Apparently, no one at Google (or any of the others who gather Behavioral data) bother to consider the implications of gathering information that identifies their users.
http://www.pogowasright.org/?p=21145
Consumer Watchdog Asks House Privacy Caucus Chairmen to Seek Hearing After Google Gathers Children’s Social Security Data
February 24, 2011 by Dissent
Consumer Watchdog today asked Rep. Ed Markey, D-MA, and Rep. Joe Barton, R-TX, to seek hearings examining why Google gathered children’s social security numbers in entry forms for its “Doodle 4 Google” contest. The hearing should also investigate the Wi-Spy scandal.
In a letter to the Congressmen, who are co-chairmen of the Bipartisan House Privacy Caucus, the nonpartisan, nonprofit public interest group said, “The Doodle 4 Google incident is not a one-time event, but part of a consistent pattern of disregarding privacy rights.”
Read Consumer Watchdog’s letter here http://www.consumerwatchdog.org/resources/ltrmarkeybarton022411.pdf
Read the rest of their press release on PRNewswire.
“Sure we have policies, but that doesn't stop us from doing whatever we want.” (Or are the merely the tool of the government agencies that monitor cash transfers through PayPal?)
PayPal Freezes Support Account For Bradley Manning
"The online payment provider PayPal has frozen the account of Courage to Resist, which in collaboration with the Bradley Manning Support Network is currently raising funds in support of US Army Pfc. Bradley Manning. 'We've been in discussions with PayPal for weeks, and by their own admission there's no legal obligation for them to close down our account,' noted Loraine Reitman of the Bradley Manning Support Network (Support Network). 'This was an internal policy decision by PayPal. ... They said they would not unrestrict our account unless we authorized PayPal to withdraw funds from our organization's checking account by default. While there may be no legal obligation to provide services, there is an ethical obligation. By shutting out legitimate nonprofit activity, PayPal shows itself to be morally bankrupt.'"
The debate continues...
http://www.pogowasright.org/?p=21152
Md. AG: Requiring employees’ personal passwords is legal
February 24, 2011 by Dissent
Neal Augenstein reports:
Maryland Attorney General Douglas Gansler says requiring a prospective state employee to turn over his social networking user names and passwords as a condition of employment could be appropriate and legal, WTOP has learned.
A day after Maryland’s Department of Public Safety and Corrections suspended the practice, which it used to root out potential employees’ possible gang affiliations, Gansler says the major problem is there hasn’t been a written policy in place for corrections officials.
Gansler, whose office defends the corrections department in court, says it “it would be patently unfair” to say to a current employee, who had passed all background checks, “Now you’re going to have to waive all your privacy rights on the Internet in terms of your social networking.”
“It’s a completely different issue to prospectively do it, and say ‘You can be a correctional officer at this facility, but one of the things you should know up front is that you’ll have to give up your passwords to your social networking websites.’”
Read more on WTOP.
So what happens after the applicant gets the job? Is AG Gansler saying that the state can require employees to continue to make access to their accounts available to check to ensure that they haven’t subsequently become gang members or are consorting with gang members? Or is he saying that it might only be appropriate at the original application stage?
I don’t think this should be legal, but I’m not surprised to read his statement that it would be if handled differently. The state would make the case that the security issues are so compelling that the request is “reasonable,” and the way SCOTUS is going, they’d defer to that.
This is the first “fine” I can remember based on loss of paper documents. Also, there is no indication that Mass. General knew about the loss until they were sued.
http://www.databreaches.net/?p=16915
Mass. General to pay $1M to settle privacy claims
February 24, 2011 by admin
Massachusetts General Hospital and its physicians organization have agreed to pay the federal government $1,000,000 to settle claims related to a worker leaving personal health documents on the subway.
The hospital also agreed to develop a comprehensive new privacy policy to prevent patient information from being compromised in the future, and to provide training to workers. The hospital must remit semi-annual compliance reports to the U.S. Dept. of Health and Human Services for the next three years.
“To avoid enforcement penalties, covered entities must ensure they are always in compliance with the HIPAA Privacy and Security Rules,” HHS Office of Civil Rights Director Georgina Verdugo said in a statement. “A robust compliance program includes employee training, vigilant implementation of policies and procedures, regular internal audits, and a prompt action plan to respond to incidents.”
