Group items tagged

Last month, the digital advertising industry's use of behaviorally targeted advertising gained a reprieve of sorts when the Federal Trade Commission issued a final report confirming its earlier support of self-regulation. But some commission members remained concerned about ads that are shown to Web users based on their previous online activities, and in particular the possibility of violations of online privacy. Some form of legal restrictions may be imposed on the industry, the FTC indicated, if the online ad industry isn't up to the task of regulating itself. "Privacy is definitely the biggest concern today," said Joe Apprendi, CEO of Collective Media, an online advertising network based in New York. "There has been the concern that through such approaches as deep-packet technology, companies can leverage information through subscriber-based providers to marry anonymous behavioral segment data and identify real people. "The fact is, online advertising is subject to a higher standard that offline direct marketing tactics," Apprendi said. The FTC report, "Self-Regulatory Principles for Online Behavioral Advertising," continues to advocate voluntary industry self-regulation, in keeping with its principles governing online behavioral advertising issued at the end of 2007, despite the urgings of consumer advocacy groups that it impose rules regulating online advertising. The commission's new guidelines are based on four principles: * Transparency and consumer control. The commission advises that Web sites that collect data for behavioral advertising provide "a clear, concise, consumer-friendly and prominent statement" that the data are being collected to provide ads tailored to the user's interests and that the user has an easy and obvious way to choose whether to allow this. * Security for data retention. Companies that collect data for behavioral advertising should provide "reasonable" protection of that information and reta

Following on the heels of Facebook's decision to rescind a highly controversial move to store all content posted on the social network, new data has emerged to support consumers' increasing alarm over online privacy. The vast majority--80.1%--of Web surfers are indeed concerned about the privacy of their personal information such as age, gender, income and Web-surfing habits, according to a survey of some 4,000 Web users administered and analyzed by Burst Media. More worrisome, perhaps, is the finding that privacy concerns are prevalent among all age segments, including younger demographics that are coming of age online. Still, privacy concerns do appear to increase with age, from 67.3% among respondents ages 18-24 to 85.7% of respondents 55 years and older. "Online privacy is a prevailing concern for web surfers," said Chuck Moran, vice president of marketing for Burst Media. The survey was administered by Burst with the purpose of better understanding how privacy is impacting Web users' experiences online, as well as its impact on advertisers. "Advertisers must take concrete actions to mitigate consumers' privacy concerns and at the same time continue to deliver their message as effectively as possible," Moran added. "In addition, and as recently seen in the news flare up regarding Facebook's privacy controversy, publishers need to be completely transparent about their privacy policies." Facebook recently changed its terms of use agreement, which gave the Palo Alto, Calif.-based company the ability to store user-posted photos and other content, even after it was deleted by users themselves. Earlier this week, however, the company reverted to a previous version of its legal user guidelines after thousands of members protested that Facebook was claiming ownership over the content. In addition, the Burst survey found that most Web users believe Web sites are tracking their behavior online. Three out of five--62.5%--respondents indicated it is likely that a W

IT security typically has been deemed one of those services best provided in-house. But the stigma attached to outsourcing security and Security as a Service -- namely that an outsider does not know your company well enough to protect it -- may be falling away, as businesses look for more ways to cut costs. Certainly, some heavy-hitter providers believe attitudes are changing. This month, McAfee Inc. announced its new SaaS Security Business Unit. Headed by former Hewlett-Packard Co. SaaS executive Marc Olesen, the unit will oversee all McAfee products delivered over the Internet, including security scanning services, Web and email security services and remote managed host-based security software and hardware. Meanwhile, last April, IBM launched some hosted and managed services that it says help midsized businesses better manage risk and improve the security of their IT systems, all while offering cost savings over traditional products. Indeed, much of IBM's security strategy during the next 24 months will focus on moving security technologies into the cloud and expanding its managed services offerings, said Jason Hilling, an enterprise services business line executive with IBM Internet Security Systems. That includes providing some hosted implementations of technologies that once were located only at the customer premises. "Because the economy is struggling, I think there will be enough excitement in the marketplace over the cost benefits of Security as a Service that we are going to see a much higher degree of willingness to look at it as a real viable option," Hilling said. Hilling contended that a midmarket company with between 500 and 700 employees can realize costs savings from 35% to upwards of 60% by doing security as a managed service. Savings diminish as the deployment gets larger and more complicated, and the costs of managed services escalate. Yet outsourcing security is not just about cost. The world is becoming very hostile, said Sadik Al-Abdulla,

