PogoWasRIght - Privacy News Headlines

Research Report: What Californians Understand About Privacy Offline

Thu, 15 May 2008 06:57:52 -0400

Hoofnagle, Chris Jay and King, Jennifer, "Research Report: What Californians Understand About Privacy Offline" (May 15, 2008). Free full-text article available at SSRN: http://ssrn.com/abstract=1133075

Abstract:

Many online privacy problems are rooted in the offline world, where businesses are free to sell consumers' personal information unless they voluntarily agree not to or where a specific law prohibits the practice. In order to gauge Californians' understanding of business practices with respect to the selling of customer data, we asked a representative sample of Californians about the default rules for protecting personal information in nine contexts. In six of those contexts (pizza delivery, donations to charities, product warranties, product rebates, phone numbers collected at the register, and catalog sales), a majority either didn't know or falsely believed that opt-in rules protected their personal information from being sold to others. In one context�grocery store club cards�a majority did not know or thought information could be sold when California law prohibited the sale. Only in two contexts�newspaper and magazine subscriptions and sweepstakes competitions�did our sample of Californians understand that personal information collected by a company could be sold to others.

Respondents who shopped online were less likely to say that they didn't know the answer to the nine questions asked than those who never shopped online. In about half of the cases, those who shopped online answered correctly more often than those who do not shop online.

Professor Alan Westin has pioneered a popular "segmentation" to describe Americans as fitting into one of three subgroups concerning privacy: privacy "fundamentalists" (high concern for privacy), "pragmatists" (mid-level concern), and the "unconcerned" (low or no privacy concern). When compared with these segments, Californians are more likely to be privacy pragmatists or fundamentalists, and less likely to be unconcerned about privacy. Fundamentalists were much more likely to be correct in their views of privacy rules. In light of this finding, we question Westin's conclusion that privacy pragmatists are well served by self-regulatory and opt-out approaches, as we found this subgroup of consumers is likely to misunderstand default rules in the marketplace.

Reddit It | Digg This | Add to del.icio.us

EU says Google map images could be a problem

Thu, 15 May 2008 06:21:50 -0400

The ability of Google Inc's map service to put detailed street-level images on the Internet could raise concerns in Europe if it was introduced there, the EU's data protection agency said on Thursday.

Google's Street View offers ground-level, 360-degree views of streets in 30 U.S. cities. It has become popular among drivers but courted controversy over potential privacy invasion.

Source - Reuters

Reddit It | Digg This | Add to del.icio.us

UK: Grant and Hurley win privacy payout

Thu, 15 May 2008 06:15:09 -0400

Hugh Grant, Elizabeth Hurley and her husband Arun Nayar have accepted �58,000 in damages in a legal case over photos taken while they were on holiday.

The trio accepted the damages payment for an invasion of privacy over the pictures, which were taken when they were staying at a private resort in the Maldives.

Pictures agencies Big Pictures and Eliot SARL will pay the compensation, with "contributions" from Associated Newspapers, publisher of the Daily Mail and Mail on Sunday, and News Group Newspapers, which publishes the Sun and News of the World.

Source - Guardian

Reddit It | Digg This | Add to del.icio.us

Theft Of Laptop Imperils School Employees' Data

Thu, 15 May 2008 06:05:41 -0400

A BB&T Insurance laptop containing the personnel information of some Harrisonburg City Schools employees was stolen May 1, according to company officials.

The information came from employees enrolled in the system's dental plan, although the company does not know how many employees' information is on the computer.

The laptop, used by an outside sales representative to develop an insurance proposal for the school system, was stolen from a car in Ohio.

"It's a portion of the employees," said A.C. McGraw, BB&T's media relations manager, who added that several security methods are used for the laptops, including passwords. "The information contained names, dates of birth, Social Security numbers, and, in some cases, medical history."

Source - DNRonline.com

Reddit It | Digg This | Add to del.icio.us

Data Breaches Mean More Than Bad Publicity

Thu, 15 May 2008 06:02:40 -0400

Over the last several years, corporate data breaches have been regularly splashed across the front pages of the nation's newspapers, causing nightmares for corporate executives. Ever-increasing digitization in areas such as business, banking and accounting has led multinationals to collect and retain inestimable quantities of personal information about employees, customers and counterparties.

