PogoWasRight - foreign privacy news

AU: ACS supports privacy laws, calls for e-mail safeguards

Tue, 13 May 2008 06:34:44 -0400

The Australian Computer Society (ACS) has called on government to enforce rigid privacy laws on organizations which intercept employee e-mails.

Under new legislation, businesses may be given powers to intercept e-mails sent and received by staff without notification. The changes remove the need for disclosure in employee contracts, required by existing law, under the guise of counter-terrorism and national security.

ACS President Kumar Parakala said tough privacy laws are essential for interception provisions because staff often send personal e-mails from work.

Source - IDG.no

Reddit It | Digg This | Add to del.icio.us

ICO publishes data protection officer conference findings

Tue, 13 May 2008 06:28:30 -0400

The Information Commissioner�s Office (ICO) has published the findings of its Data Protection Officer Conference

Source - Findings

Reddit It | Digg This | Add to del.icio.us

Josef Fritzl: Legal action to be taken over violation of Elisabeth Fritzl's privacy

Tue, 13 May 2008 06:14:16 -0400

The Austrian incest victim Elisabeth Fritzl will today be exposed to the media coverage of her case from which she has been shielded since she was released from captivity, as her lawyer announced legal action for violation of privacy against newspapers.

... In the past two weeks Austrian media law experts have criticised the publication of private documents such as Elisabeth�s letter to a school friend and private pictures of the family and her children, some of whom are underage.

Source - Telegraph

Reddit It | Digg This | Add to del.icio.us

U.K. defence department adopts encryption after data breaches

Mon, 12 May 2008 12:11:01 -0400

Following a spate of high profile data breaches, the U.K. Ministry of Defence is set to install encryption software on 20,000 of its laptops.

It will install BeCrypt's Disk Baseline software across Royal Airforce, Army and Navy laptops, and users will need to be authenticated before they can access encrypted data. The MoD said the new BeCrypt software would be easily integrated with future technology too.

It will protect data across a range of levels, from 'Classified' to 'Secret' levels, and in some cases 'Top Secret' data.

Source - InterGovWorld.com

Reddit It | Digg This | Add to del.icio.us

AU: IT body wants internet 'snoop' safeguards

Mon, 12 May 2008 08:03:27 -0400

Australia's IT industry group is calling on the federal government to adopt guidelines surrounding the use of workplace internet records.

The Australian Computer Society (ACS) has made its submission as part of the government's review of the country's privacy laws.

... Among the list of recommendations, the ACS wants to see the mandatory publishing of an employer's email and web use policy, guidelines on who can authorise the accessing of employee emails, a logging system to identify when email records are accessed, and random auditing of those logs.

Source - Sydney Morning Herald

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

UK: Outrage in UK over staff blacklisting database

Mon, 12 May 2008 08:01:53 -0400

Last week the announcement that several UK retailers were collaborating on compiling a database of employees dismissed over suspicion of theft or fraud caused furore amongst the public, trade unions and civil liberties groups.The database is the brainchild of Action Against Business Crime (AABC), the national organisation for Business Crime Reduction Partnerships in the UK, and is due to go live later this month.

Employees who are dismissed for dishonesty or who resign before they can be dismissed will be added to the National Staff Dismissal Register (NSDR), which can be searched by prospective employers when conducing a background check on a job candidate.

Source - Silicon Republic

Thanks to Brian Honan for the link.

Reddit It | Digg This | Add to del.icio.us

Ca: Licence-plate readers worry privacy advocates

Mon, 12 May 2008 07:09:50 -0400

A new high-tech crime-fighting tool that police believe has revolutionary potential is worrying some civil libertarians and privacy watchdogs.

Automated licence-plate readers are being tried out by police forces in several Canadian jurisdictions.

In Vancouver, police are using them to track down stolen cars and nail driving scofflaws, but the technology's investigative uses could ultimately include counter-terrorism work and tracking sex offenders.

