Today is Giving Tuesday, and here are a few consumer, privacy, and civil liberty groups that could use donations to continue to fight for your rights: ACLU national (or give to your local chapter), Center for Digital Democracy, Consumers Union, Electronic Frontier Foundation, Electronic Privacy Information Center, Privacy International, and the World Privacy Forum.
Archive for the ‘International’ Category
For years, companies and institutions have been using “anonymization” or “deidentification” techniques and processes to release data concerning individuals, saying that the techniques will protect personal privacy and preclude the sensitive information from being linked back to an individual. Yet we have seen time and again that these processes havenâ€™t worked.
For almost two decades,Â researchers have told us that anonymization of private information has significant problems, and individuals can be re-identified and have their privacy breached. (I wrote a blog post last year detailing some of the research concerning re-identificaiton of anonymized data sets.)
Recently, Australian Attorney General George Brandis announced that he would seek to amend the country’s Privacy Act to “create a new criminal offence of re-identifying de-identified government data. It will also be an offence to counsel, procure, facilitate, or encourage anyone to do this, and to publish or communicate any re-identified dataset.”
According to the Guardian, the “impetus” for this announcement was a recent privacy problem with deidentified Medicare data, a problem uncovered by researchers. “A copy of an article published by the researchers outlines how every single Medicare data code was able to be reidentified by linking the dataset with other available information,” the Guardian reported. Read more »
As the costs of the technologies fall, biometric identification tools — such as fingerprint, iris or voice-recognition scanners — are increasingly being used in everyday life. There are significant privacy questions that arise as biometric data is collected and used, sometimes without the knowledge or consent of the individuals being scanned.
Biometrics use has become more commonplace. Many smartphones, including iPhones, have fingerprint “touch” ID scanners that people can use instead of numeric passcodes. And law enforcement personnel have been using fingerprint scanners for years, both domestically and internationally.Â In the past few years, we’ve see banks capturing customers’ voice prints in order, the institutions say, to fight fraud. Or gyms asking members to identify themselves using their fingerprints.Â ReutersÂ recently reportedÂ that companies are seeking to expand fingerprint-identification systems to credit cards and railway commuters.
And the voluntariness of a person submitting his or her biometric has also been questioned. Do you realize when you’re calling your bank that you’re handing over your voice print? Another situation a few years ago in Washington, D.C., also raised at the issue of voluntariness.Â The District considered requiring that all visitors to its jail “have their fingerprints scanned and checked against law enforcement databases for outstanding warrants.” So if you wanted to visit a friend or relative who was in the D.C. jail, you would have to volunteer to submit your biometric data. The plan was dropped after strong criticism from the public and civil rights groups.
Your biometric data can be gathered for any number of innocuous reasons. For example, I had to submit my fingerprints to obtain my law license, not because of a crime. Family members, roommates and business colleagues of crime victims have submitted fingerprints in order to rule out â€œinnocentâ€ fingerprints at a crime scene in a home or workplace. Some â€œtrusted travelerâ€ airport programs gather iris scans. Some companies use iris-recognition technology for their security systems. Read more »
Recently, President Obama releasedÂ a package of cybersecurity reform proposals. Along with these proposals, Obama also unveiled a new executive order: “Establishment of the Federal Privacy Council.” The council will be composed of senior privacy officials from at least 24 federal agencies, includingÂ Cabinet-level departmentsÂ and NASA and the Office of Personnel Management, and “may also include other officials from agencies and offices, as the Chair may designate.”
The new council is tasked with developing, coordinating and sharing ideas and best practices for federal programs toÂ protect privacy and implement “appropriate privacy safeguards” throughout the administration.
Although the council’s mission is important, this move seems incomplete. First, such a concerted effort to improve privacy protections throughout the federal government should have begun years ago. If privacy and security protections for sensitive personal data had been prioritized, there might not have been the problems caused by the hacker attack last year against the Office of Personnel Management, whichÂ did not use encryption or other such security technologyÂ to protect the information (includingÂ fingerprints) of theÂ millions of current and formerÂ federal employees affected. Read more »
International Data Privacy Day is today. Take the time to think about how privacy is important in your life and how you can protect your rights from being infringed upon. PleaseÂ also takeÂ the timeÂ toÂ donateÂ toÂ anyÂ number ofÂ organizationsÂ out thereÂ tryingÂ toÂ protectÂ yourÂ privacy rights. VisitÂ the official siteÂ to find events near your area.
There have been myriad data breaches and security problems recently with private and public sector systems. As more sensitive data is passed through more hands — corporate and government — there needs to be an emphasis on security.
Although theÂ Consumer Financial Protection Bureau is focused on financial data, its call for privacy protections to be built into systems from the beginning is valuable for all sectors.Â In the case of the CFPB, it has set out guiding principles of data privacy and security for the creation of new payment systems.
These new systems are aimed at reducing â€œpocket-to-pocketâ€ payment times between consumers and businesses or other entities. The CFPB wants to ensure any new payment systems are secure, transparent, accessible, and affordable to consumers. The systems should also have robust protections when it comes to fraud and error resolution. […]
The CFPB wants to ensure that consumer protections are at the forefront as new and improved payment systems are developed. The protections recommended in todayâ€™s Consumer Protection Principles relate to privacy, transparency, costs, security, and consumer control. They also relate to funds availability, fraud and error resolution protections, and payment system accessibility. Read more »