How unique are you? We played with a data privacy tool today here at WPF that showed us if the combination of our birthdate and zip code made us statistically unique. The more unique you are, the more identifiable you are in a sea of supposedly "anonymous" data. This tool was developed by Dr. LaTanya Sweeney at Harvard's Data Privacy Lab, and using it will tell you how easily you can be identified from records that may not even have your name on them.
Data breach -- The state of California issues a first-ever statewide data breach report. In 2012, 2.5 million Californians had their data breached. Of those breached, the study found that The report found that "1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network."
India's national biometric ID card -- In the May/June, 2013 issue of Foreign Policy Magazine, Pam Dixon writes about the privacy issues related to India's national biometric ID card. In the piece, Mission Creep, Dixon discusses how government-issued biometric ID cards that serve as national ID cards and as the basis for employment and financial transactions create profound civil liberties and privacy challenges that are neither easily or well-constrained by government policy.
Online privacy | Apple privacy -- Stanford University has released a study documenting how Google and other companies overrode Safari users' browser privacy settings. The WPF encourages Apple users to download the Firefox browser and use Firefox, if at all possible, instead of Safari. Firefox did not have the same problem, and it allows for additional privacy add-ons, such as AdBlock Plus which are helpful privacy-enhancing tools.
LifeLock -- The Federal Trade Commission began sending checks to almost a million consumers who were subscribers to the LifeLock ID theft protection service. LifeLock agreed to pay fines of $11 million to the FTC and $1 million to a group of state attorneys generals to settle charges that had been made against the company. Consumers with questions about this distribution may call 888-288-0783 or see the FTC's web page on this, http://www.ftc.gov/refunds.
Madrid Declaration -- A significant civil society document with more than 100 signatories worldwide has been published in conjunction with the 31st annual meeting of the International Conference of Privacy and Data Protection Commissioners. The document, known as the Madrid Declaration, affirms support for the complete canon of fair information practices as expressed by the OECD, affirms support of privacy as a fundamental human right, and warns that "the failure to safeguard privacy jeopardizes associated freedoms, including freedom of expression, freedom of assembly, freedom of access to information, non-discrimination, and ultimately the stability of constitutional democracies."
Social networks -- In the wake of Europe's Article 29 Working Party Opinion on Social Network Providers adopted in June, the Federation of German Consumer Organizations (VZBV) has sent out warning letters to five social networking providers in Germany, including Facebook and MySpace. The letters focus on the excessive rights the companies allow themselves in their respective Terms of Use agreements, and on shortcomings in the privacy policies. VZBV is comprised of 41 German consumer associations.
Resource -- A substantial new resource for individuals seeking to research California laws and regulations regarding health information has come online. The CHILI database is a project of the California Office of Health Information Integrity, and has interfaced with the California Privacy and Security Advisory Board, which the World Privacy Forum co-chairs. The CHILI database can be searched by HIPAA section, California Code section, California health information law keywords, or by statutory scheme.
Data breach | GAO data breach study -- The World Privacy Forum made an information request to the GAO asking for a copy of the single, non-duplicative list of data breaches its June, 2007 data breach report (GAO -07-737) refers to and was based on. The list was not included in the GAO report. The GAO used a figure in its report of "more than 570 data breaches" from January 2005 to December 2006 based on this non-duplicative breach list. The GAO breach list is straightforward, it tallies data breaches chronologically from January 1, 2005 to December 31, 2006 from three organizations that maintain data breach lists. If the breach appeared on at least one of the three lists, it was apparently included in the final tally. The GAO states that the list was based on a February 15, 2007 download of the lists. Note: the WPF scan of the GAO list includes the first page twice. The front page of the scan is of the GAO list as it looks in the original document, and then the list was scanned for maximum readability into PDF format.