Group items tagged

With mounting concerns over online privacy and information gathering by search engines, Google has come up with a solution, Opt-out village, a 22-acre remote mountain enclave for those obsessed with privacy. According to trusted news network, ONN, access to the new privacy feature is simple. Just click the opt-out button on the Google home page. Within minutes, a van will arrive to sweep you away to Opt-Out Village nestled in the Pacific NorthWest. A team of privacy experts will eliminate your personal identifiers and guarantee that your name and address will not appear on Google local searches.

Some American Express card members' accounts may have been compromised by an employee's recent theft of data, the company said Thursday. American Express Co. spokeswoman Susan Korchak said a "relatively small portion" of card members was involved, but declined to be more specific. The former employee has been arrested and the company is investigating how the data was obtained, she said. The company is in the process of notifying affected card members by letter. In one such letter sent last week, American Express Privacy Officer Alfred Silipigni said he was informing the member of "an unfortunate issue" concerning his card. "We recently learned that certain account data was acquired without authorization by an employee who is no longer with the company," he wrote. "The former employee has been arrested, and we are cooperating with law enforcement authorities with their ongoing investigation." American Express declined to disclose any more details about the incident beyond what was in the letter. The company has put additional fraud monitoring and protection controls on the accounts at issue, Korchak said. American Express has about 39 million corporate, small business and consumer cards in force in the United States.

DESPITE SIGNIFICANT IMPROVEMENTS since the U.S. Sarbanes-Oxley Act of 2002 became effective, the continuing cost of compliance with the act's Section 404 requirements remains a concern for board members and management. A periodic operational audit of the Section 404 program can provide valuable information to executive management and the audit committee, and potentially identify areas where significant costsavings can be realized. Whether the Section 404 program is managed by the finance department, internal auditing, or another organization, it's an excellent candidate for this type of review, particularly if the focus remains on program efficiency. Several questions, based on The IIA's publication Sarbanes-Oxley Section 404: A Guide for Management by Internal Control Practitioners, can be used as the basis for the audit. The questions cover issues ranging from ensuring that operating management takes ownership of its processes, to achieving fewer and more effective key controls, to determining whether the external auditor's reliance on management testing has been optimized.

For all the concern and uproar over online privacy, marketers and data companies have always known much more about consumers' offline lives, like income, credit score, home ownership, even what car they drive and whether they have a hunting license. Recently, some of these companies have started connecting this mountain of information to consumers' browsers.

The Kaiser Permanente hospital in Bellflower has been hit with a $187,500 fine for failing for a second time to prevent unauthorized access to confidential patient information, state pubic health officials said today. [Updated at 3 p.m.: A spokesman for the hospital said the fine was part of the ongoing investigation into employees improperly accessing the medical records of Nadya Suleman and her children. Disciplinary action has been taken against the employees, said Jim Anderson, a hospital spokesman. All the incidents occurred in January; a previous post said they had occurred in April and May.] State officials said Kaiser Permanente Bellflower Medical Center compromised the privacy of four patients when eight employees improperly accessed records. This is the second penalty against the hospital, officials said. The hospital was fined $250,000 in May for failing to keep employees from snooping in the medical records of Nadya Suleman, the woman who set off a media frenzy after giving birth to octuplets in January. The fine was the first penalty imposed and largest allowed under a new state law enacted last year after the widely publicized violations of privacy at UCLA Medical Center involving Farrah Fawcett, Britney Spears, California First Lady Maria Shriver and other celebrities. "We are very concerned with violations of patient confidentiality and their potential harm to the residents of California," said Dr. Mark Horton, director of the California Department of Public Health. "Medical privacy is a fundamental right and a critical component of quality medical care in California."

In order to comply with Canadian privacy law, Facebook must take greater responsibility for the personal information in its care, the Privacy Commissioner of Canada said today in announcing the results of an investigation into the popular social networking site's privacy policies and practices. "It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," says Privacy Commissioner Jennifer Stoddart. The investigation, prompted by a complaint from the Canadian Internet Policy and Public Interest Clinic, identified several areas where Facebook needs to better address privacy issues and bring its practices in line with Canadian privacy law. An overarching concern was that, although Facebook provides information about its privacy practices, it is often confusing or incomplete. For example, the "account settings" page describes how to deactivate accounts, but not how to delete them, which actually removes personal data from Facebook's servers. The Privacy Commissioner's report recommends more transparency, to ensure that the social networking site's nearly 12 million Canadian users have the information they need to make meaningful decisions about how widely they share personal information.

