InformationWeek reports on a way to identify individuals by using the bacteria left by people on objects.

Scientists at the University of Colorado at Boulder have found that the bacteria trail left behind on objects like computer keyboards and mice can analyzed and used to help identify users of those devices.

“Your body is coated with bacteria inside and out,” says CU-Boulder assistant professor Noah Fierer in a video on YouTube. “You’re basically a walking microbial habitat. And we found that the diversity of bacteria just on the skin surface is really pretty incredible. You habor hundreds of different bacteria species just on your palm, for example. We’ve also found that everybody is pretty unique. So of those let’s say hundred or so bacteria species, very few are of them are shared between individuals.” [...] Read more »

The Atlanta Journal-Constitution reports on the issue of privacy and crime-scene photos:

Using the Georgia Open Records Act, a Hustler magazine writer recently requested crime-scene photos of Meredith Emerson, the Buford hiker who was stripped naked and decapitated in the North Georgia woods in 2008. [...]

The [Emerson] family quickly obtained a temporary restraining order barring the photos’ release.

Georgia lawmakers acted almost as quickly as the Emerson family. House Bill 1322, the “Meredith Emerson Privacy Act,” would change the state’s open records law to prohibit public disclosure of gruesome crime-scene photos. Read more »

The Federal Trade Commission will hold the last of its three roundtables on privacy on March 17 in Washington, D.C. The agency has released its agenda. Panels include:

Panel 1: Internet Architecture and Privacy
Moderators: Loretta Garrison and Naomi Lefkovitz, Division of Privacy and Identity Protection, FTC
Panelists:
John Henry Clippinger, Co-Director, The Law Lab, Harvard University Berkman Center for Internet & Society
Jules Cohen, Director, Trustworthy Computing Group, Microsoft
Peter Eckersley, Staff Technologist, Electronic Freedom Foundation
Lucy Lynch, Director, Trust and Identity Initiatives, Internet Society
Ari Schwartz, Vice President & Chief Operating Officer, Center for Democracy and Technology
Edward W. Felten, Director, Center for Information Technology Policy, Princeton University
Drummond Reed, Executive Director, Information Card Foundation

Panel 2: Health Information
Moderators: Loretta Garrison and Manas Mohapatra, Division of Privacy and Identity Protection, FTC
Panelists:
Linda Avey, Founder & President, Brainstorm Research Foundation
Stanley W. Crosley, Co-Director, Indiana University Center for Strategic Health Information Provisioning
Kimberly S. Gray, Chief Privacy Officer, Americas Regions, IMS Health
Deven McGraw, Director, Health Privacy Project, Center for Democracy and Technology
Marc M. Boutin, Executive Vice President & Chief Operating Officer, National Health Council
Jodi Daniel, Director, Office of Policy and Planning, Office of the National Coordinator for Health Information Technology, Department of Health and Human Services
James Heywood, Co-founder & Chairman, PatientsLikeMe
Deborah Peel, Founder, Patient Privacy Rights

Panel 3: Addressing Sensitive Information
Moderators: Catherine Harrington-McBride and Michelle Rosenthal, Division of Privacy and Identity Protection, FTC Read more »

The Associated Press reports on a new use of customer-loyalty-card data by the Centers for Disease Control and Prevention that may raise privacy issues. Note that, in this case, the CDC and grocery stores first asked for customers’ permission to access the data:

As they scrambled recently to trace the source of a salmonella outbreak that has sickened hundreds around the country, investigators from the Centers for Disease Control and Prevention successfully used a new tool for the first time — the shopper cards that millions of Americans swipe every time they buy groceries.

With permission from the patients, investigators followed the trail of grocery purchases to a Rhode Island company that makes salami, then zeroed in on the pepper used to season the meat. Read more »

The Canadian Press reports on the issue of patients’ medical data privacy and security after the death or retirement of a doctor.

Gary Dickson has seen abandoned medical records turn up in some pretty bizarre places in his time as Saskatchewan’s privacy commissioner – mouldy basements, drafty Quonset huts, vacant buildings.

He argues that more needs to be done to protect sensitive, personal health information left behind when a doctor retires or dies. Increasingly across Canada, he says, no appropriate arrangements have been made to turn records over to another doctor or to an approved archive. [...]

When a doctor dies in Saskatchewan, the representative of the estate – typically a widow or a child – has the same obligations the doctor had when it comes to records. But that person may not know what that entails, especially when it comes to keeping files secure or allowing patients access. [...] Read more »

The Congressional Research Service (a nonpartisan department of the Library of Congress created to assist legislators) has published a report concerning the federal government’s information security capabilities and data privacy protections. The report, “Federal Information Security and Data Breach Notification Laws, RL34120 (Jan. 28, 2010)” is available through Open CRS. Not all CRS reports are made public, though the department is funded by taxpayer money. Open CRS, a project of the Center for Democracy & Technology, gathers and archives publicly accessible CRS Reports, ones that are already in the public domain. Here’s the summary:

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS), an industry regulation developed by VISA, MasterCard, and other bank card distributors. Read more »