CIPP Information Privacy & Security News

Online consumers thought to be motivated primarily by savings are, in fact, often willing to pay a premium for purchases from online vendors with clear, protective privacy policies, according to a new study in the current issue of a journal of the Institute for Operations Research and the Management Sciences (INFORMS®).

Juggling parental concern with an adolescent patient's legal and ethical right to privacy opens up some tricky questions. The law varies state by state,

While 51% of the comments were posted to blogs and 30% to message boards, just 7% appeared on Facebook and 7% on Twitter.

Despite the recent revelations - and subsequent Congressional hearings - about the use (and misuse) of personal data by companies doing business on the Internet, companies aren't about to stop collecting and trying to use it to improve their results. And why should they, when the more data companies use, the better their chances of selling you more products and services, at better returns? According to Sandy Pentland, a professor at MIT's Media Lab, the best chance people may have of controlling their data online is a modern version of "if you can't beat them, join them."

Much of the privacy debate has focused on cookies and icons and not what really matters: the misuse or abuse of consumer data by third parties in the real world. I don't care whether I see behaviorally targeted ads so much as I don't want my health care or auto insurance to be impacted by sites I've visited and stuff I post online.

"If you live in Texas, your medical records are definitely up for sale by the state. If you live anywhere else in the United States, they probably are for sale there, too. Medical health records provide key information to researchers, who have lobbied hard to keep them accessible, despite government concerns about the privacy of patient data. The controversy dates back to 1996, when Congress passed the Health Insurance Portability and Accountability Act (HIPAA) to protect patients. "Researchers have very broad access rights to health care records under HIPAA," says Pam Dixon, director of a non-profit called the World Privacy Forum "The rules are pretty loose, and there are a lot of ways to get around them." That's especially true since the act wasn't designed to cover common scenarios today: records stored online in a vast, hackable cloud. In the rush to digitize all electronic health records, Dixon says not everyone is taking the proper steps to de-personalize the data and protect patients."

"Facebook founder Mark Zuckerberg made some big announcements Wednesday from the company's headquarters in Palo Alto about changes to how users control and organize their information on the service. Zuckerberg has been criticized in the past for not caring about privacy, making statements that worry some. He once told TechCrunch that privacy was no longer the social norm. But the 26-year-old CEO has just done an about face. He told a room full of journalists, "It is a core part of our belief that people own and have control of all the information they upload.""

Can Zuckerberg be trusted not to reverse course - again. His immaturity as a leader and abuse of user trust makes one question everything that comes out of the man's mouth.

"Computer scientists have recently undermined our faith in the privacy-protecting power of anonymization, the name for techniques that protect the privacy of individuals in large databases by deleting information like names and social security numbers. These scientists have demonstrated that they can often "reidentify" or "deanonymize" individuals hidden in anonymized data with astonishing ease. By understanding this research, we realize we have made a mistake, labored beneath a fundamental misunderstanding, which has assured us much less privacy than we have assumed. This mistake pervades nearly every information privacy law, regulation, and debate, yet regulators and legal scholars have paid it scant attention. We must respond to the surprising failure of anonymization, and this Article provides the tools to do so."

Assumption of privacy through anonymization of data is called into question by deanonymization techniques. The work is not new but its implications have gone under-realized. In a country struggling to understand how to even define privacy, will anyone listen?

"A New York Times article recently charted out Facebook's privacy settings and found 50 settings and over 170 options for managing privacy, she said. The chart also points out that at 5,830 words, Facebook's privacy policy is longer than the 4,543-word count of the United States Constitution ."

Seems more leadership on privacy comes from Canada than D.C.

"Google Inc. co-founder Sergey Brin Wednesday said the Internet giant "screwed up" by collecting personal data through wireless networks and promised new oversight as European officials pledged to open investigations of the data collection. Authorities in Germany, Spain and Italy said Wednesday they were investigating Google and its Street View service, which uses camera-equipped vehicles to take street images and mark the location of Wi-Fi networks. Mr. Brin, speaking the same day at Google's developer conference in San Francisco, said the company would put "more internal controls in place" to prevent such data captures in the future, including the hiring of outside help. "Trust is very important to us," Mr. Brin said. "We're going to do everything we can to preserve that trust.""

G apologizes. Again, better to ask forgiveness... If users remain silent & gvt doesn't prosecute, why comply?

"A CEO who publicly posted his Social Security number on billboards and TV commercials as part of a campaign to promote his company's credit monitoring services was the victim of identity theft at least 13 times, a news report says. The Phoenix New Times reported that Todd Davis, CEO of LifeLock Inc., which is based in Tempe, Ariz., was victimized numerous times by identity thieves who apparently used his Social Security number to commit various types of fraud. Davis has previously admitted that he was the victim of an identity theft once in 2007, when a man in Texas used his Social Security number to take out a $500 loan which wasn't repaid and ended up being handled by a collection agency. The New Times reported that Davis has been a victim of similar ID theft at least a dozen more times."

