The Privacy Commissioner of Canada has ruled that business e-mail addresses are personal information. The ruling is intended to protect people from spam at work that is not work-related. The case itself involved a local football team sending an unsolicited email to a University of Ottawa law professor. The professor asked them to remove him from their list, and the same message appeared a few days later.
Read more here.
In today’s economic and technologically advanced culture, there are two constants: (1) the amount of personal information available on the Internet is increasing, and therefore the greater the risk of identify theft; and (2) people are depending less on cash and more on credit as a way to obtain goods and services. When you combine these two factors, the risks to each individual increases dramatically. However, a concerned individual could always obtain a copy of their credit report to investigate any anamolies. Obtaining a copy of your credit report is one of the best ways to prevent and combat identity theft. Beginning last month, legally, Americans were entitled to one free credit report per year. I encourage everyone to exercise this new right and obtain their credit report.
The following article contains more information about this new law, as well as factoids about obtaining your credit report and identity theft: “Giving credit where it is due: Check out your rating“
There was language inserted into an omnibus spending bill that would have allowed two committee chairmen to view the tax returns of any American. The language was caught and is being revised before being sent to President Bush for his approval. What is concerning here, as Republican Senator John McCain points out, is that when budgets and bills are pushed through at the end of a session, noone has a chance to read them and virtually anything can be contained in the bill.
Obviously this is a serious invasion of privacy, but it makes one ponder how much legislation there may be in these hundreds of thousands of pages of leglislation that either explicitly or implicitly violates the privacy and rights of U.S. citizens.
More information can be found on this ongoing news story at this article on CNN.com.
The Privacy Place researchers have participated in a Transnational Digital Government project, which focuses on developing a prototype system for remote border control. Recently, I read an article that says new security technologies, which call for fingerprinting, photographing and running checks on suspicious visitors, are being tested at U.S. border crossings. Digital fingerscans and photos are matched with databases to determine if visitors might be wanted for immigration problems and crimes or are on lists barring them from entering the country because of suspected terrorist ties. The information will be stored indefinitely in a national database, but Homeland Security officials promised its use would be restricted to ensure privacy. By the end of 2005, the United States Visitor and Immigrant Status Indicator Technology program, or US-VISIT, is scheduled to be used at all 165 land border crossings.
The current issue of Mental Floss (http://www.mentalfloss.com/) has an interesting story about the origin of Social Security numbers and what the different parts of the number mean.
According to Mental Floss, the first three digits are assigned based on the zip code where you applied for the number, the second two digits are group numbers and are not assigned sequentially but rather according to a rather complicated sequencing scheme which goes something like, a) odd numbers between 01 and 01 b) even numbers from 10 to 98 c) even numbers from 02 through 08, and d) odd numbers from 11 through 99. The last for digits are simple sequence numbers
The Mental Floss article has an interesting story about accidental misuses of the social security numbers in the early days of the system . . . Read the rest of this entry »
Apparently, there is a new x-ray machine to be used in airports in England that can see through peoples’ clothes. The machine produces an anatomically correct and detailed image in black and white. Civil liberties groups have labeled the machines as unjustified and intrusive. However, 98 percent of people who participated in the prelimary random “test run” gave positive feedback.
When I began reading this article, I was appalled at the idea of having to stand in front of an x-ray machine that will render me all but naked to some given individual. However, when I read further, it seems they address many privacy concerns. A spokesperson said that the machine images are not stored, it would be operated by a same sex operator, and that the operator would never see the actual individual. This anonymity is a bit more reassuring, but I still see the possibility of privacy invasions. The question is: Is this mild form of embarassment worth the protection the machines could provide?
Read more about this article, “Airport X-ray sees through clothes.”
Dozens of voters from Florida had to speak their ballot choice aloud to the poll people. They feel like they lost their right to a secret ballot as everyone in the line could hear their choice and this violated their privacy. By 2006, all counties in the state are required to provide voting machines accessible to to the blind.
Law.com posted an article, entitled “Keeping Promises: Online Privacy Policies,” that describes a settlement between the FTC and Gateway Learning, the sellers of “Hooked on Phonics.” To summarize the complaint, Gateway Learning posted in its privacy policy that it would not share customer information with outside parties. Gateway Learning, despite these promises, began renting personal information to marketers — including names, address, phone numbers, ages, and information about consumers’ children.
This practice is alarming, but it is also interesting to note that, as part of the settlement provisions, the FTC prohibits Gateway Learning from sharing any personal information collected unless they receive an “opt-in” consent from the consumer. I’ve been an emphatic advocate for the notion of “opt-in” to be not only common practice, but implemented in the form of legislation. Presently, some companies allow consumers to “opt-out” of sharing information with third parties, most don’t give you a choice at all, and rarely do they ever have an “opt-in” policy. Privacy shouldn’t be the burden of the consumer, it should be the de facto standard.
Unfortunately, most of the sites we analyzed in the healthcare domain have nearly identical policies to that of Gateway Learning. You can read more about this analysis in our paper: An Analysis of Web Site Privacy Policy Evolution in the Presence of HIPAA.
Privacy advocates are raising concerns over the collection and storage of data on homeless people. Department of Housing and Urban Development is collecting such data saying that it will help homeless people and battered women in the long run. What they do not realize is that there is potential risk that someone might get acces to information on a victim of domestic violence and find them and hurt them more.
For more information read:
Tussling over victims’ privacy
EWeek has a great editorial titled “The Governance Edge” in the current edition which does a great job of drawing the connection between between controls in IT infrastructure and corporate ethics. As they put it:
“Without information management, there can be no corporate governance of any kind, good or bad.”
and later in the same editorial:
IT people will have to take part in the good governance of their own companies, through helping to implement Sarbanes-Oxley, the Patriot Act, SEC 17a-4 and HIPAA compliance solutions. The tools that vendors are offering IT managers to meet these compliance guidelines give IT managers the power to preserve data and audit it when need be. IT managers need to harness this technology to make good governance a day-to-day practice within their companies.
The problem we face as an industry is that we have to work governance issues into software engineering practices and eventually good governance principles need to be “baked in” to the products and services that are offered to customers.
What does this have to do with privacy management? Everything. Privacy management, financial data controls (Sox), HIPAA (medical privacy), COPPA (child protection), are all about placing controls on how and when data can be used, all of which fall under the umbrella term, “Data Governance.”