.... Data-breach litigation typically alleges causes of action grounded in tort and contract: negligence, breaches of fiduciary duty, breaches of real and implied contracts, invasion of privacy and emotional distress. Some causes of action are grounded in state law, such as consumer protection acts, unfair trade practices acts and state data breach notification laws. Plaintiffs in these lawsuits seek damages arising from the fear of potential identity theft, including fraudulent charges to their accounts, credit monitoring costs, identity theft insurance costs, credit report costs, emotional distress from fear of fraud, damage to credit history and loss of privacy. Courts have been hesitant to permit suits for such speculative damages, thus dismissing suits where plaintiffs had not yet been victims of any identity fraud.

... While it is too soon to accurately predict the litigation landscape, the trend seems to be grounding more lawsuits in state law statutes, and for common law allegations, alleging more specific and provable damages. The better plaintiffs get on the damages front, the farther along the cases will be able to move. This could mean the potential for more costly discovery before a suit is resolved or settled. While the hurdles for plaintiffs remain high, these lawsuits have become a fact of life in today's litigious society. Corporations suffering data breaches thus must now routinely face an onslaught of civil litigation in addition to the negative publicity and regulatory scrutiny coming from data breaches and their announcements. Given the increasing digitization of the economy and society, companies should brace for these lawsuits when the almost inevitable data breach occurs.

Source - Law.com

Reddit It | Digg This | Add to del.icio.us

IRS: Some stimulus checks sent to wrong accounts

Wed, 14 May 2008 18:42:06 -0400

Through the wonders of modern technology, some of those federal economic stimulus checks are being deposited directly into recipients' bank accounts.

But some are not -- and are instead winding up in the bank accounts of complete strangers.

"We do know of instances of problems; we've heard of situations where stimulus checks have gone to the wrong people's bank accounts," conceded Kevin McKeon, the Internal Revenue Service spokesman for the New York region. "We're getting a lot of calls to the toll-free number."

One local taxpayer, who asked not to be identified, reported that he had discovered an unexpected deposit of $1,800 in his bank account. He said a review of his bank records revealed that it was a deposit from the IRS bearing another taxpayer's Social Security number. He said he contacted the IRS and was told by an IRS agent that the deposit was one of 15,000 misrouted checks sent out incorrectly as a result of a computer programming glitch.

Source - Newsday

Reddit It | Digg This | Add to del.icio.us

UK: Student son's right to privacy

Wed, 14 May 2008 18:41:12 -0400

A university lecturer who wrote to an undergraduate�s mother to outline details of the student�s studies has been reprimanded for breaching data protection rules.

Geraint Johnes, head of the economics department at Lancaster University, was told that he had made �illicit disclosures� when responding to a complaint from Jackie Gardner that her son, Christian, was getting too little tuition and too much alcohol.

Source - Times Online

Reddit It | Digg This | Add to del.icio.us

OSU admits computer security breach

Wed, 14 May 2008 18:37:42 -0400

A breach in an Oklahoma State University computer server exposed names, addresses and Social Security numbers of about 70,000 students, staff and faculty who bought parking and transit services permits in the past six years.

OSU announced the breach and began notifying permit holders today, even though it was discovered in March. The server was shut down at that time and Social Security numbers removed from the site.

After a two-month investigation, OSU officials say they think an intruder's purpose was to use the server for storage and bandwidth capacity to distribute illegal content but they can't rule out that student information was accessed.

Source - NewsOK.com

Related - KOCO.com

Reddit It | Digg This | Add to del.icio.us

Banks agree to TJX breach settlement with Mastercard

Wed, 14 May 2008 18:36:46 -0400

TJX Cos. has won support from Mastercard-issuing banks for a settlement that will pay them as much as $24 million to cover costs from a massive data breach.

The discount retailer said Wednesday it has won support from financial institutions representing more than 99 percent of MasterCard accounts affected in the breach worldwide. The settlement announced April 2 required at least 90 percent support to take effect.

A similar agreement reached in November with Visa-card issuing banks also was overwhelmingly approved.

Source - interactive investor

Reddit It | Digg This | Add to del.icio.us

TJX Earnings Suggest that Data Security Doesn�t Worry Consumers

Wed, 14 May 2008 13:30:55 -0400

Ben Worthen is singing my tune -- Dissent

TJX today reported increased sales for its fiscal 2009 first quarter, a sign that the public just doesn�t care about data breaches.

... For those of us who care about tech security � admittedly a smaller group than those who care about cheap clothes � the results are disheartening. And they raise two questions: 1) Why don�t customers avoid businesses that mishandle their personal data? 2) Why should businesses care about protecting customer information if the public doesn�t care?

