CA – Canadian Biometric ID Documents: Toronto Public Forum June 15^th

The possibility of having some form of biometric ID document in Canada has been in the news again recently. What is being considered? What are the implications of different options? The Canadian government has said little about what it is planning. Join us in person or online to hear the experts, to ask questions, and to make your views heard. This forum includes a live, interactive webcast. See the website www.biometricidforum.org/ for more details about the forum, issues and speakers.

US – Proposed Temporary Worker National ID Program Raises Concerns

President Bush has endorsed a national identification process for temporary workers that uses biometric technology. The plan is part of the immigration reform bill now in a congressional conference committee. A national identification program has been contentious for some time. The Senate bill calls for a tamper-proof system that verifies identification and electronically verifies employment eligibility. The House bill requires only that Social Security numbers be checked against a federal database. [Source]

CA – Privacy Commissioner Issues Annual Report, Wants Closer Scrutiny of Businesses

Privacy Commissioner Jennifer Stoddart this week gave her annual report to Parliament, which included a request for a 50% increase in her budget and statistics on the number of privacy complaints and their outcome. Stoddart said the commission received 401 business-related privacy complaints in 2005 – 219 of which were settled or cleared without a full probe. The report indicated that the commission may seek more power “to visit private-sector entities and review their privacy management framework and practices.” [Source] [Fed.P.Commish Alarmed by growth of RFID] [New technologies threaten privacy: report] [2005 Annual Report on PIPEDA] [Canadians concerned about loss of privacy: report] [Privacy commissioner wants more power] [Electronic tags worry privacy chief] [Federal Privacy Commissioner to tackle RFID]

CA – Data on VIA Travellers at Risk, Privacy Commissioner Warns

Sensitive personal information about millions of Via Rail travellers could be at risk if the Conservative government goes ahead with a major shift in privacy laws under its new federal accountability bill, says privacy commissioner Jennifer Stoddart. Under the change, employees and customers of Via Rail, along with the customers and employees of the CBC and employees of Atomic Energy Canada Ltd., will have no ability to sue or go to the courts for damages should any of the Crown corporations disclose their personal information, Stoddart said. While placing the three Crown firms under the provisions of the Access to Information Act, the government is also transferring them from the Personal Information Protection and Electronic Documents Act, which covers the private sector, to the Privacy Act. Privacy Act provisions prevent disclosure of personal information under the Access to Information Act, but offer no recourse to the courts for individuals whose rights have been violated. “The sad reality is that personal information is far better protected in the federally regulated private sector than it is in the federal public sector,” Stoddart told the Commons committee studying the Federal Accountability Act. [Source]

CA – Canada Planning New Cyber-Security Task Force With U.S.

Michael Geist reports that the Canadian government appears ready to launch a new Cyber-Security Task Force. The move raises questions about the task force composition and the likelihood that new surveillance legislation will soon follow. [Toronto Star version] [Homepage] [No carte blanche to spy on citizens]

CA – Commissioner Decisions Address Importance of Privacy in Business Transactions

Alberta’s privacy commissioner has issued two decisions that address the importance of considering privacy issues in business transactions, including mergers and acquisitions. In the Melrose Report, the Alberta Privacy Commissioner made it clear that basic boilerplate language will not satisfy privacy legislation requirements. This story offers recommendations for companies, including adoption of a privacy policy and the hiring of an “office-based privacy officer.” [Source]

CA – National Security Organizations Open Up on Racial Profiling, ‘Secret Police’

Fears about racial profiling, secret evidence and abuse of power were at the forefront of a discussion between Edmontonians and Canadian security organizations last Sunday. Representatives from CSIS, the RCMP and the Canadian Border Services Agency met with about 50 members of the public at Grant MacEwan College. “People strongly felt that they were being over-watched, over-policed,” said Charlene Hay, executive director of the Northern Alberta Alliance on Race Relations, one of the groups that organized the discussion. “They felt really on edge and really uncomfortable.” [Source]

US – Study: Women More Concerned About Privacy

The University of Washington conducted a study to gauge views on privacy in public spaces. The study found that women are more concerned than men about their privacy in public, especially when surveillance is unrelated to security. The majority of men and women had no issues with on-campus video surveillance. However, more women than men were unsettled by it. A majority of the women were uncomfortable with their images displayed at off-campus locations. [Source] [Study]

