of hard-to-copy information held by the person themselves; knowledge not encoded on the card; or with information that is intrinsically tied to each individual - such as biometric data.” [Source]
Sen. Patrick Leahy, D-Vt., is pushing an amendment to a Senate Health IT bill that would give patients the right to prevent third-party access to their records. The amendment also would allow patients to opt out of any electronic system and set limits regarding who may access records. The pending bill would require the notification of patients if their health data is leaked. It also would establish grants for practices to buy health IT systems and provide funding for regional and local health information exchanges. An aide for the committee handling the bill said that while there is a need to strengthen health privacy protections, adding an amendment to a bill that already enjoys bipartisan support would imperil efforts to improve healthcare access with the help of technology, reduce medical errors and lower healthcare spending. [Source]
Opponents of a New Hampshire prescription drug monitoring bill cite privacy as one of the main drawbacks of a bill that would set up an electronic database for certain classes of prescription medications. The N.H. Legislature has studied the concept for nearly two years, and a bill is expected to emerge for consideration early in the new year after approval last week in the House Health, Human Services and Elderly Affairs Committee. Supporters of the bill say that an electronic system would reduce medical errors and help to identify patients suffering from prescription drug addictions. The bill calls for an advisory council to oversee and establish the program. The advisory council would have to authority to refer potential illegal activity to law enforcement and regulators. [Source]
Citing a breach of Greece’s Data Protection Authority’s regulations, Dimitris Gourgourakis resigned Monday over the government’s use of traffic cameras to spy on protesters in Athens. The authority’s deputy head and two other members also tendered their resignations, joining Gourgourakis in protest. A debate on privacy rights in Greece has festered between the government and the authority over police use of surveillance cameras installed in 2004 for the Athens Olympic Games. [Source]
Information Commissioner Richard Thomas has provided a list to the House of Lords’ constitution committee on government policies he views as threats to data privacy rights. Thomas questioned various policies related to the national identity database, including plans to collect a record of every time an individual swipes a card through a reader. He also questioned the need for a database that would track children from birth as well as the expansion of the national DNA database. Thomas also raised red flags about plans to move toward full electronic health records. [Source]
The Dutch justice ministry is to temporarily block its 30,000 employees from using Wikipedia, the online encyclopaedia, at work after a magazine reported that ministry computers had been used to edit more than 800 entries. Intermediar said that while most of the changes were not objectionable, some involved changing the positions of political parties or the profiles of people in criminal cases. [Source]
State governments are improving their transparency practices, but many still aren’t taking full advantage of the Internet to inform the public, according to a report entitled The State of State Disclosure released this week by the Corporate Research Project of Good Jobs First. Online disclosure of economic development subsidies lags behind reporting on procurement contracts and lobbying, continued the report. “The Internet makes possible unprecedented government transparency. But many states have been slow to adopt vigorous online disclosure.” The study evaluates each state’s disclosure Web sites in terms of criteria such as ease of searching and level of detail. “We see evidence that states are improving,” said the principal author of the report. “Yet the average state gets only B- on contracts and C- on lobbying. On subsidies, the average grade is F. No state receives better than B across all categories.” [Source] [Report]
Documents containing personal data cannot be withheld under EU freedom of information laws if the disclosure of the data does not undermine the privacy of the persons named, according to a ruling by the European Court of First Instance. [Source]
Despite bipartisan approval of a genetic nondiscrimination bill in the House, the bill remains stalled in the Senate. The bill’s original sponsor, Rep. Louise Slaughter, D-N.Y., said that she believes the Senate would pass the bill if it was brought up for a vote. Slaughter first introduced the Genetic Information Nondiscrimination Act 12 years ago. The U.S. Chamber of Commerce and trade associations are opposed to the bill on the grounds that it would lead to frivolous lawsuits. [Source]
The Constitutional Council in France approved legislation to use DNA testing for immigrants, sparking a debate over privacy rights and discrimination. A special session of the Council approved legislation that would allow state-funded DNA testing to verify familial ties as a last resort in immigration cases. The use of genetic testing angered many opponents who feared it invaded rights to privacy and compared the move to French anti-Semitic discrimination measures during World War II. The court rejected an earlier provision of the bill that called for a consideration of ethnicity in immigration cases on the grounds it was unconstitutional. A dozen European countries, Australia, Canada, South Korea, and the U.S. consider results of DNA testing as part of their immigration cases. [Source] See also: [23AndMe Will Decode Your DNA for $1,000. Welcome to the Age of Genomics]
