Disclosure: I have worked with the GAO on a number of privacy issues.

The Government Accountability Office (GAO) is the investigative arm of Congress. It recently released three reports on privacy. Members of Congress who request the reports are allowed to hold the reports for up to 30 days before releasing them to the public, so some reports have dates from several weeks ago. Read coverage about these reports at USA Today.

Alternatives Exist for Enhancing Protection of Personally Identifiable Information, GAO-08-536, April 19, 2008. Full report (pdf).

“The centerpiece of the federal government’s legal framework for privacy protection, the Privacy Act of 1974, provides safeguards for information maintained by federal agencies. In addition, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments for systems or collections containing personal information. GAO was asked to determine whether laws and guidance consistently cover the federal government’s collection and use of personal information and incorporate key privacy principles. GAO was also asked, in doing so, to identify options for addressing these issues. To achieve these objectives, GAO analyzed the laws and related guidance, obtained an operational perspective from federal agencies, and consulted an expert panel convened by the National Academy of Sciences.”

Agencies Should Ensure That Designated Senior Officials Have Oversight of Key Functions, GAO-08-603, May 30, 2008. Full report (pdf). Read more »

According to BBC News:

Sweden’s parliament has approved controversial new laws allowing authorities to spy on cross-border e-mail and telephone traffic.

The country’s intelligence bureau will be able to scan international calls, faxes and e-mails.

For more information, see EFF’s excellent post on legislation and its costs to civil liberties and reports in the Guardian, the Los Angeles Times, and USA Today. 

CNet News and the Los Angeles Times report on Quon v. Arch Wireless (pdf), a Ninth Circuit Court of Appeals case concerning the privacy of mobile phones’ SMS text messages. From CNet:

In the case, a city police department provided text-paging services for its officers, but had no clear text-use policy. Instead, the city relied on a general employee Internet/computer usage policy and tried to say that the SMS-texts were akin to e-mail messages. During an internal affairs investigation for excessive text-messaging charges, no less, the police department wanted to see if service-charge “overages” were work-related necessitating a better SMS-plan. After the messages were not on the PDA (d-for delete, anyone?), the city ended up getting the messages from the SMS-service provider itself. Read more »

Reuters reports on a survey by Cyber Ark, an information security company. Cyber Ark’s annual survey reviews data from “300 senior IT professionals (mainly from companies employing over 1000+ employees).” According to the survey, one-third of the IT workers “admitted to using their privileged rights to access information that is confidential or sensitive.”

The data IT snoops looked at include “salary details, [mergers and acquisitions] plans, people’s personal emails, board meeting minutes and other personal information.” Also, “[w]hen asked if they had accessed information that was not relevant to their role 47% admitted they had.” Read more »

“The hearing on ‘Laptop Searches and Other Violations of Privacy Faced by Americans Returning from Overseas Travel’ scheduled by the Senate Committee on the Judiciary Subcommittee on the Constitution for Wednesday, June 25, 2008 in the Senate Dirksen Office Building, Room 226 will begin at 9:00 a.m. rather than the previously scheduled time of 9:30 a.m.

Chairman Feingold will preside.”

Witness List:

Larry Cunningham
Assistant District Attorney, Bronx County

Susan K. Gurley
Executive Director, Association of Corporate Travel Executives

Farhana Khera
President and Executive Director, Muslim Advocates

Nathan A. Sales
Assistant Professor of Law, George Mason University School of Law

Peter P. Swire
Professor, Moritz College of Law, The Ohio State University
Senior Fellow, Center for American Progress

Lee Tien
Senior Staff Attorney, Electronic Frontier Foundation

Date: June 25, 2008 at 9 am
Location: Room 226; Dirksen Senate Office Building; Washington, DC
For more information: http://judiciary.senate.gov/hearing.cfm?id=3420

Texas Attorney General Greg Abbott has filed charges against Petroleum Wholesale, Inc., (a Houston-based business with stores in 10 states) after it was revealed the company improperly discarded customer records that contained Social Security numbers, bank account information, and other sensitive data.

According to the Attorney General’s office:

Investigators with the Office of the Attorney General (OAG) discovered that the company improperly discarded hundreds of customer records in a publicly-accessible trash container outside its former headquarters. According to investigators, the records included sales receipts with customers’ names and full credit or debit card numbers with expiration dates. The records also included returned checks, along with forms listing customers’ names, banking routing numbers, driver’s license and Social Security numbers. Read more »