AU – Biometrics for All Australian Visas

All international visitors seeking to come to Australia may soon have to provide biometric identification, such as a fingerprint, to get an entry visa. The Immigration Department is considering a biometric visa system to tighten border security. Biometric visas would ensure that the person who applies for a visa overseas is the same person who presents themselves at Customs when entering the country. It would also help the department avoid high-profile bungles such as the wrongful detention of Cornelia Rau or the unlawful deportation of Vivian Alvarez. It is understood the proposed scheme will capture searchable biometric data for nearly all visa categories. [Source]

ON – Ontario Website Seeks Public Help to Identify Dead, Find Missing

Provincial police in Ontario are establishing a website to seek the public’s help to identify dead and missing people in the province. The OPP and the Ontario coroner’s office say they will post descriptions as well as pictures or artist’s renditions of human remains that they cannot identify. The website also has a section seeking the public’s help to find missing people in the province. Dr. Barry McLellan, Ontario’s chief coroner, says the site will be one of the first of its type in the world to include pictures of the deceased that the public can access. [Source]

CA – U.S. Must Use Caution with Passport Plan: Wilson

The United States must move carefully and consider the full range of possible economic consequences before tightening security at the U.S.-Canada border, Canadian Ambassador Michael Wilson said this week. In an address to the Canadian Association of New York, Wilson warned that the Western Hemisphere Travel Initiative, a law passed by the U.S. Congress requiring formal identification documents such as passports for travellers entering the United States, “threatens to drive an invisible wedge between our two peoples.” “The concern that has been expressed by a number of people to us a is whether we can meet the timelines that are set out in the legislation,” said Wilson. [Source]

CA – Alberta & War Amps Reach Compromise Over Drivers’ Licence Data

In an agreement reached by the province and the War Amps recently, Albertans renewing their driver’s licence after June 5 will be asked to fill out a form saying whether or not they want their contact information given to the group’s key tag program. [Source]

WW – Report: Government Agencies Rival Private Sector in Delivering Customer Service

According to a new research report by Accenture, entitled “Leadership in Customer Service: Building the Trust”, government agencies that lead the public sector in customer service are focused on developing sophisticated, interactive and transactional capabilities on par with the best of the private sector. In the report, Accenture finds a new trend whereby government agencies are reinventing their customer service delivery programs in order to help build greater trust - and this is redefining the relationship between citizens and their governments. From allowing drivers to pay for street parking using their mobile phones to using text messaging for “amber alerts” on missing children to installing interactive kiosks that provide information about city events, dining, shopping, and entertainment, government agencies around the world are adopting innovative new approaches to deliver value to citizens. [Source] [News Release]

US – Kodak Service Agrees to Pay Fine for Violating Spam Law

A digital photo-sharing service run by Eastman Kodak Co. settled charges it sent e-mails to 2 million recipients and failed to give them a way to opt out of future messages, the Federal Trade Commission said. Kodak Imaging Network, previously known as Ofoto Inc., agreed to pay a $26,331 penalty for violating a U.S. law aimed at curbing spam. [Source]

WW – Report: Record Management Is Complicated, Costly

The Information Security Forum (ISF) has issued a report that highlights the difficulties businesses face when it comes to record management. Email, Instant Messaging, mobile SMS and IP voice technology are complicating business decisions around data retention. Businesses face laws and regulations that require them to manage and keep business records, but data privacy laws may prevent the retention of records – leaving many organizations in a quandary, said an ISF research consultant. The ISF relied on the experiences of its members to suggest best practices, including creating a record retention policy and using a risk approach to decide which documents should be considered business records. [Source]

US – Major Issues When Designing Privacy Into Corporate Databases

Much of the attention in the privacy profession has focused on legal and administrative affairs. For most companies and government agencies, privacy ultimately involves a number of technical choices about how information is captured, stored and managed in their databases. An article in DMReview takes a look at some of the key architectural decisions that must be made to help databases put privacy into action. [Source]