Critics fret it represents creeping big brotherism, another step towards a surveillance society.

Source - New Brunswick Business Journal

Reddit It | Digg This | Add to del.icio.us

UK: Data protection rules threaten marriage pictures

Mon, 12 May 2008 05:45:52 -0400

The traditional picture of the bride and groom signing the wedding register is under threat from data protection rules.

The custom has been set aside in many register offices and where couples insist, they must pose for the picture over a "dummy" book.

The reason given is that the photographs could invade other couples' privacy because their signatures may be visible on the same page. There are also fears that fraudsters could use the pictures to steal identities, and that the images may breach Crown copyright.

Critics said the same information can be obtained over the internet from the General Register Office.

Source - Telegraph.co.uk

Reddit It | Digg This | Add to del.icio.us

Ca: Bell Canada Hit With Privacy Complaint Over Deep Packet Inspection Practices

Sat, 10 May 2008 07:37:10 -0400

CIPPIC has filed a privacy complaint with the Privacy Commissioner of Canada over Bell's deep packet inspection practices. With CAIP raising the privacy issue in its submission to the CRTC, it was only a matter of time before the Privacy Commissioner was asked to intervene.

Source - Michael Geist

Reddit It | Digg This | Add to del.icio.us

Ca: Privacy laws allow disclosure of health information: privacy commissioners

Fri, 09 May 2008 17:27:14 -0400

Personal health information can be disclosed in emergency situations, say two of Canada's privacy commissioners.

The issue recently arose when the family of 18-year-old Carleton University student Nadia Kajouji blamed the Ottawa university for failing to do enough to inform them of her depression or prevent her suicide.

Suzanne Blanchard, Carleton's vice-president of student services, said counsellors were bound by confidentiality laws.

But Ontario Privacy Commissioner Ann Cavoukian, and B.C. counterpart David Loukidelis, have issued a joint statement saying privacy laws can respond to such situations.

"When there is a significant risk of serious bodily harm, such as suicide, privacy laws in Ontario clearly permit the disclosure of personal information without consent, regardless of age," Cavoukian said in the joint statement. "In such situations, schools may contact parents or others if there are reasonable grounds to believe that it is necessary to do so."

Source - The Canadian Press

Reddit It | Digg This | Add to del.icio.us

UK: Information Commissioner's Office gains power to fine for breaches of Data Protection Act

Fri, 09 May 2008 09:07:24 -0400

Organisations that deliberately or recklessly commit serious breaches of the Data Protection Act can now be fined by the Information Commissioner's Office (ICO) following Royal Assent to the Criminal Justice and Immigration Act today.

David Smith, deputy information commissioner, said, "This change in the law sends a very clear signal that data protection must be a priority and that it is completely unacceptable to be cavalier with people's personal information."

Source - ComputerWeekly

Reddit It | Digg This | Add to del.icio.us

UK: New Government data breach

Fri, 09 May 2008 06:22:10 -0400

Government staff have been sending out highly sensitive data in packages that include the passwords, it was revealed.

The Department for Work and Pensions errors "defeat the purpose" of tighter rules brought in after last year's data loss scandals, an internal e-mail said.

The admission comes in a message circulated to staff by one of the DWP's security advisers, and will provoke fresh doubts over Government systems.

Source - teletext

Reddit It | Digg This | Add to del.icio.us

AU: Australian Law Reform Commission readies information privacy dossier

Fri, 09 May 2008 06:07:57 -0400

After its largest public consultation exercise ever, the Australian Law Reform Commission (ALRC) expects that the single biggest reform to Australia's information privacy laws will be the proposal for a set of uniform and simplified principles for businesses, organisations and individuals.

The ALRC is due to present its final report and recommendations on amendments to Australia's information privacy laws to the Attorney General at the end of this month, which will bear significant impact on IT practices and the way electronic data is collated, stored and maintained.

