Group items tagged

A Microsoft-led group set up three years ago has backed away from its original goal of pushing for comprehensive U.S. privacy legislation. Originally, the Consumer Privacy Legislative Forum was set up to bring a diverse array of consumer companies, technology vendors and even advocacy groups together and help drive privacy legislation. But now the group has been renamed the Business Forum for Consumer Privacy and is instead being billed as "an organization focused on fostering innovation in consumer privacy governance," according to the group's new mission statement. The Forum has released a white paper at the International Association of Privacy Professionals conference held in Washington this week. "What the organization is doing is developing the framework that would make new governance possible," said Martin Abrams, an adviser to the Forum who is executive director with the Centre for Information Policy Leadership at Hunton & Williams, an international law firm. Two of the Forum's original members, Symantec and the Center for Democracy and Technology, say they have dropped out. Eastman Kodak has also dropped out, according to Abrams. He was not authorized to say who the current members are, but the group appears to include Microsoft, Hewlett-Packard, eBay and Google. U.S. consumers are covered by a patchwork of state and federal laws that are confusing for companies, and which often force consumers to work hard to protect their own data. Many of the Forum's members would like to change things, but it appears that coming up with legislative proposals was too much.

An insurance company seeking to challenge the authority of Canada's privacy legislation and the privacy commissioner in an auto injury case will have to go to the Federal Court to make its case, the New Brunswick Court of Appeal has ruled. In State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada and Attorney General Canada, State Farm argued that Canada's privacy regime does not apply to surveillance tapes the insurer commissioned following a motor vehicle accident in 2005. In March 2005, Jennifer Vetter, insured by State Farm, was involved in a motor vehicle collision with Gerald Gaudet. State Farm subsequently hired a lawyer in anticipation of litigation by Gaudet against Vetter. The insurer also hired private investigators that conducted video surveillance on Gaudet. Gaudet filed a request under Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), that State Farm turn over to him the personal information it had compiled, including copies of the surveillance reports and tapes. State Farm went to the New Brunswick Court of Queen's Bench asking for "declaratory" relief on several issues. Among other things, the insurer asked for a court order declaring that PIPEDA did not apply to information obtained in a bodily injury damages claim. It also asked the court for an order confirming that the privacy commissioner had no right or authority to compel State Farm to turn over the documents. The privacy commissioner asked for a stay of proceedings in the New Brunswick court, arguing that the authority of the privacy commissioner was a matter for the Federal Court (which has jurisdiction over federal legislation such as the PIPEDA). The New Brunswick Appeal Court noted both the provincial and federal courts have jurisdiction to hear cases about the constitutionality of federal legislation. But only the Federal Court could determine the outcome of a direct challenge to the authority of the p

IT practices such as identity management, email and URL filtering, virus scanning and electronic monitoring of employees can get companies that do business globally into a heap of trouble if deployed without an understanding of global data privacy laws. The warning was one of several alarms raised in a presentation on global privacy best practices by Gartner Inc. analysts Arabella Hallawell and Carsten Casper at the recent Gartner Risk Management and Compliance Summit in Chicago. Always a thorny issue, the protection of personally identifiable information (PII) is made more complicated in a world where there is limited agreement on how best to do that. According to the Gartner analysts, the world is divided into three parts when it comes to data privacy laws: countries with strong, moderate or inadequate legislation. The European Union, under the European Union Directive on Data Protection, possesses the strongest privacy regulations, followed by Canada and Argentina; Australia, Japan and South Africa have moderate to strong, recent legislation; laws in China, India and the Philippines are the least effective or laxly enforced. The United States has the dubious distinction of occupying two categories -- the strong column, due to the 45 state breach notification laws on the books, and the weak column, because of the lack of a federal law. Even among the three categories, nuances abound. Under the European Union Directive, member countries enact their own principles into legislation, and some laws (like Italy's) are more stringent than the directive's standards. Russia's very recent law is modeled after the strong EU laws, but how it will be enforced remains questionable. And in the U.S., state breach notification laws vary, with Nevada and Massachusetts proposing the most prescriptive data privacy legislation to date.