UK – UK Legislation to Enforce Encryption Key Disclosure

The British government is preparing to give its police the authority to force organizations and individuals to disclose encryption keys, a move that has outraged some security and civil-rights experts. The legislation that gives the police such authority is contained within Part 3 of the Regulation of Investigatory Powers Act. The RIP Act, also known as RIPA, was introduced in 2000, but the government has held back from bringing Part 3 into effect. [Source]

WW – Credit Card Security Rules to Get Update

Changes to the Payment Card Industry (PCI) Data Security Standard are expected this summer. One change involves an effort to accommodate complaints from merchants who have encountered difficulties with encryption requirements. Another change will require merchants to assess weaknesses in payment software by mid-2008. Security experts laud the vulnerability assessment. However, the relaxation on the encryption standard by allowing businesses to adopt alternatives may potentially pose increased data security risks to consumers, experts warn. [Source] [Source]

EU – EU Data Retention Directive In Force

This month, a highly controversial European law came into effect that raises concerns about our fundamental right to privacy. Even before the final text was officially published, the directive had been criticised by several of Europe’s data protection authorities, with safeguards proposed by a European parliamentary committee ignored as the directive was driven hard through the legislative process. Known as the EU Data Retention Directive, it demands that details of people’s phone calls and emails be stored by companies for up to two years, in case the police or intelligence services require access to them. [Source] [Source]

WW – Poll Measures Level of Concern About Privacy, Technology In Five Countries

Roy Morgan International conducted a poll that found the U.S. topping the list of countries whose citizens are most worried about new technology’s impact on personal privacy. The poll found that 70% of Americans polled agreed with the statement, “I’m worried about invasion of my privacy through new technology.” The poll found that 64% of Australians agreed; 59% of respondents in Britain agreed; 57% of New Zealand respondents agreed; and 32% of those in Indonesia agreed. Canadians were not polled. [Source]

CA – Senator Pushes Looser Privacy Laws Vis-À-Vis FINTRAC

A senator is ringing alarm bells about Canada’s money-laundering and terror-financing laws, warning they may be too weak to deter criminals. Paul Massicotte raised concerns about the effectiveness of the laws during the first day of Senate committee hearings this week into proposed changes to the legal regime. “These bills are far from convincing me that we’re getting the job done and that we’re winning the battle against organized crime,” Massicotte told public security officials. [Source]

CA – Reid Urges Changes to Proposed Accountability Act

The government’s Accountability Act will actually hamper people’s ability to ferret out government secrets and should be changed, Information Commissioner John Reid said Thursday. Mr. Reid told a Commons committee that the bill needs amendments to eliminate a number of exemptions that will allow some government agencies to keep information hidden forever. [Source]

CA – Alberta Government Forcing Through Changes on Info Law

Alberta’s freedom of information law, once described by a journalism group as the most secretive in Canada, is about to get even more restrictive. The Conservative government is pushing through changes this week to Alberta’s Freedom of Information and Protection of Privacy Act to put a five-year blackout on briefing documents and other records that show how Premier Ralph Klein ran the province for more than a dozen years. “This Conservative government seems hell bent to ram through legislation this week to make Canada’s most secretive government even more tight-lipped,” Liberal Leader Kevin Taft said this week in the legislature. Taft accused the Tories of putting the interests of two dozen cabinet ministers ahead of three million Alberta residents. [Source] [Critics Irked]

CA – National DNA Data Bank Surpasses Milestone

In recognition of Police Week, the Honourable Stockwell Day was joined by RCMP Commissioner Giuliano Zaccardelli in congratulating the National DNA Data Bank (NDDB) on its recent milestone of 5,000 hits. Since it began operating in June 2000, the NDDB has consistently proven to be a powerful investigative tool in helping law enforcement solve crime, including the most serious offences. [Source]

US – Medical ID Theft Leaves Thousands Ailing

The World Privacy Forum recently issued a report on medical ID theft. The report estimated that 250,000 to 500,000 consumers have been affected after people used their identities or insurance coverage for treatment or submitted fake bills to claim the reimbursements for services never rendered by any physician. Oftentimes, victims find out long after the fraud occurred when bill collectors seek payment for costly procedures. Another danger faced by these consumers is having their medical records tainted by false information about their health, which could lead to treatment errors. [Source]