Source - ARN

Reddit It | Digg This | Add to del.icio.us

UK: Database logs 'dishonest' employees

Thu, 08 May 2008 16:44:22 -0400

Companies have launched a database which allows them to share details of employees accused of dishonesty at work.

The National Staff Dismissal Register lets firms log details of staff caught stealing, committing fraud or damaging company property.

Other companies can then use the database to check job applicants' history.

Trade Unions and Civil Liberties groups condemned the move. GMB General Secretary Paul Kenny said: "There will be an enormous kick back against this and GMB as the major union for shop workers will lead the charge."

Source - MSN UK

Updated 6.33 pmReddit It | Digg This | Add to del.icio.us

Teenage Hacking Gang Busted in Bavaria

Thu, 08 May 2008 10:09:00 -0400

Experts at SophosLabs(TM), Sophos's global network of virus, spyware and spam analysis centers, have welcomed the news that German authorities have apprehended 11 people suspected of running a hacking ring.

According to media reports, police arrested suspects aged between 15 and 22 years old in Baden-W�rttemberg, Hamburg, Lower Saxony North Rhine-Westphalia and Rhineland-Palatinate and confiscated computers for forensic examination.

According to Ausberg police spokesman Manfred Gottschalk, seven of the suspects are under 18 years of age.

Source - Kansas City InfoZine

Reddit It | Digg This | Add to del.icio.us

UK: 2008 Information Security Breaches Survey

Wed, 07 May 2008 15:21:03 -0400

Survey conducted by PriceWaterhouseCoopers in conjunction with Symantec for the Department for Business, Enterprise and Regulatory Reform:

Throughout history, the sea has been the lifeblood of commerce. Today, the Internet is themodern sea, carrying electronic commerce and communications around the world. Sincethe turn of the century, that sea has been rough, with wave after wave of viruses andhacking attacks crashing into the cyber ports. Over time, the harbour defences haveimproved, and now within those firewalls, the waters appear calmer.

Yet, there remain some fundamental contradictions. 79% of businesses believe they havea clear understanding of the security risks they face, but only 48% formally assess thoserisks. 88% are confident that they have caught all significant security breaches, but only56% have procedures to log and respond to incidents. 81% believe security is a highpriority to their board, but only 55% have a security policy. 77% say protecting customerinformation is very important, but only 11% prevent it walking out of the door on USBsticks. 71% have procedures to comply with the Data Protection Act, but only 8% encryptlaptop hard drives.

Source - Department for Business, Enterprise and Regulatory Reform (UK) [pdf]

Reddit It | Digg This | Add to del.icio.us

UK: Rowling wins the right to privacy trial

Wed, 07 May 2008 06:34:29 -0400

Harry Potter author JK Rowling has won the right to carry on a legal fight to protect the privacy of her son.

The court of appeal today reversed an earlier high court judgment against the author, ruling that a case could be made that her son's right to privacy had been infringed.

Rowling brought the case - under her married name Joanne Murray - along with her husband Neil on behalf of their son, David, who is now five.

The court of appeal today ruled a case could be made that photo agency Big Pictures breached Rowling's son's right to privacy and family life under the European Convention on Human Rights, when it took long lens photographs of her son being pushed in a buggy in Edinburgh in November 2004 when he was 18 months old.

Source - Guardian

Reddit It | Digg This | Add to del.icio.us

UK: Data fear haunts ID card scheme

Wed, 07 May 2008 06:13:00 -0400

THE UK government has been warned that it should deal with the risk of data loss from its Identity Card Scheme before it proceeds any further.

The latest data warning follows repeated requests from the Information Commissioner's Office (ICO), the UK data guardian, that the Identity and Passport Service (IPS) conduct a proper assessment of the risks of data loss from the ID Scheme. That advice was ignored and now, in the wake of the HMRC data fiasco, the IPS has been told that it must improve its data standards across the whole of government to avoid data leaks from the ID scheme.