Facebook has been in the news a lot lately, and that's not good news for Chris Kelly, who is the chief privacy officer for Facebook, and - as we've reported - is quietly exploring a possible run for the Democratic nomination for state attorney general. Kelly was at the center of a firestorm this week regarding changes in Palo Alto-based Facebook's terms of service, which critics argued gave the social-networking site control over members' uploaded material, including photos, seemingly forever. On Wednesday, Kelly told CNN that the company will listen to complaints. The company's official blog now outlines how it has pulled back but Facebook has faced other problems that could hamper Kelly's efforts to run for a California political post. Last year, as Cnet reported, the firm reached an agreement with New York Attorney General Andrew Cuomo after an investigation of complaints that Facebook hadn't addressed consumers' complaints of "harassment and inappropriate conduct" regarding underage members. Facebook officials have said they are cooperating with law enforcement to protect their users from predators. But with the Democratic AG race already looking crowded - with San Francisco District Attorney Kamala Harris and Los Angeles City Attorney Rocky Delgadillo in the mix, among others - Democratic consultants are watching with great interest. Poke this, friends: Could this be the juicy stuff of television ads in a Democratic law-and-order race in California?

Facebook founder Mark Zuckerberg has responded to the privacy concerns raised in this post by Consumerist. The post pointed out that a change Facebook made to its terms of service left the impression that the social network could keep and use copies of user content (e.g. photos, notes, and personal information) in perpetuity even if users removed the information and closed their accounts. "One of the questions about our new terms of use is whether Facebook can use this information forever," Zuckerberg wrote. But, oddly, he did not answer that question. Instead he opted for a rather roundabout explanation: if you send a friend a message via Facebook's e-mail system, Facebook must create mutliple copies of that message -- one for your "sent" message box and one for your friend's inbox. That way, if you leave Facebook, the copy your friend has would not be deleted. Fair enough. The implication is that, by extension, Facebook also keeps copies of all your other information, too. But the e-mail example has a major hole in it. Copying content makes sense for e-mails, where the medium itself depends on messages being copied. The thing is, Facebook users generally do not 'send' other types of content to one another, including photographs. Rather, they post them on their own profiles for others to stop by and see. There's no obvious reason that Facebook would need to perpetually store multiple copies of photographs -- because, as far as the user is concerned, they appear only in one place. Plus, Zuckerberg seems to underestimate his users' understanding of e-mail. My guess is most Facebook users don't think that if they close an e-mail account that all the e-mails they've ever sent will disappear. Frankly, it's not e-mails that are at issue here; it's this other, more personal category of content -- the stuff that people post within their own digital walls. Zuckerberg goes on to write that despite the presence of "overly formal and protective" language that Facebo

Stunned applicants filling out immigration forms are now being warned their personal information can be shared with the RCMP, national security and intelligence agents, and even foreign cops. The immigrants, many who arrive here from brutal regimes, are being told that they must sign a consent form or their requests will not be dealt with by federal immigration officials. One form, which was obtained by Sun Media, said the data can be shared with the Canada Border Services Agency, RCMP, Canadian Security Intelligence Service and foreign police. TARGET FRIENDS The information can be used to target friends or family members of those who say negative things about their homelands, said Jamal Kaker, of the Afghan Association of Ontario. "This will impact a lot of immigrants in many communities," he said yesterday. "This is scary because the information will get back to Afghanistan in no time." Toronto lawyer Guidy Mamann said it can be deadly for immigrants who give information that may be negative to their governments and are then refused by Canada. "The rights of these immigrants are being trampled," Mamann said. "All this was done under the radar without an announcement." He said foreign police -- some working for the worst regimes -- will be able to find out where their nationals who fled to Canada live and allegations they have leveled against their homelands. "All this information will now be shared," Mamann said. "The lives of immigrants and some Canadian citizens will become an open book." SIGN FORMS He said Canadian citizens are affected if they sign forms to sponsor a spouse or loved ones. "It's another nail in the coffin for civil rights in Canada," Mamann said. "Negative information against governments will now be open for sharing." Toronto lawyer Mendel Green called the changes troubling. "This is a serious breach of our privacy laws," he said. "It appears to be an excess of authority. Big Brother wants to watch our visitors." Federal immig

