Today, Privacy Lives joins 12 civil liberty groups (including the ACLU, EPIC and Privacy Rights Clearinghouse) in sending a letter (pdf) to the US Senate urging the chamber to “request[] accession to the Council of Europe’s Convention 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data.”

Founded in 1949, the Council of Europe “seeks to develop throughout Europe common and democratic principles.” The US is one of five observer countries; there are 47 member countries. The United States has signed onto other COE conventions, such as the 2001 Convention on Cybercrime, which was ratified by the Senate in 2006.

Convention 108 sets out a framework for protecting all data, especially focusing on data-sharing among countries. There are three main parts: (1) basic principles, which are substantive law provisions; (2) special rules on transborder data flows; and, (3) mechanisms for mutual assistance and consultation between the parties (countries).

The Convention covers data processing and collection by both government agencies and private sector companies. Its Articles are a floor for data protection laws, not a ceiling.

The Council of Europe recently decided to allow non-member countries to sign on to the Convention, and we are urging the Senate to take steps to do so. As part of this process, the US must create an independent data protection authority, because that is a requirement for states to be a party to Convention 108.

US Supreme Court Justice Antonin Scalia spoke today at the Institute of American and Talmudic Law’s Midwinter Conference, entitled, “The Right to Privacy and Individual Liberties – From Ancient Times to the Cyberspace Age.” (PDF press release.) Unfortunately, the text of his speech is not available, but the Associated Press reports on the talk:

U.S. Supreme Court Justice Antonin Scalia says discussions of privacy rights in the digital era should distinguish between such confidential data as medical records and information that might be personal but isn’t hard to know.

Scalia told a New York City audience Wednesday that considering every fact about someone’s life private is “silly.”

Scalia says he’s largely untroubled by technology that targets online advertising by tracking a person’s Internet searches, though data such as drug prescriptions probably should be off-limits.

If you’re unfamiliar with Justice Scalia, here are a few articles about him.

Found via PogoWasRight.org.

The media is reporting that the Department of Veterans Affairs has agreed to pay $20 million to settle a class action lawsuit stemming from a 2006 data security breach. In May 2006, an unencrypted laptop and hard drive containing sensitive data on 26.5 million current military personnel, veterans, and their spouses were stolen from a Veterans Affairs’ employee’s home.

The federal government continues to be plagued by bad data security practices. The latest Computer Security Report Card (pdf) released by the House Committee on Oversight and Government Reform gave the federal government a “C” for its overall computer security. The federal government has been  embarrassed by a string of losses (pdf) or thefts of unencrypted computing devices, yet a July  report (pdf) from the GAO that found more than 70 percent of the federal government’s mobile devices were unencrypted at the time of the review.

The Associated Press reports that the $20 million settlement will come from the U.S. Treasury and “will be used to pay veterans who can show they suffered actual harm, such as physical symptoms of emotional distress or expenses incurred for credit monitoring. [...] veterans who show harm from the data theft will be able to receive payments ranging from $75 to $1,500. If any of the $20 million is left over after making payments, the remainder would be donated to veterans’ charities agreed to by the parties, such as the Fisher House Foundation Inc. and The Intrepid Fallen Heroes Fund.”

The Los Angeles Times has an interesting story about a fight between the Los Angeles Police Department and the police union over the collection of officers’ genetic data. The opinions stated by the police union are similar to arguments (pdf) that have been consistently made by civil liberty groups when discussing collection of DNA from individuals.

For nearly a year, the union representing officers has sparred with the Los Angeles Police Department over the department’s refusal to set limits on its practice of collecting DNA samples from officers involved in shootings and other incidents involving serious force. Although rarely done, officers can be required to submit a saliva swab as part of the investigations the department conducts into such incidents.

The Los Angeles Police Protective League, which represents the department’s roughly 9,500 rank-and-file officers, warned its members about the issue in an open letter this month, telling them it could lead to invasions of privacy and misuse of the information. Read more »

Today is Data Privacy Day, and people are celebrating in the US, Canada and 27 European countries. How can you celebrate?

You can take the time to reflect on the many privacy questions and problems that occur daily — the proliferation of surveillance cameras used to watch schoolchildren or other people for minor offenses; the ease with which insiders are able to access sensitive personal data of celebrities or other innocent people; numerous security breaches affecting individuals’ finances; the creation of government dossiers on individuals legally exercising their Constitutional rights; and many more.

You can donate to any number of organizations out there trying to protect your rights. 

Or you can access numerous events and resources including:

– Government’s Role in Increasing Privacy Awareness and Trust, 4:30-6:30 p.m.; 2168 Rayburn House Office Building; Washington D.C. Featuring Congressman David Price and Member of the European Parliament Alexander Alvaro.

– Office of the Privacy Commissioner of Canada, “Top 10 Ways Your Privacy Is Threatened.”

– The California Office of Privacy Protection has launched the training presentation, “Secure Your Computer to Protect Your Privacy,” which can be used by community organizations, businesses or individuals to provide basic training on securing information on home computers.

– A Privacy Policy Workshop at the Stanford Center for Internet and Society sponsored by Covington & Burling, LLP, 12:50-2:00pm, Room 280B, Stanford Law School; 559 Nathan Abbott Way, Stanford, CA. Ryan Calo, a Consumer Privacy fellow with the Center, and Mali Friedman, with Covington & Burling, will discuss the law and policy obligating companies to post notice of their privacy practices, walk through how to write an effective privacy policy, and discuss the future of online notice.

Find out more at the Data Privacy Day site.

The Center for Democracy and Technology has released a new policy paper (pdf), “Rethinking the Role of Consent in Protecting Health Information Privacy.” It’s an interesting paper with thoughtful arguments. I don’t agree with parts of the paper, but I urge you to read it and consider the issue. More analysis and testimony about Health Information Technology privacy is available at the Senate Judiciary Committee’s page on today’s hearing about the issue. From CDT’s paper:

Although new innovations in health information sharing hold great promise for m ore effective and efficient care, they also amplify privacy risks. A system that makes greater volumes of information available more efficiently to improve care will be an attractive target for those who seek personal health information for commercial gain or inappropriate purposes. A significant majority of the public has already expressed concern about the privacy risks associated with health IT, and policymakers will find little public support for building e-healthy systems if those concerns are not addressed. Read more »