Privacy News | Daily Dashboard

Breaking news. In-depth articles. Global coverage.

Save time searching the headlines for privacy news in the media. Get the latest breaking privacy and data protection news from around the globe all in one place—The Daily Dashboard. Our FREE daily e-newsletter summarizes the day’s top privacy stories with links to the full articles—sent directly to your desktop each weekday!

Subscribe now!

Top Privacy News

PRIVACY COMMUNITY

Dayman, Chapell, McGraw Each Take New Positions

April 23, 2014

A number of organizations just got more privacy savvy with the hiring of experienced privacy professionals. Longtime IAPP member Dennis Dayman, CIPP/US, CIPP/IT, has joined Return Path as its new Chief Privacy and Security Officer. Return Path CEO & Chairman Matt Blumberg said the company is “excited to have Dennis guiding us” through “our clients’ needs and ours in an increasingly data dependent marketing future.” BlueCava has named Alan Chapell, CIPP/US, also a longtime IAPP member, to its advisory board as chief privacy officer. Chapell said, “BlueCava is at the forefront of privacy” and that he looks forward “to further enhance solutions that balance optimizing media buys with the consumer’s right to privacy.” And Manatt, Phelps & Phillips has announced that healthcare privacy expert Deven McGraw has joined the firm as partner in its healthcare practice. McGraw has been the Health Privacy Project director at the Center for Democracy & Technology. Manatt’s healthcare division chair said McGraw’s “focus on patient protection and the secondary use of health data will increase the scope of our national team.”
Full Story

CYBERSECURITY—U.S.

Privacy Groups Call for NIST Transparency

April 23, 2014

Several groups, including the Electronic Frontier Foundation and Silent Circle, are urging the National Institute for Standards and Technology (NIST) to be more transparent, SC Magazine reports. In an open letter, the groups have also asked NIST to make its online encryption standards as robust as possible and to grant outside experts the “opportunity to evaluate the technology” and to “ignore the NSA’s input.” Under the current agreement, NIST must consult with the National Security Agency after encryption principles are set. Editor’s Note: A recent Privacy Perspectives post on the NIST process has triggered a slew of interesting comments.
Full Story

CYBERSECURITY—U.S.

GAO Reports “Numerous” SEC Cybersecurity Vulnerabilities

April 23, 2014

After a two-year security audit, the U.S. Government Accountability Office (GAO) has shared a 25-page report with the U.S. Securities and Exchange Commission (SEC) listing a number of weaknesses with the SEC’s cybersecurity controls, FierceFinanceIT reports. The GAO noted security flaws with access controls, patch management, segregation of development and production environments and contingency planning. “Weaknesses limited (the SEC’s) effectiveness in protecting the confidentiality, integrity and availability of a key financial system,” the report states, adding, “These weaknesses existed, in part, because SEC did not effectively oversee and manage the migration of the key financial system to a new location. Consequently, SEC’s financial information and systems were exposed to increased risk of unauthorized access, disclosure, modification and disruption.” Meanwhile, Jeff Kosseff writes about the SEC’s 50 cybersecurity examinations, and the top 10 things financial institutions should know.
Full Story

DATA LOSS—U.S.

University Reports Breach Potentially Affecting Thousands

April 23, 2014

NBC affiliate KWQC.com reports that Iowa State University (ISU) has disclosed a data breach in which Social Security (SSNs) numbers of nearly 30,000 individuals enrolled at the school over a 17-year period have been accessed. At least five information technology servers have reportedly been hacked containing SSNs of students enrolled in specific classes between 1995 and 2012. Officials suspect the purpose of the hack was to generate computing power to create a virtual currency, not to access personal information.
Full Story

PRIVACY LAW—U.S.

Justice Dept. Fights Judge Over Bulk E-mail Collection Rulings

April 23, 2014

Lawyers from the Justice Department are appealing to a higher court after Magistrate Judge John Facciola’s denial of the department’s application to search and seize several months’ worth of a suspect's e-mails, reports The Wall Street Journal. Facciola has twice denied the application saying the first step of the government’s two-step process, in which the government obtains all e-mails and information tied to the account from a third party, puts too much personal information in their hands. Facciola believes the third party, in this case Apple, can sift through the data prior to giving it to the government, but the Justice Department objects to giving investigative responsibility to a service provider. (Registration may be required to access this story.)
Full Story

BIG DATA—U.S.

