Group items tagged

Stunned applicants filling out immigration forms are now being warned their personal information can be shared with the RCMP, national security and intelligence agents, and even foreign cops. The immigrants, many who arrive here from brutal regimes, are being told that they must sign a consent form or their requests will not be dealt with by federal immigration officials. One form, which was obtained by Sun Media, said the data can be shared with the Canada Border Services Agency, RCMP, Canadian Security Intelligence Service and foreign police. TARGET FRIENDS The information can be used to target friends or family members of those who say negative things about their homelands, said Jamal Kaker, of the Afghan Association of Ontario. "This will impact a lot of immigrants in many communities," he said yesterday. "This is scary because the information will get back to Afghanistan in no time." Toronto lawyer Guidy Mamann said it can be deadly for immigrants who give information that may be negative to their governments and are then refused by Canada. "The rights of these immigrants are being trampled," Mamann said. "All this was done under the radar without an announcement." He said foreign police -- some working for the worst regimes -- will be able to find out where their nationals who fled to Canada live and allegations they have leveled against their homelands. "All this information will now be shared," Mamann said. "The lives of immigrants and some Canadian citizens will become an open book." SIGN FORMS He said Canadian citizens are affected if they sign forms to sponsor a spouse or loved ones. "It's another nail in the coffin for civil rights in Canada," Mamann said. "Negative information against governments will now be open for sharing." Toronto lawyer Mendel Green called the changes troubling. "This is a serious breach of our privacy laws," he said. "It appears to be an excess of authority. Big Brother wants to watch our visitors." Federal immig

THE Government is looking to develop a way to protect individuals' personal data that can 'best address' three issues. These are privacy concerns, commercial requirements and national interest. An inter-ministry committee is already reviewing the issue, said Minister for Information, Communications and the Arts Lee Boon Yang. 'As data protection is a complex issue, with extensive impact on all stakeholders, this review will take some time,' he said. He said this in a written reply to a question posed by Ms Lee Bee Wah of Ang Mo Kio GRC in Parliament on Monday. She had asked if his ministry will consider a comprehensive privacy law, and wanted to know what laws there are to protect people from spam mail and the unauthorised sale of personal information. Also, what about those whose photographs have been posted on blogs and other new media platforms without their authorisation, she had asked. This would be considered a 'civil matter', said Dr Lee. 'The aggrieved persons could first ask the site's webmaster to remove the pictures,' he said. 'As with matters relating to online libel and personal defamation, they could also seek professional legal advice to determine the most appropriate legal recourse.' As for the protection of personal data, the minister said that although no generic data protection law exists, such data is still protected. He listed the various measures that are already in place. For instance, there are 'strict provisions' in sectoral laws such as the Banking Act, and codes for medical professionals to protect sensitive financial and health information, he said. There are also other industry codes of practices against the unauthorised use of personal information, he added. For example. the Telecom Competition Code requires licensees to take 'reasonable measures' to prevent the unauthorised use of consumers' information. In addition, there is a voluntary privacy code, which has been adopted by many companies in the private sector, said Dr

A recurring problem in modern litigation is the inadvertent disclosure of materials subject to the attorney-client privilege or the attorney work product protection. New Federal Rule of Evidence 502 changes the rules concerning waiver of privilege in all Federal and many State court cases, thereby reducing the risk that inadvertent disclosures will constitute a wavier of attorney client privilege or work product protection. But the new rule requires careful application. Important risks remain. Inadvertent disclosure of privileged or protected information too easily occurs when massive numbers of documents or files make it impractical or prohibitively expensive to review every item individually. The proverbial privileged document needle gets lost in the e-discovery haystack and is overlooked. Later, when opposing counsel recognizes that she has a potentially privileged document and brings this to the attention of disclosing counsel, there may be a fight as to whether the document will be returned, or whether the disclosure constitutes a wavier of any privilege related to the information. Under existing State and Federal law, release of privileged or protected information to an adversary, even if inadvertent, may constitute a waiver of the privilege or protection with regard to the information or document disclosed or, worse, to all documents and other information related to the same topic. Invoking the "claw" Amendments to Federal Rule of Civil Procedure 26(b), adopted in December 2006, were aimed at reducing the risks of waiver from inadvertent disclosures. Rule 26(b) provides that if privileged information is produced, the party making the claim of privilege may notify any party that received the information of the privilege claim and the basis for it. After being notified, a party must promptly return, sequester, or destroy the specified information and any copies it has, must not use or disclose the information until the privilege claim is resolved; must t