Online fraud is a $4 billion dollar a year industry. It grows as the unemployment rate increases and the jobless attempt to earn a living through whatever means necessary. Meanwhile, the Internet's footprint on the global economy and culture becomes larger every day. The expansion of fraud and the identification of this risk will create more jobs in the fields of compliance, risk management, and best practices. Who will fill these positions? For many companies looking to take action, the initial move will be to consolidate roles. Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities. This will prove to be ineffective for the following reasons: 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics. 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents. 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities. 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring. Organizations will benefit in the long term by hiring dedicated staff. This tactic is one component of my company's Best Practice approach to doing business. My dedicated team helped realign business goals and create a culture that now embraces a higher set of standards and expectations. Staffing and training were the largest challenges I have faced in the last year. The positions were new, the skill set was specific, and as a result we received a dichotomous set of resumes. Applicants with online marketing experience had little to no experience with fraud, or they came from companies where more unscrupulous methods were used, and I was not confident those habits would be easily kicked. The app

A recurring problem in modern litigation is the inadvertent disclosure of materials subject to the attorney-client privilege or the attorney work product protection. New Federal Rule of Evidence 502 changes the rules concerning waiver of privilege in all Federal and many State court cases, thereby reducing the risk that inadvertent disclosures will constitute a wavier of attorney client privilege or work product protection. But the new rule requires careful application. Important risks remain. Inadvertent disclosure of privileged or protected information too easily occurs when massive numbers of documents or files make it impractical or prohibitively expensive to review every item individually. The proverbial privileged document needle gets lost in the e-discovery haystack and is overlooked. Later, when opposing counsel recognizes that she has a potentially privileged document and brings this to the attention of disclosing counsel, there may be a fight as to whether the document will be returned, or whether the disclosure constitutes a wavier of any privilege related to the information. Under existing State and Federal law, release of privileged or protected information to an adversary, even if inadvertent, may constitute a waiver of the privilege or protection with regard to the information or document disclosed or, worse, to all documents and other information related to the same topic. Invoking the "claw" Amendments to Federal Rule of Civil Procedure 26(b), adopted in December 2006, were aimed at reducing the risks of waiver from inadvertent disclosures. Rule 26(b) provides that if privileged information is produced, the party making the claim of privilege may notify any party that received the information of the privilege claim and the basis for it. After being notified, a party must promptly return, sequester, or destroy the specified information and any copies it has, must not use or disclose the information until the privilege claim is resolved; must t

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

(PDF) Information security is a critical consideration for any organization that depends on information systems and computer networks to carry out its mission or business. It is especially important for government agencies, where the public's trust is essential. The dramatic expansion in computer interconnectivity and the rapid increase in the use of the Internet are changing the way our government, the nation, and much of the world communicate and conduct business. Without proper safeguards, they also pose enormous risks that make it easier for individuals and groups with malicious intent to intrude into inadequately protected systems and use such access to obtain sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks.

This year was an interesting year in privacy and information security, and by looking back, we can clearly discern trends that will likely be a major part of the security management landscape in 2009. More and more states passed breach-notification laws and several enhanced or extended existing legislation. Software-as-a-Service (SaaS) and virtualization really took off, and compliance's looming presence grew with PCI DSS version 1.2 and some actual enforcement of HIPAA. Of particular note was Massachusetts' data breach law 201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth. This is to date the most comprehensive law of its kind, setting a new standard for what breach-notification laws should look like; it covers both paper and electronic records, it mandates appropriate security awareness training as well as security and risk assessments and, most importantly, requires companies to make changes to their security programs in accordance with the findings of those risk assessments. Similarly, California enhanced the well-known CA-1386 to include not just traditional financial information, but also health care and health insurance data as well. With new mandates popping up all the time, it's no wonder compliance was one of the biggest focus areas for enterprise information security teams in the past year, and this trend will clearly continue in 2009; there will be more regulation on both the state and federal levels, and stronger enforcement of existing regulations. Fines and other penalties for violations of PCI DSS and HIPAA will continue to rise, along with the inevitable rise in discoveries of malfeasance. As a result, there will be an even larger focus on compliance by upper management, which also means decreased time and budget for necessary security controls that don't clearly fall under a compliance umbrella.

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

Changes relating to different aspects of data management have been highlighted as key trends in the IT industry for 2009 in a report by consultancy Deloitte. The falling price of digital storage has caused an irresponsible approach to file management and IT leaders will need to give an increased focus to these issues, says Deloitte, along with finding ways around the rise in physical storage costs. "There are ways to control the escalation of storage costs, such as de-duplication tools that can free up space by reducing duplicate files," says the report. "Companies can assess the impact of individual applications, especially email - which is estimated to take up 25 per cent of enterprise storage capacity," it says. According to Deloitte's research, businesses will become increasingly aggressive when pursuing disputes related to copyright infringement and digital ownership rights. "If undertaking a swift launch of a product or digital application, companies should ensure that no element could lead to litigation," says the report. Despite pointing out that 2009 will be the break-out year for social networks in the business, Deloitte says that such networks will need to be developed with caution to encourage more productivity and balance control with employees' desire for privacy.