Identity theft concerns are focused on the security and necessity of the collection process. Collecting personal information just because you can is unsafe. Organizations can reduce privacy risks by not collecting unnecessary personal info. Once the data gets into the data life cycle pipeline, the cost of managing and destroying it escalates. The Federal Trade Commission estimates that as many as 9 million people have their identities stolen every year. According to the Privacy Rights Clearinghouse, more than 200 million instances of data breaches have occurred since the beginning of 2005, and they show no signs of letting up. In the first quarter of 2008 alone, more than 85 million incidents were reported. The causes of data breaches run the gamut: Hackers get unencrypted, transmitted data and data at rest; laptops are stolen or lost; storage Relevant Products/Services devices are lost by third-party shipping companies; flash drives or PDAs are left lying around; Social Security numbers are accidentally printed on envelopes; or data is found on discarded computers. This article examines the organizational risks to CPAs and their clients or corporate employers of improperly managed data throughout the data life cycle. It also discusses best data management practices and proper procedures for responding to a data breach. Data breaches, whatever the cause, are costly. According to a study by the Ponemon Institute, the average cost of a data breach in 2007 was $6.3 million. The average cost to an organization per record compromised is about $197, which is typically spent on phone calls for customer notification, providing free credit monitoring, discounts on membership fees, or discounts on merchandise to make up for the security Relevant Products/Services breach. Some organizations also experience an increase in customer turnover. The organization typically spends additional money in data protection Relevant Products/Services enhancements. Companies sanctioned by

Privacy is Dead. Long Live Privacy? at the 2007 Battle of Ideas conference hosted by the Institute of Ideas.New technology seems to have changed the meaning of privacy, affording individuals the possibility of sharing details of their hitherto private lives in unprecedented ways, from personal blogs to picture sharing and even 'social bookmarking'. For many of us, divulging intimate details of our private lives via social networking websites like MySpace and Facebook has become the norm. But information and communication technologies have also facilitated surveillance and data gathering by government and big businesses. While in some contexts we seem so ready to give up our privacy, in others we seem increasingly anxious to protect it.To what extent are new technologies responsible for the death of privacy? Are privacy concerns simply technophobic, or are we right to worry about a loss of control over personal information? Have new technologies and our enthusiastic adoption of them actually transformed our notions of public and private, and blown apart the wall dividing the two? Why do we worry about Tesco monitoring what we buy, when, according to Sun Microsystems CEO Scott McNealy: 'You have zero privacy anyway. Get over it'? - IoI

Privacy is a central element of the FTC's consumer protection mission. In recent years, advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever. That has produced many benefits for society as a whole and individual consumers. For example, it is easier for law enforcement to track down criminals, for banks to prevent fraud, and for consumers to learn about new products and services, allowing them to make better-informed purchasing decisions. At the same time, as personal information becomes more accessible, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of our information. The Federal Trade Commission is educating consumers and businesses about the importance of personal information privacy, including the security of personal information. Under the FTC Act, the Commission guards against unfairness and deception by enforcing companies' privacy promises about how they collect, use and secure consumers' personal information. Under the Gramm-Leach-Bliley Act, the Commission has implemented rules concerning financial privacy notices and the administrative, technical and physical safeguarding of personal information, and it aggressively enforces against pretexting. The Commission also protects consumer privacy under the Fair Credit Reporting Act and the Children's Online Privacy Protection Act.

DURING the Parliament session on Monday, MP of Ang Mo Kio GRC Ms Lee Bee Wah, asked the Minister of Information, Communications and Arts, Dr Lee Boon Yang, whether a comprehensive privacy law will be introduced to protect the privacy of individuals and their personal data. She also queried about the existing laws which are in place to protect people from spam mails and unauthorised sale of personal information, as well as protecting people whose photographs are posted on blogs and other new media platforms. Dr Lee's reply was: "The Government recognises the importance of data protection and the need to protect personal data. At the same time, we also appreciate the impact of data protection on businesses and the general public. I had previously informed the House that an Inter-Ministry Committee is reviewing Singapore's data protection regime. This review is on-going. We are currently looking into developing a data protection model that can best address Singapore's privacy concerns, commercial requirements and national interest. As data protection is a complex issue with extensive impact on all stakeholders, this review will take some time." With regards to unauthorised Use of personal data, he replied: "While there is currently no generic data protection law, it does not mean that there is no protection of personal data. In fact we have in place strict provisions in sectoral laws, such as the Banking Act and codes for medical professionals to protect sensitive financial and health information. There are also other industry codes of practices against the unauthorised use of personal information. For example, in the telecommunications sector, under the Telecom Competition Code, IDA requires licensees to take reasonable measures to prevent the unauthorised use of End User Service Information. A telecom licensee would be in breach of the Code if it shares with third parties its customers' information that was obtained from the use of its service, without the cust

It was the annual crunch time between Thanksgiving and the new year, and Nuala O'Connor Kelly had just sent to the printer the first-ever report to Congress by a chief privacy officer. This was it, the historic reporta 40-page description of what O'Connor Kelly had been doing during her first year as the first CPO of the U.S. Department of Homeland Security. Like addressing concerns about DHS's policies with privacy officers from other countries. Examining the department's growing use of biometrics. And reading irate e-mails from the public about controversial initiatives like the Transportation Security Administration's passenger screening program. If O'Connor Kelly was nervous about the grilling she was likely to get once members of Congress got their mitts on her report, she wasn't letting on. "It's actually a great moment for the [privacy] office to sit back and take stock of where we are now and where we're going for the next two, three, four, five years," says O'Connor Kelly, dashing from one meeting to the next with one of her staff members. At the time, O'Connor Kelly was the only federal government CPO whose position was mandated by law and who was required to file an annual report to Congress. But this seemed on the brink of change. Congress's consolidated 2005 appropriations bill, signed by President Bush in December, contains a provision thatdepending on how the White House's Office of Management and Budget interprets itwould create a handful or more of CPOs at federal agencies.