The settlement stems from a 2009 complaint from a patient whose personal health information was lost. The federal government subsequently opened an investigation and found that records from 192 patients of Mass General’s Infectious Disease Associates outpatient practice, including patients with HIV/AIDS, were lost. It was determined that a Mass General employee had left the records on the MBTA while commuting to work on March 9, 2009.
Read more on Boston Business Journal.
Resolution Agreement (HHS site)
Note: this breach was previously covered on PHIprivacy.net when two of the patients sued the hospital and when one of the patients found his details posted on Rip-Off Report.
Could the same argument be made about “Cloud Computing” – the records are not under control? “Second class citizens have responsibilities. Those of us who rule have none.”
http://www.phiprivacy.net/?p=6041
Sensitive Patient Records from Abortion Doc Were Stored in AG Employee’s Home, Ethics Panel Is Told
By Dissent, February 24, 2011
Martha Neil reports:
Under fire for allegedly mishandling sensitive patient records from an abortion doctor in addition to other claimed violations of attorney ethics rules, a former attorney general of Kansas and district attorney has contended the disciplinary case against him is politically motivated.
But the No. 2 man in the AG’s office under Phill Kline testified today that he was “surprised,” “perplexed” and “upset” when he learned that the patient records were neither in the AG’s office nor in Kline’s new office, where he was then serving as Johnson County District Attorney, for approximately one month in early 2007, the Topeka Capital-Journal reported.
Read more on ABA Journal.
The future of Privacy Law?
http://www.pogowasright.org/?p=21139
Private actions challenging online data collection practices are increasing: Assessing the legal landscape
February 24, 2011 by Dissent
The article by Eric C. Bosset, Simon J. Frankel, Mali B. Friedman, Stephen P. Satterfield, “Private actions challenging online data collection practices are increasing: Assessing the legal landscape,” in the February 2011 volume of Intellectual Property & Technology Law Journal is available online. Here’s a snippet from the introduction:
… The outcome of these suits may well depend on how far courts will extend the prohibitions in federal statutes such as the Electronic Communications Privacy Act (ECPA) and the Computer Fraud and Abuse Act (CFAA). These statutes were drafted long before today’s online environment could be envisioned, so their application to the technologies at issue in these suits poses interpretive difficulties for courts. As one federal court has observed, there is no “legislative or judicial history [for these statutes] to suggest that Congress intended to prohibit” Internet tracking activities. “To the contrary,” that court noted, “the histories of these statutes reveal specific Congressional goals—punishing destructive hacking, preventing wiretapping for criminal or tortious purposes, securing the operations of electronic communication service providers—that are carefully embodied in these criminal statutes and their corresponding civil rights of action.”
The outcome of these lawsuits also may turn on whether traditional sources of commercial liability under state law, such as unfair competition and unjust enrichment, will be applied to electronic communications and digitally stored information.
An overview of the primary legal claims and defenses being asserted in these cases follows.
You can read the full article on Covington & Burling’s web site.
For my Computer Security students.
http://www.makeuseof.com/tag/download-hackerproof-guide-pc-security/
HackerProof: Your Guide To PC Security [PDF Guide]
I like Infographics...
10 Most Insightful Infographics About Internet
For my Geeky friends and students. Remember, Steve Jobs stole got a lot of ideas from Xerox Parc...
Xerox Opens Virtual Research Lab
"It's nothing like the glory days of Xerox PARC, but still there are some interesting projects in Xerox's new Open Xerox website. Copyfinder, for example, takes an electronic document and returns the URLs pointing to it, to different versions of the document, and to related documents. Trailmeme is a new publishing tool that allows readers to navigate stories in both Web-like and book-like ways. And the Arabic Morphological Analyzer accepts modern standard Arabic words and returns morphological analysis and English notation. As of Thursday, 15 research projects were posted at Open Xerox, and the company has another 70 projects in the pipeline, said Victor Ciriza, lab manager at the Xerox Research Centre Europe."
No comments:
Post a Comment