CA – Canadian Consumer Takes Steps to Protect Her Privacy

A Canadian cell phone customer was stunned to find that an online check of her account revealed that another customer’s information was visible and linked to her bill. A company spokesman said the Web site was shut down immediately and steps were taken to fix the foul-up. [Source]

US – Border ID Deadline Extended

The U.S. Senate voted this week to delay for 17 months a requirement Americans re-entering the U.S. after cruises or short visits to Canada and Mexico show passports or high-technology identification cards. The Senate would push back a Jan. 1, 2008, deadline for the requirement. A driver’s licence usually satisfies customs and border inspectors now. The measure was adopted as an amendment to a broader immigration bill before the Senate. The new deadline for having to show a passport or ID card would move to June 1, 2009, if the bill becomes law. [Source]

US – Bush Signs Order to Create Identity Theft Task Force

U.S. President George W. Bush signed an executive order on Wednesday to create a task force to crack down on identity theft. “Identity theft is a serious problem in America. [Source]

CA – Queens University Workshop on National Identification Cards

Drs. Colin Bennett and David Lyons will be leading an international research workshop at Queen’s under the GPD banner – on national identification cards June 7-9 2007. [Source]

UK – Group Seeks Anti-ID Card Support

Campaigners against a U.K. national ID card system are set to hold their first public meeting in Preston to drum up opposition to government plans. The newly-formed Preston branch of No2ID claims as people learn the facts about ID cards the group will grow. “This is being pushed through and people are not being given the facts.” [Source]

CA – Privacy Experts Detail Concerns About Proposed Changes to Copyright Law

Canadian privacy experts and other groups have issued an open letter to the ministers of Canadian heritage and industry that highlights their concerns about how proposed changes to Canadian copyright law would affect privacy, freedom of expression and civil liberties. The group is concerned in particular about the extension of legal protections to Digital Rights Management (DRM) technology. In separate letters, Canadian Privacy Commissioner Jennifer Stoddart, British Columbia’s Information and Privacy Commissioner David Loukidelis and Dr. Ann Cavoukian, Ontario’s information and privacy commissioner, each wrote a letter to the ministers to outline their concerns about DRM technology. [Source] [Source]

AU – Australia Proposes New Copyright Exceptions

Australia’s Attorney General has proposed a series of new exceptions to that country’s copyright law. While decliningto establish a general fair use provision, new exceptions for time shifting, format shifting, schools, libraries, people with disabilities, and parody are all planned for future reforms. [Source] [Source]

AU – Australian Police Peeked At Database Files

Dozens of police officers in Victoria, Australia are facing disciplinary action after an internal investigation discovered that sensitive personal files about a number of people, including a well-known TV personality, had been accessed without permission. Five officers have been fined while a further 30 are awaiting disciplinary hearings. [Source]

WW – The Security Implications of Outsourcing

Concerns about data security and the qualifications of India’s 350,000 call-center workers are starting to mount. According to John C. McCarthy, vice president for research at Forrester, some outsourcing providers forgo background checks of employees and even help applicants dress up their resumes. Dozens of major U.S. companies outsource their customer service, technical support, telemarketing, payroll accounting, and credit-card processing overseas. But growing concerns are slowing down interest in such practices, according to a recent survey by Forrester Research. Last year, companies including Bank of America, ChoicePoint, Citibank, and Time Warner experienced the loss of customer information or have reported intrusions into their data banks. [Source] [Booz Allen Survey] [Source]

WW – Search Engine Advertisers Blamed for Spyware, Spam

Sites that pay to have their links pop up on search engine result pages are nearly three times more likely to harbor spyware or adware, or hassle users with spam than URLs generated by the engine’s algorithms, research claimed. And search engines are cashing in, reported McAfee’s SiteAdvisor service. By its estimate, the search industry made $1.1 billion from risky sponsored links last year. [Source]

US – Philadelphia City Council Approves Wireless Internet Network

The Philadelphia City Council unanimously approved a plan to blanket the city’s 135 square miles with a high-speed wireless Internet connection, a measure the mayor is expected to sign soon. If the system is fully deployed by the third quarter of 2007 as planned, Philadelphia would be the first large city to have its own wireless Internet network. [Source]