US – White House Privacy Board Off to Slow Start

Critics are unhappy with the progress of the White House’s new civil liberties board. President Bush selected the members a year ago to serve on the Privacy and Civil Liberties Oversight Board, which has met four times. In recent months, the board has met with civil liberties and privacy leaders. However, critics contend that given the board’s mission to protect Americans’ rights as the nation fights terrorism, it has been off to a slow start despite renewed concerns about the government’s data-mining and surveillance programs. [Source]

WW – April 2006 Sees Increase In Phishing Attacks

Data for the first quarter of the year – compiled by SurfControl’s Global Threat Experts – reveals that phishing attacks have increased in recent weeks, accounting for 4.2% of total spam emails. The data suggests that about 1 in 9 spam emails attempt to undermine users’ financial privacy. [Source] [Source]

US – Data Breach Laws to be Explored During P&AB Tele-Web Conference

HR privacy expert, Dr. Donald Harris, leads a TeleWeb Conference July 13, 2006 on data breaches, with a case study of how a major HR data loss led to a reappraisal of all practices for handling personal data, a close look at new breach legislation at home and abroad, and what employers should be doing to prevent and effectively respond to breaches are also on tap. [Source]

EU – Passenger Data Deal Is Unlawful, Says European Court

The European Court of Justice has ruled that an agreement between the European Commission and the US for the transfer of passenger data to the US is unlawful. The deal had allowed US authorities to receive passenger information from airlines flying from Europe to the US. The decision hinged on the European Commission’s claim that the US provided an ‘adequate level of protection’ for the personal data, as required by the European Data Protection Directive of 1995. The ECJ found that because the transfer of data was for related to national security, public safety or criminal purposes, the Directive did not apply. The transfer fell outside the scope of the Directive, the court judgment argued. The ECJ has given the Commission and the US until the end of September to find an alternative legal grounding for their agreement. [Source] [The judgment] [Coverage] [Coverage] [Q&A: EU passenger data row] [Airlines alarmed as court annuls passenger-data deal] [Hurdle for U.S. in Getting Data on Passengers] [Coverage] [Coverage] [Coverage] [Air data ruling could affect data retention law dispute] [Air data ruling: Summit to debate new EU justice powers] [EU seeks quick US air data deal after court setback] [New EU-US air data agreement a 'technicality' ]

EU – Privacy Chief Raises Concerns About Recent European Court of Justice Ruling

European Data Protection Supervisor Peter Hustinx said the European Court of Justice’s (ECJ) recent airline passenger data decision has created a loophole in data protections for Europeans when the information is used for law enforcement purposes. The ECJ ruled that the 1995 EU Data Protection Directive does apply when data is transferred for commercial reasons. However, it also ruled that the Directive does not apply when the information is transferred for criminal offenses or security. [Source] [Officials react to EU security fears]

AU – Fake Survey Easily Elicits Sensitive Personal Data

The personal data trail is vast – and in many cases, people are their own worst enemy. Of the 30 people stopped for a fake survey, 20 people answered every question – enough to easily start a criminal down the devastating path of identity theft. People gave their full names, birth dates, telephone number, home address, mother’s maiden name and other personal details, including which bank they used. [Source]

WW – Amnesty International Seeks to End Net Repression

Amnesty International marked its 45^th anniversary on Sunday by launching a global campaign to stamp out state censorship of the Internet. The human rights pressure group called on Web users to sign a pledge calling on governments to stop censoring sites and urging technology corporations not to collude with them. [Source] [Source]

US – Study: Reducing ID Theft by Increasing E-Commerce

A new survey by Javelin Research & Strategy indicates that those who pay their bills online have a lower likelihood of having their identities compromised. Additional recent research by Harris Interactive shows that 56% of American households with Internet access are paying at least one bill each month online, up from 52% in June of 2004. Most interestingly, 87% of users who do pay bills online do so from a single, consolidated Web site, sponsored by a bank, brokerage or Internet portal. Therein lies the key, according to Javelin. If you pay your bills often at these “portals,” you will dramatically decrease the risk that some nefarious member of an organized crime syndicate will snatch your data, mid-stream, off the Internet. That’s important information – potentially perception changing. [Source]

