Drones and academe

July 31, 2014

It would seem that the FAA is on a collision course with academia over the use of drones, specifically journalistic drones.  The Chronicle of Higher Education in  Feds’ Drone Regs Draw Profs’ Fire reports on 30 professors doing what they do best, write stiff letters of protest, against the FAA’s decision to ground the use of drones for Read the rest of this entry »

Student Privacy Bill introduced

Privacy protection in the USA is fragmented and sectoral.  There is no one overarching data protection/privacy regulation Act.  Where there is protection it tends to be quite strong, such as in the health and finance sector.  Its just that there are many gaps.  Including for students.  That may be changing soon.

Senators Senators Markey and Hatch have introduced a new student privacy bill, the Protecting Student Privacy Act.  The press release provides:

Focuses on need to protect students, provide tools to parents when information is shared with third parties

Washington (July 30, 2014) – Senators Edward J. Markey (D-Mass.) and Orrin Hatch (R-Utah) today introduced the “Protecting Student Privacy Act”, legislation that would help safeguard the educational records of students. The PreK-12 educational software and digital content market currently is worth $7.9 billion, with nearly all school districts relying on cloud services for a diverse range of functions that include data collection and analysis related to student performance and data hosting. However, one survey found only 25 percent of districts inform parents of their use of cloud services and 20 percent of districts fail to have policies governing the use of online services. Recent changes to the Family Educational Rights and Privacy Act (FERPA) have allowed for this increased sharing and use of student data in the private sector. The new legislation from Senators Markey and Hatch takes steps to ensure that students are better protected in an interconnected world. The legislation is co-sponsored by Senators Mark Kirk (R-Ill.) and John Walsh (D-Mont.).

“With the business of storing and sifting through records of students growing as fast as students are, Congress must act to ensure that safeguards are in place for data that is shared with outside companies,” said Senator Markey, a member of the Commerce, Science and Transportation Committee. “This legislation ensures the parents, not private companies, control personal information about their children and that it won’t be sold as a product on the open market. I thank Senator Hatch for his bipartisanship and attention to this issue, and I look forward working with all of my colleagues to pass this important legislation.”  Read the rest of this entry »

UK Information Commissioner publishes review of impact of Civil Monetary Penalties

The UK Information Commissioner has published a review of the impact of the Civil Monetary Penalties.

Under the Data Protection Act 1984 the ICO can issue Civil Monetary Penalties (CMPs) to the maximum of £500,000 for serious breaches of the Data Protection Act (the DPA) and serious breaches of the Privacy and Electronic Communications Regulations (PECR). The criteria for serving a CMP  under section 55  A(1) of the DPA are:

  1.  there has been a serious contravention of a data protection principle and
  2.  “the contravention was of a kind likely to cause substantial damage or substantial distress” and
  3.  the data controller:

(a) knew or ought to have known—

(i)                  that there was a risk that the contravention would occur ,and

(ii)                 that such a contravention would be of a kind likely to cause substantial damage or substantial distress, but

 (b) failed to take reasonable steps to prevent the contravention”.

The listed key findings are:

  • The research findings indicate that  CMPs are effective at improving data protection compliance.This was particularly clear for organisations that had been issued with a CMP; the research showed a clear impact on how those organisations managed their data protection responsibilities:
    • Organisations took their data protection obligations seriously, with revised practices and policies, and increased staff training.
    • Data protection was given a higher profile, with greater senior management buy-in.
    • Staff awareness was raised through targeted campaigns,with their importance of handling data properly made more prominent.

Read the rest of this entry »

Max Mosley sues Google

July 30, 2014

Max Mosley has commenced action in the High Court of Justice, Queens Bench Division in Mosley v. Google Inc & Anr, HQ14X02964.  The relief he is apparently seeking is to compel Google to stop gathering and publishing the images on the basis that Google breached rules on the use of private information, a claim in equity, and data protection, presumably grounded in statute. This has the potential to expand the operation of misuse of private information claims in the UK.  Mosley has been successful in his action against Google in France (see here also) however privacy protection in civil code jurisdictions, in particular France, is greater and the principles to be applied are not analogous.

The coverage is quite significant, not surprising given Mosley’s history of privacy litigation and the nature of the images he wants to remove.  It is covered by Bloomberg here, the Guardian here and Bayou Buzz (for that Louisiana focus) here.

The Sydney Morning Herald covered the story in  Ex-formula one boss Max Mosley sues Google over sex party images which provides:

London: Max Mosley, the former formula one chief, is suing Google for continuing to publish images of him at a sex party.

Mr Mosley, whose father Sir Oswald Mosley was the wartime British fascist leader, won £60,000 damages from the now-defunct Murdoch-owned News of the World tabloid in 2008 after an earlier High Court action. Read the rest of this entry »

Canvas fingerprinting and privacy

Pro publica has run a number of very important stories on internet privacy, in particular regarding on line tracking such as Why Online Tracking Is Getting Creepier, and It’s Complicated: Facebook’s History of Tracking You and Privacy Tools: How to Block Online Tracking.

