According to a Washington Post article, in an eight-page document released on Capitol Hill today, Microsoft outlined a series of steps it would like to see Congress take to preempt a growing number of state laws that impose varying requirements on the collection, use, storage and disclosure of personal information.

To many of us, this is shocking news. However shocking, though, it is good news for privacy advocates. Microsoft is proposing that data keepers notify consumers when the institution’s privacy policy has changed, as well as allowing users to be able to view information that companies hold about them. If such legislation is enacted, and if no provisions are written in to prevent it, consumers can query data keepers such as ChoicePoint as to what information they have aggregated about the themselves.

Personally and professionally, I believe this would be a step in the right direction and a victory for privacy advocates. It also helps that a large company such as Microsoft is advocating on our behalf. Maybe now that the corporations are lining up, Congress will listen to us.

A recent study by Javelin Strategy & Research has found that in 26 percent of all ID theft cases, the victim knew the person responsible for the theft. The same study explains that online identity theft isn’t the largest threat. For those users who are afraid to make purchases online, you may be interested to know that you are more likely to be at risk from dumpster divers. Still, identity theft has tripled in the past couple of years, so make sure you continue to shred personal documents, give out your personal information sparingly, and regularly obtain your credit report.

Click here to read this article.

The Privacy Commissioner of Canada has ruled that business e-mail addresses are personal information. The ruling is intended to protect people from spam at work that is not work-related. The case itself involved a local football team sending an unsolicited email to a University of Ottawa law professor. The professor asked them to remove him from their list, and the same message appeared a few days later.

Read more here.

Japan has passed new privacy laws that are cracking down on organizations who do not protect private information. The penalty can include a prison sentence of up to 6 months. The question is, will this be enough to motivate people to protect personal information. The results seem promising as shredder sales in Japan have gone through the roof. Read more about this here.

A recent survey found that protecting the privacy of consumer information is actually good for business. We’ve been preaching this message for years, but it seems that someone has actually provided some hard evidence. By protecting consumer information, businesses experience less downtime from security breaches and less defections from customers.

Read more here.

In today’s economic and technologically advanced culture, there are two constants: (1) the amount of personal information available on the Internet is increasing, and therefore the greater the risk of identify theft; and (2) people are depending less on cash and more on credit as a way to obtain goods and services. When you combine these two factors, the risks to each individual increases dramatically. However, a concerned individual could always obtain a copy of their credit report to investigate any anamolies. Obtaining a copy of your credit report is one of the best ways to prevent and combat identity theft. Beginning last month, legally, Americans were entitled to one free credit report per year. I encourage everyone to exercise this new right and obtain their credit report.

The following article contains more information about this new law, as well as factoids about obtaining your credit report and identity theft: “Giving credit where it is due: Check out your rating“

There was language inserted into an omnibus spending bill that would have allowed two committee chairmen to view the tax returns of any American. The language was caught and is being revised before being sent to President Bush for his approval. What is concerning here, as Republican Senator John McCain points out, is that when budgets and bills are pushed through at the end of a session, noone has a chance to read them and virtually anything can be contained in the bill.

Obviously this is a serious invasion of privacy, but it makes one ponder how much legislation there may be in these hundreds of thousands of pages of leglislation that either explicitly or implicitly violates the privacy and rights of U.S. citizens.

More information can be found on this ongoing news story at this article on CNN.com.

Apparently, there is a new x-ray machine to be used in airports in England that can see through peoples’ clothes. The machine produces an anatomically correct and detailed image in black and white. Civil liberties groups have labeled the machines as unjustified and intrusive. However, 98 percent of people who participated in the prelimary random “test run” gave positive feedback.

When I began reading this article, I was appalled at the idea of having to stand in front of an x-ray machine that will render me all but naked to some given individual. However, when I read further, it seems they address many privacy concerns. A spokesperson said that the machine images are not stored, it would be operated by a same sex operator, and that the operator would never see the actual individual. This anonymity is a bit more reassuring, but I still see the possibility of privacy invasions. The question is: Is this mild form of embarassment worth the protection the machines could provide?

Read more about this article, “Airport X-ray sees through clothes.”

Law.com posted an article, entitled “Keeping Promises: Online Privacy Policies,” that describes a settlement between the FTC and Gateway Learning, the sellers of “Hooked on Phonics.” To summarize the complaint, Gateway Learning posted in its privacy policy that it would not share customer information with outside parties. Gateway Learning, despite these promises, began renting personal information to marketers — including names, address, phone numbers, ages, and information about consumers’ children.

This practice is alarming, but it is also interesting to note that, as part of the settlement provisions, the FTC prohibits Gateway Learning from sharing any personal information collected unless they receive an “opt-in” consent from the consumer. I’ve been an emphatic advocate for the notion of “opt-in” to be not only common practice, but implemented in the form of legislation. Presently, some companies allow consumers to “opt-out” of sharing information with third parties, most don’t give you a choice at all, and rarely do they ever have an “opt-in” policy. Privacy shouldn’t be the burden of the consumer, it should be the de facto standard.

Unfortunately, most of the sites we analyzed in the healthcare domain have nearly identical policies to that of Gateway Learning. You can read more about this analysis in our paper: An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA.