Search


Intersection: Sidewalks & Public Space

Chapter by Melissa Ngo

"The Myth of Security Under Camera Surveillance"


  • Categories


  • Archives

    « Home

    Archive for the ‘Technology’ Category

    IT News (Australia): Academics get personal over big data

    Wednesday, July 16th, 2014

    We’ve discussed the pitfalls of various anonymization or “de-identification” techniques and how the information can be “deanonymized” or re-identified, leading to privacy problems for individuals. In 2009, University of Colorado law professor Paul Ohm discussed “the surprising failure of anonymization,” and said, “Data can either be useful or perfectly anonymous but never both.” He said anonymization’s failure “should trigger a sea change in the law, because nearly every information privacy law or regulation grants a get-out-of-jail-free card to those who anonymize their data.”

    Now, IT News reports on a research paper, “No silver bullet: De-identification still doesn’t work” (pdf), by Princeton’s Arvind Narayanan and Edward W. Felten concerning the continued privacy problems with de-identification of personal information. (Felten was chief technologist for the Federal Trade Commission and has been a consultant for various federal agencies.) The new paper is a response to one recently published by ITIF researcher Daniel Castro and Ontario privacy commissioner Ann Cavoukian, “Big Data and Innovation, Setting the Record Straight: De-identification Does Work” (pdf).

    IT News reports:

    Scholars at Princeton University have delivered a stinging rebuke to the ‘big data’ movement, insisting that today’s data de-identification tools are not sufficient to ensure privacy. [...] Read more »

    Information Age: More than a third of security pros sending sensitive data without encryption

    Tuesday, July 15th, 2014

    Information Age reports on a new survey from Voltage Security concerning the encryption of sensitive information:

    Despite headline-making breaches that have called attention to the importance of data encryption, nearly 36% of IT security professionals admit to sending sensitive data outside of their organisations without using any form of encryption to protect it, a new survey from Voltage Security reveals. [...] Read more »

    Forbes: Did Facebook Break The Law? Senator Asks FTC For Answers

    Monday, July 14th, 2014

    Forbes reports that Sen. Mark R. Warner (D-Va.) has asked the Federal Trade Commission to investigate Facebook’s controversial decision to manipulate its users’ news feeds for research purposes:

    Senator Mark R. Warner (D-Va.) has asked the Federal Trade Commission (FTC) to provide more information about recent reports that Facebook manipulated user news feeds during an emotional manipulation experiment.  In a letter today to the FTC, Warner asked the agency to determine if Facebook broke the law or violated their consent agreement with the FTC.

    Warner also asked the agency to explore the potential ramifications of the experiment, and to consider questions about what, if any, oversight would be appropriate for behavioral studies conducted by social media platforms.  Warner’s inquiry comes on the heels of a legal complaint against Facebook that was filed with the FTC last week.  That complaint alleged that Facebook engaged in deceptive trade practices and violated a 2012 Consent Order entered into with the FTC. [...]

    The full text of Warner’s letter is available here.

    Vermont Attorney General Fines Local Business For Failing To Notify Consumers Of Security Breach

    Monday, July 14th, 2014

    Vermont Attorney General William H. Sorrell announced that his office has fined (pdf) Shelburne Country Store in Shelburne, Vermont, because of a security breach that affected customers’ privacy:

    Shelburne Country Store in Shelburne, Vermont will pay a $3,000 civil penalty for failing to inform 721 internet buyers of a security breach of their credit card information. In late 2013, the company’s website was hacked and credit card information stolen. Upon being informed of the breach in January 2014, the company quickly fixed the problem, but did not notify consumers until it was contacted by the Attorney General’s Office. [...]

    Under Vermont’s Security Breach Notice Act, businesses are required to send the Attorney General a confidential notice within 14 business days of discovery of a data breach. The business must also send notice to consumers in the most expedient time possible, but no later than 45 days.

    InformationWeek: Florida Law Aims To Tighten Data Security

    Friday, July 11th, 2014

    InformationWeek reports on a new law in Florida that concerns information privacy and security:

    A new law designed to protect Floridians from identity theft could have far-reaching repercussions on healthcare organizations that reside or do business in the Sunshine State. Under the Florida Information Protection Act of 2014 (FIPA), any covered entity or third-party agent must now report breaches to the Florida Department of Legal Affairs and to consumers within 30 days (compared with the prior law’s 45 days). If they show good cause, organizations may get a 15-day extension or receive a law enforcement extension. Violators can be fined $1,000 per day for the first 30 days and $50,000 for each subsequent 30-day period under the Florida Deceptive and Unfair Trade Practices Act (FDUTPA); the fine is not to exceed $500,000.

    The state also expanded ”personal information” to include individuals’ first name or first initial and last name, in combination with any one of the following: passport number; medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional; or health insurance policy number, subscriber identification number, or any unique identifier health insurers use to classify individuals. [...]

    The act, which passed unanimously, should slow the flood of data breaches, advocates said. Faster reporting times, an expanded collection of relevant data, and increased law enforcement involvement will encourage organizations to be more proactive and give law enforcement more opportunities to catch cybercriminals.

    Consortium for School Networking Issues Privacy Resources for K to 12 Grades

    Thursday, July 10th, 2014

    The Consortium for School Networking has announced the release of privacy resources for school districts:

    CoSN (Consortium for School Networking) today unveiled two freestanding resources to accompany its in-depth, step-by-step privacy toolkit. Designed to help school system leaders navigate the complex federal laws and related issues, the complementary resources include:

    •  “10 Steps Every District Should Take Today”; and

    •  “Security Questions to Ask of an Online Service Provider

    Launched in March through CoSN’s Protecting Privacy in Connected Learning initiative, the existing toolkit addresses compliance with laws such as the Family Education Rights and Privacy Act (FERPA) and the Children’s Online Privacy Protection Act (COPPA) and offers smart practices to better protect student privacy and their data. The security questions for online service providers were included in the v.1 toolkit. [...]

    In the fall, CoSN will expand the toolkit with additional sections covering the Protection of Pupil Rights Amendment (PPRA) and the Health Insurance Portability & Accountability Act (HIPAA) – filling out the privacy guide with all four federal privacy laws applied to K-12 education.