AU – ID Theft Worry Adds Up to Opportunity for ‘Trusted’ Banks

Banks can enhance their reputation for security by acting as custodians for personal identity credentials designed to make identity theft difficult. This idea was advanced by a partner in Unisys’ global financial services division at a Financial Services conference held in Wellington last week. Last year, Unisys conducted a worldwide survey on identity fraud. This was then followed up with a survey designed to elicit the public’s perception of how identity issues were being managed. Two prominent findings were that most customers of financial institutions expected the institution concerned to take the responsibility for detecting, preventing and remedying identity fraud, and that banks are the most highly trusted organizations when it comes to issuing multi-purpose identity credentials. The two surveys also show there is relatively little public resistance to giving up personal data, including biometrics, if this is the price of greater security against identity theft. If they take this trust and interest seriously banks have an opportunity to “convert a bottom-line loss into a top-line benefit.” However, any bank response must not be limited to just technology - good marketing and communication, and the sensitive management of any problems are also important. [Source]

CA – Toronto Firm at Centre of Security Breach

Toronto software provider Hummingbird Ltd. has found itself at the centre of an embarrassing privacy accident involving the social security numbers of 1.3 million American students. Hummingbird disclosed yesterday evening that one of its employees lost a piece of computer equipment that contained the names and social security numbers of customers who borrowed funds from Round Rock, Tex.-based Texas Guaranteed, a non-profit company that administers a U.S. family education loan program. [Source]

US – Connecticut University Computer Breach Exposes Data on 135,000 People

Sacred Heart University in Fairfield, CT has acknowledged that it detected a computer intrusion on May 8. The police and the FBI have been notified and have begun investigating the incident. The school has notified 135,000 individuals that their personal data may have been exposed. The school has not released any more details about when the breach occurred or what information was exposed. According to a posting on the university’s web site, an investigation utilizing school resources and an independent Internet security firm is also underway. [Source] [Source] [Source] [Source] [Source]

US – Two Men Charged with Extortion Against MySpace.com

Two New York men were arrested in Los Angeles and charged with trying to extort $150,000 from the popular social networking site MySpace.com, prosecutors announced. Shaun Harrison, 18, and Saverio Mondelli, 19, both from Long Island’s Suffolk County, allegedly hacked MySpace by exploiting a service vulnerability that let them steal users’ personal information. [Source]

UK – Bank Leaves Customer Documents in Street

A high street bank apologized this week after confidential documents – including account numbers and home addresses - were found lying in a street. The items were found in bags of rubbish left outside the Halifax Bank of Scotland branch in Cornhill, Bury St Edmunds, Suffolk, on Wednesday morning. A member of the public took the documents to a local newspaper, which returned them. [Source]

CA – Passport Canada Issued Three Million Passports in One Year

Passport Canada’s volume has reached levels never seen before, as the organization issued its 3-millionth passport last fiscal year. For the past five years, Passport Canada has seen a steady increase in volume. In 2001/02, over 1.7 million passports were issued at a time when about 27% of the Canadian population held a valid passport. In 2005/06 over three million passports were issued and we now have close to 40% of the Canadian population holding a valid passport. Passport Canada forecasts that 3.8 million passports will be issued in 2008-2009, and that almost half the Canadian population will hold a valid passport at that time. [Source]

US – Local Schools Employ ID-Tracking Program

Software’s purpose is to keep sex offenders out, but it has critics: With a quick swipe of a driver’s license, officials in nearly four dozen Illinois schools can use a computer tracking system to check whether visitors are registered sex offenders. District officials can also program the software – it taps into a database of registered sex offenders in 47 states – to screen out visitors with restraining orders or orders of protection filed against them. [Source]

EU – More Employers Offering Help on Identity Theft

As identity theft continues to claim millions of victims, a growing number of employers are offering to help affected workers pick up the pieces. Companies including drugstore chain Rite Aid Corp., publisher Reed Elsevier PLC, and Qwest Communications International Inc. have recently been signing up for identity-theft resolution services to offer their employees as a workplace benefit. [Source]

UK – Barclays Offers Free AV Software to Online Banking Customers

Barclay’s bank is purchasing antivirus software for all 1.6 million of its online banking customers. The software will update automatically once it is installed. The bank also plans to deploy a text-messaging system to inform customers when funds are transferred with the use of their online banking details. A Barclays’ spokesperson said the free antivirus software is not a bid to limit the bank’s liability in the event of fraudulent activity. [Source]