Pro publica’s story Meet the Online Tracking Device That is Virtually Impossible to Block has caused something of a stir given the concerns about tracking tools.  As the article notes it has prompted at least one site to remove the program.

It provides:

Update: After this article was published, YouPorn contacted us to say it had removed AddThis technology from its website, saying that the website was “completely unaware that AddThis contained a tracking software that had the potential to jeopardize the privacy of our users.” A spokeswoman for the German digital marketer Ligatus also said that is no longer running its test of canvas fingerprinting, and that it has no plans to use it in the future.

…….

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

First documented in a forthcoming paper by researchers at Princeton University and KU Leuven University in Belgium, this type of tracking, called canvas fingerprinting, works by instructing the visitor’s Web browser to draw a hidden image. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it. Read the rest of this entry »

Future tense program on the ABC – 1984 and our modern surveillance society

The ABC program Future Tense had a program titled 1984 and our modern surveillance society, which deals with privacy issues and surveillance.  It can be heard here – excerpt-how-far-from-1984

As an overview it is quite effective.

It provides:

Mass surveillance is now a part of our social, economic and political lives—governments and companies snoop on us like never before. But are we really heading toward an Orwellian future? Antony Funnell investigates.

 When George Orwell finished work on 1984 he was already a man without a future. Fading rapidly from tuberculosis, his most celebrated novel was to be his last.

He died shortly after its publication.

Yet more than half a century later, his dystopian vision of the future is alive and in rude good health. Read the rest of this entry »

Facebook has damascene moment on privacy

July 29, 2014

“Facebook” and “privacy” are not too often found in the same sentence without a “trashes” or an “ignores” or the catch all “not”.  The Federal Trade Commission has entered into (the polite way for saying forced) an enforceable undertakings with Facebook.

Things may be changing at Fortress Facebook however.

In Facebook’s Privacy Pivot Slate reports on a possible change in attitude as well as practical action with developments which point to a more proactive and real privacy framework.  Of course the proof is always in the, private, pudding.  For most privacy practitioners Facebook will be on double secret probation for the long term. The concern is Read the rest of this entry »

Privacy Commissioner publishes statistics for April – June 2014

The Office of the Australian Information Commissioner has published its most recent statistics relating to the last quarter.  They are found here.  The media release is found here.

Regarding privacy related work the OAIC made the following comments:

  • Phone enquiries: handled 16,486 phone enquiries (18,238 in 2012–13) — a 9% increase in privacy phone enquiries, which are 71% of the total
  • Written enquiries: answered 3742 written enquiries (3165 in 2012–13) — a 26% increase in privacy written enquiries, which are 64% of the total
  • Privacy complaints: received 4243 complaints (184% increase), and completed 2616 (74% increase). The average closure rate was 7.2 privacy complaints per day (90% increase), and the average completion time was 86.7 days (44% decrease)
  • Privacy audits: conducted 8 audits (60% increase)
  • Data breach notifications (DBNs): handled 73 DBNs (55% increase)
  • Privacy investigations: conducted 13 Commissioner-initiated investigations (32% decrease), and published 4 reports
  • Advice, guidance and submissions: published 20 guideline items, conducted 22 consultations, provided 133 written policy advices, and made 17 submissions
  • Website visits: received 1.51 million website visits (10% increase)

Read the rest of this entry »

Privacy and the mobile

The Conversation usually publishes insightful and well written pieces on subjects of public policy, law, science or the humanities (to name but a few topics covered).  Sometimes its offerings are not so good.  Like with Your life in their hands – privacy and your mobile device.  Something of a curate’s egg – good in parts.

It provides:

The explosive uptake of mobile devices including smartphones and tablets has us immersed in a complex, volatile soup of hyper-connected digital technologies, where not only is the perception of time being compressed, but privacy protections are being reshaped. Read the rest of this entry »

Onion ransomware on way…. serious data security issue with knock on privacy concerns

Ransomware is a particularly nasty tool in the hackers bag of tricks.  Once security has been breached the hackers use Onion ransomware to encrypt files on a device attached to a network and then demands a ransom.  And it is on the way according to The Australian’s Onion ransomware could take root here.  The usual route into a network is through a phishing attack.  Hence all the more reason for staff to receive proper privacy training and to develop proper programs and protocols in handling email communications and oral enquiries.  In my experience it remains hand slapped to forehead depressing how inadequate training in basic privacy protocols are and when businesses actually do some privacy training it is done as a one off event.  No repeat for, say, new staff or refreshers to deal with new systems.  And then businesses wonder how there is a breach a month or year down the track.  The Privacy Commissioner’s guidelines on data security makes it clear that Read the rest of this entry »