As arguments swirl over online privacy, a new survey indicates the issue is a dominant concern for Americans. More than 90 percent of respondents called online privacy a "really" or "somewhat" important issue, according to the survey of more than 1,000 Americans conducted by TRUSTe, an organization that monitors the privacy practices of Web sites of companies like I.B.M., Yahoo and WebMD for a fee. When asked if they were comfortable with behavioral targeting - when advertisers use a person's browsing history or search history to decide which ad to show them - only 28 percent said they were. More than half said they were not. And more than 75 percent of respondents agreed with the statement, "The Internet is not well regulated, and naïve users can easily be taken advantage of." The survey arrives at a fractious time. Debate over behavioral advertising has intensified, with industry groups trying to avoid government intervention by creating their own regulatory standards. Still, some Congressional representatives and the Federal Trade Commission are questioning whether there are enough safeguards around the practice. Last month, the F.T.C. revised its suggestions for behavioral advertising rules for the industry, proposing, among other measures, that sites disclose when they are participating in behavioral advertising and obtain consumers' permission to do so. One F.T.C. commissioner, Jon Leibowitz, warned that if the industry did not respond, intervention would be next. "Put simply, this could be the last clear chance to show that self-regulation can - and will - effectively protect consumers' privacy," Mr. Leibowitz said, or else "it will certainly invite legislation by Congress and a more regulatory approach by our commission." Some technology companies are making changes on their own. Yahoo recently shortened the amount of time it keeps data derived from searches. It is also including a link in some ads that explains how

Those who are superstitious may believe that bad things happen on Friday the 13th, but we will leave it to each individual and entity to formulate conclusions regarding the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), which Congress passed late on Friday, February 13, 2009, and President Obama officially signed into effect on February 17, 2009. The HITECH Act addresses various aspects relating to the use of health information technology (H.I.T.), including providing for federal funding by way of grants and incentive payments in order to promote H.I.T. implementation. This Alert focuses, however, on Subtitle D of the HITECH Act, which includes important, new and far-reaching provisions concerning the privacy and security of health information that will materially and directly affect more entities, businesses and individuals in more diverse ways than ever before. These changes are further elaborated upon below, but this Alert can only highlight certain prominent issues under the HITECH Act and is by no means a comprehensive review of this lengthy and complex Act. For questions and additional guidance on the HITECH Act, contact your Fox Rothschild attorney or the authors of this Alert. New Privacy and Security Requirements * Security Breach Notification Requirements: Security breach notification requirements under the HITECH Act go into effect 30 days after the date that interim final regulations are promulgated, which will be no later than 180 days after the date of enactment of the HITECH Act (August 16, 2009). Covered entities, business associates and vendors who handle personal health records are required to abide by breach notification requirements. Violations of this requirement by vendors would be treated as an unfair and deceptive act or practice in violation of the Federal Trade Commission Act. If a breach affects more than 500 individuals of a particular state, notice also must be provided to prominent media outl

Ah, social networking. It's become the fabric of today's Internet generation. Don't have a Twitter account? Heavens, even Sen. John McCain has a Twitter account. Signed up with Facebook? Only losers don't have a Facebook account. MySpace? Not bad, but it's so five minutes ago. But as lovely as social networking may be, there are a few problems. One of the biggest appears to be that you can kiss your privacy good-bye. Now, I'm not talking about the predilection of some people to share intimate details about themselves on social networking sites. I'm actually referring to the other things that might help contribute to your financial ruin. Those most enthusiastic about social networking are cybercriminals. They drool at the prospect of seeing the personal information of the 175 million people on Facebook. And they know how to use that information. For example, cybercrooks take great interest in the names of pets or grandparents on Facebook pages. That's the kind of information that banks and credit-card companies use to verify who you are when you bank online. "There are so many people on social-networking sites that it is becoming profitable for bad guys to go there," David Perry, global director of education at software security firm Trend Micro, recently told Agence France-Presse (AFP). "Bad guys can see all the things you post. You may be revealing personal information that is extremely valuable." Now Facebook has made revealing personal information even easier. This past week, it announced that users can change their privacy settings so everyone can see their profile. The company was actually responding to a request from many users who wanted the ability to share their information with even more people. As I said, cybercrooks are drooling.