US – Utah Cops Frustrated by Health Privacy Laws

Privacy foils police: A suspect in hospital is out of the law’s reach: Strict federal privacy laws protecting patients at health-care facilities left law enforcers in a frustrating situation as they sought to apprehend a man suspected of assaulting his wife and trying to burn her house down. “We at least would like to know where these people are at,” said a Salt Lake County Sheriff. [Source]

US – U.S. Urges ISPs to Record Customers’ Activities

U.S. Attorney General Alberto Gonzales and FBI Director Robert Mueller urged telecommunications officials to record their customers’ Internet activities. In a private meeting with industry representatives, Gonzales, Mueller and other senior members of the Justice Department said Internet service providers should retain subscriber information and network data for two years, according to two sources familiar with the discussion who spoke on condition of anonymity. [Source] [Microsoft comments on data retention] [Source] [Industry, others object to data retention]

AU – Australia National Privacy Phone-In Begins

Australians will have the chance to air their concerns about privacy protection in a national phone-in. The phone-in, organized by the Australian Law Reform Commission kicks off a major inquiry into the federal Privacy Act. The Commission president said complaints were likely to include personal details being kept by telemarketers, the security of health information and the increasing use of video surveillance. [Source]

JP – Fewer People Responding to Government Polls

The government has started reviewing ways to increase the response rate of government-run public opinion surveys, which has sharply dropped recently. The government annually conducts about 12 surveys on such subjects as social issues and foreign policy, questioning 3,000 to 10,000 people. The response rate was about 70% as recently as 2-3 years ago. This rate fell below 60% once the Personal Information Protection Law was enacted in April 2005. In a diplomacy survey conducted in October 2005, the response rate was 58%, 10.4 percentage points down from the previous survey. [Source]

US – RFID Chips For Migrant Workers In The U.S.?

VeriChip chairman Scott Silverman's appearance on American TV this week has raised fears of the introduction of RFID technology. According to RNIF, he “bandied about the idea of chipping foreigners on national television Tuesday.” RINF said Silverman appeared to be emboldened by the Bush Administration call to know “who is in our country and why they are here.” He told Fox & Friends that the VeriChip could be used to register guest workers, verify their identities as they cross the border, and “be used for enforcement purposes at the employer level.” He added: “We have talked to many people in Washington about using it...” [Source] [Source]

EU – European Commission Launches Network Security Campaign

Europe remains woefully unaware of the security risks to computer networks, the European Commission said Wednesday as it unveiled a new awareness campaign called IT Security for Europe. Companies, individuals and public authorities spend too little on securing their computers and networks, the Commission said in a statement. About 5% to 13% of IT expenditure is spent on security, "which is alarmingly low," the Commission said. [Source]

US – NAID Survey: Business Execs Say FACTA Doesn't Go Far Enough

The vast majority of business executives say that a one-year old federal law requiring companies to destroy certain documents containing consumer credit information does not go far enough, a survey finds. The survey marked the one-year anniversary of a provision in the federal Fair and Accurate Credit Transaction Act (FACTA). The so-called "Final Disposal Rule" requires most businesses to destroy documents containing consumer credit information before discarding them. There is currently no national requirement to destroy discarded personal information that is not derived from a credit report. According to the survey, commissioned by the National Association for Information Destruction (NAID), nearly 85% of business executives would support a similar destruction requirement that covered all personal information regarding a consumer. [Source]

US – VA Employee Took Sensitive Data Home for Three Years

A data analyst employed by the Veterans Affairs Department (VA) is cooperating with local investigators and the FBI after someone broke into his Maryland home and stole a computer that contained the personal data of more than 26.5 million veterans. During a hearing to explore the circumstances of the theft, the VA Secretary said that the employee did not break any law, but had violated department policy by taking the sensitive data home – a practice that had been routine since 2003, according to testimony. [Source] [VA Official Submits Resignation, Citing Breakdown ‘On My Watch’] [Veterans Angry Over Loss of Their Personal Data] [Veterans Affairs Offers $50,000 Reward for Laptop Recovery] [VA Mandates New background Checks in Wake of Data Loss] [State helping veterans with identity theft issues] [U.S. veterans’ data theft may cost $500 million] [Stolen Veterans Data May Already Be For Sale] [Panel to examine VA computer security practices]