Source - WSJ Blog

Reddit It | Digg This | Add to del.icio.us

Photobucket Requests Password Change After Security Issue

Wed, 14 May 2008 13:28:45 -0400

An unknown security issue on Photobucket earlier this month has prompted the photo Web site to request that all its users change their passwords.

"Photobucket has identified and immediately resolved an isolated security incident," according to a spokesman. "There was no impact to any financial information related to Photobucket Pro subscribers, and we have no reason to believe that any photos or video from private Photobucket accounts have been accessed."

Source - AppScout

Reddit It | Digg This | Add to del.icio.us

Identity fraud hits net telephony

Wed, 14 May 2008 12:01:20 -0400

A new type of identity fraud, which sees hackers tapping into voice-over IP telephony accounts, has been highlighted by a VoIP equipment maker.

Usernames and passwords from voice-over IP (VoIP) phone accounts are selling online for more than stolen credit cards, Newport Networks has found.

The information allows someone to use the telephone service for free.

Net telephony fraud is still in its infancy, with eavesdropping on calls being the most common security flaw.

Source - BBC

Reddit It | Digg This | Add to del.icio.us

OH: NBC 4 Investigates Stolen State-Owned Computers

Wed, 14 May 2008 11:41:46 -0400

.... Four months before the now-infamous state intern vehicle break-in, Target 4 questioned what the state was doing to protect state-owned equipment and data.

At the time, the Ohio Department of Job and Family Services led state agencies in computer-related thefts.

In the course of three years, the agency had lost a total of nine laptops, three desktops, a tablet PC and a hard drive � one device contained Medicaid information on 20 people.

... Fifteen months later, NBC 4 came back to find ODJFS has lost five more laptops, a desktop and a flash drive. Two thefts took place inside employees' cars. One laptop was stolen in a home burglary.

But ODJFS isn't alone in losing electronics. In 2007, nine laptops were stolen from the Ohio Department of Transportation.

"There was one incident in which a number of laptops were stolen. So really maybe three thefts, but in one of those cases, six laptops were stolen at one time," said ODOT Deputy Director Scott Varner.

Surprisingly, ODOT's nine laptop thefts pale in comparison to the loss leader among state agencies, the Ohio Department of Health, where 26 laptops disappeared last year. The total value was nearly $40,000.

.... We searched through Ohio State Highway Patrol records and counted more than 80 computers and hard drives stolen from the state in 2007. More than we found in 2004, 2005 and 2006 combined.

So how many agencies have done something to recover the stolen computers? Only one -- the Department of Health -- which began electronically tracking more than 2,200 ODH laptops and desktops last summer.

Source - NBC4i.com

Reddit It | Digg This | Add to del.icio.us

13 more involved in file breach

Wed, 14 May 2008 06:24:10 -0400

The UCLA Medical Center has been in the spotlight lately for its recent issues with patient privacy, and a fourth report on the issue recently revealed new information.

The California Department of Health Services report revealed that 13 additional people, ranging from physicians to a volunteer, have been identified as accessing Britney Spears� health records without proper authorization.

Source - Daily Bruin

Reddit It | Digg This | Add to del.icio.us

Radio tags raise concern about personal ID theft

Wed, 14 May 2008 06:20:40 -0400

Don't take a hammer to your new U.S. passport. And don't drill a hole in that credit card or zap it in the microwave.

Experts say these measures - recommended on some Web sites as ways to safeguard privacy and security - aren't necessary for people concerned about the growing prevalence of radio frequency identification tags.

Source - Mercury News

Reddit It | Digg This | Add to del.icio.us

NE: Metro Mail-Theft Ring

Wed, 14 May 2008 06:15:31 -0400

For the second time in a week, authorities in Nebraska say they've caught crooks, who steal identities and cash. The latest bust was in Saunders County, but the victims are from all over the metro.

"This is some of the equipment they used for manufacturing the fake IDs," Sheriff Kevin Stukenholtz points out. What looked like another couple of criminals creating false identities, turned out to be a bust into a massive ID theft ring. "We found bags that literally include thousands of pieces of correspondence that belonged to individuals other than the people that were in the car."

Thousands of stolen bank statements, checks, and credit card payments were found in the suspect's car. All documents that were ripped off from mailboxes across the metro.

Source - Action3 News

Reddit It | Digg This | Add to del.icio.us

One in four data breaches involves schools

Wed, 14 May 2008 06:11:40 -0400

Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches.