The 2007 report of the Independent Scheme Assurance Panel (pdf), which provides official oversight of the ID Scheme, said yesterday that the data risks were so serious that they needed ministerial direction and that its precautions ought to be transparent because public trust was vital to the scheme's success.

Source - The Inquirer

Reddit It | Digg This | Add to del.icio.us

UK: Automated calls about debt

Tue, 06 May 2008 16:21:31 -0400

The Information Commissioner's Office (ICO) is currently receiving large numbers of complaints about automated telephone calls referring to �debt reduction schemes� or �government debt initiatives�. The messages usually ask the recipient to press �5� for more information.Under the Privacy and Electronic Communications (EC Directive) Regulations 2003 organisations should not make automated marketing calls unless they have prior consent.

The ICO�s Enforcement Team is currently investigating to establish who is responsible for making these calls.HERE

Source - Information Commissioner's Office

Reddit It | Digg This | Add to del.icio.us

Media Release: International privacy initiative - What do students think about privacy?

Mon, 05 May 2008 06:49:32 -0400

The Privacy Commissioners of Australia, Hong Kong, New Zealand, Canada, the Northern Territory, New South Wales and Victoria today launched an international privacy competition and have encouraged secondary school students to enter. Prizes include a video camera and gift vouchers to the value of approximately $3,000.

"Our Offices have chosen to target secondary school students as this group is one of the main users of social networking sites and they appear to give away a significant amount of personal information via this medium," Ms Karen Curtis, the Australian Privacy Commissioner, said on behalf of the Commissioners.

"We are keen to understand whether or not privacy is something students consider in their daily activities, and to encourage them to start thinking about the information that they disclose and the impact that this may have on their life."

Source - Office of the Privacy Commissioner of Australia

Reddit It | Digg This | Add to del.icio.us

NZ: Law to guard against abuse of igovt ID system likely

Sun, 04 May 2008 07:45:47 -0400

New laws will likely be needed to protect people�s privacy and punish those abusing ID credentials now that igovt, the new government online identity service, has been introduced.

Speaking at the conference launching igovt, held in Wellington last week, State Services Minister David Parker said the service�s introduction necessitated new laws and independent oversight � but he said so only in passing.

When Computerworld asked for further details there was an awkward silence while Parker shuffled through his speech-notes, seemingly having to refresh his memory about what he had just said.

Source - Computerworld NZ

Reddit It | Digg This | Add to del.icio.us

AU: Rail officers 'have no power to see ID'

Sat, 03 May 2008 10:52:03 -0400

Railway transit officers in NSW are forced to rely on bluff as they have no power to demand the personal information they need to issue a fare evasion ticket.

The officers cannot demand a person's date of birth, to see ID or detain a person until police arrive, according to a report in The Sun-Herald.

"The result is that only the compliant people get tickets - they are, in effect, putting a noose around their own neck," former RailCorp employee Graeme Banks told the paper.

Source - Sydney Morning Herald

Reddit It | Digg This | Add to del.icio.us

Turkey: New law to safeguard privacy

Sat, 03 May 2008 09:00:13 -0400

A proposal referred to Parliament this week seeks to introduce provisions to safeguard rights to privacy.

The bill on protection of personal data is a legal arrangement complementing a proposal referred to Parliament about two weeks ago governing state secrets and transparency. Both bills are part of reforms driven by Turkey's bid to become a member of the European Union.

The two bills' adoption will establish two autonomous councils to oversee their implementation. The proposal on state secrets regulates the confidentiality classification of information and documents, while the new privacy law establishes parameters for the legal classification of information as personal. The 41-article draft also defines circumstances in which the state may collect personal data and strictly regulates the conditions for relaying such information to third parties.

Source - Today's Zaman

hat-tip, Canadian Privacy Law Blog

Reddit It | Digg This | Add to del.icio.us

Ca: New CIRA Whois Policy Strikes Balance Between Privacy and Access

Fri, 02 May 2008 13:15:52 -0400

My weekly technology law column (Toronto Star version, homepage version) focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in �who is� the registrant of a particular domain name).

