Privacy & Security News BriefMarch 1 – March 7, 2008

Vol. 1, No. 22

TABLE OF CONTENTSBIOMETRICS................................................................................................................................................................4

Biometric ID cards mandatory for Americans in U.K. more than 90 days_______________________________4

DATA BREACH............................................................................................................................................................4Data-leak security proves to be too hard to use____________________________________________________4When does a privacy breach cause harm?________________________________________________________4Hospital donor files compromised______________________________________________________________4Details on 200 children stolen_________________________________________________________________4Nevada Firm Loses Job Seeker's Data___________________________________________________________5Missing laptop, data could affect Q-C Oscar Mayer employees_______________________________________5HP leaks personal data on Web site_____________________________________________________________5

E-COMMERCE.............................................................................................................................................................5EU set to clear Google - DoubleClick merger: sources______________________________________________5Storing Information for Profit_________________________________________________________________5Online Advertisers Beware: Privacy Regulators Closing In On Online Tracking_________________________5

EDITORIALS & OPINION..........................................................................................................................................6Privacy shield crucial for online health records____________________________________________________6The Myth of the 'Transparent Society'___________________________________________________________6Do Virtual Map Programs Invade Privacy?_______________________________________________________6Strengthen medical privacy laws_______________________________________________________________6

EDUCATION.................................................................................................................................................................625,000 student photos had no login protection____________________________________________________6

EMPLOYEE...................................................................................................................................................................7Every Click You Make, Your Boss Is Watching You_______________________________________________77 Security Rules Employees Love to Break______________________________________________________7

FINANCIAL...................................................................................................................................................................7Compliance Week Survey: Sarbanes-Oxley Improvements on the Decline______________________________7Leveraging your IT SOX Investment___________________________________________________________7Going to Extremes to Protect Banking Customer Data______________________________________________7PCI and The Circle Of Blame_________________________________________________________________8

GOVERNMENT – U.S. FEDERAL..............................................................................................................................8Pentagon Bans Google Earth From Mapping Military Bases_________________________________________8FBI improperly sought personal data, chief says___________________________________________________8 FBI chief: Report will confirm privacy violations____________________________________________8 More FBI Privacy Violations Confirmed___________________________________________________8(Associated Press – 3/6/08)___________________________________________________________________8China's computer hacking worries Pentagon______________________________________________________8National security trumps personal privacy, survey states____________________________________________8

Stolen VA laptop caught in safety net___________________________________________________________9OMB reports 60 percent increase in information security incidents____________________________________9FTC Chairman Set to Leave Post_______________________________________________________________9DHS gives itself a 'C' for cybersecurity__________________________________________________________9

GOVERNMENT – U.S. STATES..................................................................................................................................9INDIANA________________________________________________________________________________9State unit to pursue identity thieves_____________________________________________________________9

HEALTH & MEDICAL.................................................................................................................................................9Rules aim for better patient safety through confidential error reports___________________________________9New Zealand Hospital IDs focus of privacy debate_______________________________________________10Health Information Technology Executives: Work Together on Security______________________________10Online health records raise privacy worries______________________________________________________10This Blood Test Is Brought to You by…________________________________________________________10Are Healthcare Organizations Under Cyberattack?________________________________________________10

IDENTITY THEFT.....................................................................................................................................................11Identity theft is top consumer complaint in 2007_________________________________________________11

INTERNATIONAL......................................................................................................................................................11

AFRICA...................................................................................................................................................................11SOUTH AFRICA__________________________________________________________________________11Committee to Discuss Biometrics, Other Privacy Issues____________________________________________11

ASIA/PACIFIC.......................................................................................................................................................11AUSTRALIA_____________________________________________________________________________11E-security lessons for Aussie kids_____________________________________________________________11Agency made 700 privacy breaches___________________________________________________________11

EUROPE..................................................................................................................................................................12EUROPEAN UNION______________________________________________________________________12Privacy watchdog condemns data gathering plans________________________________________________12GERMANY______________________________________________________________________________12German court protects personal data privacy_____________________________________________________12UNITED KINGDOM______________________________________________________________________12Tories unveil cybercrime plans_______________________________________________________________12British govt loses more than a 1000 laptops, 007 sent to investigate__________________________________12

MIDDLE EAST.......................................................................................................................................................12

NORTH AMERICA...............................................................................................................................................12CANADA_______________________________________________________________________________12Privacy Commissioners Release New Video Surveillance Guidelines_________________________________12TTC gets the OK from privacy boss for more cameras_____________________________________________13

SOUTH AMERICA................................................................................................................................................13

LEGISLATION – FEDERAL.....................................................................................................................................13Battle over wiretapping may be nearing an end___________________________________________________13 Wiretap Compromise in Works_________________________________________________________13 Wiretapping focus shifts to e-mail communications_________________________________________13House Lawmakers Question Privacy in Cyber-Security Plan________________________________________13 Chertoff asks for patience on cybersecurity________________________________________________13

LEGISLATION – STATE...........................................................................................................................................14MASSACHUSETTS_______________________________________________________________________14Bay State Senate bill would mandate electronic health records______________________________________14MISSOURI______________________________________________________________________________14Missouri House approves drug monitoring bill over privacy objections________________________________14

2

SOUTH CAROLINA_______________________________________________________________________14Bill may prevent identity theft________________________________________________________________14WASHINGTON__________________________________________________________________________14Safeguarding IDs: Key bill needs approval in Olympia, but indiiduals must be on guard__________________14WISCONSIN_____________________________________________________________________________14Credit Union-Backed Proposal on Personal Data Security Advances__________________________________14

LITIGATION & ENFORCEMENT ACTIONS.........................................................................................................15FTC settles breach complaint with student lender_________________________________________________15TJX customers to claim eligibility for breach settlement___________________________________________15Judge allows Wikileaks Web site to reopen, dropping injunction_____________________________________15Virginia court upholds prolific spammer's conviction______________________________________________15

MOBILE/WI-FI...........................................................................................................................................................15

ODDS & ENDS............................................................................................................................................................15Microsoft says Credentica acquisition will help users protect privacy_________________________________15College student accused of cheating using Facebook______________________________________________16

ONLINE.......................................................................................................................................................................16Phorm ad system 'will protect privacy'_________________________________________________________16U.S. seeks terrorists in web worlds____________________________________________________________16 The New Art of War__________________________________________________________________16(Washington Post – 3/3/08)__________________________________________________________________16Microsoft Expands Online Services____________________________________________________________16