... "The education sector accounts for the majority of data leakages with 24 percent of all breaches, followed closely by the government," revealed Foster. "And unfortunately, theft and loss are still the [top] reasons that data leakages occur."

Source - eSchool News

Reddit It | Digg This | Add to del.icio.us

Ca: Customer data on stolen laptop

Wed, 14 May 2008 05:59:53 -0400

The theft of a laptop computer containing hundreds of clients' confidential information from a Calgary bank employee's vehicle has raised concerns for Alberta's privacy commissioner.

In a letter sent yesterday to its customers, First Calgary Savings said a vehicle parked in a secured underground parkade was vandalized and the bank employee's laptop and cellphone stolen last month.

... Soon after the theft occurred, police were notified and potentially vulnerable accounts numbering "in the hundreds, not thousands" had been red-flagged to prevent abuse and there's been no unusual activity detected, said First Calgary privacy officer Rod Banman.

And while he said the data was protected by a password, it doesn't appear to have been encrypted and could be vulnerable to a determined computer hacker.

Source - Calgary Sun

Reddit It | Digg This | Add to del.icio.us

Real ID deadline comes and goes with zero states on board

Wed, 14 May 2008 05:59:00 -0400

The original May 11 deadline for Real ID compliance has come and gone, but not a single state has implemented the program, which calls for uniform standards for state-issued ID cards and a system that would provide the federal government with broad access to state identification records.

The Real ID Act, which was squeezed into a 2005 military spending bill and passed with virtually no discussion or debate in Congress, has met with heavy resistance from civil liberties advocates and state governments. The implementation costs have far exceeded the original meager estimates and the federal government is providing virtually no cash to support the initiative. A growing number of states are determined to defy Congress and have passed bills rejecting Real ID implementation.

Source - Ars Technica

Reddit It | Digg This | Add to del.icio.us

Dominican has security breach (follow-up)

Wed, 14 May 2008 05:56:11 -0400

Dominican University was working to minimize any possible damage created by a computer security breach affecting an estimated 5,000 current and former students even before word got out that two students had broken into the secure files, school spokesman Jeff Kraft said last week.

The incident occurred April 18 and those whose files may have been compromised were immediately informed in letters advising them that at this time, Dominican has no reason to suspect the data had been misused or that outside "hackers" were involved, Kraft said.

...Kraft said both students were sophomore computer science majors in a work/study program who used their password to access files from 2003, 2005 and 2007.

"The students went through a full university judicial process, were suspended temporarily and have been barred from future campus employment, among other sanctions," but have not been expelled, Kraft said. The students are expected to return to classes next fall "under a lot of supervision, as you'd expect," he said.

.... Kraft added that the school has conferred with both local police and the Cook County State's Attorney's office and would consider pressing charges against the students "if we ever do get information any of that data was shared."

Source - ForestLeaves

Reddit It | Digg This | Add to del.icio.us

Five IRS Employees Charged With Snooping on Tax Returns

Tue, 13 May 2008 20:19:08 -0400

Five workers at the Internal Revenue Service's Fresno, California, return processing center were charged Monday with computer fraud and unauthorized access to tax return information for allegedly peeking into taxpayers' files for their own purposes.

"The IRS has a method for looking for unauthorized access, and it keeps audit trails, and occasionally it will pump out information about who's done what," says assistant U.S. attorney Mark McKoen, who's prosecuting the cases in federal court in Fresno.

... The five charged this week are Corina Yepez, Melissa Moisa, Brenda Jurado, Irene Fierro and David Baker. Only 13 taxpayers were compromised -- each worker allegedly peeked at one to four tax returns, in incidents from 2005 through last year.

Source - Wired

Reddit It | Digg This | Add to del.icio.us

Privacy advocates seek to protect prescription information

Tue, 13 May 2008 18:38:26 -0400

The Coalition for Patient Privacy and 25 of its member organizations are asking Congress not to pass an e-prescribing mandate unless it includes provisions for protecting the privacy of prescription information.

In a letter to lawmakers, the coalition said the sale of prescription information for data-mining purposes has been a reality for more than a decade. �Mandating e-prescribing without privacy provisions endorses and encourages the current practices,� the letter states. �It sets Americans up for even greater violations of their private health records in the future.�

Source - Government Health IT

Reddit It | Digg This | Add to del.icio.us

SC: House panel to consider requiring DNA samples after arrests

Tue, 13 May 2008 16:58:40 -0400

Anyone charged with a felony punishable by at least five years in prison would be required to provide DNA samples to the state under a bill sent to the House floor.