US – DHS Privacy Office Slams RFID Technology

The Homeland Security Department’s Privacy Office has issued a draft report from a technology analysis group that strongly criticizes the personal privacy and security risks of using radio frequency identification device units for human identification and says the technology offers little performance benefit over competing methods. The Privacy Office is seeking comments on the report, which are due by May 22. The department’s Emerging Applications and Technology Subcommittee of the Data Privacy and Integrity Advisory Committee prepared the report, which is titled “The Use of RFID for Human Identification.” [Source] [Source] [DHS Report]

EU – Transparency ‘Crucial’ for RFID Systems

Several consumer organizations this week called on the European Commission to ensure that there is increased transparency in RFID systems, to ensure that consumers’ privacy is protected. The comments were made during a workshop held by the European Commission that discussed privacy issues around RFID. The workshop, part of the EC’s current consultation into the use of RFID tags in Europe be used to draft a communication for the European Council and Parliament. [Source] [Source]

US – VeriSign RFID Implants for Immigrants – CASPIAN’s “Jaw Dropping” Proposal

Katherine Albrecht and CASPIAN have issued a press release claiming that the head of VeriChip Corporation wants to put RFID tracking chips in immigrants. [Source] [Source] [Source]

US – FTC Takes Action Against Real Estate Services Firm For Lax Security Practices

Nations Title Agency and its parent company, Nations Holding Co., have reached a settlement with the FTC over allegations that the company had overstated the extent of its data security practices. According to the FTC, the company discarded consumer home loan applications in an unsecured Dumpster. Under the settlement, the Kansas City-based company agreed not to misrepresent its data protection policies. It also agreed to adopt and maintain a data security program, subject to outside audits for 20 years. [Source]

US – IRS Procedural Flaws Leave Taxpayer Materials Vulnerable

Taxpayer receipts and other sensitive materials were left open and vulnerable to loss or theft, and it was common to find problems with financial and security procedures at Internal Revenue Service facilities visited by auditors during an annual review. As part of a fiscal 2005 audit, Government Accountability Office employees visited a sampling of service centers, taxpayer assistance centers, field offices, financial institutions serving as agents of the government and a finance center, to evaluate how they followed financial and internal controls designed to ensure the appropriate handling of materials. [Source]

WW – Microsoft Vista OS Contains Broad Security Feature

An annoying surprise awaits 2 million consumers expected to enthusiastically step forward in the next few weeks to help Microsoft test its new Windows Vista PC operating system. Volunteers who test Vista Beta 2, a near-final version of the much-hyped upgrade of Windows, can expect to encounter an obtrusive security feature, called User Account Control. [Source] See also [Government Okays’ Vista Search] and [U.S. Wants to Add Two Years to Microsoft Settlement] [Symantec Sues to prevent release of Vista] [MS on the Future]

AU – Australian Privacy Commissioner Issues Checklist of Concerns for Smart Cards

Commissioner Paul Chadwick is raising awareness about the privacy implications of the government’s proposed smart card, which Australians will need to access welfare and Medicare services. Chadwick said questions remain about what databases will be linked to the information contained on the cards. Safeguards must be in place to prevent unauthorized access. [Source]

US – Judge Rules EFF Can Keep Sealed Docs in Domestic Spying Suit

A US federal judge has ruled that secret documents allegedly detailing surveillance of AT&T’s phone and e-mail lines under the Bush administration’s domestic spying program can be used in a lawsuit against the telephone giant, but the records will remain sealed. The judge rejected a bid by AT&T to return the records given to the privacy advocate Electronic Frontier Foundation by a former AT&T technician. Meanwhile, news organizations are planning to oppose any request from AT&T to keep the public out of a hearing that could explore whether the company illegally cooperated with the NSA. [Source]

US – Lawmakers Received Briefings on Surveillance

US National Intelligence Director John Negroponte declassified a list of 30 congressional briefings the Bush administration says have been held since the National Security Agency began its no-warrant surveillance program after the Sept. 11 attacks. Half of the briefings took place between Oct. 25, 2001 and the public disclosure of the program this past December. The remaining 15 occurred over the past five months and included an expanded group of lawmakers who were told of the program’s operational details. [Source]

