Location Based Services and the e-Privacy directive

FROM EUROPEAN COMMISSION WEBSITE

Location-based services have developed a lot in the recent past. In 2002, the e-privacy Directive 2002/58/EC established for the first time specific rules to be followed for the processing of location data. These rules, together with the general data protection directive 95/46/EC, have been transposed in most Member States. The workshop aims to investigate – together with industry, data protection authorities and consumer associations – the current practices and legal challenges that operators and users are confronted with when offering or using location-based services.

For the proposed agenda click here.

The issue paper can be found here.

The presentations can be found here.

Data Protection and Privacy Officer - Hutchison 3G UK Limited.

Location-based Services, privacy challenges - LBS and e-Privacy Directive - DG INFSO

Location-based services and the e-privacy Directive 2002/58/EC Mathias MOULIN – Legal advisor - French Data Protection Authority - CNIL

Location-based services - Telefónica Móviles España, Dirección General de Asesoría Jurídica y Secretaría General, G. Derecho de la Nueva Economía

Privacy statement - Personal data gathered in the course of this workshop will be processed according to applicable legislation on data protection. For further details click here.

Data Mining & Privacy

Every time more and more data are analyzed, for security against terrorism, marketing.

Accenture published in Outlook Journal this article by Michael Kuhn, Iain D. Lopata and Greg B. Todd in June 2005. FROM DATA TO DECISION.

"High performance requires more than data acquisition and control. Organizations need a more comprehensive approach to business intelligence that enables them to create value from data by providing timely, reliable and relevant information for making strategic, managerial and operational decisions at all levels"

And about Data Mining & Privacy SF Gate publishs this article Data Mining Found to Flunk Privacy Rules By MICHAEL J. SNIFFEN, Associated Press Writer.

"None of five federal agencies using electronic data mining to track terrorists, catch criminals or prevent fraud complied with all rules for gathering citizen information. As a result, they cannot ensure that individual privacy rights are appropriately protected, congressional investigators said Monday.

The agencies' lapses either "increased the risk that personal information could be improperly exposed or altered" or "limited the ability of the public — including those individuals whose information was used — to participate in the management of that personal information," the Government Accountability Office said.

A study by the GAO, Congress' investigating arm, sampled five of the dozens of federal agencies that use computerized data analysis: the Agriculture Department, FBI, Internal Revenue Service, Small Business Administration and State Department. It evaluated how one data mining activity in each agency complied with the Privacy Act, federal information security laws and government directives."

Full article at SF Gate

8th annual Global Information Security Survey

Article published in Business Wire August 29, 2005

8th annual Global Information Security Survey by InformationWeek Magazine and Accenture.

At the same time, the U.S. Information Security Survey uncovered indications that companies and organizations are failing to provide rigorous protection of customer and client data. The survey, which was conducted over the Web this summer, received responses from more than 2,500 U.S. information technology and security professionals.

Highlights:

-- Compliance is reshaping corporate security practices.
-- Security attacks are becoming increasingly more sophisticated, yet basic passwords continue to be the most common line of defense.
-- Security breaches are increasingly coming from within, forcing companies to keep tabs on their employees.
-- Vulnerabilities in operating systems and applications - including the use of instant messaging - continue to be common points of entry.
-- Concern continues to grow over privacy and identity theft, yet organizations are failing to provide rigorous protection of customer data.

"Companies are taking a more structured approach to information security and making it more of a priority," said Alastair MacWillson, partner in charge of Accenture's security practice. "Many companies are beginning to see the benefits in leveraging new technologies to proactively assess and manage threats and vulnerabilities, and are consolidating, integrating and securing applications to improve integrity and productivity."

Read the full article at Business Wire

México: Urgen aprobar la ley de datos personales

Urgen a aprobar ley de datos personales

Coinciden legisladores, académicos y funcionarios durante el Foro “Protección de Datos Personales”, organizado por el Congreso de la Unión y la Universidad La Salle, en que hace falta legislar al respecto.

Artículo publicado por Lilia Saúl en El Universal online. Ciudad de México. Martes 23 de agosto de 2005

Legisladores, académicos, funcionarios del gobierno federal, así como el Instituto Federal de Acceso a la Información (IFAI) coincidieron en la urgencia de aprobar una ley federal de datos personales.

Aunque todos coinciden en que deben protegerse los datos de los ciudadanos para privilegiar su privacidad e individualidad, el Banco de México, en voz de Alejandro Díaz de León Carrillo considera que existe la posibilidad de abrir estos datos a las sociedades de información de manera regulada.