RFID.............................................................................................................................................................................16New Zealand Law Commission questions RFID 'privacy'__________________________________________16Canadian Privacy Commissioner Seeks Feedback on Implications of Using RFID Technology in the Workplace________________________________________________________________________________________17RFID/Bluetooth: convenient threats___________________________________________________________17

SECURITY...................................................................................................................................................................17Nato says cyber warfare poses as great a threat as a missile attack____________________________________17Contractor networks create security risk, Defense official says______________________________________17Security tips for Net-connected travelers________________________________________________________17Identity management critical for security, government IT shops say__________________________________17NW: Gov’t IT Shops: Identity Management Critical for Security____________________________________18Five basic mistakes of security policy__________________________________________________________18Security Development Lifecycle trumps code complexity__________________________________________18Pervasive Web apps flaws under siege_________________________________________________________18Security skills of IT workforce lacking, survey finds______________________________________________18The security benefits and risks of virtualization__________________________________________________18

SEMINARS..................................................................................................................................................................19

PAPERS.......................................................................................................................................................................20Wireless Security: Past, Present and Future_____________________________________________________20Safe and productive browsing in a dangerous web world: The challenge for business____________________20Data Leak Risks: A Problem Mid-Size Organizations Can’t Ignore___________________________________20Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report_________________20Principles for Behavioral Targeting Privacy Tools________________________________________________20

3

ARTICLE SUMMARIES AND LINKS

BIOMETRICSBiometric ID cards mandatory for Americans in U.K. more than 90 daysAmericans studying in Britain for more than three months will have to have biometric ID cards starting later this year. Within three years, Britain's Home Office said Thursday, all Americans and other foreigners from outside the European Union will have to have the cards to work and live here. U.S. tourists and businessmen and women who visit Britain for visits under 90 days will not need them.http://www.usatoday.com/travel/news/2008-03-06-british-id-cards_N.htm(USA Today – 3/6/08)

DATA BREACHData-leak security proves to be too hard to useData-loss-prevention technologies promise organizations the chance to stop sensitive information from falling into the wrong hands. But the process of creating the rules necessary to use the systems' enforcement capabilities is proving extremely complex for customers. Some companies that have had DLP technology in place for several years concede that they are only beginning to scratch the surface of using the tools for data policy enforcement.http://www.infoworld.com/article/08/03/06/10NF-data-loss-prevention-problem_1.html(InforWorld – 3/6/08)

When does a privacy breach cause harm?Several countries are on the verge of doing what U.S. courts have stopped short of: codifying that breaches of personal information can actually harm people. Why should U.S. companies welcome this development? On the one hand, most large data breaches don't even lead to a rash of ID thefts. But is monetary loss the only criterion for personal harm? An international answer to this question could clarify the standard of protection that corporations have to meet with regard to personal data in their care.http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9066958&taxonomyId=84&intsrc=kc_feat(ComputerWorld – 3/6/08)

Hospital donor files compromisedA computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and home addresses of more than 11,500 individuals who donated to Cascade Healthcare Community, the parent company of St. Charles in Bend and Redmond. The virus penetrated the computer system Dec. 11, and the hospital’s information technology staff believed they had rebuffed it. But Feb. 5, they detected suspicious activity in the system and called in computer forensic experts to investigate.http://www.bendbulletin.com/apps/pbcs.dll/article?AID=/20080306/NEWS0107/803060442/1006&nav_category=NEWS0107(Bend Bulletin – 3/6/08)

Details on 200 children stolenA laptop with confidential information about more than 200 children - including their names, addresses, dates of birth and treatment - has been stolen from a Shropshire medical centre. The thief walked into Madeley Health Centre, Telford, while a speech and language therapist was running a clinic, unplugged her laptop from an adjoining room and walked off with it. Health chiefs quickly deactivated the laptop to ensure it could not be used to access general NHS data.But a memory stick plugged into the machine carried details on 238 children, giving their names, addresses, dates of birth and speech and language therapy treatment.http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/(Shropshire Star – 3/5/08)

4

Nevada Firm Loses Job Seeker's Data A private firm working for the Nevada Department of Public Safety has lost personal information provided by 109 individuals seeking jobs with the agency. The information was stored on a portable computer memory device called a thumb drive that was owned by an employee of Crown, Stanley and Silverman. The company was hired by the department to perform background checks on the applicants. The agency has ordered the company to stop the background checks and to return all files belonging to the state. http://www.chron.com/disp/story.mpl/ap/fn/5595764.html(Houston Chronicle – 3/5/08)

Missing laptop, data could affect Q-C Oscar Mayer employeesA company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business. And now 20,000 employees nationwide have received letters telling them that their personal information was stored on the missing laptop and they could be vulnerable to some type of identity theft. That group of 20,000 includes employees from Davenport’s Kraft Oscar Mayer plant. It is unknown how many employees of the Davenport facility were affected. The plant employs about 1,700 people. http://www.qctimes.com/articles/2008/03/03/news/local/doc47cc7e171b8bd249394271.txt?sPos=2(Quad-City [IA] Times – 3/3/08)

HP leaks personal data on Web siteHewlett-Packard Co.'s Japanese unit said it may have leaked the personal data of 139,583 people in Japan. The information included names, addresses and telephone numbers, the unit of the Palo Alto, Calif.-based computer and peripheral equipment maker said on its Japanese-language Web site Friday. The information, from questionnaires and seminar application forms, was mistakenly posted on a Web page and publicly accessible from Feb. 13 to 20. http://search.japantimes.co.jp/mail/nb20080301n3.html(Japan Times – 3/1/08)

E-COMMERCEEU set to clear Google - DoubleClick merger: sourcesGoogle is expected to receive unconditional approval from European Union regulators next week for its $3.1 billion takeover of ad firm DoubleClick, people familiar with the situation said. The approval has long been expected because the European Commission decided in January not to object formally to the transaction. Privacy advocates have objected to the deal, saying it would give the two firms unprecedented access to information about consumers. The Commission has said privacy considerations are outside the scope of its authority over mergers.http://www.reuters.com/article/technologyNews/idUSL0674359620080306(Reuters – 3/6/08)

Storing Information for Profit BPO Management Services of Anaheim, Calif., wants small to midsize companies to hand over their confidential files and corporate documents. So does Cloudworks, of Thousand Oaks, Calif. Docstoc.com of Beverly Hills, Calif., is seeking to make all business and legal documents available online to small companies and counsel them on their use. Rather than keeping all corporate data, confidential and otherwise, in software programs within the organization, the three firms would hold it online.http://www.nytimes.com/2008/03/05/business/smallbusiness/05edge.html?_r=1&ref=technology&oref=slogin(NY Times – 3/5/08)