"The United States House of Representatives took a major step this week toward enacting a national data breach notification law. H.R. 2221, the Data Accountability and Trust Act (DATA), cleared the House with a voice vote. In its current form, DATA requires businesses to notify customers and the Federal Trade Commission (FTC) if sensitive information has been exposed to a security breach. If the U.S. Senate can reconcile its own approach to data breach notification legislation with DATA, a new federal standard will emerge. If signed into law by President Barack Obama, a federal data breach ¬law would pre-empt the jumbled mass of dozens of state laws. "You'd be better served by federal legislation if the federal legislation has teeth and doesn't pre-empt the state's law," said California state senator Joe Simitian, speaking to executive editor Scot Petersen in September. "If there was a meaningful standard at the national level, I think many states would be happy to accept it." Aside from the data breach notification required by the HITECH Act, DATA would put into place the first national law of its kind. H.R. 2221 was sponsored by House Subcommittee Chair Rep. Bobby L. Rush of Illinois. The bill specifically states that: "Any person engaged in interstate commerce that owns or possesses data in electronic form containing personal information shall, following the discovery of a breach of security of the system maintained by such person that contains such data -- 1. notify each individual who is a citizen or resident of the United States whose personal information was acquired by an unauthorized person as a result of such a breach of security; and 2. notify the Federal Trade Commission."

"Legislation, which now moves to the Senate, requires data brokers to provide nationwide notice for certain data breaches and allows consumers to verify and to correct information held on them by data brokers. The U.S. House of Representatives approved legislation Dec. 8 requiring data brokers to establish procedures to verify the accuracy of information that identifies individuals in their databases and to allow consumers to access and request correction of incorrect information. The Data Accountability and Trust Act, approved on a voice vote, would also require data brokers to provide nationwide notice in the event of certain security breaches. The legislation now moves to the U.S. Senate."

The California State Senate approved today SB 20, legislation by State Senator Joe Simitian (D-Palo Alto), which aims to strengthen existing privacy protection laws for California consumers. The new law builds on legislation authored by Simitian in 2002 that requires a business or government agency that incurs a data breach to provide notice to the individual(s) whose information was compromised. More than 40 states have adopted similar legislation since that time, largely based on the California measure. "No one likes to get the news that information about them has been stolen," said Simitian, "but when it happens, people are entitled to get a notice they can understand, and that helps them decide what to do next." "The premise is simple," added Simitian. "What you don´t know can hurt you. Ignorance is not bliss. And you can´t protect yourself if you don´t know you´re at risk." Simitian said his latest proposal (SB 20), "is designed to make a good law even better." California´s current security breach notification law (AB 700, Simitian -2002) requires notice to consumers when their information has been compromised, but does not require data holders to provide any standard set of information about the nature of the breach. SB 20 will enhance consumer knowledge about security breaches by requiring that the notification contain specified information, including the type of personal information breached and the date of the breach.

U.S. lawmakers plan to introduce privacy legislation that would limit how Internet service providers can track their users, despite reports that no U.S. ISPs are using such technologies except for legitimate security reasons. Representative Rick Boucher, a Virginia Democrat, and three privacy experts urged lawmakers Thursday at a hearing before the House Energy Commerce subcommittee to pass comprehensive online privacy legislation in the coming months. Advocates of new legislation focused mainly on so-called deep packet inspection (DPI), a form of filtering that network operators can use to examine the content of packets as they travel across the Internet. While DPI can be used to filter spam and identify criminals, the technology raises serious privacy concerns, Boucher said. "Its privacy-intrusion potential is nothing short of frightening," he added. "The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail ... is alarming."