The House Judiciary Committee approved the bill on a voice vote Tuesday.

The state already takes DNA samples from people convicted of felonies. But under the measure, DNA samples would be taken from people upon their arrest.

Source - WIS10

Reddit It | Digg This | Add to del.icio.us

MN: Senate passes bill rejecting federal ID program

Tue, 13 May 2008 16:57:10 -0400

A bill barring Minnesota's commissioner of public safety from taking any steps to implement the federal Real ID Act cleared the state Senate today on a 50-16 vote.

The bill, which Gov. Tim Pawlenty opposes, now goes to the House. Earlier this session, Pawlenty vetoed a major transportation policy bill because it contained a provision preventing the state from complying with the act.

Source - TwinCities.com

Reddit It | Digg This | Add to del.icio.us

Statement from Dave & Buster's (follow-up)

Tue, 13 May 2008 13:21:50 -0400

Dave & Buster's has learned that theUnited States Department of Justice has charged and will prosecute theindividuals responsible for the theft of credit and debit card numbers from11 of our locations. These thefts occurred on an intermittent basis fromMay through August of 2007. Although the stolen data was never retained orstored by Dave & Buster's, the data was illegally accessed from the Dave &Buster's computer systems during the card verification and transmissionprocess. No personal information such as names, addresses, phone numbers,bank account numbers, pin numbers, or social security numbers was stolen.The data that was captured consists of "track 2" data that includes thecredit or debit card number and expiration date, but no other identifyingdata.

Dave & Buster's was alerted to the potential data intrusion in lateAugust 2007, and immediately contacted the United States Secret Service.Dave & Buster's worked closely with both the Secret Service and Departmentof Justice and assisted them in their investigation. In addition, Dave &Buster's immediately retained outside security experts who identified thesource of the data compromise. As a result the Company has implementedadditional security measures to prevent any such incident from occurring inthe future. The stores that were compromised were: Westminster, CO;Islandia and West Nyack, NY; Utica, MI; Downtown Chicago, IL; Columbus, OH;Jacksonville, FL; Frisco, Dallas (2) and Austin, TX.

Source - PR Newswire

Reddit It | Digg This | Add to del.icio.us

NY: Upstate jail inmate charged with identity theft scam

Tue, 13 May 2008 13:10:46 -0400

... Cayuga County authorities are charging 24-year-old Eddie Camacho with conspiracy, criminal impersonation and unlawful possession of personal identification information.

.Camacho is accused of telephoning people from the jail and impersonating members of the district attorney�s office to obtain personal information, including Social Security numbers. Deputies say Camacho used the information to obtain credit and services in the names of six victims.

Source - pressconnects.com

Reddit It | Digg This | Add to del.icio.us

GPS tracking of truants: privacy vs. practicality

Tue, 13 May 2008 13:09:04 -0400

A story from The New York Times has focused attention on the role that remote monitoring equipment can play in keeping track of school children with a history of cutting classes. Overall, the story has a feel-good vibe, describing how the monitoring helped bring some discipline to students that were otherwise interested in graduating and helped identify a few students that needed more significant interventions. But it also raises questions about various privacy issues that are worth exploring in more detail.

Source - Ars Technica

Reddit It | Digg This | Add to del.icio.us

Perdue signs consumer protection legislation

Tue, 13 May 2008 13:08:10 -0400

Today at a bill signing event at Georgia Bureau of Investigation (GBI) headquarters, Gov. Sonny Perdue signed three pieces of legislation to protect Georgia�s consumers and prosecute identity thieves: House Bill 130, Senate Bill 388 and Senate Bill 24.

Source - The Daily Citizen

Reddit It | Digg This | Add to del.icio.us

Charter To Begin Tracking Users' Searches And Inserting Targeted Ads

Tue, 13 May 2008 13:04:51 -0400

Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser.

Source - The Consumerist

Reddit It | Digg This | Add to del.icio.us

Bob Barr, a former GOP congressman, is running for president as a Libertarian

Tue, 13 May 2008 06:39:44 -0400

Bob Barr, a onetime Republican congressman from Georgia, on Monday announced his plan to run for president as a Libertarian, promising to rein in federal spending and limit military involvement abroad.... Barr, who left the Republican Party two years ago, is expected to win the Libertarian Party's nomination during its convention this month in Denver.

Source - Los Angeles Time

Related - National Review: Interview

Reddit It | Digg This | Add to del.icio.us