Online Advertisers Beware: Privacy Regulators Closing In On Online TrackingUntil recently, few have questioned the standard assertion that web usage information raises minimal privacy concerns, as such data alone do not identify an individual person. Indeed, polls suggest that the public is generally unaware of the scale of online tracking and the growing use of "behavioral targeting" in placing online ads. But tracking and targeting are now driving a variety of regulatory responses in the United States and abroad, which could expand as the public learns it is being watched.http://www.metrocorpcounsel.com/current.php?artType=view&artMonth=March&artYear=2008&EntryNo=8083(Metropolitan Corporate Counsel – 3/08)

5

EDITORIALS & OPINIONPrivacy shield crucial for online health recordsHIPAA issued earlier in this decade by rule makers who, reversing the intent of Congress, eliminated the right of patient consent over how their data is used for treatment, payment or health care operations. What the rule makers did is negate the Hippocratic Oath, with its emphasis on doctor-patient confidentiality, which has guided medicine for centuries. That stroke of the rule makers' pen allows data-mining firms to take your personal health information to use for their purposes without your consent. It's all there for data-mining firms to use — your prescriptions, your treatment for mental health, your genetic predisposition to certain illnesses. You have no say over how and when and by whom your data is used.http://www.ajc.com/opinion/content/opinion/stories/2008/03/07/privacyed_0307.html(Atlanta Journal-Constitution – 3/7/08)

The Myth of the 'Transparent Society'When I write and speak about privacy, I am regularly confronted with the mutual disclosure argument. Explained in books like David Brin's The Transparent Society, the argument goes something like this: In a world of ubiquitous surveillance, you'll know all about me, but I will also know all about you. The government will be watching us, but we'll also be watching the government. This might not be everybody's idea of utopia -- and it certainly doesn't address the inherent value of privacy -- but this theory has a glossy appeal, and could easily be mistaken for a way out of the problem of technology's continuing erosion of privacy. Except it doesn't work, because it ignores the crucial dissimilarity of power. You cannot evaluate the value of privacy and disclosure unless you account for the relative power levels of the discloser and the disclosee.http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306(Wired – 3/6/08)

Do Virtual Map Programs Invade Privacy?You might be amazed to learn that with just a few clicks, someone could get a street-level view of your house. Google and MSN have put out some new map programs online that give close-up photographic views of addresses. Some images can be rotated 360 degrees to give a complete picture of an area. KMBC's Marcus Moore talked with customers at a coffee shop on the Plaza. Some said the map photos are an invasion of privacy. Another person said the maps can be useful, especially for those looking to buy a house in an area.http://www.kmbc.com/news/15494508/detail.html(KMBC – 3/4/08)

Strengthen medical privacy laws Recently, the Associated Press reported that drug reps were able to look at patient records and then call insurance companies for approval to switch patients to a more expensive psoriasis drug. One of Congress's advisers stated that electronic software vendor contracts violate federal privacy rules. Up to 500,000 Americans may be at risk of medical identity theft, with 20,000 complaints lodged with the FTC. http://www.cmonitor.com/apps/pbcs.dll/article?AID=/20080303/OPINION/803030302/1028/OPINION02(Concord, NH, Monitor – 3/3/08)

EDUCATION25,000 student photos had no login protectionMore than 25,000 pictures, apparently of Ohio University students, were inadvertently left without password protection on an otherwise secure OU Web site in what state and federal officials said might be a violation of federal privacy law. OU restricted access to the pictures, which appeared to be headshots taken for OU identification cards, hours after a Post reporter called to inquire about them.http://www.thepost.ohiou.edu/Articles/News/2008/03/04/23239/(The Post [Athens, OH], 3/4/08)

6

EMPLOYEEEvery Click You Make, Your Boss Is Watching YouThough only two states in the U.S. require businesses to spell out for employees exactly what their policies are regarding electronic surveillance and monitoring, 83 percent of companies told researchers that they do so anyway. However, that's still not enough for some workers to curtail their personal use of company e-mail and Internet -- 58 percent of companies said they've fired employees for such violations. Employees who regularly use company computers to surf the Web, sign on to business accounts for personal e-mail, make calls from company phones or use the corporate car to run errands run the risk of losing their jobs. http://www.ecommercetimes.com/story/Every-Click-You-Make-Your-Boss-Is-Watching-You-61914.html?welcome=1204635762&welcome=1204911380(Ecommerce Times – 2/29/08)

7 Security Rules Employees Love to BreakNew research from the Ponemon Institute finds that either companies are not setting, or employees are not following, data security procedures in several high-risk areas. “Data Security Policies Are Not Enforced,” a survey of 893 corporate IT workers, examined the risks associated with storing and transporting sensitive information and looked at how well companies are implementing and enforcing policies to protect against this risk. Below are seven areas where employees are breaking the most rules or being most careless.http://www2.csoonline.com/blog_view.html?CID=33355(CSO Online – 12/7/07)

FINANCIALCompliance Week Survey: Sarbanes-Oxley Improvements on the Decline Exclusive new research from Compliance Week shows companies that made improvements to their internal control over financial reporting in the wake of The Sarbanes-Oxley Act of 2002 (SOX) are expecting fewer improvements over time. The results also suggest that Auditing Standard No. 5 (AS5)—a new, more relaxed auditing standard approved last year by the Securities and Exchange Commission—may not be helping to streamline SOX compliance as much as hoped.http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080304005465&newsLang=en (Business Wire – 3/4/08)

Leveraging your IT SOX Investment Companies over the past two years have spent an extraordinary amount of time and money preparing and responding to Sarbanes Oxley (SOX). The estimates of spending on Sarbanes related projects are incredible and there has definitely been a significant impact on the performance and profits. Between SOX preparation and remediation, IT organizations have learned much about building controls frameworks. Those IT shops that were not control oriented have most likely improved processes from a control perspective and those IT shops that already had controls integrated into processes hopefully have fine tuned those controls. http://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=2128(Sarbanes-Oxley Compliance Journal – 3/3/08)

Going to Extremes to Protect Banking Customer DataFinancial institutions long have been in the business of safeguarding customers' assets, but gone are the days when an ironclad vault was sufficient for the task. Now, information is an asset that also must be protected, and banks continually are investing in a sophisticated arsenal of weapons to thwart information "thieves." Bankers say the importance of information security has risen significantly in recent years for several reasons. Among them, online banking has grown in popularity, most records now are transmitted and stored electronically, and the federal and state governments have tightened information-security regulations.http://www.crmbuyer.com/story/61922.html?welcome=1204546389(CRM News – 3/1/08)

