US – Survey: Americans Want Biometric Protection, Wireless Banking On Cell Phones

A survey found that 58% of cell phone users in the U.S. said they would buy a phone that offered biometric protection and wireless banking features, according to AuthenTec, which sponsored the survey. The report noted that these features are already popular in Asia. 73% of the respondents said they want telephones that offer fingerprint sensors that protect stored content. [Source]

CA – Federal Privacy Commissioner Pleased with Gov’t on PATRIOT Act

The federal Privacy Commissioner last week expressed support for Canadian government’s new strategy to deal with trans-border flows of personal information. [OPC Press Release] [TBS Backgrounder]

CA – Canada Asks U.S. to Delay Passport Rules

Canada wants the United States to delay new rules requiring all cross-border travelers to carry passports by January, 2008, because of the enormous cost and complexity of the scheme. [Source]

CA – Canada, U.S. Consider Sharing Databases

Canada and the United States are talking about sharing databases of information to check the identity of each other’s residents as they cross the border, a U.S. official says. Jim Williams, director of the U.S.-VISIT program in the Homeland Security Department, said that both countries are concerned about providing each other with the data but that so far discussions are in the early stages. [Source]

CA – Federal Privacy Commissioner Warns About Loyalty Cards

Reward cards. Loyalty programs. Club cards. They go by different names, but the plastic cards offered to consumers by major retailers as a way to earn rewards for purchases have the same purpose: to collect personal information and track consumer spending habits as a way to increase sales. The federal privacy commissioner is warning that Canadians don’t know enough about these reward programs and how the personal information they surrender upon enrolment feed the “privacy-invasive marketing” tactics used to bolster a company’s bottom line. [Source]

AU – No Privacy Guarantee for New Electronic Health Records

NSW Health says it cannot guarantee the security of sensitive medical information to be stored in its new electronic record-keeping system being trialed in one area health service but abruptly put on hold in another. This has prompted consumer health groups and privacy advocates to call for the trial to be reconsidered, while the Crown Solicitor’s Office is considering a submission from the NSW Privacy Commissioner over concerns about informed consent. [Source] [Source]

WW – IBM Unveils New Privacy Safeguard

In an effort to boost the level of data security on portable computers, cell phones and other gadgets, IBM Corp. is unveiling a method for injecting encryption capabilities into the heart of the machines’ circuitry. [Source]

UK – Government Report Says UK Firms Fall Short on Data Protection

UK businesses are failing to protect their customers’ personal information, a survey from the Department of Trade and Industry has revealed. With increasing amounts of business being conducted online, data protection is ever more important, the DTI said. While most large organizations have adopted best practices regarding network and data protection, small companies have not. Fewer than a third of them encrypted the data they received. [Source] [Source]

UK – Certain Businesses May Sell Databases by Meeting Requirements

The Information Commissioner’s Office has published guidance for businesses on how to avoid running afoul of the Data Protection Act when buying or selling databases containing sensitive personal data. The guidance note applies only to those businesses that are insolvent, closing down or being sold. The seller must clearly state to any buyer of the database that it may be used only for the same reason why it was collected in the first place. If the buyer wants to use the data for another purpose, the new company first must obtain an individual’s consent. [Source] [Guidance Note]

EU – Concerns Highlighted in Irish Data Protection Report

The Irish Data Protection Commissioner has published his 2005 annual report. Among the issues raised in the commissioner’s annual report for 2005, which highlights a range of public concerns and complaints made during the year. In the financial sector, the report criticizes AIB for asking deposit account applicants for excessive information. It also criticizes the cross-marketing of an MBNA credit card by Stein Travel. Elsewhere, the Data Commissioner says the placement of CCTV cameras on the LUAS line interferes with the privacy of residents, while he also warns the media about the need to balance people’s right to privacy with the public interest. [Source] [Privacy laws - Protection safeguards badly needed] [Clarification on phone records access sought]

EU – New Irish Proposals Will Strengthen Privacy Rights

It will be easier for people to sue newspapers and broadcasters for breach of privacy under proposals to be brought before the Cabinet by the Minister for Justice, Equality and Law Reform. [Source]