Durante el Foro “Protección de Datos Personales” organizado por el Congreso de la Unión y la Universidad La Salle, Antonio García Torres, senador del PRI, dijo que urge la aprobación de esta ley.

El legislador precisó que existe un gran mercado negro que comercia con los datos personales y no existe una cifra, dijo, de a cuánto ascienden los ingresos de estas empresas.

Por su parte, María Marván Laborde, comisionada presidenta del IFAI, enfatizó que hay una necesidad imperiosa de regular los datos, “pero sin perder de vista que se busca la protección del individuo”.

Artículo completo en El Universal Online

Principles of privacy in hospitality industry

“Principles of Privacy” is a document written by Mark Haley and developed by the Technology Committee of the American Hotel & Lodging Association with a grant from the American Hotel & Lodging Educational Foundation.

There is a article available at Hotel Interactive.

PRINCIPLES OF PRIVACY
PRINCIPLES OF PRIVACY PART 2


"Protecting guest privacy means hoteliers have to set thorough and specific policies and guidelines. Here is a list of suggestions from the American Hotel & Lodging Association to help hotels define and implement sound privacy practices.
Hotel Operations Policy Elements

At registration, write down room number assignments and hand to guests across the front desk. Do not speak the number aloud.
Many experts advise requiring a photo ID issued by a government agency in order to register. Some hotels photocopy the ID, which then puts a burden on the hotel to secure and destroy the copy.
Enforce strict policies against giving out room numbers over the telephone or front desk.
Give new or duplicate keys only to registered guests who can show ID. Define a policy for guests lacking ID at the moment: Can they produce ID if admitted to the room by hotel personnel? Can they verify their address and form of payment as shown in the property management system?
Minimize the use of guest names and room numbers in radio or telephone conversations.
Do not show guest names on reports given out for newspaper drops.
Do not allow third parties to do amenity drops, bag pulls or other activities on guestroom floors.
Train room attendants to keep room assignment sheets in their pockets rather than on their carts, especially if names appear on the report.
Ensure that Expected Departure folios delivered to guest rooms the night before checkout are slid completely underneath doors all the way into the guestroom and cannot be pulled back into the corridor.
Secure express check-in or video check-out buckets so that names are not visible across the desk.
Secure reports in the back office that show guest information, especially"

FULL ARTICLE AT HOTEL INTERACTIVE
COMPLET DOCUMENT AVAILABLE AT AHLA. MEMBER 10 $ / NON MEMBER 20 $

NASCIO Wireless Privacy Report

NASCIO represents state chief information officers and information resource executives and managers from the 50 states, six U. S. territories, and the District of Columbia. State members are senior officials from any of the three branches of state government who have executive-level and statewide responsibility for information resource management.

NASCIO's Mission and Vision Statement NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy. NASCIO's vision is government in which the public trust is fully served through the efficient and effective use of technology.


NASCIO has just released the First Part of Wireless Privacy Report:
“The Year of Working Dangerously: The Privacy Implications of Wireless in the State Workplace—Part I”

Cylab: Confidence for a networked world

Carnegie Mellon CyLab is a university-wide, multidisciplinary initiative involving more than 200 faculty, students, and staff at Carnegie Mellon that builds on more than two decades of Carnegie Mellon’s leadership in Information Technology. In fact, they have also, the Data Privacy Lab Projects (by Keywords Alphabetically) in the Data Privacy Lab Association Rule Learning Bioinformatics Bioterrorism Surveillance Cameras Computer Science Research Computer Science Undergrads Datafly System De-identification De-identification, Datafly De-identification, Clinical Notes and Letters De-identification, Faces De-identification, Text De-identification, Video Disambiguation, Social Networks Distributed Surveillance DNA Privacy DNA Re-identification Evaluation, Genomic System Email Aliases Email Spam Entity Resolution Face De-identification Finding CS Undergrads Finding People Generalization Genetic Privacy Genomic Privacy Genomic System Evaluation GenTree HIPAA Homeland Security Identifiability Identity Angel Identity Theft Information explosion k-anonymity k-anonymity, Datafly k-anonymity, Generalization k-Same Law and Policy Law and Policy, CS Research Learning Linkage, Trails List Comparison Lists of People Medical Informatics Multi-party, Randomized Multi-party, List Comparison Name disambiguation Name Extraction People Finder Privacy-preserving Surveillance Probable Cause Predicate Ramdomized Multi-party Computation Re-identification Re-identification, DNA Re-identification, Trails Robust Rule Learning RosterFinder Rule Learning Scam Spam Scrub System Selective Revelation Sentiment Extraction Smart Cameras Social Security numbers Social Networks Spam Surveillance Surveillance, Counting People Surveillance Cameras Text, De-identification Text Extraction, Names Text Extraction, Sentiment Trails Learning Trails Re-identification Video Video, Counting People Video De-identification Video Surveillance Watchlist

CyLab's comprehensive research program spans technology, management, and policy issues. Program thrusts are organized to develop the next generation of technologies that will lead to measurable, available, secure, trustworthy, and sustainable computing and communications systems, as well as associated management and policy tools that will enable successful exploitation of the new technologies.