7

PCI and The Circle Of Blame The PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security of credit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditors to major credit card brands. Whether data is any safer remains to be seen. Despite mandating a variety of security mechanisms and regular audits, our investigation shows that the Payment Card Industry Data Security Standard, known as PCI DSS or just PCI, can be manipulated so merchants seem compliant without actually making their data stores more secure. Card brands, which are supposed to be driving compliance, have little incentive to rock this boat.http://www.informationweek.com/story/showArticle.jhtml?articleID=206800867(Information Week – 2/28/08)

GOVERNMENT – U.S. FEDERALPentagon Bans Google Earth From Mapping Military BasesGoogle Inc has complied with a request by the Pentagon to remove some online images from its street-level map service because they pose a security threat to U.S. military bases, military and company officials said. The Defense Department, which is still studying how many images are available, has also banned Google teams from taking video images on bases.http://www.msnbc.msn.com/id/23505366/(MSNBC – 3/6/08)

FBI improperly sought personal data, chief saysAn internal Justice Department report has found more improper use of national security letters by FBI agents seeking personal data on Americans during terror and spy investigations. Director Robert Mueller told the Senate Judiciary Committee that the privacy breach by FBI agents and lawyers occurred a year before the bureau enacted sweeping new reforms to prevent future lapses.http://www.msnbc.msn.com/id/23483287/ (MSNBC – 3/5/08)Also see:

FBI chief: Report will confirm privacy violationshttp://www.usatoday.com/news/states/2008-03-05-fbi-privacy_N.htm (USA Today – 3/5/08)

More FBI Privacy Violations Confirmed http://ap.google.com/article/ALeqM5gxSQM-Pj5GvDDx_r9HNZvtF6JAGgD8V7HN7O0 (Associated Press – 3/6/08)

China's computer hacking worries PentagonChina in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday. Computer network intrusions at the Pentagon and other U.S. agencies, think tanks and government contractors last year "appeared to originate" in China, according to the report.http://www.latimes.com/news/nationworld/world/la-fg-uschina4mar04,1,3559963.story?track=rss&ctrack=1&cset=true(LA Times – 3/4/08)

National security trumps personal privacy, survey statesThe rise of identity management across government has shifted the debate toward giving national security concerns more attention than personal privacy. A new survey found 53 percent of 474 federal, state, local and municipal government employees said that national security should be a priority even if it means that Americans’ personal privacy could be negatively impacted. Meanwhile, 33.8 percent said personal privacy is a higher priority than national security. http://www.fcw.com/online/news/151822-1.html(Federal Computer World – 3/4/08)

8

Stolen VA laptop caught in safety netThe Veterans Affairs Department lost another laptop PC, but the department was better prepared this time. When an employee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, the department’s revamped security policies and new security technologies were put to the test. Unlike what happened when a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VA officials knew exactly what equipment was missing.http://www.fcw.com/online/news/151810-1.html(Federal Computer World – 3/3/08)

OMB reports 60 percent increase in information security incidentsThe number of information security incidents reported by federal agencies jumped from 5,146 in fiscal 2006 to 12,986 last year, with a 70 percent increase in unauthorized access to federal networks alone, according to a report from the Office of Management released Saturday. http://www.govexec.com/dailyfed/0308/030208a1.htm (Government Executive – 3/2/08)

FTC Chairman Set to Leave PostThe chairman of the Federal Trade Commission, Deborah Platt Majoras, plans to step down next month. Majoras, 44, will join Procter & Gamble in June as vice president and general counsel, with primary responsibility for its global antitrust and litigation practice areas. The White House has not named a replacement. http://www.washingtonpost.com/wp-dyn/content/article/2008/02/28/AR2008022803878.html(Washington Post – 2/29/08)

DHS gives itself a 'C' for cybersecurityThe top ranking official in the Homeland Security Department's national protection division called the agency's efforts in cybersecurity satisfactory, assigning a grade of 'C' during congressional testimony Thursday. But members of Congress called the grade inadequate, emphasizing the need for better collaboration with agency technology leaders, real-time response to system attacks, and metrics that measure the ability to protect networks from specific threats rather than system compliance.http://www.govexec.com/story_page.cfm?articleid=39393&dcn=todaysnews(Government Executive – 2/28/08)

GOVERNMENT – U.S. STATESINDIANAState unit to pursue identity thievesA new initiative will help identity theft victims get their lives back on track and help law enforcement go after identity thieves, Indiana Attorney General Steve Carter. Carter announced the creation of the Identity Theft Unit, part of his office’s Consumer Protection Division, during a stop in Fort Wayne on a statewide promotional tour.http://www.journalgazette.net/apps/pbcs.dll/article?AID=2008803020418(Journal Gazette – 3/2/08)

HEALTH & MEDICALRules aim for better patient safety through confidential error reportsFederal regulators have proposed sweeping patient safety rules to give physicians and others a confidential, voluntary way to report medical errors and near mistakes. Several health care organizations applauded the release of the long-awaited regulations but want a closer look before making a final judgment. http://www.ama-assn.org/amednews/2008/03/10/gvl10310.htm(American Medical News – 3/10/08)

9

New Zealand Hospital IDs focus of privacy debateWith the renewed focus on privacy in both New Zealand and Australia, Melbourne-based health software company TrakHealth has had to defend the approach it took to a public health patient-tracking system it recently developed for Brazil. The system will provide every Brazilian with an identifying number and plastic card similar to the health and social services card scheme mooted by the recently ousted John Howard government in Australia. This has been canned by the new Rudd Labor government, because of fears it could surreptitiously be developed into a broad national ID system.http://computerworld.co.nz/news.nsf/news/DB48FD36D6627354CC2573FE0018532D(ComputerWorld – 3/7/08)

Health Information Technology Executives: Work Together on SecurityA new survey shows that 96 percent of health information technology (HIT) executives think it is important to have a uniform way for verifying the security of sensitive healthcare information, and 85 percent think it is time for the industry to come together and develop a comprehensive framework that can provide that uniformity. The survey, the first of an annual series commissioned by the Health Information Trust Alliance (HITRUST) and conducted by KRC Research, also shows that more than half of those surveyed are frustrated that there are no standardized practices for complying with HIPAA.http://www.govtech.com/gt/articles/268842(Government Technology – 3/5/08)