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

A group of U.S. companies, led by technology giants Microsoft, Hewlett-Packard and eBay, is set to outline recommendations for new federal data-privacy legislation that could make life easier for consumers and lead to a standard federal breach-notification law. The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at an upcoming privacy conference six weeks from now, according to Peter Cullen, Microsoft's chief privacy officer. The companies have been working for the past three years to encourage the adoption of federal consumer data-privacy laws and to answer the question of what federal legislation should look like, Cullen said in an interview. Other forum members include Google, Oracle, Procter & Gamble and Eli Lilly. One idea is that laws should make it easier for consumers to understand what they're getting into when they share their personal data with Web sites, Cullen said. "The whole focus on consent really puts an unfair burden on the consumer," he said. "My mom doesn't know what an IP address is." The recommendations will cover rules around data use and the ability of consumers to correct inaccurate data. And they will cover data breach notification, which is now covered by a patchwork of state laws. Simplifying breach-notification laws by creating a single federal standard is important, Cullen said Wednesday while speaking at a discussion of privacy policy in San Francisco. "It's not that there is no privacy law. There's actually too much privacy law," he said. "If you think about data-breach notification laws just as an example, there are 38 state laws, many of them very different." "We need to think about much more of a framework approach." Congress has passed some laws covering consumer data privacy, such as the 1996 Health Insurance Portability and Accountability Act (HIPAA), but existing laws do not comprehensively cover consumer privacy in general.

The new Obama Administration and a stronger Democratic party control of Congress set in the midst of a struggling economy and foreign policy issues, has created an interesting environment for legislation and regulations affecting customer interactions both federally and at state levels. While contact center-and-direct marketing-affecting issues such as offshoring, privacy, and telemarketing may haven been pushed offstage, they are not out of the hall. Ironically, economic pressures may shove them back into the spotlight as governments, especially states, seek ways to keep jobs and revenue sources, which contact centers provide. Federal Legislation Here is an examination of federal industry issues that lawmakers and regulators are and may be addressing in 2009: * Offshoring Federal lawmakers may reintroduce a bill similar to HR 1776, The Call Center Consumer's Right to Know Act, which would require contact center agents to disclose the physical location of such employee at the beginning of inbound and outbound calls. Firms would also have to annually certify to the Federal Trade Commission (FTC (News - Alert)) their compliance with such requirement. HR 1776 is an attempt to restrict offshoring by making customers aware that their calls may be going to or originating out of country. The bill's supporters hope customers and negative publicity would pressure firms to bring such jobs back to the U.S. The downsides are that such bills may significantly add to contact center costs in both onshoring and time spent location disclosing and in compliance, which would ultimately be paid for by consumers. In doing so bills like it that hike contact center expenses may also be self-defeating as they may result in fewer domestic jobs. "The particular type of disclosure contemplated by HR 1776 is a burdensome additional disclosure without clear benefit to the consumer," American Teleservices Association (ATA) CEO Tim Searcy told the House Energy and Commerce subcom

Data Privacy Trends: Randy Sabett, Information Security Attorney March 26, 2009 Activity at the State Level Points Toward a Federal Data Breach Notification Law Data privacy legislation -- the trend started in California and is being discussed heatedly in Massachusetts today. Data breach notification and privacy laws have now been enacted in 40 separate states, and government observers think we're close to seeing federal legislation proposed. In an exclusive interview, Randy Sabett, a noted privacy/information security attorney, discusses: Trends in state data privacy legislation; What these laws mean to businesses; The Obama Administration's approach to data privacy; Trends to keep an eye on throughout 2009. Randy V. Sabett, CISSP, is a partner in the Washington, D.C. office of Sonnenschein Nath & Rosenthal LLP, where he is a member of the Internet, Communications & Data Protection Practice. He counsels clients on information security, privacy, IT licensing, and patents, dealing with such issues as Public Key Infrastructure (PKI), digital and electronic signatures, federated identity, HIPAA, Gramm-Leach-Bliley, Sarbanes-Oxley, state and federal information security and privacy laws, identity theft and security breaches. He served as a Commissioner for the Commission on Cyber Security for the 44th Presidency.

Senate Judiciary Chairman Patrick Leahy (D-Vt.) has reintroduced a data breach bill that would set tougher rules for government agencies and private sector firms regarding consumers' personal information. This will be the third time around the block for the Personal Data Privacy and Security Act, which has cleared the Judiciary Committee, but never come to a vote on the Senate floor. The bill would preempt the more than 40 state laws laying out requirements for notifying consumers in the event of a data breach, a long-deferred legislative goal that has the general support of the IT industry. But Leahy's bill is about more than just data breaches. Among other things, it would set baseline security information standards for government agencies, something that the Obama administration has begun to work on with the early steps of an overhaul of the government's cybersecurity apparatus. "This is a comprehensive bill that not only deals with the need to provide Americans with notice when they have been victims of a data breach, but that also deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place," Leahy said in a statement. "Passing this comprehensive data privacy legislation is one of my highest legislative priorities as Chairman of the Judiciary Committee."

