The Federal Trade Commission and the California Office of Privacy Protection will co-host a half-day public workshop in Los Angeles on Wednesday, August 13, 2008, on how businesses can secure personal information and protect the privacy of consumers and employees.

The workshop, "Protecting Personal Information: Best Practices for Business," is presented in partnership with the International Association of Privacy Professionals and the Los Angeles Area Chamber of Commerce. It features business people, attorneys, government officials, privacy officers, and other experts who will provide practical guidance for businesses of all sizes on data security, privacy, best practices for developing an appropriate data security program, and responding to data breaches and other privacy and security problems.

The FTC and COPP will provide a brief overview of the business and legal reasons to address data security.

– The first panel will discuss steps and strategies for developing a data security plan. Speakers include Barbara Lawler, Chief Privacy Officer, Intuit; Eric Nelson, Principal, Secure Privacy Solutions; Jill Phillips, Chief Privacy Officer, Chevron; Shai Samet, President and Founder, Samet Privacy LLC; Andrew Serwin, Partner, Foley & Lardner. Read more »

USA Today has a revealing story on thieves who target gas pumps to surreptitiously gather or "skim" data from credit and debit cards.

The skimmed data are used to create cards used at the victims’ expense, says James Van Dyke, president and founder of Javelin Strategy and Research, a financial consulting firm that focuses on fraud and identity theft. [...]

The skimming devices can be installed outside or inside the pump. Thieves glue a plastic sleeve, equipped with covered wires that capture data, over the pump’s card reader or connect the device directly to the reader inside.

The devices are molded and painted to match the machine and are small, making them hard to detect, Van Dyke says. Read more »

AmericaBlog has published a post I wrote about the security problems of a company running one of the federal government’s “trusted traveler” programs. The company lost a laptop with sensitive data on 33,000 program applicants.

ACLU Guest Post: “Trusted Traveler” Program Suspended After 33,000 Customers’ Records Went Missing

The Washington Post reveals:

Federal agents may take a traveler’s laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed.

Also, officials may share copies of the laptop’s contents with other agencies and private entities for language translation, data decryption or other reasons, according to the policies, dated July 16 and issued by two DHS agencies, U.S. Customs and Border Protection and U.S. Immigration and Customs Enforcement.

Basically, the federal government is saying that border officials can take whatever they desire from US citizens and others, for as long as the officials want, and share it with whomever they please, without any hint of wrongdoing. Here are the Customs and Border Protection policy (pdf) and Immigration and Customs Enforcement policy (pdf) (both agencies are within the Department of Homeland Security). Read more »

August is a slow month in Washington, D.C. Congress is out of session and most politicians, staffers, lobbyists, reporters, and others take vacations, emptying the city. There usually is little news in August; therefore, barring a massive privacy emergency, Privacy Lives will take a break, as well. There will be fewer and more sporadic blog posts this month. Full, in-depth coverage of privacy and civil liberty issues will resume in September.