On Sunday, May 19 at 7 p.m. ET and PT, “60 Minutes” will have include a segment, “A Face in the Crowd,” on the issue of privacy and facial-recognition technology. Here’s what “60 Minutes” says:

The odds are you are not just a face in the crowd any longer. Even if your picture isn’t plastered all over social networking and photo-sharing sites, facial recognition technology in public places is making it harder if not impossible to remain anonymous. Lesley Stahl reports on the new ways this technology is being used that even has one of its inventors calling it too intrusive. Her 60 MINUTES report will be broadcast Sunday, May 19 (7:00-8:00 PM, ET/PT) on the CBS Television Network.

Professor Alessandro Acquisti of Carnegie Mellon, who researches how technology impacts privacy, stunned Stahl with an experiment. He photographed random students on the campus and in short order, not only identified several of them, but in a number of cases found their personal information, including social security numbers, just using a facial recognition program he downloaded for free. Read more »

In a series about cyber compliance issues, the Wall Street Journal takes a look at how collecting enormous amounts of data, without securing the private or sensitive information, can lead to large problems when there are security breaches:

It’s well-known that many companies aren’t aware when they have had their security breached. Compounding that problem is the fact it is hard to determine what might have been lost, because many companies have accumulated data over years in multiple forms.

Ignorance about stored data can magnify the costs of notifying customers and the risk of regulatory or legal repercussions, according to various experts.

“Companies continue to allow the information haystack to grow and grow and grow,” said Bruce Radke, chair of the data privacy group at law firm Vedder Price. The first step in any company’s assessment of its data should be “really looking at the information you need and getting rid of everything else,” he said. [...] Read more »

MediaPost reports on a privacy lawsuit by Android users against Google, the operating system’s creator:

A group of Android users who are suing Google for allegedly violating their privacy have beefed up their complaint with new claims that the company wrongly transfers users’ names and contact information information to app developers. [...]

The new papers come around six weeks after U.S. District Court Judge Jeffrey White in the Northern District of California dismissed an earlier version of the lawsuit, which accuses Google of wrongly transmitting users’ geolocation data and other personal information to app developers. White previously ruled that the consumers didn’t allege sufficient facts to support their claims that Google violated the federal computer fraud law, as well as a host of state laws.

In their new complaint, the consumers add allegations about the controversy that erupted this spring, after it emerged that Google sent the names and contact information of users who purchased apps to developers. Many observers were surprised to learn that Google did so, especially because Apple’s iTunes platform does not share purchasers’ data. But Google said that the Google Wallet privacy policy always allowed it to share information necessary to process transactions. Read more »

The Toronto Sun reports on a medical data privacy issue in Ottawa:

OTTAWA — A group of patients whose personal information was lost is suing Montfort Hospital in Ottawa for $40 million.

The suit stems from a lost USB memory stick that contained information on 25,000 patients. The stick was lost in November 2012 before it was eventually recovered.

The memory stick contained patient names, a summary of services received, the date of service and a code representing the health care provider on the case. It also included information on 1,255 members of the Canadian Armed Forces.

The plaintiffs are accusing the Montfort of breach of contract, negligence, breach of privacy and violating its own bylaws and the Personal Health Information and Protection Act (PHIPA), [...]

The suit charges the hospital also failed to ensure the memory device was password protected and that the hospital “failed to disclose the loss of personal information “in a timely manner.”

Politico reports that Republican lawmakers have shown increasing interest in online privacy rights and proposals to update the 1986 Electronic Communications Privacy Act (“ECPA,” also known as Title 18 § 2511 of the United States Code):

Momentum to update the nation’s antiquated email privacy laws is again coursing through the Capitol — and this time, movement is coming from the right.

Republicans have been increasingly attaching their names to reforming the Electronic Communications Privacy Act — an issue where Democrats have traditionally taken the lead.

Four Republican congressmen introduced a pair of bills this week that would require government investigators to score a warrant before obtaining someone’s email content. Arizona Reps. Matt Salmon and Trent Franks are partnering on a House version of ECPA reform; Kansas Rep. Kevin Yoder and Georgia Rep. Tom Graves are teaming up on the Email Privacy Act. Read more »

The Associated Press announced that the Department of Justice secretly obtained two months’ worth of phone records of its journalists, and the news service wants to know the reason for this surveillance, which could have significant implications for First Amendment civil rights:

The Justice Department secretly obtained two months of telephone records of reporters and editors for The Associated Press in what the news cooperative’s top executive called a “massive and unprecedented intrusion” into how news organizations gather the news.

The records obtained by the Justice Department listed outgoing calls for the work and personal phone numbers of individual reporters, general AP office numbers in New York, Washington and Hartford, Conn., and the main number for AP reporters in the House of Representatives press gallery, according to attorneys for the AP. It was not clear if the records also included incoming calls or the duration of calls.

In all, the government seized the records for more than 20 separate telephone lines assigned to AP and its journalists in April and May of 2012. [...] Read more »