Wednesday, December 23, 2009

Facebook backtracks on privacy



By Maija Palmer and Tim Bradshaw in London and David Gelles in San Francisco, published on December 11, 2009
FACEBOOK has been forced to retreat on some changes to its privacy settings after the move created an outcry from data protection campaigners and left users confused and irate.
The social networking site rolled out simplified privacy controls to its 350m users this week, but faced a barrage of complaints that the new settings were leading users to reveal more information than they wanted to.
Users were particularly critical of the way Facebook opted to make “friend lists” – the catalogue of all the people users are connected to on the site – visible to the public.
Facebook quickly backtracked on that on Thursday night, allowing users to hide the information if they wished.
Richard Alan, Facebook’s director of policy for Europe, would not rule out further tweaks to the settings in response to the public outcry.
“We have people monitoring comments from blog posts and all the feedback is going back to the team. They are still looking at it,” he said.
This is the latest privacy controversy for Facebook, which was forced to scrap a targeted advertising programme in 2007 and which came under scrutiny by the Canadian Privacy Commission last summer.
The Facebook blog page was flooded with thousands of comments asking how to put the new privacy settings to work.
“I was very confused by the new privacy settings on Facebook,” said Megan Brown, a lawyer in New York City. “When I logged on, it asked me whether I wanted my old settings or new settings. I didn’t know what the old settings were, so I was unable to make an informed decision.”
Chris Applegate, a Cambridge computer science graduate who works at We Are Social, an agency dispensing advice about sites such as Facebook, was dismayed to discover that applications installed by his friends could see his data unless he chose to opt out, an option not given in Facebook’s latest reminder.
“I’ve always kept a tight rein on the apps I install. But it only takes one friend to install a malicious app and . . . my information is compromised,” he said. “There is a great potential for leakage.”
Facebook insisted the change enhanced rather than detracted from privacy. It said that previously only 15-20 per cent of users had made any adjustments to their privacy settings. Yet, following the roll-out this week, 50 per cent of users had made changes.
“Millions [of users] have picked new settings and are comfortable with it,” Mr Alan said.

Tuesday, December 22, 2009

Users Warned of Following Facebook Privacy Recommendations


Boston, MA - infoZine - IT security and data protection firm Sophos has warned Facebook users of the dangers of blindly following Facebook's new privacy settings.


Facebook has announced a dramatic change to the privacy options, encouraging its 350 million users to share more information with everybody on the internet. However, Sophos warns that some users may not be aware that Facebook's recommendations include third party search engines and external websites, and changes to privacy settings that they may have previously enabled to better protect themselves from identity thieves.


These could be the most important clicks you ever make on Facebook," said Graham Cluley, senior technology consultant at Sophos. "If you don't read carefully you could find that every post you make on Facebook, and your personal information, is visible to everyone in the world who has a computer rather than just your Facebook friends."


"Let's make this clear. If you make your information available to "everyone", it actually means "everyone, forever". Because even if you change your mind, it's too late - and although Facebook say they will remove it from your profile they will have no control about how it is used outside of Facebook," added Cluley.


"There's one very simple rule you should follow - if you don't want everyone in the world to read it, don't post it on the internet," continued Cluley. "If you dig around on Facebook you can find out what the privacy changes mean. The problem is that most people won't bother reading and simply follow Facebook's recommendations without understanding how a split-second decision could hit them hard in the future."


Watch video


Read more at infoZine.com

ICO consults on online privacy



The Information Commissioner's Office (ICO) has launched an online consultation on a new draft code of practice to help organisations protect individuals' privacy online.

The draft code of practice explains data privacy law and calls on organisations to give people "the right degree" of control over their personal information.

The report suggests organisations give clear privacy choices to making it easier for people to erase their personal information at the end of a browsing session.

In a speech to delegates at the Personal information online conference in Manchester, Information Commissioner Christopher Graham said: "Customers can always vote with their feet and punish organisations that they feel have let them down - which serves as a very real reminder that getting privacy online wrong is a risky game to play. People should have control over what happens to their personal information online whether it's correcting inaccuracies, deleting profiles or choosing the privacy settings that suit them."

The draft code of practice includes guidance on when to collect information and when not to, cloud computing and improving individuals access to data held on them.

Iain Bourne, Head of Data Protection Projects at the ICO, said: "Collecting information about people in the proper way, including making them fully aware of what will happen to their personal information and how they can access it and keep it accurate, lies at the heart of good privacy protection.

"The draft code of practice explains a difficult area of the law and provides practical advice on a range of online privacy issues. It urges organisations to do more to explain what they do with the information they collect about people and to make sure they use it in line with individuals' wishes."

The consultation ends on 5 March 2010. A link to the online consultation can be found at http://www.ico.gov.uk/

Read more at Publicservice.co.uk


Data Protection Act offences: new powers for the ICO

By PAULA BARRETT

A new power to issue fines against offenders, first approved by Parliament in 2008, will soon come into force. The latest from the Information Commissioner’s Office is that this will be from April 2010.


The Ministry of Justice is the Government department responsible for the changes and, as many of you will know, it shall have final determination over the exact timescale.

From the commencement date, the ICO will be able to issue what are expected to be “substantial” fines against data controllers (ie businesses and organisations using personal information from their employees, customers or other individuals on their own behalf) without prior warning, for deliberate or reckless breaches of the Data Protection Act (DPA).