Online health records raise privacy worriesSearching the Internet for movies playing locally is just plain handy, but the idea of Googling your own medical records is raising privacy concerns. Google, the California search-engine company, and the Cleveland Clinic — an Ohio medical institution with a reputation for quality care — recently announced they will collaborate on a pilot program to store patient records online. The test program will allow 1,500 to 10,000 patient volunteers at the Cleveland Clinic to store certain records — information on prescriptions, allergies and laboratory test results — in a secure Google account. Patients will have passwords and only they will be able to access the medical records.http://seattletimes.nwsource.com/html/businesstechnology/2004255947_btmedrecords03.html(Seattle Times – 3/3/08)

This Blood Test Is Brought to You by…As we consider the entry by Google and Microsoft into the medical records business, a vision of where this may all be going is presented by a San Francisco startup called Practice Fusion. The company’s concept: Give doctors a free service that will automate their offices — both administrative functions, like appointments, and patient medical records. The catch: The software displays advertising aimed at the doctors and their staff. Here is where it really gets dicey: The ads shown are related to the content of the medical records. So when the doctor reviews your cholesterol test results, he may see an ad for Lipitor. http://bits.blogs.nytimes.com/2008/03/03/this-blood-test-is-brought-to-you-by/index.html?ref=technology(NY Times – 3/3/08)

Are Healthcare Organizations Under Cyberattack?Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insiders and disappearing laptops with sensitive data are piling up. On top of that, there's now the prospect of a surprise audit from the federal government agency in charge of overseeing the HIPAA security and privacy rules. Healthcare organizations are stepping up efforts to protect electronic patient information as they witness increased attacks against hospital networks, mindful how a data breach could hurt patients and their own reputations.http://www.pcworld.com/article/id,142926/article.html(PC World – 2/27/08)

10

IDENTITY THEFTIdentity theft is top consumer complaint in 2007Identity theft was the No. 1 consumer complaint nationwide and in New York State last year for the seventh year in a row, according to a report to be released Tuesday by the Federal Trade Commission. New Yorkers filed 19,319 identity-theft complaints last year, accounting for 32 percent of consumer complaints. The bulk of the cases involved phone, utilities and credit-card fraud. http://www.newsday.com/business/ny-bzone5600939mar04,0,500041.story(NewsDay – 3/4/08)

INTERNATIONAL

AFRICASOUTH AFRICACommittee to Discuss Biometrics, Other Privacy IssuesThe Gauteng Shared Services Centre (GSSC) is to host an e-government conference from 7 to 8 April. The conference is aimed at finding ways to use ICT infrastructure and services to deliver on the province's developmental agenda, such as reducing unemployment and poverty. Presentations and panel discussions will, among other things, explore case studies on tracking and managing government budgets, e-invoicing and e-procurement, as well as access management. Other topics for discussion include identity management, the use of biometrics and smart cards, and privacy and data management.http://www.itweb.co.za/sections/computing/2008/0803051032.asp?O=FPTOP&S=IT%20in%20Government&A=ITG (ITWeb – 3/5/08)

ASIA/PACIFICAUSTRALIAE-security lessons for Aussie kidsStudents will be taught to identify and protect themselves against online threats under a new federal Government program to embed a "culture of security" in the next generation of internet users. Students will also be taught to recognise the legal and other consequences of sharing software, music and movies. Under the program, e-security education modules aimed at students in years 3 and 9 that will address key aspects of safe online behaviour, as well as the use of appropriate computer defence systems. Students will also be taught to recognise the legal and other consequences of sharing software, music, movies and other copyright information.http://www.australianit.news.com.au/story/0,24897,23323338-15319,00.html(Australian IT News – 3/5/08)

Agency made 700 privacy breachesThe Child Support Agency faces an urgent review over nearly 700 privacy blunders in the past year, including people being given the confidential contact details of their former spouses. Human Services Minister Joe Ludwig said yesterday that he questioned the agency's competence over the breaches, and ordered an overhaul of its administration. http://www.theaustralian.news.com.au/story/0,25197,23308230-2702,00.html (The Australian – 3/3/08)

11

EUROPEEUROPEAN UNIONPrivacy watchdog condemns data gathering plansEurope's top privacy watchdog has condemned planned European border controls as weak and based on inconclusive evidence, claiming they will put Europeans' privacy at risk with no guarantee of increased security. European Data Protection Supervisor Peter Husinx has said that proposals announced last month by the European Commission to tighten border controls through the use of biometric identification have failed to consider privacy implications closely enough. http://www.out-law.com/page-8904(Out-Law – 3/3/08)

GERMANYGerman court protects personal data privacyThere is a right to personal computer privacy in Germany, after all, the country’s high court said Wednesday. Data stored or exchanged on PCs are protected by the German constitution, the Federal Constitutional Court, AP reports. If authorities feel the need to spy on citizen’s computers, they would have to - gasp! - get a warrant from a judge. http://government.zdnet.com/?p=3678(ZDNet.com – 2/27/08)

UNITED KINGDOMTories unveil cybercrime plansThe Conservatives have today unveiled plans to create a new post of a cybersecurity minister in order to combat what they call the "growing threat" of online crime. News of the scheme – which would see a single Home Office minister take charge of fighting internet crime and protecting government computer systems from attack – comes as shadow home secretary David Davis unveils a raft of policy ideas aimed at fighting internet criminals and terrorists.http://www.guardian.co.uk/technology/2008/mar/06/politics.hitechcrime(Guardian – 3/6/08)

British govt loses more than a 1000 laptops, 007 sent to investigateLondon (England) – In a report to the House of Commons, British ministries and departments said they’ve lost more than a thousand laptops over the last decade. 200 of those were lost in the last year alone. The biggest offender was the Ministry of Defense which lost almost 50% of the total or 503 laptops. In addition to laptops, the MoD lost 23 PCs since 1998. Other agencies like the Department of Health, Ministry of Justice and HM Revenue and Commons lost sizable numbers of computers. The numbers in the report could have been much higher as the totals didn’t include the Home or Foreign Offices.http://www.tgdaily.com/content/view/36324/118/(TG Daily – 3/4/08)