Yesterday, the U.S. Supreme court announced its refusal to hear appeals against the banning of the Child Online Protection Act (COPA), effectively killing the bill. The American Civil Liberties Union called it "a clear victory for free speech," having fought the bill for ten years claiming it infringed on a website's freedom of speech. I've always advocated that it is the responsibility of parents to monitor their children's online activity. There are a ton of Web filtering and parental control applications available, many for free such as Blue Coat's K9 Web Protection. Especially with the country in the shape it's in now, my personal opinion is that the government has more pressing issues to attend to than babysitting children online. COPA was first passed in 1998, and made it illegal to display any pornographic material on a Web site without an access code or proof of age message. However, state courts began challenging the bill immediately, claiming it was unconstitutional and violated the First Amendment. Instead, it was ruled that parental controls should be used by individual families to block unwanted content, rather than the government determining what can and cannot be seen by all. (COPA was killed, not COPPA - Children's Online Privacy Protection Act)

If practice makes perfect, it's no wonder commercial pilot Chesley B. (Sully) Sullenberger III was able to save the day last week, guiding a malfunctioning jetliner over New York City and landing it safely in the Hudson River. It turns out Sullenberger was well trained for the job and had been studying crisis management. The Associated Press' Amy Westfeldt says Sullenberger, 57, of Danville, California, is a former fighter pilot who runs a safety consulting firm in addition to flying commercial aircraft. Westfeldt says Sullenberger is president of Safety Reliability Methods, a California firm that uses "the ultra-safe world of commercial aviation" as a basis for safety consulting in other fields. "When a plane is getting ready to crash with a lot of people who trust you, it is a test," Civil engineer Robert Bea told Westfeldt. "Sully proved the end of the road for that test. He had studied it, he had rehearsed it, he had taken it to his heart." The pilot "did a masterful job of landing the plane in the river and then making sure that everybody got out," Mayor Michael Bloomberg told AP. "He walked the plane twice after everybody else was off, and tried to verify that there was nobody else on board, and he assures us there was not. He was the last one up the aisle and he made sure that there was nobody behind him."

Enterprise employees frequently use social networking tools, most notably Web-based applications. It's no surprise more organizations are wondering what happens if social networking data becomes relevant to an e-discovery investigation. How does an enterprise go about discovering and assessing Web 2.0 data? How responsible is an organization, legally speaking, for the information that's out there in the Web 2.0 world? What risks arise from e-discovery as it relates to Web 2.0 data, and how can you mitigate them? In this tip, we will look at e-discovery as it relates to Web 2.0 and consider the strongest options for minimizing risks to the organization. E-discovery basics We begin with a quick look at what e-discovery is and how it can create risk. Essentially, e-discovery is the electronic extension of the legal process of discovery, which Wikipedia defines as "the pre-trial phase in a lawsuit in which each party through the law of civil procedure can request documents and other evidence from other parties or can compel the production of evidence by using a subpoena or through other discovery devices, such as requests for production and depositions." If you're an IT person, not a lawyer, it's important to note that the rules governing the discovery process now require plaintiffs to address all electronically stored information or ESI. In other words, if your organization faces litigation, it will have to deal with the issue of e-discovery, which will entail a whole lot more than turning over some old emails. Depending upon your role in the organization, the first you may hear of this is a "notice of litigation" with perhaps a "litigation hold directive" containing a "preservation directive." Here is a generic e-discovery request below. Apart from a few limiting factors, such as subject matter, named persons and a specified time period, the scope of such a notice is likely to be broad; blame standard procedure, not some high-powered attorney pushing his or her lu