The Ministry of Justice published a consultation paper on 9 November proposing that the maximum civil monetary penalty which can be imposed for serious breaches of the data protection principles should be £500,000.

Other details, such as whether the ICO will be allowed to fine individuals (for example directors) as well as the organisations themselves are still to be confirmed.

- Increase in potential monetary penalties: welcomed by many

- Overlap between the ICO and the FSA

- Enhanced sanctions approved by Parliament

- Serving a notice of intent

Read more on the above issue(s) at info4SECURITY.com

EU Data Protection Meets U.S. Discovery

By DANIEL SCHIMMEL
New York Law Journal
December 18, 2009


AS a result of an increase in U.S. lawsuits requiring the transfer of personal data from France to the United States, the French Data Protection Agency (CNIL) published a recommendation in August 2009, which is designed to offer guidance on data transfers in connection with U.S. civil discovery proceedings. The CNIL's recommendation expands on the guidelines adopted by the body of European data protection agencies (the Article 29 Data Protection Working Party) in February 2009.

EU member states increasingly enforce their data protection laws. For instance, in 2008, the Spanish data protection agency imposed fines amounting in total to €22.6 million. In France and other EU countries, companies are under pressure to comply with U.S. discovery requests, which frequently call for the production of personal data about employees, clients, or customers. The CNIL's recommendation reflects a tension between a company's obligation to respond to U.S. discovery requests and its obligation to comply with EU data protection laws. Because data protection laws pursue a legitimate interest and are increasingly enforced in Europe, courts and litigants in the U.S. should take them into account when ordering discovery abroad.

Read more at Law.com

Saturday, December 19, 2009

Two Bills withdrawn for next sitting - Malaysia Star


DECEMBER 18, 2009: TWO Bills – the Personal Data Protection Bill and the Credit Reporting Agencies Bill – which are scheduled to be tabled at the Dewan Rakyat have been withdrawn due to time constraint.

They will be tabled at the next sitting scheduled for mid-March next year.

Minister in the Prime Minister’s Department Datuk Seri Nazri Abdul Aziz said the withdrawal would also give MPs more time to study the Bills and prepare for debates.

The Personal Data Protection Bill is aimed at regulating personal data processing in commercial transactions.

The Credit Reporting Agencies Bill, meanwhile, is aimed at providing the mechanism to register and supervise all credit tip-off agencies involved in processing credit information of clients.

Apart from Budget 2010, the other Bills passed by the Dewan Rakyat included the Judges Ethics Committee Bill, Malaysia Deposit Insurance Corporation (Amendment) Bill, Rubber Industry Smallholders Development Authority (Amendment) Bill and the Capital Markets and Services (Amendment) Bill.

The Dewan Rakyat adjourned sine die yesterday after sitting for 36 days.
 
Source: The Star

Bill to address concerns over personal information - Malaysia Star


THE people’s concerns over how their personal data are processed and stored during commercial transactions will be addressed in a new Bill, which was tabled in Parliament.

Once passed, it will prevent such data from falling into the wrong hands and safeguard the rights of individuals.

Users of such data will be required to register themselves under the Personal Data Protection Bill, which will regulate the processing of the personal data of individuals involved in commercial transactions and also to protect such information.

The Bill was tabled by Deputy Infor­m­ation, Communications and Culture Minister Datuk Joseph Salang Gandum.

Under the Act, a Personal Data Prot­ection Commissioner will be appointed and the person will be advised by a Personal Data Advisory Commit-tee.

An appeals tribunal will also be established to allow the people to submit their complaints if they were unhappy with the management of their data.

A register of data user forums and a register of codes of practice will also be established under the Act, where users who failed to comply with a code of practice can be fined up to RM100,000 or jailed for a year, or both.

A heavier penalty awaits data users if they were found to have contravened provisions in the Bill, where they can be fined a maximum of RM200,000 or jailed for two years, or both.

The Bill seeks to prevent the occurrences of people losing their money through credit card fraud, customer-privacy infringements and data theft.
 
Source: The Star

Personal Data Protection Bill Tables In Parliament - Bernama

KUALA LUMPUR, Nov 19 (Bernama) -- The Personal Data Protection Bill 2009 aimed at protecting public interests with regard to processing of personal data was tabled in the Dewan Rakyat on Wednesday.


In tabling the bill for the first reading, Deputy Information Communication and Culture Minister Datuk Joseph Salang Gandum said the bill consisted of 146 clauses and 11 sections.


The bill, among others, is aimed at regulating personal data processing in commercial transactions by users to protect the owners, and as such, protecting their interest.


According to the bill, as new technology and changes in market trend contributed to the growing importance of knowledge in the global economy, personal data in commercial transaction were becoming a valuable commodity.


This adds pressure in regulating data processing in efforts to enhance consumers confidence in the global economy, it noted.


The bill provides for the appointment of the personal data protection commissioner and the setting up of an advisory committee to advise the commissioner on the enforcement of the act.


A tribunal will also be set up under the bill to enable offenders to appeal against decisions made by the commissioner.


The second section of the bill spells out provisions on personal data protection.


Among them, Section 5(1) states that personal data processing must adhere to the personal data protection principles, namely the general, notice, choice, due diligence, security, storage, integrity and access principles.


A personal data user faces imprisonment up to two years jail or a fine up to RM300,000 or both, if convicted under the act.


Read more at Bernama.com