An overwhelming majority of Canadians say the government must create strong new systems to protect their personal health information, particularly as an increasing number of patient records are stored electronically, according to a survey released by Canada Health Infoway, Health Canada and the federal privacy commissioner’s office. Two-thirds of Canadians say health information is one of the most sensitive, important types of personal data that must be protected. Potential EHR benefits were acknowledged, but any electronic system should also come equipped with sufficient tools to protect the privacy of individuals. About 80% of those questioned said the government should create audit trails that would document who has access to their health information, while 74% said there should be severe penalties for anyone who unlawfully accesses their health information. [Press Release] [Source] [Full Survey Report] [Executive Summary] [Coverage]
Hundreds of thousands of Ontario patients are unknowingly sending personal information to a private company by signing up for extended coverage fee plans offered by their family doctors. Nearly 2 million letters asking patients to participate in annual payment plans for uninsured services have been sent out over the signatures of 1,000 doctors, an investigation by a Media Group has found. Privacy experts say the packages raise questions about transparency.[Source]
The chairman of Britain’s HM Revenue and Customs (HMRC), Paul Gray, has resigned following the loss of data storage disks containing information about 7.5 million families (25 million people) that claim child benefits. The data include names, bank information and National Insurance numbers. Paul Gray said he was “standing down ... as a result of a substantial operational failure in the department.” Chancellor Alistair Darling urged people to monitor bank accounts “for unusual activity”. The Conservatives described the incident as a “catastrophic” failure. [Source] [Britain apologizes for ‘inexcusable’ data loss] [Prime Minister Apologizes For Security Breach] [UK Info chief demands criminal charges for data breaches] [UK Data watchdog seeks dawn-raid powers] [Data loss casts doubt on ID card plan] [If this Government is incompetent enough to lose millions of personal details, is it safe with anything?] [Home Office insists biometric data is secure] [Statement to the House of Commons by Chancellor of the Exchequer, Alistair Darling, MP, on HMRC] [How safe is our personal data?] [Irish Finance Minister Calls For Immediate Data Protection Review] [Poll tracks anger over data loss]
The UK Government department responsible for losing 25 million people’s personal details in the post was hit by more than 2,100 reported breaches of security in the past year alone. And 41 laptops – many containing sensitive financial details relating to members of the public – were stolen from employees at HM Revenue and Customs (HMRC) over the last 12 months, demolishing any notion that the loss of two computer discs containing the details of child benefit claimant was a “one-off” error. [Source]
Navigant Consulting warns that employees’ work habits and lack of awareness about security are increasingly putting companies and organisations’ confidential information at risk from opportunistic identity thieves. “Our survey shows that 17% of the British work force now uses a company laptop at home – that’s nearly five million people – and indicates that working from home is an established working practice rather than a trend. Yet only 25% of these said that their laptops are encrypted to protect the confidential information they contain. In addition, more than 11 million employees – 39% of workers and/or their colleagues – save data onto a PDA, thumb-drive, CD, or other device, to work from home. In the first half of 2007 reported stolen data included:
Commerce Bank of Cherry Hill, N.J has notified an unspecified number of its 3 million customers of a recent data breach involving the potential compromise of their personal data. In an e-mailed statement to a query regarding the incident, a Commerce Bank spokesman only confirmed that a “security matter” had taken place recently that impacted “only a small segment” of its three million customers. Local media reports suggested that the compromise resulted when a bank employee apparently handed over customer information such as Social Security numbers and account information to an external third party. [Source]
Canada’s privacy commissioner is investigating after thieves stole a federal government laptop from a public servant’s home in Gatineau, Que., putting more than 1,600 people, mainly Atlantic Canadians, at risk of identity fraud. The computer was stolen at Thanksgiving from the home of a Service Canada employee just across the river from Ottawa. [Source]
Gemalto’s VP of business development and government affairs Neville Pattinson testified before the U.S. House Government Oversight Subcommittee on Government Management, urging the DHS and Congress to make privacy and data security the highest priorities in identification programs such as REAL ID and the WHTI card. Pattinson also sought to explain to lawmakers the differences between insecure RFID tags and secure, microprocessor based and RF-enabled contactless smart card technology. The electronic passport and FIPS 201 Personal Identity Verification federal employee ID programs, two successful programs Pattinson held up as shining examples of getting it right, already use contactless smart card technology. [Source] See also: [CA -- Enhanced Driver’s Licence Approval Sparks Privacy Caution]
