Nov 252014

Daniel Solove and  Paul M. Schwartz write:

We spend a lot of time staying up to date so we can update our casebooks and reference books, so we thought we would share with you some of the interesting news and resources we’re finding. We plan to post a series of posts like this one throughout the year.

What follows is your must-grab, must-read recap of significant developments this year.

Go get it here or download it in pdf here.

Nov 242014

Aliya Sternstein reports:

The Department of Homeland Security is poised to ditch all records from a controversial network monitoring system called Einstein that are at least three years old, but not for security reasons.

DHS reasons the files — which include data about traffic to government websites, agency network intrusions and general vulnerabilities — have no research significance.

But some security experts say, to the contrary, DHS would be deleting a treasure chest of historical threat data. And privacy experts, who wish the metadata wasn’t collected at all, say destroying it could eliminate evidence that the governmentwide surveillance system does not perform as intended.

Read more on NextGov.

Thanks to Joe Cadillic for this link.

Nov 242014

Prolific North has an update to a breach previously noted on this blog:

The former editor of the Newcastle Journal has launched an appeal after being fined for breaching an anonymity order in a child sex case.

Brian Aitken was last week fined £1,600 after the Trinity Mirror-owned title published a story naming the school attended by a school worker accused of sexual offences involving one of the pupils.

He was prosecuted under the terms of section 39 (2) of the Children and Young Persons Act 1933.

Read more on Prolific North.

Nov 242014

The Office of the Privacy Commissioner for Personal Data has issued two investigative reports:

Investigation Report: Excessive Online collection of private tutors’ personal data by tutorial service agency websites

From the executive summary:

In respect of the collection of private tutors’ Hong Kong Identity Card numbers by six tutorial service agency websites, namely, Hong Kong Tutor Association, Tutor-Tone, Hong Kong Tutorial Consultancy, looking4tutor.com, go2tutor.com and Hong Kong University Students’ Education Network, and the collection of contact persons’ information of private tutors by Hong Kong Tutor Association, Tutor-Tone, Hong Kong Tutorial Consultancy, looking4tutor.com and go2tutor.com, the Commissioner has found that the data collected was excessive, thus contravening the requirements under Data Protection Principle 1(1) in Schedule 1 to the Personal Data (Privacy) Ordinance, Cap 486 (the “Ordinance”). The Commissioner has served separate Enforcement Notices on the five companies/ proprietors running those websites, directing them to take remedial actions and prevent recurrence of the contravention.

Read the report (pdf)

Investigation Report: Excessive Collection and Online Disclosure of Personal Data by Employment Agencies Placing Foreign Domestic Helpers

From the executive summary:

The Commissioner discovered that a number of employment agencies were displaying on their websites massive personal data provided by foreign domestic helper applicants. In addition to the applicants’ personal data, the personal data of their family members and former employers were displayed unnecessarily for the purpose of introducing the applicants to prospective employers. The collection of excessive personal data, and improper disclosure of personal data on the Internet were in breach of the Data Protection Principles 1(1) and 3 respectively of the Personal Data (Privacy) Ordinance, Cap 486.

Read the report (pdf)

Nov 242014

Yet another reminder that privacy breaches can endanger people’s safety or lives.  Independent.ie reports:

A County Wicklow mother who claimed a pharmacy allowed her husband to watch CCTV footage of herself buying a self pregnancy test kit has settled a €38,000 damages claim for an undisclosed amount.

The woman, who cannot be named, said her marriage had been highly dysfunctional and difficult for a number of years before the October 2010 incident, which had worsened her relationship with her now deceased husband.

Speaking at the Circuit Civil Court, the woman said she had bought the pregnancy test kit for a friend but her husband found the purchase receipt in their home.

Read more on Independent.ie.

Nov 242014

Ishbel MacLeod reports:

Sir Cliff Richard is reportedly considering suing the BBC and the South Yorkshire police for breach of privacy, after the broadcaster showed live coverage of his house being raided in August.

The singer’s house was searched, while he was on holiday, after a man in his 40s claimed that he had been sexually assaulted at a rally in Sheffield in 1985.

Read more on The Drum.

Nov 242014

Tim Cushing reports that an employee of Drury Plaza Hotel lost his job for posting pictures of DHS vehicles parked in the hotel’s parking garage – where they were clearly visible to any member of the public.

Now, it’s quite obvious the DHS was unhappy that someone gave away their super-secret hideout, one that is a) a structure accessible by the public and b) littered with dozens of vehicles clearly marked as belonging to the DHS. If secrecy is what the DHS agents were looking for, maybe they should have arranged for a fleet of less clearly-marked vehicles. You can’t — at least not logically — roll up in a DHS convoy and then demand that no one acknowledge this fact or speak about it to the outside world.

Read more on TechDirt.