"As Congress makes headlines on healthcare and financial industry oversight reform, online data privacy watchdogs are hammering away behind the scenes on the Hill. A joint hearing on online and offline data collection scheduled for later this week, and a planned series of Federal Trade Commission data privacy events have advocacy groups from as far away as California visiting Washington to make sure their voices are heard. "What we're concerned about is the amount of surveillance and tracking going on without consumer consent," said Lee Tien, senior staff attorney at the San Francisco-based Electronic Frontier Foundation. Though often skeptical of government regulation, EFF recently joined lobbying groups including Center for Digital Democracy in recommending that Congress pass clear consumer privacy legislation. "

"Big Brother is watching. That is the message corporations routinely send their employees about using email. But recent cases have shown that employees sometimes have more privacy rights than they might expect when it comes to the corporate email server. Legal experts say that courts in some instances are showing more consideration for employees who feel their employer has violated their privacy electronically. Driving the change in how these cases are treated is a growing national concern about privacy issues in the age of the Internet, where acquiring someone else's personal and financial information is easier than ever. "Courts are more inclined to rule based on arguments presented to them that privacy issues need to be carefully considered," said Katharine Parker, a lawyer at Proskauer Rose who specializes in employment issues. In past years, courts showed sympathy for corporations that monitored personal email accounts accessed over corporate computer networks. Generally, judges treated corporate computers, and anything on them, as company property. Now, courts are increasingly taking into account whether employers have explicitly described how email is monitored to their employees."

"The smart grid is rapidly becoming a reality in the US, as utilities have been installing networked monitoring and control equipment, both in their own facilities and in their customers' homes. The pace of these installations should accelerate due to recent initiatives from the Department of Energy and the state of California; across the border, the Province of Ontario will see smart meters installed in every home by the end of next year. Ontario's Information and Privacy Commissioner has now worked with members of the Future of Privacy Forum to analyze the privacy implications of these initiatives. The resulting report indicates that there are a variety of potential privacy concerns, some of which are best addressed before the deployments begin in earnest. "

Police in the US may soon be getting an iPhone add-on that will equip them with a facial recognition technology called MORIS (Mobile Offender Recognition and Information System). The device attaches to an iPhone like a case and allows the police to take a photo of a person to determine if they are a suspect or have a criminal history.

Juggling parental concern with an adolescent patient's legal and ethical right to privacy opens up some tricky questions. The law varies state by state,

State and federal lawmakers continue to introduce bills regulating the collection, use and security of consumer and personal information. The proposed federal bills could change the national privacy framework. At the same time, regulators and the plaintiffs' bar remain focused on privacy and security issues and continue to initiate enforcement actions and class action suits. This program will address these developments and provide tips for managing privacy concerns in an era of fast-changing privacy laws.

"Every day thousands of people download new applications onto their smart phones without much care for the terms of service they so easily agree to. What most of these people don't know is they may be volunteering information and allowing for companies to gather data without their consent. Recently a company called Pinch Media was charged with being a little too invasive when it comes to gathering information through their iPhone apps. According to one iPhone developer, applications using Pinch Media can retrieve information like your phone's personal ID number and can work in conjunction with other applications like Facebook to determine your gender, birth year and even your exact longitude and latitude. Pinch Media has been accused of gathering information that has nothing to do with its applications. Instead, they have been using this data collection for advertisements and other marketing purposes. Worse, is that this information is often taken without the consent of the user and more often than not does not allow the user the option to stop the information gathering. Pinch Media has fought back by arguing that they are completely within their rights to retrieve the information as long as the user gives consent when they agree to the terms of the application. Regardless of whether or not the information they gathered is being used for good or ill mannered purposes one thing is certain. Smart phone users should pay more attention to the terms of service they agree to. A simple visit to a software developer's web site can be the difference between you using your applications and your applications using you. Take the time out to read the fine print, and if you aren't sure about something - email the company directly with your questions or concerns."

"All Facebook users can deactivate their profiles, but doing so quietly might not make quite the same statement as using another service to slam the door on the site. One such service, Seppukoo.com, created by the Italian group Les Liens Invisibles, drew attention late last year after launching a campaign to convince people to commit Facebook suicide. Wannabe ex-Facebook members can provide Seppukoo.com with their names and passwords and Seppukoo then not only deactivates their profiles, but also creates a "memorial" page that it sends to users' former Facebook friends. Facebook evidently isn't happy about this development. Last month, the company fired off a cease-and-desist letter to Les Liens Invisibles, complaining that users who provide log-in data are violating Facebook's terms of service. The company also alleges that the scraping of its data violates a host of laws, including an anti-hacking law, the federal spam law and the copyright statute. "

FaceBook is sooooo concerned about our privacy!