MIDDLE EAST

NORTH AMERICACANADAPrivacy Commissioners Release New Video Surveillance GuidelinesPrivate-sector organizations considering video surveillance systems must take specific steps to minimize the impact on people’s privacy, say video surveillance guidelines released today. The new guidelines set out how companies should evaluate the use of video surveillance and ensure any surveillance they undertake is conducted in a way that respects privacy rights and complies with the law. These guidelines have been endorsed by Jennifer Stoddart, the Privacy Commissioner of Canada, Frank Work, the Information and Privacy Commissioner of Alberta, and David Loukidelis, the Information and Privacy Commissioner for British Columbia. http://news.gc.ca/web/view/en/index.jsp?articleid=383709&categoryid=1&category=News+Releases(Canada News Centre – 3/6/08)

12

TTC gets the OK from privacy boss for more cameras Smile, you're on the TTC. Ontario Privacy Commissioner Ann Cavoukian sees no legal barriers to a massive TTC expansion of video cameras on all its subways, buses and street cars. Cavoukian said the use of cameras is in compliance with provincial privacy laws provided the TTC includes safeguards to prevent incidents of "video surveillance voyeurism" such as those reported in Britain, where security officers were found to be tracking attractive women and zooming in on body parts.http://lfpress.ca/newsstand/CityandRegion/2008/03/04/4899736-sun.html(The London [Canada] Free Press – 3/4/08)

SOUTH AMERICA

LEGISLATION – FEDERALBattle over wiretapping may be nearing an endThe chairman of the House Intelligence Committee hinted Sunday that a bitter battle over an expired eavesdropping law may be moving toward a conclusion that gives phone companies the retroactive legal protections long sought by President Bush. The chairman, Rep. Silvestre Reyes, D-Texas did not specify what provisions a House bill might contain. But his use of the words "blanket immunity" suggested that he might be moving toward a Senate bill, backed by Bush, that would protect phone companies that assisted in a federal program of wiretapping without warrants after the Sept. 11, 2001, terrorist attacks.http://www.siliconvalley.com/news/ci_8434861 (Silicon Valley – 3/3/08)Also see:

Wiretap Compromise in Workshttp://www.washingtonpost.com/wp-dyn/content/article/2008/03/03/AR2008030302814_pf.html (Washington Post - 3/4/08)

Wiretapping focus shifts to e-mail communicationshttp://www.cnet.com/8301-13739_1-9886766-46.html?part=rss&subj=news&tag=2547-1_3-0-5 (CNet – 3/5/08)

House Lawmakers Question Privacy in Cyber-Security PlanHouse lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to secure federal computer networks from hackers and foreign adversaries, as new details emerged about the largely classified program. The unclassified portions of the project, known as the "cyber initiative," focus on drastically reducing the number of connections between federal agency networks and the Internet, and more closely monitoring those networks for malicious activity. Slightly more than half of all agencies have deployed the Department of Homeland Security's program.http://www.washingtonpost.com/wp-dyn/content/article/2008/02/28/AR2008022803505.html (Washington Post – 2/29/08)Also see:

Chertoff asks for patience on cybersecurityhttp://www.washingtontechnology.com/online/1_1/32359-1.html?topic=homeland&CMP=OTC-RSS (Washington Technology – 3/4/08)

13

LEGISLATION – STATEMASSACHUSETTSBay State Senate bill would mandate electronic health recordsThe Massachusetts Senate has proposed health-care legislation that would mandate statewide adoption of electronic medical records (EMR) by 2015, Senate President Therese Murray announced. The legislation, which includes other health-care reforms, calls for $25 million per year in public money to support adoption of EMRs. The public money would total $175 million by 2015 if funding for the records system begins this year.http://masshightech.bizjournals.com/masshightech/stories/2008/03/03/daily13.html(MassHighTech – 3/4/08)

MISSOURIMissouri House approves drug monitoring bill over privacy objectionsPrivacy concerns nearly upended a bill creating a system for monitoring prescription drugs sales in the Missouri House The bill requires that drug prescription information — including a patient’s name, address and date of birth —would be recorded in a central database that could be accessed by law enforcement agencies and several state regulatory boards. http://primebuzz.kcstar.com/?q=node/10366(Kansas City Star – 3/6/08)

SOUTH CAROLINABill may prevent identity theftSouth Carolinians could put a free block on their credit reports to help protect themselves from identity theft under a proposal close to clearing the Legislature. The legislation allows residents, at no cost, to freeze their credit and temporarily unfreeze it when they want to open new accounts. http://www.thestate.com/business/story/335633.html (The State – 3/4/08)

WASHINGTONSafeguarding IDs: Key bill needs approval in Olympia, but indiiduals must be on guardProtecting citizens from identity theft is on top of state Attorney General Rob McKenna’s to-do list. One of the ways he’s pursuing the tricky task is via legislation. A bill moving through the legislative wickets — pushed on by McKenna and prime sponsor Rep. Kirk Pearson, R-Monroe — deserves action and unanimous support. House Bill 2636 already received that in the House. Now it awaits action by the Senate Judiciary Committee. The bill would authorize identity theft victims to file an incident report with law enforcers and requires law enforcers to create a police report on the matter. HB 2636 isn’t controversial. It’s more of a housekeeping item — but an important one.http://www.columbian.com/opinion/news/2008/03/03032008_Safeguarding-IDs-Key-bill-needs-approval-in-Olympia-but-indiiduals-must-be-on-guard.cfm?emilStry=1 (The Columbian – 3/3/08)

WISCONSINCredit Union-Backed Proposal on Personal Data Security AdvancesWisconsin credit unions are applauding state lawmakers for advancing through the State Legislature two companion bills, AB 745 and SB 439, which aim to keep safer the personal data stored on credit and debit cards. This legislation, introduced by State Rep. Brett Davis (R-Oregon) and State Sen. Bob Wirch (D-Pleasant Prairie), captured 43 co-sponsors with strong bi-partisan support during its initial circulation period at the capitol. AB 745 passed last week through the Assembly Committee on Financial Institutions by a vote of 9-1 and is expected to pass through committee in the State Senate on Wednesday.http://www.sunherald.com/447/story/394442.html (Sun Herald – 2/26/08)

14

LITIGATION & ENFORCEMENT ACTIONSFTC settles breach complaint with student lender The FTC has settled a complaint against student lender Goal Financial after allegations that the company failed to safeguard personal data. Goal Financial allowed two employees to access the personal information of about 7,000 customers and take the information to a competing firm between 2005 and 2006, and the company allowed an employee to sell a hard drive containing the unencrypted personal information of 34,000 customers sometime in 2006,.http://www.infoworld.com/article/08/03/04/FTC-settles-breach-complaint-with-student-lender_1.html(InfoWorld – 3/4/08)