Top House and Senate Democrats are working on legislation that would prevent online marketers from sharing Web-surfing information unless Internet users allowed them to. That's according to House Communications, Technology and the Internet Subcommittee chairman Rick Boucher (D.-Va.), who told Multichannel News that such a bill was in the works and was one of his top legislative priorities. The issue of online behavioral marketing has gained traction recently, spurred by privacy concerns and by media companies' need to find new ways for advertisers to reach aggregated audiences at a time of fragmented viewing and multiplying delivery platforms. Boucher's predecessor atop the committee, Rep. Edward Markey (D-Mass.), held a hearing last fall on the issue and helped quash a test by ad-tracking company NebuAd and cable operator Charter Communications. In an interview, Boucher said he was teaming with Reps. Cliff Stearns (R-Fla.), ranking member of his subcommittee, and Joe Barton (R-Texas), ranking full committee member, on a bill that would apply "across the board" to behavioral advertising and data collection by Web sites. "The goal would be to give the Internet user a sense that information about him that is collected by Web sites is well understood by the user, so he has an opportunity to know what is collected," Boucher said. "He would then have an opportunity to act in a way that prevents that Web site using that information to market him personally, and an even broader opportunity to prevent the transfer of that information about him to third parties." Boucher envisions a combination of opt-in and opt-out requirements. "Opt-in would apply where the information is conveyed to third parties," he said, while "opt out would apply where the Web site that collects the information is using that information directly to market the customers from whom it is collected." Center for Digital Democracy executive director Jeff Chester was please

New Jersey lawmakers are considering new legislation that would require Facebook, MySpace and others to police social networking sites for offensive posts or else face potential consumer fraud lawsuits. But some lawyers say that even if the measure is enacted, it's not likely to have much impact on social networking sites because the federal Communications Decency Act immunizes such sites from lawsuits based on material posted by users. The bill is part of state Attorney General Anne Milgram's Internet safety initiative. "The social networking site safety act is intended to deter cyber-bullying and the misuse of social networking Web sites," the Office of Attorney General said in a statement about the measure. "The bill empowers users of social networking sites to take steps to stop harassment or exploitation." Last year, Milgram garnered headlines by launching a fraud investigation of gossip site JuicyCampus.com -- where users frequently posted insults about college students -- but no legal action resulted. (That site folded last month for financial reasons.) Attempts to rein in cyberbullying might be politically popular, but this type of state effort to regulate global Web sites is also likely to prove useless, say cyber lawyers. "We need to recognize that legislating on the Internet can't be done on a state-by-state basis," said Parry Aftab, an expert on Web safety and cyber-abuse. "We can't have a different law in each state."

New rules will protect consumers, harmonize regulation, and enshrine net neutrality. But a late amendment left the legislation in limbo The European Parliament has voted through a massive tranche of reforms for the European telecommunications sector, including a significant net-neutrality amendment. The 'Telecoms Package' of laws was voted into force on Wednesday with a large majority, and must now be ratified by the Council of Telecoms Ministers. The vote marks the first time that internet access has been recognised in European law as a fundamental right on a par with freedom of expression. The legislation also compels European telecoms and internet service providers (ISPs) to notify their customers of any personal data breaches, the first time they have been required to do so.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

The House Energy and Commerce Committee is slated to vote Wednesday on legislation that would require strong security policies from firms that collect and store individuals' sensitive information and provide for nationwide notification in the event of a data breach. The bill was sponsored by House Energy and Commerce Commerce, Trade, and Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., and was tweaked to win his panel's approval in June, but more revisions are expected.