Ohlhausen on the Challenges of Creating Policy for Big Data

April 23, 2014

Federal Trade Commissioner Maureen Ohlhausen spoke at last week’s “Privacy Principles in the Era of Massive Data” at Georgetown Law, highlighting a need for more guidance for industry, but also noting that she hasn’t “seen anything that suggests that big data technology raises fundamentally new data security issues." Ohlhausen also discussed contradictions between the Fair Information Practice Principles and the way Big Data is currently used, and while underscoring the need for diligence in the FTC, cautioned against “preemptive action that could preclude entire future industries."
Full Story

PRIVACY LAW

Int’l Laws Make Discovery Process Challenging, Brazil’s Senate Passes Internet Law

April 23, 2014

Chris Demarco writes for Inside Counsel that international data protection laws make the already complex process of discovery even more challenging. The difference in approaches to data protection—preventing data processing without consent in the EU and the U.S. requirements for transparency—while aimed at the same goal, mean discovery can be tough to navigate. Demarco offers suggestions for legal departments “to remain compliant and respectful to different privacy standards when it comes to the discovery process.” Meanwhile, Reuters reports that Brazil’s Senate has unanimously approved a bill deemed the “Internet Constitution.” The bill limits the collection and use of the metadata of Internet users in Brazil.
Full Story

STUDENT PRIVACY—U.S.

InBloom Wilts Amid Privacy Backlash

April 22, 2014

Following months of controversy, nonprofit inBloom announced Monday it is shutting down. In an e-mail to the organization’s supporters, CEO Iwan Streichenberger wrote, “I have made the decision to wind down the organization over the coming month.” InBloom had been financed with $100 million from the Bill and Melinda Gates Foundation, providing a cloud service for schools to centrally store encrypted student data. “InBloom’s demise yesterday in the face of a flurry of privacy allegations unambiguously demonstrates that privacy can also be a first-order business risk. So much so,” writes IAPP VP of Research and Education Omer Tene in this post for Privacy Perspectives, “that it can bring a high-flying, much-celebrated, well-funded and strongly backed organization to its knees.”
Full Story

PRIVACY LAW—U.S.

Illinois To Write a New Consent Law, But What About Other Two-Party States?

April 22, 2014

It’s a good thing producers of The Good Wife aired their episode “A Few Words” when they did, or one of the best lines—for privacy litigators, at least—would’ve been moot. In this Privacy Tracker post, InfoLawGroup’s Tanya Forsheit, CIPP/US, breaks down the People v. Clark decision deeming Illinois’ two-party consent law unconstitutional and why most other two-party state laws won’t be affected—most notably California’s. “California’s two-party consent law does not suffer from the defect that doomed Illinois’s two-party consent law in Clark,” writes Forsheit, noting, however, “it remains to be seen, in California and elsewhere, what happens in close cases where it is far less clear whether all the parties have a reasonable expectation of privacy in the conversation.”
Full Story

DATA PROTECTION—U.S.

Verizon Report: Hackers Getting Better at Their Job; Brands Struggling To Keep Up

April 22, 2014

Headlines of breaches at major brands have been pervasive in the last year, and millions of users had their data compromised. The bad news is that it’s predicted to get worse, The Washington Post reports. That’s according to Verizon’s 2014 Data Breach Investigations Report, which found that hackers are becoming “more efficient and organized while many companies are struggling to get even fundamental cybersecurity measures into place.” Meanwhile, employees of the University of Pittsburgh Medical Center (UPMC) affected by the data breach there have filed a lawsuit seeking class-action status. One plaintiff says a tax return was fraudulently filed in her name as a result of the breach. UPMC has until April 30 to respond to the initial charges in the suit. (Registration may be required to access this story.)
Full Story

PRIVACY TECH

PIA Tool Stocked With New Templates for DPI, Infosec

April 22, 2014

In anticipation of next week’s IAPP Data Protection Intensive in London, and the concurrent Infosecurity Europe event across town, the IAPP has released new templates that allow users of the APIA automated privacy impact assessment tool to work with guidance from the UK Information Commissioner’s Office and ISO standards 27001 and 27002 for information security management and information security controls. These templates can be downloaded from the IAPP site (scroll to the bottom of the “Full Story” linked page) and uploaded into the APIA tool once it’s been installed, or uploaded immediately if you’re already working with APIA. Are you using APIA and have a great set of questions you’ve already been working with in the field? Please export your template and upload it for the community to use.
Full Story

PRIVACY LAW—U.S.

The FTC’s Common Law of Privacy

April 22, 2014

Columbia Law Review has published the “The FTC and the New Common Law of Privacy,” co-written by Profs. Daniel J. Solove and Woodrow Hartzog. They note the Federal Trade Commission (FTC) has been enforcing companies’ privacy policies through its Section 5 authority since the late 1990s, resulting in a body of FTC jurisprudence that “is functionally equivalent to a body of common law…” In their paper, Solove and Hartzog “explore how and why the FTC, and not contract law, came to dominate the enforcement of privacy policies” while contending the FTC’s jurisprudence has effectively “codified certain norms and best practices and has developed some baseline privacy protections.” They argue standards now resemble rules and this “common law” is the foundation for “a robust privacy regulatory regime.” Editor’s Note: Woodrow Hartzog will be an instructor, focusing on privacy and the FTC, at this year’s IAPP Information Privacy Summer Institute. Find the IAPP’s burgeoning FTC Casebook here.
Full Story