US – Survey: Security, Not Cost, Prevents Companies from Deploying Smart Phones

A survey released by the research arm of the Economist and sponsored by Symantec has found that more than 60% of companies cited security concerns as the reason why they were reluctant to equip employees with wireless and remote computer technology. The survey concluded that companies will avoid these technologies until mobile security is addressed. [Source]

FR – Free Parental Control Software in France

As a result of the agreement signed between the French ISPs and the Ministry of the Family late last year, starting with 1 April 2006, most French ISPs started providing a free of charge parental control software to their subscribers. New subscribers will have the software included in the connection kit with a window opening automatically on the software. The current agreement raises many concerns, especially since no real information is provided on the software and its criteria. [Source]

CA – Personal Information Stolen From Bank Database

Police have made two arrests in connection with the theft of stolen data from a Bank of Canada database. The suspects used the personal information of 14 Canada Savings Bonds clients to redeem savings bonds, apply for credit cards or for other fraudulent schemes, police said. Bank of Canada officials said the victims have been reimbursed for the damages, which totaled $100,000. The bank also said it has taken steps to prevent access to the database. Police said the suspects worked for a private company that manages the database of thousands of customers who buy savings bonds through payroll deductions. [Source] [Source]

US – Florida County Web Site Serves Up Sensitive Information

The Social Security numbers, driver’s license information, and bank account details belonging to potentially millions of current and former residents of Florida are available to anyone on the Internet because sensitive information has not been redacted from public records being posted on county Web sites. Although questions about the availability of personal data online initially focused on one county, an official there stressed that all counties in Florida are subject to the same state law, which requires counties to post public documents on the Internet. [Source]

US – Patient Privacy Concerns About Measure to Track Prescription Orders

A proposal to help doctors and pharmacists spot patients who may be seeking multiple prescriptions for narcotics or other addictive medications is headed to Iowa Governor Tom Vilsack for his signature. The House approved a bill last week that would create a statewide computer system to track Iowans’ prescription orders. The bill hit a roadblock last month amid concerns about patient privacy. Those objections were overcome when lawmakers agreed to limit database access to police and state regulators. [Source]

US – Experts Tell Congress: Keep Medical Records Private

Electronic sharing of health information is still in the “Wild West” stage of federal regulation, privacy advocates say. With Congress considering legislation to create a nationwide electronic health information sharing system, privacy advocates say the time for patients to make their voices heard is now. The privacy groups say federal regulations now allow patients’ information to be distributed to more than 800,000 health-related businesses and government agencies without permission. [Source]

US – Insurance Employee Fired for Access of Confidential Info

An employee of Progressive Casualty Insurance Co. was fired for accessing information on foreclosure properties she wanted to buy. The company sent letters to 13 people in January informing them that the employee has accessed their confidential information, including names, Social Security numbers, birth dates and the addresses of the properties. The incident highlights the difficulties companies have when it comes to insider threats to data security. [Source]

AU – NSW Police Involved in Major Privacy Breach

The NSW Police has been embroiled in controversy following a major privacy breach involving the disclosure of the email and password details of senior counter terrorism officers and hundreds of journalists signed up to receive information from the NSW Police Media Unit. This latest breach follows hot-on-the-heels of leaks at other law enforcement agencies including Australian police forces, Hong Kong Police and the CIA in recent weeks. “Every day we’re seeing new incidences of privacy breaches, company data being leaked and other compliance violations that can be easily prevented by automating internal document processes,” said Mr Rauf. [Source] [Hong Kong update: Details Sought On Police Names Leak]

US – Utah AG Launches First-Of-Its Kind ID Theft Reporting System

After several years of work by a task force that included prosecutors, bankers, lawmakers and credit card companies, the Utah Attorney General’s Office this week unveiled its online reporting system to help ID theft victims file a complaint. The AG’s Office said the system will help victims reduce the amount of time it takes them to prove they have been the victims of ID theft. Investigators also will rely on the new system to help track ID theft crimes among various law enforcement agencies. [Source]

US – Minnesota Senate Passes Safeguards to Identity Theft

The Minnesota Senate this week unanimously approved protective measures against identity theft, giving victims and law enforcement some defense against hijacked accounts. The legislation allows Minnesotans to put security freezes on their credit reports and restrict who can access information. Sen. Dan Sparks, DFL-Austin, proposed the bill, which passed 65-0. [Source]