Some consumers say they like the way Internet retailers will suggest new purchases to them based on what they've bought previously. Others feel creeped out when a banner ad seems to know a bit too much about their Web surfing habits. It's called behavioral advertising, and it's central to the business success of all manner of Internet commerce, from bookstores to newspapers. The practice needs regulation, says Rep. Rick Boucher , the Virginia Democrat who chairs the House Energy and Commerce Subcommittee on Communications, Technology and the Internet. Boucher says legislation to protect consumer privacy online will spur people to surf more. But Internet advertising companies are not happy about regulation, especially because Boucher's plan would require, in some cases, that consumers agree in advance before their surfing habits could be tracked. Such an approach "would really be a sea change in the U.S. regulatory framework," says Mike Zaneis, vice president for public policy at the Interactive Advertising Bureau. Virtually all consumer protection laws, he says, permit people to opt out of solicitation, for instance, with a "do not call" registry. For the Internet, Congress has done almost nothing. "To suddenly move toward a draconian opt-in standard," he says, "would really be damaging not just to businesses but consumers." Zaneis, whose group includes such news heavyweights as the New York Times Co. and Conde Nast Publications, says now is not the time to upend Internet companies' business models, right when the economy is in the tank and print advertising is drying up. He argues further that new Web browsers make the issue moot by giving consumers the ability to easily block the electronic "cookies" that track their online movements. The issue promises to be a lobbying extravaganza. Last year, when the Federal Trade Commission (FTC) was developing self-regulatory guidelines for Web companies engaging in behavioral advertising, it

Legislation aimed at protecting the privacy rights of car owners is drawing objections from auto manufacturers and Progressive Insurance, which hopes to introduce a program in Washington state that charges drivers based partly on how and when they drive.\n\nThe American Civil Liberties Union of Washington is pushing for the legislation, which would require automakers and other companies to inform car owners of the presence of devices that record information about their driving habits.\n\nThat includes event data recorders, or black boxes, installed on most newer cars, as well as electronic equipment such as GPS devices and OnStar, the wireless subscription service from General Motors.\n\nIn addition to requiring notification, a bill sponsored by state Sen. Claudia Kauffman, D-Kent, would clarify that vehicle owners are the owners of the data. With a few exceptions, a court order or the owner's permission would be required in order for a third party to obtain it.\n\nCarrie Tellefson, a lobbyist for Progressive Insurance, testified last week at a House Transportation Committee hearing that Substitute Senate Bill 5574 would prevent the insurance company from introducing its pioneering MyRate insurance program into Washington.\n\nProgressive Insurance first tested the idea of usage-based insurance in 1999. The company introduced the current plan, called MyRate, in 2004 and now offers it in nine states, including Oregon.\n\nCustomers who agree to opt into the program plug a device into their car's onboard diagnostic system, usually somewhere under the dashboard near the steering column. The device records information about how, when, and how much the car is driven, and wirelessly transmits the data back to Progressive's servers.\n\nCustomers are either rewarded with a discount or penalized with a higher rate depending on the information collected.\n\nThe discount can be as much as 30 percent, and the surcharge up to 9 percent.\n\nCustomers can go online and look at perso

Since its inception, IT has focused on reducing costs through process automation and the implementation of applications. However, that is no longer enough to sustain competitive advantage in a rapidly changing world. Today, important business decisions depend on having up-to-date, trustworthy information. At the same time, you need to assess the internal and external risks involved in such decisions. This is not easy, which is why organizations need to build an Information Strategy to guide them

Google will unveil new privacy measures today that will give consumers more control over behavioral targeting. Now, when Google serves banner ads on outside publishers' sites, the ads will include links that provide more information explaining why they were served. Clicking through will lead to details about the company's behavioral advertising program, which categorizes consumers as interested in particular types of goods or services based on the sites they visited. The program is only in beta for now, but once Google signs up publishers, consumers will be able to view the categories they have been placed in--such as "interested in travel"--and also tell Google to remove them from whatever buckets they wish. Consumers also will be able to opt out of the program permanently via a browser plug-in. Or, if people want to receive ads for certain types of products, they can edit their profiles to reflect that--in effect, opting in to particular types of ads. Google's new measures come at a time when online behavioral targeting is facing increased scrutiny. Last month, two Federal Trade Commissioners warned that the online advertising industry could face new laws if it didn't take steps to self-regulate on privacy issues. Recently, Google rival Yahoo announced enhancements to its privacy policies. Among other changes, Yahoo said it would allow consumers to opt out of behavioral targeting on its own site. Google's move drew praise from the Interactive Advertising Bureau's Mike Zaneis, vice president for public policy. "It's really a consumer empowerment tool, which is great," he said. "It's one more example of how industry is competing on the privacy issue, to the benefit of consumers--and also to the benefit of businesses."