TJX customers to claim eligibility for breach settlementTJX has begun distributing claims forms to customers whose information may have been compromised in the retail chain's massive data breach. The notices, which went out Friday, explain how eligible individuals can apply for benefits under an agreement reached in September that settled a number of class-action lawsuits brought on by customers of the Framingham, Mass.-based discount retailer.http://www.scmagazineus.com/TJX-customers-to-claim-eligibility-for-breach-settlement/article/107601/(SC Magazine – 3/3/08)

Judge allows Wikileaks Web site to reopen, dropping injunctionA federal judge who shuttered the renegade Web site Wikileaks.org reversed the decision Friday and allowed the site to reopen in the United States. In mid-February, U.S. District Court Judge Jeffrey White issued an injunction against Wikileaks after the Zurich-based Bank Julius Baer accused the site of posting sensitive account information stolen by a disgruntled former employee. White set off storms of protest among free-speech advocates and news media organizations when he ordered the disabling of the entire site rather than issuing a narrowly tailored order to remove the bank's documents.http://www.siliconvalley.com/news/ci_8419200?nclick_check=1(Silicon Valley – 3/1/08)

Virginia court upholds prolific spammer's convictionA divided Virginia Supreme Court affirmed the nation's first felony conviction for illegal spamming on Friday, ruling that Virginia's anti-spamming law does not violate free-speech rights. Jeremy Jaynes of Raleigh, N.C., considered among the world's top 10 spammers in 2003, was convicted of massive distribution of junk e-mail and sentenced to nine years in prison. Almost all 50 states have anti-spamming laws. In the 4-3 ruling, the court rejected Jaynes' claim that the state law violates both the First Amendment and the interstate commerce clause of the U.S. Constitution.http://www.siliconvalley.com/news/ci_8410070(Silicon Valley – 2/29/08)

MOBILE/WI-FI

ODDS & ENDSMicrosoft says Credentica acquisition will help users protect privacyMicrosoft's acquisition of privacy vendor Credentica signals another step in the company’s effort to ensure that users don’t lose control of their personal data. Credentica develops technology called U-Prove that uses cryptography and multiparty privacy features to facilitate “minimal disclosure” so a user can reveal only the bits of information about themselves they want to while protecting their privacy.http://www.networkworld.com/news/2008/030708-microsoft-credentica.html(NetworkWorld – 3/7/08)

15

College student accused of cheating using FacebookA first-year Ryerson University student is being accused of cheating after helping to run an online study group on Facebook. A college student faces expulsion after classmates swapped homework tips on his Facebook study group. Chris Avenir is accused of academic misconduct because of the site, where 146 classmates swapped tips on homework questions. http://www.cnn.com/2008/TECH/03/06/facebook.cheating.ap/index.html(CNN – 3/6/08)

ONLINEPhorm ad system 'will protect privacy'Two respected privacy campaigners have praised the user protection measures of a controversial online advertising system about to be deployed in the UK. The tools, developed by US firm Phorm, track users' online surfing habits. BT, Virgin and Talk Talk have signed up to trial the technology. Campaigner Simon Davies said: "We were impressed with the effort that had been put into minimising the collection of personal information." http://news.bbc.co.uk/2/hi/technology/7280791.stm(BBC – 3/6/08)

U.S. seeks terrorists in web worldsThe US government has begun a project to develop ways to spot terrorists who are using virtual worlds. Codenamed Reynard it aims to recognise "normal" behaviour in online worlds and home in on anomalous activity. It is likely to develop tools and techniques for intelligence officers who are hunting terrorists and terror groups on the net or in virtual worlds. The project was welcomed by experts tracking terror groups using the net to organise or carry out attacks.http://news.bbc.co.uk/1/hi/technology/7274377.stm (BBC News – 3/3/08)Also see:

The New Art of Warhttp://www.washingtonpost.com/wp-dyn/content/article/2008/03/02/AR2008030202216.html (Washington Post – 3/3/08)

Microsoft Expands Online ServicesMicrosoft Corp. today plans to begin new tests of business programs offered as online services, in the latest attempt by the software giant to adapt to the changes being wrought by the Internet on the traditional software business. The Microsoft services come as Google Inc. and other companies are investing in similar services that in coming years could compete with Microsoft's products. The new offerings, called Microsoft Online Services, are an early salvo in that emerging battle.http://online.wsj.com/article/SB120451096788306801.html (Wall Street Journal – 3/08)

RFIDNew Zealand Law Commission questions RFID 'privacy'The Law Commission is concerned about the use RFID customer information could be put to, as it is unclear whether the data in radio-frequency identification tags on bought goods constitutes “personal information” as defined under the Privacy Act. At the moment, the act only covers the use of information attached to a personal identifier, but information contained in these tags could be collated with, say, information a retailer already has about a person who belongs to its loyalty card scheme. The Law Commission is concerned about this possibility and how such information might be used.http://computerworld.co.nz/news.nsf/news/F1A8143A8D401F28CC2573FE0018083D(ComputerWorld – 3/6/08)

16

Canadian Privacy Commissioner Seeks Feedback on Implications of Using RFID Technology in the WorkplaceThe Privacy Commissioner of Canada, Jennifer Stoddart, issued a call today for feedback to enrich the debate on the use of radio frequency identification (RFID) systems in the workplace. The Privacy Commissioner has prepared a consultation paper setting out recommended privacy practices for organizations that seek to harness the benefits of RFID technologies. http://news.gc.ca/web/view/en/index.jsp?articleid=383279&categoryid=16 (Canada News Centre – 3/4/08)

RFID/Bluetooth: convenient threatsWill hackers target the doors of corporate lobbies, or one-swipe payment cards used at gas stations and supermarkets? How about pets? Those questions — all tackled in research or proof-of-concept (PoC) exercises — are likely on the minds of security pros planning to deploy radio frequency identification (RFID) or Bluetooth technology across their enterprise. Even the RFID tags used to identify pets were used as an example, by researchers at Vrije Universiteit Amsterdam, to demonstrate how a hacker could “infect” these devices with a virus.http://www.scmagazineus.com/RFIDBluetooth-convenient-threats/article/105002/(SC Magazine – 3/1/08)

SECURITYNato says cyber warfare poses as great a threat as a missile attackNato is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official. A London conference was told that online espionage and internet-based terrorism now represent some of the gravest threats to global security. Suleyman Anil, who is in charge of protecting Nato against computer attacks, said: "Cyber defence is now mentioned at the highest level along with missile defence and energy security. "We have seen more of these attacks and we don't think this problem will disappear soon. Unless globally supported measures are taken, it can become a global problem."http://www.guardian.co.uk/technology/2008/mar/06/hitechcrime.uksecurity(Guardian – 3/6/08)