Current CyLab research thrusts are:

Next-generation response and prediction technologies;
Resilient and self-healing networks and computing systems;
Secure access to physical devices and spaces;
Software measurement and assurance technologies and practices;
Data and information privacy;
Threat prediction modeling;
Business risk analysis and economic implications,
Security in Control Systems.

CyLab programs are funded by several federal agencies, philanthropic foundations, and more than 50 companies.

CyLab projects on Data and information privacy

Levels of Anonymity and Traceability (LEVANT) – Balancing Privacy Rights and Internet Security Privacy Preserving Databases
Provably Secure Steganography
Secure People Location Service
Semantic Web Reasoning Technologies for Web Privacy
Statistical Methodology and Disclosure Limitation

AMAZING¡¡¡¡

Less paperwork. less privacy

High-tech record: Less paperwork, less privacy

Article published in The Arizona Republic, Aug. 14, 2005 12:00 AM

For patients, electronic medical records could spell relief from repetitive paperwork and more efficient, integrated care.

But the changeover also means that consumers must become more protective of their personal information.Phoenix banker Ed Zito is one who can't wait for the health care industry to embrace modern technology. Having survived prostate cancer two years ago, he must have periodic blood tests.
advertisement


"All the paperwork is so repetitive and unproductive," he said.But Tucson health care consultant Tracy Lenda worries that breaches of privacy will become more frequent. She has seen an insurance company drop a client because of a doctor's reference in paper records to possible cancer.

Full article at The Arizona Republic

Links:

NSW Health Information Privacy Papers
HIPAA Privacy Regulations U.S. Department of Health and Human Services Office for Civil Rights

Security Cameras

Security cameras proliferate in Manhattan, pleasing police and disturbing civil libertarians

By TOM HAYS at Newsday

Associated Press WriterAugust 12, 2005, 11:03 AM EDT

NEW YORK -- Six could be seen peering out from a chain drug store on Broadway. One protruded awkwardly from the awning of a fast-food restaurant. A supersized, domed version hovered like a flying saucer outside Columbia University. All were surveillance cameras and _ to the dismay of civil libertarians and with the approval of law enforcement _ they've been multiplying at a dizzying rate all over Manhattan.

"As many as we find, we miss so many more," Alex Stone-Tharp, 21, said on a recent afternoon while combing the streets, clipboard in hand, counting cameras in the scorching heat.

A student at Sarah Lawrence, Stone-Tharp is among a dozen college interns enlisted by the New York Civil Liberties Union to bolster their side of a simmering debate over whether surveillance cameras wrongly encroach on privacy, or effectively combat crime and even terrorism _ as in the London bombings investigation, when the cameras were used to identify the bombers.

Full article at Newsday

LINKS:

Surveillance Camera Project at NYCLU
Report New York City : A Surveillance Camera Town By NYCLU

Privacy is Key to Sharing

Article published by Bruce McCabe who is an independent technology analyst and managing director of S2 Intelligence, in Australian IT. PRIVACY IS KEY TO SHARING "In the future, business intelligence systems will chat to their friends and neighbours as they go about their work. What I mean by this is that one day Australian corporations can expect to find themselves using business analytics software provided by companies such as Hyperion, Cognos and SAS to analyse not only the data in their four walls, but vast amounts of valuable and relevant data from business partners....." "In June last year I wrote about two scientists, Dr Christine O'Keefe and Dr Kerry Taylor, and their involvement in a project to connect disparate sources of health-related data from hospitals, universities, government departments and pharmaceutical companies. " "This initiative, called the Health Data Integration project, set out to eliminate bottlenecks facing medical researchers as they went about trying to correlate data from many institutions in their efforts to develop new treatments, medicines and preventive measures. " "Two weeks ago I had an opportunity to address an audience of business people at Cognos Australia's annual customer forum, where I discussed HDI as one of a number of leading-edge projects that illustrate what the future holds for mainstream business analytics. " "In one of those wonderful bits of timing, the following day I received news from CSIRO that it plans to extend its HDI innovations to analytics in sectors such as banking and finance. It has now coined the term Privacy-Preserving Analytics (PPA) to describe the technology. I am not fond of new tech-acronyms, but it has to be said this on is pretty catchy. " Full article in Australian IT