Facebook is facing investigation by UK data protection watchdogs after a complaint from a British user who tried, and failed, to delete his account. Facebook accounts can be “deactivated” but not actually deleted. Your profile remains in the Facebook servers but cannot be accessed by anyone else. The Information Commissioner confirmed to the Register that it has received a complaint and will investigate the firm. The ICO sent us the following statement: “Many people are posting content on social networking sites without thinking about the electronic footprint they leave behind. It is important that individuals consider this when putting information online. However, it is equally important that websites also take some responsibility. [Source] [ICO Confirms Facebook Probe] [Facebook users say tracking tool invades privacy] See also: [Riley Report - Privacy and Technology - Preserving our Rights]
The government’s information watchdog this week warned the nation’s youth they are risking their future by handing over potentially embarrassing personal info to MySpace, Bebo and Facebook. The Information Commissioner’s Office (ICO) has issued new official guidelines aimed at encouraging the millions who use online social networks to think twice before blogging about how they got totally mashed on the rec ground on Saturday. There’s a special website to lure the youngsters. A survey of 2,000 14 to 21-year olds conducted by the ICO revealed that more than two thirds wouldn’t want an employer or university to see the photos, messages and other data they’ve scattered across the web. Checking job candidate’s online presence is rapidly becoming standard practice for recruiters. [Source] [Guidance]
In another move by state lawmakers to try to boost Internet safety, online dating sites would have to notify New Jersey residents whether they do criminal background checks under a proposal set to be considered this week. The bill is opposed by Internet companies such as Yahoo!, AOL, eHarmony and Match.com. [Source]
The Thai government will soon announce a new regulation to protect the privacy of people under the age of 18 on the internet. The regulation will be issued under Article 27 of the Child Protection Act, which prohibits the advertising or revealing of children’s information in a way that would damage their mental well-being or reputation, or take advantage of them. [Source]
Almost 90% of Chinese Internet users have called for the earliest possible enactment of a law to protect personal information from unauthorized dissemination. An on-line survey, jointly conducted by the People’s Daily and www.people.com.cn since Nov. 15, received 9,285 responses to the question on how to stop the widespread disclosure of personal data in China. [Source]
Americans think Barack Obama is the Democrat most likely to advance their privacy rights and that Rudy Giuliani is the least privacy-sensitive of the top three Republican candidates, a new Ponemon survey suggests. The telephone poll of 600 adults also found that 40% of Americans say protection of privacy rights is either important or very important in determining preference for the next presidential election. Asked to select both the Democratic and Republican candidate they believe is most likely to “advance your privacy rights,” respondents preferred Obama over Hillary Clinton and John Edwards by nearly a 2-to-1 ratio, with 43% naming Obama compared to 25% for Edwards and 23% for Clinton. On the Republican side, John McCain was the top choice, named by 39% of respondents, but Mitt Romney’s 35% was within the poll’s margin of error. Rudy Giuliani was picked by 15% of those polled, with Ron Paul and Fred Thompson each named by less than 5%. Ponemon, who conducts privacy-related surveys for corporations, said he was somewhat surprised by the results on the Democratic side. Of the three candidates, all current or former U.S. senators, only Clinton has sponsored privacy-related legislation. Yet she ranked last among the candidates, he noted. “For Obama, even though he too is a senator, perhaps he’s seen as new blood,” Ponemon said. “Perhaps they see Clinton and even Edwards as old school, and they won’t do anything to advance privacy rights. Ponemon said he was not surprised that Giuliani scored lowest among major candidates, since the former New York mayor is often associated with national security issues. “People see him as pro-security, pro-surveillance, pro-wiretapping, and they figure if he’s doing that he’s not making privacy a top priority,” Ponemon said. Ponemon’s poll produced other surprises. It suggested young voters are more privacy-sensitive than previously believed. Among 18- to 28-year-olds, the MySpace-Facebook generation, 54% said privacy issues would be a factor in determining their choice for president, significantly higher than the 40% rating among the general population. Previous polls indicated that younger tech consumers tend to be less worried about privacy than older Americans. Among the responses:
• 58% of adults said the protection of civil liberties will factor into their presidential choice.
• 25% said the protection of Internet anonymity will be a factor in their decision.
• 25% said protection from annoying and intrusive online marketing practices will be a factor.