US – FCC Commissioner: Privacy Still Matters Even as Government Fights Terrorism

In the wake of revelations that telecommunications companies may be providing consumers’ telephone records to the National Security Agency, a Federal Communications Commission (FCC) commissioner, Michael J. Copps, is calling for an investigation into whether the companies are violating federal communications law. Copps, a Democrat, said in a statement that the federal government’s top priority is protecting the security of Americans. But he added that “the privacy of our citizens must still matter.” [Source]

US – Former FCC Chairman Comments on Efforts to Balance National Security, Privacy

Michael Powell, the former chairman of the FCC, said this week that Americans understand the sacrifices required for security after 9-11. In the U.S. today, there is an “evolutionary dialogue to find a new balance” between national security and civil liberties, Powell said. During this process, Powell added, the government will sometimes overstep and consumers will “push back.” [Source]

US – CIA Nominee Defends Domestic Surveillance Programs

CIA director nominee Gen. Michael Hayden defended the secret surveillance programs he oversaw while head of another spy agency as lawful and designed to “preserve the security and the liberty of the American people.” Hayden’s visits to lawmakers on Capitol Hill were complicated by reaction to public disclosure of the National Security Agency program that has been building a database of millions of Americans’ everyday telephone calls. [Source] [Background] [coverage] [coverage] [coverage] [coverage]

US – Telecoms Face Lawsuits for Turning Over Customer Call Records To Feds

Telecom companies say they have safeguarded their customers’ privacy, but those assurances have not stopped attorneys for subscribers from suing for billions of dollars in civil damages. A federal lawsuit was filed recently against one telecommunications company for $50 billion in civil damages. [Source] [Source] [Coverage] [Coverage] [Source] [Source] [Coverage]

US – Wireless Industry Call for Voluntary Privacy Standards

The general counsel of the Cellular Telecommunications and Internet Association, an international trade association that represents wireless carriers, pointed out during a recent panel discussion that many companies that use geographic location technology in their products are not subject to the same federal standards as wireless phone carriers. In 2000, the trade group asked the FCC to adopt new privacy requirements after the decision to install geographic-tracking technology in cell phones. The FCC in 2002 turned down the group’s request, which led the industry to adopt its own privacy standards. [Source]

US – GAO Official Cites Privacy Risk in RFID and Data-Mining

Federal agencies are falling short in protecting privacy when performing data mining, according to congressional testimony from a senior Government Accountability Office official. Both data mining-in which large amounts of data from different sources are aggregated, searched and analyzed-and radio-frequency identification technologies are raising privacy concerns, Linda Koontz, director of information management issues for GAO, said in testimony before the House Judiciary Subcommittee on Commercial and Administrative Law this week. Koontz added that although agencies that use data mining took many necessary steps, including issuing public notices, to protect privacy, none of them followed such key procedures as including in the notices the intended use of the information. [Source]

US – Privacy: Key Challenges Facing Federal Agencies

Advances in information technology make it easier than ever for the federal government to obtain and process personal information about citizens and residents in many ways and for many purposes. To ensure that the privacy rights of individuals are respected, this information must be properly protected in accordance with current law, particularly the Privacy Act and the E-Government Act of 2002. These laws prescribe specific activities that agencies must perform to protect privacy, and the Office of Management and Budget (OMB) has developed guidance on how and in what circumstances agencies are to carry out these activities. Many agencies designate officials as focal points for privacy-related matters, and increasingly, many have created senior positions, such as chief privacy officer, to assume primary responsibility for privacy policy, as well as dedicated privacy offices. GAO was asked to testify on key challenges facing agency privacy officers. To address this issue, GAO identified and summarized issues raised in its previous reports on privacy. [Source]

US – Subpanel Approves Bill Requiring Privacy Review For Federal Rules

Federal agencies would be required to assess the privacy implications of any new or proposed rule under legislation approved Wednesday by a House subcommittee, but the measure appears to have little chance of becoming law despite the recent and ongoing furor over reports that certain phone companies have been giving calling data to the federal government. The Federal Agency Protection of Privacy Act (H.R. 2840) was approved by voice vote by the House Judiciary Commercial and Administrative Law Subcommittee. There were no amendments, although ranking member Melvin Watt, D-N.C., said he might offer an amendment later. [Source]