The State of Surveillance

This week BusinessWeek publish this fantastic report "The State of Surveillance"


The State Of Surveillance

Artificial noses that sniff explosives, cameras that I.D. you by your ears, chips that analyze the halo of heat you emit. More scrutiny lies ahead

COVER IMAGE: The State Of Surveillance
GRAPHIC: Nowhere To Hide
GRAPHIC: A Dog's Nose Still Knows Best In The Datasphere, No Word Goes Unheard
ONLINE EXTRA: Surveillance Society: The Experts Speak
ONLINE EXTRA: Big Brother Britain?
ONLINE EXTRA: The U.N.: Snoop Central
ONLINE EXTRA: Slide Show: Surveillance's High Tech Future

European National Data Agencies Links

European National Data Agencies Links

o Austria: www.dsk.gv.at
o Belgium: www.privacy.fgov.be
o Croatia: www.azop.hr
o Cyprus: www.dataprotection.gov.cy
o Czech Republic: www.uoou.cz
o Denmark: www.datatilsynet.dk
o Estonia: www.dp.gov.ee
o Finland: www.tietosuoja.fi
o France: www.cnil.fr
o Germany : www.datenschutz.de
o Greece : www.dpa.gr
o Guernsey: www.dataprotection.gov.gg
o Netherlands: www.cbpweb.nl
o Hungary: abiweb.obh.hu/abi
o Ireland: www.dataprivacy.ie
o Iceland: www.personuvernd.is
o Isle of Man: www.gov.in/odps
o Italy: www.garanteprivacy.it
o Jersey: www.dataprotection.gov.je
o Latvia: www.dvi.gov.lv
o Liechtenstein: www.sds.llv.li
o Lithuania: www.ada.lt
o Luxembourg: www.cnpd.lu
o Malta: www.datapretection.gov.mt
o Norway : www.datatilsynet.no
o Poland: www.giodo.gov.pl
o Portugal: www.cnpd.pt
o Romania: www.avp.ro
o Spain: http://www.agpd.es
o Slovakia: www.dataproyection.gov.sk
o Slovenia: www.varuh-rs.si
o Sweden: www.datainspektionen.se
o Switzerland: www.essb.ch
o United Kingdom: www.dataprotection.gov.uk

RFIDSec

RFIDSec is a danish company, founded to produce and market commercial RFID products based upon patented technology from Open Business Innovation implementing Zero-Knowledge Device Authentication and ZEROLEAK™ principles to low cost and intelligent RFID.

With ZEROLEAK™ the owner of a RFID-tag is empowered to control the access to the information stored on the tag, in order to ensure data integrity and to prevent the tag from being cloned and tracked. The technology is further elaborated in the published scientific paper. The paper has been peer reviewed at the Privacy, Security and Trust conference in 2004.

About Open Business Innovation:
Open Business Innovation is based in Denmark. The company was founded by Stephan J. Engberg late 1999 based on inside knowledge working with strategies, solutions and technologies for Customer Relationship Management and eBusiness in a wide range of industries. Specialising on eLoyalty - the implications of present trends for Security and the growing Privacy Barrier for companies to build relationships with customers became increasingly clear.

It is my point of view but I love Open Business Innovation's Privacy point of view.

Data Retention back on EU Agenda

Article published in Privacy International

Immediately after the bombings on July 7, 2005, the UK's National High Tech Crime Unit called out to all communications service providers to retain all existing communications information held at that moment in time.

This includes:

Contents of email servers
Email server logs
Radius or other IP address to user resolution logs
Pager, SMS and MMS Messages currently on the network’s platform
Content of voicemail platforms
Call data records (includes mobile, fixed line, international gateways & VoIP)
Subscriber records

As news organisations began following up on this story they found that on Wednesday the Home Secretary Charles Clarke will propose a renewed policy of retention at the European Council. This proposal will call for communications data to be kept between twelve months to three years.

This move is despite the fact that in the UK such a regime already exists. After the Anti-Terrorist Crime and Security Act of 2001, and the establishment of secondary regulations, all communications service providers through voluntary co-operation retain traffic data for a varying period of time. Now the UK is seeking to launder this policy through the EU so that it can then return to the UK with a re-written set of rules despite thorough negotiations with industry back in 2002.

After the Madrid Bombings in 2004, a similar policy was proposed but faced significant opposition within the European Commission and the European Parliament.

Links:

Data Protection- European Commission
Privacy International
NHTCU
UK Presidency of the EU