Contractor networks create security risk, Defense official saysInformation technology contractors pose a major security risk by not locking down their networks properly, according to the Defense Department's top IT official. The threat, along with risks associated with offshoring and acquisitions of American IT firms by foreign companies, are driving defense and intelligence agency initiatives to develop stricter information security standards.http://www.govexec.com/story_page.cfm?articleid=39444(Government Executive – 3/4/08)

Security tips for Net-connected travelersIt's never been easier to stay connected while you're traveling—just make sure you're not leaving yourself wide open to snoopers in the process. This article gives tips for staying secure in Internet cafes, wi-fi hotspots, and when using your cell phone.http://tech.yahoo.com/blogs/patterson/13685/(Yahoo – 3/4/08)

Identity management critical for security, government IT shops say A majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also said they think identity management is relevant to national security, critical public infrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer.http://www.networkworld.com/news/2008/030308-identity-management-critical-for-security.html(Network World – 3/3/08)

17

NW: Gov’t IT Shops: Identity Management Critical for SecurityA majority of government IT organizations say identity management is very important to securing their networks and will become even more so over the next five years, but that funding to keep pace is a major impediment to growth. The respondents also said they think identity management is relevant to national security, critical public infrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer.http://www2.csoonline.com/blog_view.html?CID=33595(CSO Online – 3/3/08)

Five basic mistakes of security policySecurity policies serve to protect (data, customers, employees, technological systems), define (the company's stance on security), and minimize risk (internal and external exposure and publicity fallout in the event of a breach). Security policy creation and dissemination are not just a good idea; both are mandated by a slew of corporate regulations, including PCI, HIPAA, and FISMA. This story presents five mistakes that companies commonly make when writing and implementing security policies. As simplistic as some of these errors sound, they happen often enough and cause heavy damage to companies' bottom lines. http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9065202&source=rss_topic17(Computer World – 2/29/08)

Security Development Lifecycle trumps code complexityAs software becomes more complex, in terms of more lines of code or functionality, the harder it becomes to stay secure. More lines of code mean the potential for more security bugs. Increasing feature sets means more opportunities for programs to be used and manipulated in unexpected, malicious ways. In general, I wholly believe in this axiom, but it doesn't always have to be true. In fact, there is empirical evidence that better coding practices can more than offset the complexity argument.http://weblog.infoworld.com/securityadviser/archives/2008/02/security_develo.html?source=rss(InfoWorld – 2/29/08)

Pervasive Web apps flaws under siegeThe volume of threats leveled at Web-based applications continues to surge and the sheer number of flaws existent in many such programs is making it easy for attackers to be successful in their efforts to steal data and generating income, according to the latest research report issued by Cenzic.Researchers with the applications security testing specialist estimate that 71 percent of all the vulnerabilities reported worldwide during Q4 2007 were related to Web apps -- affecting everything from servers to browsers -- representing a three percent increase over the previous quarter.http://weblog.infoworld.com/zeroday/archives/2008/02/applications_se.html(InfoWorld – 2/28/08)

Security skills of IT workforce lacking, survey findsA majority of organizations are in need of IT workers with security, firewall and data privacy skills, but more than 40% surveyed by the Computing Technology Industry Association said their IT employees are not proficient in such skills. Nearly three-fourths of 3,500 technology professionals polled identified security, firewall and data privacy as the IT skills most important to their organization today. Tied for second in terms of importance behind security skills were general networking and operating system skills, cited by 66% of respondents each. http://www.networkworld.com/news/2008/022708-security-skills-it-workforce.html(Network World – 2/27/08)

The security benefits and risks of virtualizationIT professionals have heard plenty about the security benefits of desktop- and server-based virtualization, from more efficient patching procedures to the centralized storage of data that would otherwise be stored on endpoint devices. But IT administrators who have tested it in their environments have also discovered potential security drawbacks, particularly when it comes to compatibility with other security systems.http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1302706,00.html(Search Security – 2/27/08)

18

19

SEMINARSFirst Annual Freedom of Information Day CelebrationMarch 17, 2008.American University Washington College of Law, Washington DChttp://www.wcl.american.edu/secle/founders/2008/031708.cfm

Openthegovernment.org: Government Secrecy: Censoring Your Right to KnowMarch 19, 2008National Press Club, DC http://www.openthegovernment.org/article/subarchive/109

IAPP Privacy SummitMarch 26-28, 2008Washington, D.C.http://www.privacysummit.org/

Windows Into the Soul: Surveillance and Society in an Age of High Technology - 2008 Hixon-Riggs Forum on Science, Technology and Society.March 27-29, 2008Claremont, Californiahttp://www.hmc.edu/newsandevents/hixon08.html

Privacy, Security and Technology - Affirming Our Rights. March 31, 2008Ottawa, Canadahttp://www.rileyis.com/seminars/

CFP 2008: Technology Policy 08New Haven, ConnecticutMay 19-23, 2008http://www.cfp2008.org

Future of the Internet Economy - OECD Ministerial MeetingJune 17-18, 2008Seoul, Koreahttp://www.oecd.org/document/19/0,2340,en_2649_37441_38051667_1_1_1_37441,00.html

Conference on Ethics, Technology and Identity. The Hague.June 18-20, 2008. http://www.ethicsandtechnology.eu/ETI

Federal Information Systems Security Educators' Association. FISSEA’s 21st Annual Conference: "Security Through Innovation & Collaboration"Gaithersburg, MDMarch 11 -- 13, 2008http://csrc.nist.gov/organizations/fissea/2008-conference/

_____________________________________________________________________

20

PAPERSWireless Security: Past, Present and Futurehttp://www.codenomicon.com/resources/whitepapers/Codenomicon_Wireless_WP_v1_0.pdf

Safe and productive browsing in a dangerous web world: The challenge for businesshttp://www.sophos.com/sophos/docs/eng/marketing_material/sophos-safe-web-browsing-wpna.pdf

Data Leak Risks: A Problem Mid-Size Organizations Can’t Ignorehttp://www.computerworld.com/pdfs/code_green_data_leak_pdf.pdf

Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Reporthttp://www.ipc.on.ca/images/Findings/mc07-68-ttc.pdf

Principles for Behavioral Targeting Privacy Tools http://www.cdt.org/privacy/pet/privacy_controls_IPWG.pdf

21