Blog

Francoise Gilbert

On December 16, 2010, the Department of Commerce released its Internet Policy Task Force Privacy Green Paper, which details recommendations on the protection of consumer privacy online.  Titled “Commercial Data Privacy and Innovation in the Internet Economy:  A Dynamic Policy Framework”, the Report provides a set of recommendations to strengthen data privacy while protecting innovation, job creation, and economic growth.

The Report recognizes that more than self-regulation is needed.  It acknowledges the economic and social importance of preserving consumer trust in the Internet, and the need to keep pace with changes in technology, online services and Internet usage.  To do so, consumers need more transparency and control over the use of their personal information.  The new framework must help increase protection of consumers’ commercial data while supporting innovation and evolving technology. (more…)

Francoise Gilbert

In its long awaited report on privacy protection, which was published on December 1, 2010, the Federal Trade Commission outlines a Proposed Privacy Framework for businesses and policy makers. The Proposed Framework would focus on the collection, maintenance, sharing, or use by commercial entities of consumer personally identifiable information, online and offline. “Personally identifiable information” is defined as data that can be reasonably linked to an individual, computer, or device.

The proposed Framework does not promote the adoption of legislation, but it identifies three areas of focus:

• Promoting privacy throughout the organization, and at every stage of the development of products and services;
• Simplifying choices for consumers; and
• Providing greater transparency of data practices.

The FTC staff has requested that comments on each component of the Privacy Framework and how it might apply in the real world be filed by January 31, 2011. The Commission will issue a final report in 2011. (more…)

Francoise Gilbert

On December 1, the FTC issued its long awaited report in which it outlines a Proposed Framework for businesses and policy makers for the protection of personal data. The Proposed Framework would reach a broad range of commercial entities, both online and offline, that collect, maintain, share, or use consumer data. The protection would apply not only to what has traditionally been named “personally identifiable information” that can be reasonably linked to an individual, as this has been done in the past, but also to data that can be reasonably linked to a specific computer or device. (FTC Report, p. 42).

(more…)

Francoise Gilbert

Social networks such as Facebook and MySpace allow members to create an online profile that may be accessed by other members.  Some social networks have privacy controls that allow members to choose who can view their profiles or contact them.  Others do not require pre-approval to gain access to a member’s profiles.

These materials are easy target for trial or litigation attorneys who may wish to use them to impeach the opposing party or its witnesses. (more…)

Francoise Gilbert

On October 5, 2010, the US Department of Energy (DoE) issued two important reports that outline recommendations for the use of Smart Grid technologies.  One of the reports focuses on the protection of personal data that will be collected through Smart Grid meters, the other addresses communications requirements.  Both reports were issued after consultation with the utilities, consumer advocates, and telecommunications companies.

The 65 page DoE report on Data Access and Privacy Issues Related to Smart Grid Technologies recommends that detailed energy consumption information that is collected through the use of Smart Grid technologies be accorded privacy protections that are similar to the protections that are granted to other categories of personal data. (more…)

Francoise Gilbert

Google fired a software engineer because he allegedly took advantage of his position as a member of an elite technical group at the company to access user accounts in violation of the company policy.  Accounts accessed included those of four minors whom he had encountered through a technology group, according to reports by CNN and Gawker.

While there is no allegation of sexual predatory behavior, the engineer appears to have spied on minors’ accounts, accessed their contact lists and chats transcripts.

Given Google’s size it is almost predictable that an incident such as this would happen. When a company has thousands of employees, it is just a matter of statistics and probability. If X% of the country’s population is immature, emotionally unstable or has other personal problems, it is likely that these same characteristics will appear in the workforce of companies, despite the employers’ attempts at identifying the problem employee and prevent the occurrence of any mishap. (more…)

Francoise Gilbert

Security is not just for credit card and social security numbers

The proliferation of security breach disclosure laws has brought companies’ attention to the need to protect financial information, social security, and drivers license numbers. Since most of these laws target only these categories of data, and most state laws that require the use security measures also have focused on these categories of data, many companies have limited their information security efforts to the protection of a small amount of data: credits cards, social security and drivers license numbers. As a result, other categories of data that have not been in the limelight or the subject of investigative reporting have been neglected. (more…)