US – Coalition Shares Ideas for Implementing Standard IDs

A coalition of government agencies and private companies has given DHS broad recommendations for implementing requirements of the REAL ID Act, a 2005 law on standardized identification. The Document Security Alliance, a coalition of more than 70 private companies and 20 government agencies, has recommended credentialing standards ideas covering five key elements of a secure identification system: capturing applicant data, verifying identities, incorporating security into credentials, producing credentials and authenticating those credentials. “It's not just a credential,” a spokesperson said. “It's actually the whole infrastructure for issuing a secure credential that's important." Homeland Security is responsible for developing the new standards but has yet to announce what they will be. A DHS spokesman said a notice of proposed rulemaking will be released later this year and be followed by a public comment period. “The odds are pretty good that it will be the later half of this year,” he said. [Source] [Push for new travel IDs continues despite concerns]

US – ACLU Concerned About Police Info-Sharing System

The American Civil Liberties Union says people should keep an eye on how police use a statewide computer system designed to let law enforcement agencies share information faster. Linx - for the Law Enforcement Information Exchange - is expected to go online late this summer in three New Mexico counties. Five other states use such a database, and it’s possible they could link in the future, said Mike Dorsey, special agent in charge of the program through the U.S. Naval Criminal Investigative Service in Washington, D.C. [Source] [Source]

US – Privacy Concerns Arise in San Francisco’s Free Wi-Fi Plan

In the few days since San Francisco announced it had selected Google and EarthLink to build a wireless network, the city has found itself at the center of debate about the role of advertising, the implications of the network on consumer privacy and the effect on telecommunications companies that today sell Internet access in the city. Even before the city announced the winning bidder, privacy advocates had begun to criticize the Google approach for what they say is its potential to violate consumer privacy. [Source]

US – Disney Offers Teen-Tracker Mobile

Disney is launching a U.S. service that will enable parents to monitor how their children use their mobile phones. They will be able to track voice, text, video and picture messages and set limits on their children’s calls. The phone will also allow parents to locate where their children are via a global positioning system. The entertainment giant hopes to target what is a niche but rapidly expanding market of mobile phone using children between 10 and 15 years old. [Source]

WW – MySpace to Display Ads Warning of Sexual Predators

Popular online social networking hub MySpace.com says it will begin displaying public service ads aimed at educating its users, many of them teens, about the dangers posed by sexual predators on the Internet. MySpace’s features and popularity with teens has raised concerns with authorities across the US as accounts of sexual predators targeting minors they met through the site have surfaced. [Source] [MySpace Plans to Hire Security Chief to Protect Children]

HK – Hong Kong Spy Law a ‘Blow to Privacy Rights’

In the two months since the High Court rejected the constitutionality of the government’s current provisions on eavesdropping and wiretapping, privacy rights advocates and pro-democratic legislators have launched a heavy assault on the government as it tries to quickly push a law through the Legislative Council ahead of its August court- imposed deadline. [Source]

US – Wireless Security Bill Passed in Westchester, NY

Westchester County lawmakers passed a bill yesterday that would require some companies to add security measures to their wireless networks as a means of preventing identity theft. The bill is believed to be one of the first of its kind in the nation. It would apply to any company that collects and stores people’s personal information and also operates a wireless network. Lawmakers passed the bill unanimously after hearing from Russell Dean Vines, a Scarsdale computer security consultant. Vines said he “was not the type of person who assumes the worst is going to happen every time,” but said the bill provides “basic steps” people should take. [Source]

AU – Australian Attorney-General Defends Expanded Phone / Internet Tap Power

New phone tap legislation giving law-enforcement agencies access to phone calls, emails and text messages will not affect ordinary people, Attorney-General Philip Ruddock says. The law, passed by the Senate last week, did not change the operation of the general laws dealing with prosecution on criminal matters, he said. People would not know which of their records might be examined under a warrant, but if there was no warrant, there was no police entitlement to access such information. “The important point that I would make is, go about your normal life,” he said. [Source]

US – Suing Ma Bell to Stop NSA Wiretapping: Back to the Future?