Legislation aimed at protecting the privacy rights of car owners is drawing objections from auto manufacturers and Progressive Insurance, which hopes to introduce a program in Washington state that charges drivers based partly on how and when they drive.\n\nThe American Civil Liberties Union of Washington is pushing for the legislation, which would require automakers and other companies to inform car owners of the presence of devices that record information about their driving habits.\n\nThat includes event data recorders, or black boxes, installed on most newer cars, as well as electronic equipment such as GPS devices and OnStar, the wireless subscription service from General Motors.\n\nIn addition to requiring notification, a bill sponsored by state Sen. Claudia Kauffman, D-Kent, would clarify that vehicle owners are the owners of the data. With a few exceptions, a court order or the owner's permission would be required in order for a third party to obtain it.\n\nCarrie Tellefson, a lobbyist for Progressive Insurance, testified last week at a House Transportation Committee hearing that Substitute Senate Bill 5574 would prevent the insurance company from introducing its pioneering MyRate insurance program into Washington.\n\nProgressive Insurance first tested the idea of usage-based insurance in 1999. The company introduced the current plan, called MyRate, in 2004 and now offers it in nine states, including Oregon.\n\nCustomers who agree to opt into the program plug a device into their car's onboard diagnostic system, usually somewhere under the dashboard near the steering column. The device records information about how, when, and how much the car is driven, and wirelessly transmits the data back to Progressive's servers.\n\nCustomers are either rewarded with a discount or penalized with a higher rate depending on the information collected.\n\nThe discount can be as much as 30 percent, and the surcharge up to 9 percent.\n\nCustomers can go online and look at perso

On Wednesday, February 11, 2009, the Data Protection Working Party, an independent European advisory body on data protection and privacy, released its Working Document 1-2009 (.pdf) on pre-trial discovery for cross border civil litigation. The Working Document attempts to reconcile the tension between U.S. discovery rules and the European Union's Directive 95/46/EC (.pdf), which outlines the EU's privacy requirements. What follows is a summary of the Working Document and an analysis of how it begins to bridge the gap between U.S. discovery rules and the European privacy framework. The Working Document offers guidance to EU data controllers responding to U.S. discovery requests. As the Working Document explains, those controllers often find themselves in a bind. On the one hand, U.S. law allows for broad discovery, which may require a controller to provide, or "process," personal data of customers or employees. On the other hand, Article 7 of EU Directive 95/46 limits a member state's authority to process such data. Under Article 7, a member state may process personal data only if one of six identified grounds for processing applies. The Working Document considers the Article 7 grounds most likely to supply a legitimate basis for compliance with a discovery request - namely 1) consent, 2) necessary for compliance with a legal obligation, and 3) necessary for the purposes of a legitimate interest, where such interests are not "overridden by the interests for fundamental rights and freedoms of the data subject." Recognizing that the "interests of justice would be served by not unnecessarily limiting the ability of an organisation to act to promote or defend a legal right," the Working Document suggests that the third basis - necessary for the purposes of a legitimate interest - will often provide a ground for processing data in response to a U.S. discovery request.

Since Obama's landmark speech on cybersecurity in May, his administration hasn't revealed much about its long-percolating plans to shore up the government's defenses against hackers and cyberspies. But privacy advocates monitoring the initiative are already raising concerns about what they know and what they don't: the details that have trickled out--including the involvement of the National Security Agency--and the veil of classified information that still covers much of the multibillion-dollar project. "It feels like the Bush administration all over again," says Pam Dixon, executive director of the World Privacy Forum. "Not enough people know the details about these programs to have a good public discussion. We all want good security of government systems, but you have to balance the cloak and dagger elements with civil liberties."

Diplomats and civil servants are to be warned about the danger of putting details of their family and career on social networking websites. The advice comes after the wife of Sir John Sawers, the next head of MI6, put family details on Facebook - which is accessible to millions of internet users. Lady Sawers disclosed details such as the location of the London flat used by the couple and the whereabouts of their three children and of Sir John's parents. She put no privacy protection on her account, allowing any of Facebook's 200 million users in the open-access London network to see the entries. Lady Sawers' half-brother, Hugo Haig-Thomas, a former diplomat, was among those featured in family photographs on Facebook. Mr HaigThomas was an associate and researcher for David Irving, the controversial historian who was jailed in Austria in 2006 after pleading guilty to Holocaust denial. Patrick Mercer, the Conservative chairman of the Commons counter-terrorism sub-committee, said that the entries were a serious error and potentially damaging.