Might not want to put much stock in Lifelock.

"SACRAMENTO, Calif.-The state Assembly passed a bill Monday that would allow video recorders to be installed on vehicles' dashboards, raising concern about drivers' privacy. Currently, state law prohibits dashboard devices that may obstruct a driver's view. The bill is supported by companies that hire teams of drivers. They want to ensure their employees are driving safely and use the cameras to help determine fault in an accident. The bill's author, Assemblyman Nathan Fletcher, R-San Diego, says companies that use the recorders in other states have reduced their accident claims by 80 percent."

Will your car have to testify against you in court?

"Whether a patient comes in for a gall-bladder operation or to have a baby, the routine remains the same for staff at Sharp HealthCare hospitals in San Diego. The front desk checks insurance records to make sure the bills get paid on time. Nurses take vitals and tag their charges with a bar-coded wristband. And behind the scenes, fund-raisers scan the assets of each patient -- to find out whether they're "megarich," "wealthy" or merely "comfortable.""

Is that a microscope following me around? Must get more tin foil to keep them from seeing my thoughts.

"Google has decided to stop its Street View cars from sniffing wireless networking data after an embarrassing privacy gaffe."

Google decided to stop violating our privacy after they were caught? Now that's forward-thinking business strategy. Better to ask forgiveness than permission. Some people think social media requires trust to be a sustainable model.

"Facebook tightens security as it deals with the continuing fallout over changes to its privacy settings." ...Earlier on May 13, Facebook had a meeting where employees asked executives questions about privacy. Facebook officials would not comment on exactly what was said. "We have an open culture and it should come as no surprise that we're providing a forum for employees to ask questions on a topic that has received a lot of outside interest," a spokesperson said.

Hey Zuck! Privacy & security are NOT the same thing. Misdirection is not the response FB users are seeking.

Germany's consumer protection minister strongly criticized Google for a widespread privacy breach and insisted Saturday the U.S. Internet giant must cooperate better with data protection authorities. Google Inc. issued an apology Friday, acknowledging it has been vacuuming up fragments of people's online activities broadcast over public Wi-Fi networks for the past four years while expanding a mapping feature called "Street View."

A four year mistake is either incompetance or a lie. Which way will Google choose to portray itself?

"Google has said that its world-roving Street View cars have been collecting information sent over open WiFi networks, contradicting previous assurances by the company. This means that Google may have collected emails and other private information if they traveled over WiFi networks while one of the cars was in range. Previously, the company said no payload data was ever intercepted."

IT companies seem to shoot their own effort in the foot on a regular basis. Usually due to a lack of process. The dot com bubble was small compared to what may be coming for trust in IT services.

For the third time in recent months, Tampa Bay citizens have found themselves the unwanted recipients of patients' private medical records. What's more, in two cases, the recipients' efforts to restore patients' privacy were rebuffed, suggesting the federal Health Insurance Portability and Accountability Act (HIPAA) is falling far short of its promise to protect and enforce patient privacy.

If the government won't enforce HIPAA, why bother having the law at all. Let patients know they are own their own.

"Federal agents can examine webcam photos and other information secretly collected from students' laptops and stored in the Lower Merion School District's computer network, a judge has ruled. Acting on a request from federal prosecutors, U.S. District Judge Jan E. DuBois agreed to broaden an earlier order that limited the release of the photos to the students or their parents and lawyers. His order was signed Friday and made public Monday. FBI agents and prosecutors want to review the images to see whether any laws were broken when school district employees activated a tracking system that snapped photos and copied screen images from lost or stolen laptops. Lower Merion school officials have acknowledged poor planning and oversight led the tracking system to capture at least 50,000 images - some showing teens or their relatives in their homes - from laptops that had already been returned to students."

Confused by the difference between privacy & security? What might your kid's laptop camera capture if it was secretly turned on by their school while searching for stolen laptops? Soon the FBI will be able to tell you.

"By now, California is well-acquainted with Meg Whitman, Steve Poizner and Carly Fiorina - Silicon Valley's big-name candidates this election season. But a pair of relatively unknown tech alums, sitting lower on the ballot, are even more an indication of the political maturation of the valley, a place that has traditionally favored pushing policy from the sidelines instead of crafting and enforcing it in Sacramento."

Geek politicians who want to do for CA what they did for the tech industry. Government 2.0 or crash, reboot, crash...