Last week the Electronic Frontier Foundation, together with one of the country’s biggest class action law firms, filed a motion for a preliminary injunction in their lawsuit against AT&T for its role in carrying out the NSA’s warrantless surveillance program. The suit itself alleges that the US government’s so-called “Terrorist Surveillance Program” is in fact not focused on terrorists but rather is a “vast fishing expedition” directed at everyone in America - a data mining program using voice recognition software and the NSA’s vast array of computers to scan every phone call entering or exiting the United States. [Source] [Whistleblower Outs AT&T/NSA Spy Room]

US – House Subpoenas Phone Data Sites

Web sites selling confidential consumer telephone data are refusing to comply with a U.S. House of Representatives’ request for information, prompting the Energy and Commerce Committee to issue subpoenas to a dozen companies. The move is the latest in an ongoing investigation into the Internet sale of phone records and other personal information. In March, the committee approved legislation outlawing the sale of the records. Along with a second bill approved by the House Judiciary Committee, the legislation awaits final approval by the full House. The Senate Commerce Committee passed similar legislation last month that is pending before the full Senate. In the meantime, a number of sites continue to sell confidential phone information for as little as $100. [Source]

US – NY Telephone Service Provider Pressuring Customers for Personal Info

Frontier telephone customers in recent weeks have been warned they face disconnection unless they disclose personal data, including all or part of their Social Security number, on a notarized form. Simply calling Frontier to discuss an account or to respond to a promotional offer has been enough to trigger the information requests from customer service representatives, as well as having the form automatically mailed out. [Source]

US – Pentagon Says Improper Data in Security Database

The Pentagon said this week a review launched after revelations that it had collected data on U.S. peace activists found that roughly 260 entries in a classified database of possible terrorist threats should not have been kept there. [Source] [Source]

US – Justice Official to Launch Privacy Panel

The Justice Department’s recently arrived chief privacy officer, Jane Horvath, said in an interview Monday she plans to launch an internal privacy and civil liberties board in two weeks. The board will be made up of assistant or deputy director-level officials and will address the broad range of privacy issues that confront the department, said Horvath, who assumed her job as the department’s first chief privacy and civil liberties officer on Feb. 21. [Source]

US – Oregon: Gasoline Tax Alternatives Raise Privacy / Tracking Concerns

Oregon is exploring alternatives to its gasoline tax. A wireless black box, mounted on the dashboard, tracks the miles in a test of a per-mile fee system that state officials said might one day replace the state’s 24-cents-per-gallon gas tax. A global positioning system would help track miles driven in-state. The Oregon program is being watched closely across the country, according to the National Conference of State Legislatures, but it has also touched off some privacy concerns because the same system could be used to track a driver’s location. [Source]

US – TSA Privacy Policy Lacks Redress for Faulty CAPPS Listings

The Transportation Security Administration is denying airline passengers erroneously detained by an airport screening system any meaningful redress, a critic of the agency said at the second public workshop held by the Homeland Security Department’s Privacy Office last week. [Source]

US – Data Breach Law Needed to Protect E-commerce, Group Says

Public confidence in e-commerce will erode if Congress does not step forward and pass a meaningful national data breach disclosure law this year, according to the Cyber Security Industry Alliance. The industry advocacy group wrote congressional leaders last week urging them to put aside political differences and put legislation on President Bush’s desk by the end of the year. [Source]

US – Say No to National ID, Senate Urged

Voices from the right and left urged state senators yesterday to pull the state out of the National Identification System. A broad range of groups - from the conservative Cato Institute to the liberal American Civil Liberties Union - denounced the system, known as Real ID. House Bill 1582, which passed the House 217-84, would bar the state from participating. [Source] [Source]

US – National Employee Database at Center of Immigration Reform

At the heart of any immigration bill that makes it through the heated congressional debates is likely to be a computerized system that could help employers determine instantly whether someone can legally work in this country. A voluntary version of the Internet-based system has been up and running on an experimental basis since 1996 and now includes more than 5,000 companies nationwide. Democrats and Republicans alike - including Sen. Edward M. Kennedy, D-Mass., and Sen. John McCain, R-Ariz. - have included expanded versions in every bill now under serious consideration.[Source]

UK – Teachers Are Spied In Classrooms

Teachers protest against the installation of 50 CCTV systems with microphones in UK schools, used as surveillance measures by the school management. While observation in class was supposed to help teachers in improving their performances, the headmasters, who have also used two-way mirrors to survey the teachers, grade them according to the way they perform in class under observation. [Source] [Source]

--------