Lawmakers took aim at privacy practices of cable and Internet providers Thursday at a House subcommittee hearing, laying the groundwork for the introduction of legislation that could restrict companies' ability to target ads at consumers online. The focus of the hearing was on new efforts by Internet providers to collect and share data on consumers' behavior to target online advertising and by cable companies to target ads at subscribers via their set-top boxes. Lawmakers are concerned about consumer privacy as cable, phone and Internet companies experiment with Internet-based technologies that pinpoint advertising to consumers in new and more accurate ways. Legislation to impose tougher privacy rules could be coming later this summer.

The French parliament on Thursday voted down an Internet piracy law, which had largely been expected to pass. The "Creation and Internet" law, which won the preliminary approval of the parliament last week, would compel Internet service providers to take graduated actions against customers accused of illegally downloading copyrighted material. After warning a customer against such actions for a third time, an ISP could suspend the person's Internet access for up to a year. Because the bill was expected to pass, few members of parliament were present for the final vote on the bill, according to the Associated Press. Opponents of the legislation, led by the Socialist party, rejected the measure by a vote of 21 to 15. The legislation had the support of the ruling UMP party, to which President Nicolas Sarkozy belongs, as well as the support of the Recording Industry Association of America. Backers of the bill intend to re-introduce an amended version within the coming weeks, according to reports. The entertainment industry has suggested to the United States' Congress that it should consider adopting European methods of combating copyright infringement. The United States, members of the European Union, and other countries may also consider making ISPs liable for infringement through international treaties.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

US senators have drafted legislation that would give the federal government unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies. The bill would also establish a broad set of cybersecurity standards that would be imposed on the government and the private sector, including companies that provide software, IT work or other services to networks that are deemed to be critical infrastructure. It would also mandate licenses for all individuals administering to strategically important networks. The bill, which is being co-sponsored by Senate Commerce Committee chairman John Rockefeller IV and Senator Olympia Snowe, was expected to be referred to a senate committee on Wednesday. Shortly after a working draft of the legislation began circulating, some industry groups lined up to criticize it for giving the government too much control over the internet and the private companies that make it possible. "This gives the president too much power and there's too little oversight, if there's any at all," said Gregory Nojeim, senior counsel at the Center for Democracy and Technology. "It gives him the power to act in the interest of national security, a vague term that has been broadly defined." Nojeim was pointing to language in the bill that permits the president to "order the limitation or shutdown of internet traffic to and from any compromised federal government or United States critical infrastructure information system or network" after first declaring a national cybersecurity emergency. A separate provision allows the executive in chief to "order the disconnection of any federal government or United States critical infrastructure information systems or networks in the interest of national security." "It applies to any critical infrastructure," Nojeim added. "Surely, the internet is one." The bill would also require NIST, or the National Institute of Standards and Techn

Legislation aimed at protecting the privacy rights of car owners is drawing objections from auto manufacturers and Progressive Insurance, which hopes to introduce a program in Washington state that charges drivers based partly on how and when they drive.\n\nThe American Civil Liberties Union of Washington is pushing for the legislation, which would require automakers and other companies to inform car owners of the presence of devices that record information about their driving habits.\n\nThat includes event data recorders, or black boxes, installed on most newer cars, as well as electronic equipment such as GPS devices and OnStar, the wireless subscription service from General Motors.\n\nIn addition to requiring notification, a bill sponsored by state Sen. Claudia Kauffman, D-Kent, would clarify that vehicle owners are the owners of the data. With a few exceptions, a court order or the owner's permission would be required in order for a third party to obtain it.\n\nCarrie Tellefson, a lobbyist for Progressive Insurance, testified last week at a House Transportation Committee hearing that Substitute Senate Bill 5574 would prevent the insurance company from introducing its pioneering MyRate insurance program into Washington.\n\nProgressive Insurance first tested the idea of usage-based insurance in 1999. The company introduced the current plan, called MyRate, in 2004 and now offers it in nine states, including Oregon.\n\nCustomers who agree to opt into the program plug a device into their car's onboard diagnostic system, usually somewhere under the dashboard near the steering column. The device records information about how, when, and how much the car is driven, and wirelessly transmits the data back to Progressive's servers.\n\nCustomers are either rewarded with a discount or penalized with a higher rate depending on the information collected.\n\nThe discount can be as much as 30 percent, and the surcharge up to 9 percent.\n\nCustomers can go online and look at perso