[Source] [MSNBC Special Report: Privacy Lost] See also: [Obama outlines open government agenda]
A U.S. District Court Judge has ruled that three lawsuits filed after the theft of computer equipment that exposed personal data of 26.5 million veterans and other military personnel may proceed. The judge dismissed some aspects of the case, but ruled that the three lawsuits could proceed on claims that the Department of Veterans Affairs had failed to protect personal information as required under the Privacy Act. The Justice Department had sought the dismissal of the lawsuits. [Source]
In late September, the U.S. Food and Drug Administration Amendments Act of 2007 was signed into law, charging the FDA with establishing a unique device identification (UDI) system. Once implemented, the system will require that a unique identifier—based on auto-ID technologies such as RFID and serialized bar codes—be placed directly on medical devices and supplies to enable their identification throughout their distribution and use. The primary purpose of a UDI system would be to reduce medical errors by providing more automated collection of information about various devices, such as the manufacturer, make and model, unique attributes, serial numbers, identifying lot and manufacturing numbers and expiration dates. In addition, a UDI system could be used to facilitate device recalls, improve medical device reporting and identify device incompatibilities or potential allergic reactions. [Source]
The system, which employs implantable tags to identify and track the remains of deceased individuals, is seeing gains in sales as states acquire it for disaster preparedness. In the aftermath of Hurricane Katrina, for example, A Mississippi coroner used RFID tags to track human bones unearthed after the flooding by duct-taping a tag to each bone. The Coroner utilized VeriChip’s VeriTrace platform. [Source]
Just 37% of Canadian executives who participated in a survey said they are confident that data in their companies is protected against attacks. The survey also found that one in five executives reported that their companies don’t use anti-virus software, and 25% operate without a firewall, according to Ledger Marketing. One columnist said that he is surprised that “more attention is not being placed on security and privacy and the boardroom or executive level, especially in light of highly publicized incidents such as the TJX Cos. security breach.” He said that companies should elevate data security to the top of the executive or board agenda because “doing nothing, or ignoring the issue, is not an option.” [Source]
Lack of best practices, data protection and access management were the primary IT security challenges facing respondents of a recent CATA Alliance survey. The purpose of the study by the Ottawa-based high-tech association was to delve into Canadians’ perception of IT security, identify the foremost IT security challenges and to create awareness around the need for IT security, said CATA’s VP of research. The study polled 322 respondents - the majority of whom were from large enterprises - including CIOs, project managers and a variety of frontline IT security staff like network operators and systems auditors. Polling a wide range of respondents would help highlight the often varying opinions between different levels in the organization. [Source]
According to the Database Exposure Survey 2007, thousands of Microsoft SQL Server and Oracle database servers are not adequately protected from attacks. Approximately 368,000 Microsoft SQL Servers and 124,000 Oracle database servers were connected to the Internet without any sort of firewall. Two-thirds of the Oracle database servers were running versions with known critical vulnerabilities; 82% of SQL Servers were running SQL Server 2000 with less than half running Service Pack 4. The estimated number of unsecure SQL Server databases has increased approximately 75% since the 2005 survey. 13% of the Oracle servers were running versions of products for which the company no longer issues patches. [Source] [Source] See also: [Data Breaches Will Remain a Huge Concern in 2008, Says Symantec]
An EU regulation scheduled for adoption before the end of the year will see the EU introducing a uniform version of the resident permit that all 27 member states issue to third-country nationals. This harmonization is intended to improve document security and make it easier to verify entitlement to residence. The new EU resident permit is expected to be a smart card-based document that stores biometric data securely. A technical specification is due be published by 2008 that will ensure compatibility between all electronic residence cards, EU-wide. The new European resident permit will then be rolled out in all member states within a two-year period following release of the specification. The specification will include two biometric identifiers-a facial image and two fingerprints. Data stored on the chip integrated into the electronic residence card will be encrypted and can be transmitted either via the contacts on the chip surface or contactlessly. Depending on country-specific requirements, the chip can also incorporate other applications. [Source]
This Washington Post article looks at the cultural and individual impacts of constant surveillance. Experts say that surveillance strips people of their public anonymity and forces conformity at the expense of individual creativity and expression. Author Jeffrey Rosen tells the Post that it is important for individuals to have a “sphere of immunity from surveillance to be yourself and do things that people in a free society take for granted.” He added that the loss of autonomy is one of the “amorphous costs of having a world where there’s no immunity from surveillance.” The constant evolution of technology makes it difficult to immediately notice the impacts. Paul Saffo, a technology futurist, says that “it’s a little bit like locked doors,” adding that today “nobody has any concept of what it’s like to have a house without a locked door or a security system.” The story also looks at surveys that indicate mixed reactions to government surveillance post-Sept. 11. [Source]. See also: [Talking surveillance camera aimed at sex on the beach]
The U.S. House has approved a bill that does not grant legal immunity to telephone companies for cooperating with the White House’s domestic wiretapping program. The Democratic bill, approved 227-189 late this week, was a rebuke to President Bush, who has promised to veto any legislation that does not shield telecom companies from civil lawsuits. [Source]
The U.S. Senate has passed the Identity Theft and Restitution Act, which would “expand the definition of cyber extortion” and allow people whose personal information has been stolen to seek restitution for time they spend fixing problems caused by the data theft. Cyber attackers who use spyware or keystroke loggers would face felony charges under the bill if they targeted 10 or more computers. In addition, the US $5,000 threshold necessary for felony prosecution would be removed. [Source]
This story in the Seattle Post-Intelligencer details employee monitoring tactics in The Boeing Co. in the wake of a firing of an employee who was under investigation because of suspicions that he spoke with the media about the company’s corporate reform law. The story explores the company’s practices of capturing employee keystrokes, monitoring work and personal email accounts and following them off-property, according to the article. However, experts warn that companies have wide latitude when it comes to monitoring employees. The company said it was against its policy to comment on individual investigations. [Source] [GPS Helps Cities Catch Goof-Offs]
--------