The million-and-one ways in which the Internet can be useful, efficient and fun are well known. Its potential for abuse by pornographers, phishers, scammers and spammers has also been apparent since its early days. What has taken a bit more time to emerge, however, is awareness of the Internet's increasing threat to privacy as people become more comfortable offering information about themselves online. Faculty members at Wharton say people who access the Internet for what have become routine functions -- sending email, writing blogs, and posting photos and information about themselves on social networking sites -- do not realize how much of their personal privacy, their very identities, they put at risk. Nor do they fully comprehend the extent to which they are inviting mischief, embarrassment and harm, perhaps for decades to come, from others looking to dig up digital dirt. In addition, legal experts say that while laws already on the books provide criminal and civil remedies for some nefarious uses of personal information, the ways in which the Internet can be harnessed for questionable purposes that encroach on privacy have yet to be fully addressed by the courts.

"The Electronic Frontier Foundation said it sued the Justice Department and other U.S. agencies to get information about their policies for using social networks including Facebook and Twitter in investigations, data collection and surveillance. The civil rights group said in a complaint filed yesterday in federal court in San Francisco that the government has used social-networking sites in conducting investigations and hasn't clarified the scope of that use or whether there are any restrictions or oversight to prevent abuses. The EFF said in its complaint that it is seeking the information to "help inform Congress and the public about the effect of such uses and purposes on citizens' privacy rights and associated legal protections." It cited news articles that reported police searching Facebook photos for evidence of underage drinking and an FBI search of an individual's home after the person sent messages on Twitter during the G-20 Summit notifying protesters of police movements. Facebook, based in Palo Alto, California, is the world's largest social networking site with more than 300 million users who post photos, messages and other information on their own free Facebook pages. Twitter, based in San Francisco, is a free Web service with 58 million users that lets people send 140- character messages, called "tweets," to multiple followers. EFF, also based in San Francisco, filed Freedom of Information Act requests with federal agencies in October. None of the agencies had completed processing the requests by the applicable 20-day deadline, according to the complaint. The lawsuit seeks a court order for the government to process the requests and produce documents."

"Ordering Pizza in 2015"

There are some security measures that are extremely intrusive and should only be used when there is good cause to suspect that an individual is a security risk. See-through body scanning machines are capable of projecting an image of a passenger's naked body. Passengers expect privacy underneath their clothing and should not be required to display highly personal details of their bodies such as evidence of mastectomies, colostomy appliances, penile implants, catheter tubes and the size of their breasts or genitals as a pre-requisite to boarding a plane.

Those who are superstitious may believe that bad things happen on Friday the 13th, but we will leave it to each individual and entity to formulate conclusions regarding the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), which Congress passed late on Friday, February 13, 2009, and President Obama officially signed into effect on February 17, 2009. The HITECH Act addresses various aspects relating to the use of health information technology (H.I.T.), including providing for federal funding by way of grants and incentive payments in order to promote H.I.T. implementation. This Alert focuses, however, on Subtitle D of the HITECH Act, which includes important, new and far-reaching provisions concerning the privacy and security of health information that will materially and directly affect more entities, businesses and individuals in more diverse ways than ever before. These changes are further elaborated upon below, but this Alert can only highlight certain prominent issues under the HITECH Act and is by no means a comprehensive review of this lengthy and complex Act. For questions and additional guidance on the HITECH Act, contact your Fox Rothschild attorney or the authors of this Alert. New Privacy and Security Requirements * Security Breach Notification Requirements: Security breach notification requirements under the HITECH Act go into effect 30 days after the date that interim final regulations are promulgated, which will be no later than 180 days after the date of enactment of the HITECH Act (August 16, 2009). Covered entities, business associates and vendors who handle personal health records are required to abide by breach notification requirements. Violations of this requirement by vendors would be treated as an unfair and deceptive act or practice in violation of the Federal Trade Commission Act. If a breach affects more than 500 individuals of a particular state, notice also must be provided to prominent media outl