US – ISP Snooping Plans Take Backseat

Rep. F. James Sensenbrenner, the chairman of the House Judiciary Committee, has backed away from plans to rewrite Internet privacy rules by requiring that logs of Americans’ online activities be stored. CNET reported this week that Sensenbrenner wanted to require ISPs to track what their users were doing so police might more easily “conduct criminal investigations,” including inquiries into cases involving child exploitation and pornography. [Source] [Background]

US – Lawmakers Try to Restrict Usage of Social Security Numbers

The possibility that U.S. lawmakers might restrict the widespread use of Social Security numbers in commerce because of consumer privacy issues is prompting concern in the financial services industry. Such a move would rob businesses of a reliable and widely used identity-verification method while doing little to bolster consumer privacy, said the CEO of the American Financial Services Association in Washington. Testifying at a hearing last week on the use of Social Security numbers in commerce, the CEO said “The Social Security number is the only unique identifier in our country that enables a credit grantor, or a credit bureau, or a bank, or an insurance company, or an investment firm to be sure that the consumer they are doing business with” is legitimate, he said. Any attempt to change that use could disrupt the nation’s economy, he argued. [Source]

US – New York Lawmakers Approve Package of ID Theft Bills

The state Assembly has approved several bills intended to help consumers whose information is used to make fraudulent purchases. Lawmakers approved a security freeze bill that would allow consumers to send a certified letter to a credit agency via certified mail to request that their credit be inaccessible. Credit bureaus would have five days to respond to the consumer’s request. Consumers would be provided with a secret password to give to a credit reporting agency when account information was requested during a security freeze. Lawmakers also passed a phishing bill and another measure that would require businesses to properly dispose of or destroy records that contain personal information. [Source]

US – Three More American States Enact Data Breach Notification Laws

Indiana, Wisconsin and Nebraska have enacted data breach notification statutes requiring companies to notify a consumer if that consumer’s personal information is acquired by an unauthorized individual. The three new statutes differ in several important respects from previous notification laws. First, Nebraska and Wisconsin’s laws enlarge the type of information protected. Along with Social Security numbers, driver’s license numbers and account numbers, both states protect “biometric data.” This includes fingerprints, voiceprints, retina or iris images, DNA profiles and any other “unique physical representations.” Second, though most state laws require companies to notify that state’s residents of a data breach, Wisconsin requires companies based in its state to notify all consumers of the breach, regardless of the state, or even the country, in which they live. Finally, the Indiana statute purports to regulate companies outside Indiana to an unprecedented degree. Most state laws claim to apply to companies that “do business” within the state. Indiana’s statute claims that any company owning or using “personal information of an Indiana resident for commercial purposes” is doing business within the state. As a practical matter it is uncertain whether courts would uphold this provision. [Source]

IN – Indian Employee Biometric Database to be Mandatory for Outsourcing Jobs

The National Skills Registry has been established by the National Association of Software and Service Companies (Nasscom), India’s government-sponsored IT trade body. The goal of the registry is to register Indian employees on its biometric database as a way to provide some assurance to Western clients that the personal data of their customers will be protected by new security measures. A new organization will be set up to draft best practices, including India’s adherence to global privacy laws in data processing and outsourcing operations. Nasscom said employees’ information will be protected and it will not be shared without the worker’s consent. [Source] [Source]

US – Workplace Monitoring Requires Careful Analysis of Privacy Rights

As employers consider ID management systems, the intersection of security and personal privacy can be a minefield for companies. Several laws come into play - the Regulation of Investigatory Powers Act, Data Protection Act, Computer Misuse law, the Employment Code of Practice and the Human Rights Act. Privacy rights can be trumped if the employer informs the employee that they will be monitored. Experts warn that before a company introduces a new ID management system, they should check with attorneys to make sure they have adequate protections to protect employee privacy and safeguards to secure private data from abuses by employees and hackers. [Source]

--------