US – ACLU Asking State AGs & Utilities to Demand NSA Wiretapping Probe

The ACLU launched a 20-state campaign on Wednesday to stop warrantless eavesdropping by the National Security Agency and prevent telecoms firms from providing it with phone records. The rights group was appealing directly to the states because it said the U.S. Congress had failed to exert its oversight role over the White House and because the FCC had chosen not to pursue complaints. The ACLU and its affiliates are petitioning utilities regulators and attorneys general in 20 states to demand investigations and public hearings with a goal of stopping the domestic spying or revealing more about it. [Source] Regulators to look into NSA data after all] [Can the NSA Find Meaningful Patterns in Phone Records?] [Source] [Source] [ACLU sues phone companies over secret surveillance claim] [Source]

US – Philadelphia Plans to Install Security Cameras

Meetings next week will give focus to the security-camera project, enthusiastically approved by voters last week. With an overwhelming mandate from Philadelphia voters last week, city officials are moving forward with a program to set up police surveillance cameras along commercial corridors and in neighborhoods to fight crime. The cameras, once purchased, will be used initially in a pilot program and then expanded citywide, Clarke said. [Source]

US – Fresno to Install “Most Sophisticated Video Surveillance Systems in the Country”

Fresno is on the verge of installing and implementing one of the most sophisticated video surveillance systems in the country. Fresno Police Department Captain Al Maroney says “I hope to have at least a ‘seed’ system operational before the end of calendar year 2006.” The system Maroney is talking about would vastly increase video surveillance in this community with at least 256 cameras and the ability to connect with private sector cameras. A large part of the funding for this project will come from a grant from the Department of Homeland Security, administered by the County of Fresno. [Source]

US – Senate Panel Split Over Questioning Phone Company Executives

Members of the Senate Judiciary Committee are divided over proposals to question executives of four telephone companies about whether they gave the government records of millions of calls in the US to aid anti-terrorist surveillance. After objections from both Republicans and Democrats, Judiciary Committee Chairman Arlen Specter postponed a vote last Friday on issuing subpoenas for the chief executives of Verizon, AT&T, BellSouth, and Qwest Communications. He scheduled more debate for June 6 after Congress returns from a one-week recess. [Source]

US – Bush Seeks Dismissal of Wiretapping Suits: Trials Would Reveal Classified Data

The Bush administration has asked federal judges in New York and Michigan to dismiss a pair of lawsuits filed over the National Security Agency’s domestic eavesdropping program, saying litigating them would jeopardize state secrets. In papers filed late Friday, Justice Department lawyers said it would be impossible to defend the legality of the spying program without disclosing classified information that could be of value to suspected terrorists. [Source] [Source]

US – Law Enforcement Agencies May Tap Data Brokers for Telephone Records

During a Congressional inquiry into the online sale of private telephone records, data brokers revealed their client lists, which included the FBI and the Department of Homeland Security. It is unclear whether the practice is illegal, according to this article. An FBI spokesman said it was possible that the bureau had used a data broker’s services, but added that these companies offer options other than providing telephone records. A spokesman for DHS said the agency does not buy private information. [Source] [Federal, state privacy protections rarely apply to Net]

US – House Committee Approves Cybersecurity Enhancement and Data Protection Act

The US House of Representatives Judiciary Committee has approved the Cybersecurity Enhancement and Data Protection Act of 2006. If it becomes law, the bill would make the use of botnets a federal crime and provide for sentences of up to 30 years for violations of certain portions of the law. It would also give US$10 million to the FBI, Department of Justice and Secret Service for cybercrime investigation and prosecution. Furthermore, failing to inform the FBI or Secret Service of a security breach that affects 5,000 or more individuals would “be punishable by up to five years in prison.” [Source] [Source] [Lax standards for Feds in data breach vote]

US – Hawaii Governor Signs Six New ID Theft Bills

Hawaii Gov. Linda Lingle said her state will have “some of the most comprehensive laws in place to protect consumers from identity theft” with the addition of six new laws. This story contains details about the bills – Notification of Security Breaches, Destruction of Personal Information, Social Security Number Protection, Security Freeze, ID Theft Task Force and a law that will offer increased protection of personal information by making “unauthorized possession of confidential personal information” a Class C felony. [Source] [Source]