Source - Michael Geist, CircleID

Reddit It | Digg This | Add to del.icio.us

AU: Why I hate the Privacy Commissioner's office (commentary)

Fri, 02 May 2008 06:17:02 -0400

My hair is going grey, which I can handle, but thanks to the uselessness of the Office of the Privacy Commissioner's Web site and annual report, I think it's now starting to fall out.

The Privacy Commissioner Karen Curtis � bless her cotton socks � has been trying to prime business for data breach disclosure laws with initiatives such as privacy awards � a positive approach to foster support among companies for what will presumably be an unpopular piece of legislation.

Last week a news story from the UK triggered my interest � the UK Information Commissioner's Office (ICO) revealed that since the security breach at HMRC in November last year, it has been notified of almost 100 data breaches. The public sector accounted for 62 breaches and the private sector for 28.

That set me thinking � how well (or poorly) does Australia fare in terms of data security and privacy?

Source - ZDNet Australia

Reddit It | Digg This | Add to del.icio.us

UK: Surveillance 'breached human rights'

Thu, 01 May 2008 13:45:29 -0400

The High Court yesterday heard that the Metropolitan Police's policy of routinely photographing anti-arms fair activists was a breach of human rights, in a case brought by an Oxford man.

Campaign Against Arms Trade member Andrew Wood was photographed while attending the annual meeting of publisher and arms fair organiser Reed Elsevier, at the Millennium Hotel, in Grosvenor Square, London, in April 2005, after buying a share in the company.

Source - Oxford Mail

Reddit It | Digg This | Add to del.icio.us

UK: Lollicams - the latest weapon in the battle against bad drivers

Thu, 01 May 2008 12:22:04 -0400

Lollipop ladies have been handed a new weapon to tackle abusive or speeding drivers outside schools.

Patrolmen and women are to be given high-tech lollipops with video cameras capable of recording the bad behaviour of the drivers they encounter.

The tiny hidden cameras will be embedded in the black strip on their lollipop signs - the place once designed for traffic enforcers to write up in chalk the licence plate details of offending motorists.

Source - Times Online

Reddit It | Digg This | Add to del.icio.us

Every Italian's income posted on internet

Thu, 01 May 2008 10:41:13 -0400

The incomes of every Italian citizen were published on the web without any prior warning by the government, just days before it was due to leave power.

Claiming it was part of a crackdown on tax evasion, the finance ministry yesterday put details of the declared taxable income of every citizen on the country's tax website.

Source - Guardian

Reddit It | Digg This | Add to del.icio.us

Ca: Appearance before the Standing Committee on Access to Information, Privacy and Ethics on Privacy Act Reform

Thu, 01 May 2008 10:32:40 -0400

Opening Statement by Jennifer Stoddart, Privacy Commissioner of Canada (Printable Adobe version)

Recommendations (Printable Adobe version)

Reforming the Privacy Act � A Chronology of Recommendations (Printable Adobe version)

Source - Office of the Privacy Commissioner of Canada

Reddit It | Digg This | Add to del.icio.us

If you handle personal information, you'd better know the exceptions in privacy laws

Wed, 30 Apr 2008 09:20:55 -0400

If you handle personal information and only read one privacy law article, this one should be it:

Far too often, bureaucrats, cops and others use poorly understood privacy laws as a justification for inaction. Maybe it's just that they don't fully understand the myriad rules and the multiplicity of exceptions.

Privacy laws are complicated and are not well understood, even by people whose day-to-day operations are affected by them. But they are generally sensible and coherent. And -- believe it or not -- they are laced with common sense.

I've had the opportunity to look at every privacy law in Canada and I don't think I've seen one that does not have a public interest override. A public body, in the public sector context, can disclose personal information without consent if it is in the public interest to do so. There are often other exceptions from the general rule that requires consent.

Source - Canadian Privacy Law Blog

Reddit It | Digg This | Add to del.icio.us