Feb 282018
 February 28, 2018  Posted by  Breaches, Healthcare, Non-U.S.

Cameron Abbott, Keely O’Dowd, and Giles Whittaker of K&L Gates write:

As discussed in a recent blog post on CyberWatch Australia, researchers from the University of Melbourne successfully re-identified the medical data of Australian patients that formed part of a de-identified open dataset. This raises a myriad of questions about privacy, the need for access to big data, and how organisations can protect the information with which they are entrusted.


In August 2016, the Federal Department of Health published online the de-identified longitudinal medical billing records of 10% of Australians, about 2.9 million people. For each selected patient, all publicly-reimbursed medical and pharmaceutical bills for the years 1984 to 2014 were included.

Read more on National Law Review.

Feb 282018
 February 28, 2018  Posted by  Non-U.S., Youth & Schools

Stephen Wynn-Davies reports:

A mother of three said she was prepared to take the Government to court over its decision to include ‘highly sensitive’ data on the National Pupil Database.

Jen Persson, from Pulborough, was ‘shocked’ when – last September – the Department for Education passed a law to collect more data on children who had been placed outside state-funded education for reasons including pregnancy, disability or mental health.

Read more at on West Sussex Country Times.

Forgive my skepticism, but phrases like “strictly vetted” fail to reassure me that data are really being protected adequately.

Feb 282018
 February 28, 2018  Posted by  Govt

From EPIC.org:

In a statement to Congress in advance of a hearing on the Department of Defense’s cyber operations, EPIC urged lawmakers to consider the privacy impact of cyber policies. The Cybersecurity Information Sharing Act of 2015 allowed the federal government to obtain cyber threat information from the private sector—much of which concerns the activities of individual Internet users—without privacy safeguards. EPIC urged Congress to ask Michael Rogers, the Commander of U.S. Cyber Command, about the steps the Defense Department will take to reduce privacy risks. EPIC previously sued the federal government for information regarding a Department of Homeland Security program that allowed the NSA to monitor the Internet traffic of defense contractors.

Feb 282018
 February 28, 2018  Posted by  Business, Govt, U.S.

Following a public comment period, the Federal Trade Commission has approved a petition by Sears Holding Management requesting that the FTC reopen and modify a 2009 FTC order settling charges that Sears failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software app.

According to the administrative complaint leading to the 2009 order,  Sears offered $10 to consumers to install a market research software application on their personal computers. The complaint alleges that Sears deceptively failed to disclose the full extent of the software’s data collection. The settlement order, among other things, requires Sears to provide clear and prominent notice to consumers of the full collection practices of any “Tracking Application,” as defined in the order, and obtain consumers’ express consent to that data collection before they download or install the software.

In its petition Sears requested that, as a result of changing circumstances and in the public interest, the FTC reopen and modify the order to update its definition of “Tracking Application,” which the company said unnecessarily restricts its ability to compete in the mobile app marketplace. A modification would enable the company to “keep step with current market practices” related to retail online tracking applications, Sears stated.

The Commission has determined that changed conditions of fact require that the order be reopened, and has modified the Order as proposed by Sears. While mobile applications are still covered under the modified Order, the Commission added exceptions to the definition of “Tracking Application” that exclude software that tracks only the configuration of the software program or application itself; information regarding whether the software program or application is functioning as represented; or information regarding consumers’ use of the program or application itself.

The Commission vote approving Sears’s petition, and responses to members of the public who submitted comments, was 2-0. (The staff contact is Jarad Brown, Bureau of Consumer Protection, 202-326-2927)

Related Case