US – Identity Theft Prevention Bill Passes in California State Senate

Requiring retailers and financial institutions to remove credit card and bank account numbers from credit card transaction receipts at stores and banks, legislation was unanimously passed by the state Senate last week to decrease the rate of identity theft throughout the state. “The fewer places your sensitive financial information appears in print, the lower the odds are that you’ll become the state’s next identity theft victim,” said the bill’s author, Senator Debra Bowen. “In this day and age, there’s no reason why retailers or banks need to print people’s credit card numbers on the receipts they keep after a sale or a cash withdrawal on a credit or debit card.” The legislation will now move to the Assembly and is expected to be heard in June. [Source]

US – Minnesota Credit Freeze Bill Signed Into Law

Minnesotans will have a new weapon to protect themselves against the fast-growing crime of identity theft, thanks to a bill signed into law Tuesday by Gov. Tim Pawlenty. Beginning Aug. 1, Minnesotans can stop credit bureaus from releasing their personal financial information without their permission by requesting a “security freeze” be placed on their names. [Source]

US – Oklahoma Identify Theft Protection Measure Clears House

Victims of identity theft would be given prompt notice of the crime and the opportunity to minimize losses under legislation approved recently by the Oklahoma House of Representatives. House Bill 2357, by state Rep. Dale DePue, would require every state agency, board, commission “or other unit or subdivision of state government” that handles citizens’ personal information to disclose “any” security breach that involves the potential theft of citizens’ personal data. [Source]

US – New Illinois Credit Law Hinders Identity Theft

Illinois consumers no longer will have to prove they were victims of identity theft in order to freeze their credit reports under legislation signed by the governor Wednesday. The new law, which takes effect Jan. 1 and had the backing of senior citizens groups, also requires a password to remove the freeze. [Source]

US – Indiana Legislature Passes Identity Theft Bill

State Representative Jackie Walorski announced this week that the Indiana Legislature passed a new law that will protect Hoosiers from the release of their personal information. [Source] [Source]

US – New Hampshire Governor Signs Law to Help Deter Identity Theft

Gov. John Lynch signed a bill into law this week that makes it easier for consumers to put a freeze on credit reports. Identity theft victims can place the freeze at no charge. To place a freeze at no charge, consumers must submit a copy of a police report, investigative report or complaint filed with a law enforcement agency about the unlawful use of the consumer's personal information by someone else. [Source]

US – Insurers Urge Veto of N.Y. Credit Freeze Legislation

New York lawmakers have passed legislation designed to protect consumers against identity theft but insurers are urging Gov. George Pataki to veto the measure because its credit freeze provision does not exclude insurers. The legislation promises to give consumers a way to prevent identity theft and protect themselves against cyber piracy, while also increasing the penalties for those who commit identity theft. The package is highlighted by legislation that would allow consumers to place a security freeze on their credit, a move meant to prevent identity thieves from causing greater damage to victims’ credit. [Source]

CA – Halifax SB Queries Teachers on Their Sexual Orientation

The Halifax Regional School Board will ask teachers to list their sexual orientation in a survey measuring diversity in its schools. The survey, which will be distributed Thursday, contains the question, “Are you heterosexual, bisexual, gay or lesbian?” The school board expects its teachers to sign the survey once it’s completed. However, respondents have the option of refusing to answer some questions. [Source]

UK – Survey: Urge to Snoop Into Private Files Is Common

Remember a few years ago when some IRS employees were nabbed for snooping in people’s tax files? It’s also a problem at hospitals, where employees can snoop in celebrity medical records. Now comes a UK survey suggesting that the urge to peek at private files is quite common. Nearly a quarter of UK employees admit to having illegally accessed sensitive internal information on their employer’s IT systems and more than half would do [it], given the opportunity, research reveals. A survey of more than 2,200 UK workers highlights the challenge facing IT, HR and finance departments in protecting confidential information from non-authorized employees. When asked what type of information would tempt them most, respondents said that HR and payroll information was the most popular target (36%), followed by their manager’s personal notes (28%) and their colleagues’ personal notes (25%). [Source]

--------

CA – Canadian Biometric ID Documents: Toronto Public Forum June 15th