| |
|
Thursday, March 8, 2007
|
|
Managing Access to Critical Data for Protection and Privacy. (Source: Symantec) One common mistake that organizations make is by using Identity management solutions in isolation. Doing so risks access inflation, workarounds and coverage gaps. This white paper shows how comprehensive access management deploys identity management within a framework that includes disciplines for data protection, integration with hiring and promotion, and especially monitoring. [Computerworld Privacy News]
11:18:13 PM 
|
|
Credit companies hope a possible change to privacy laws will make it
easier for people with a good credit history to borrow money or get a
mortgage. A change to the Privacy Act, which is being reviewed by
the Law Commission, could open the door for credit companies to sell
both the positive and negative details of people's credit history. Veda
Advantage - formerly Baycorp - holds credit files for 2.4 million
credit-active individuals and 800,000 companies in New Zealand, but
cannot sell details about positive credit history. The Credit
Reporting Privacy Code does not allow positive reports, because such
people should not be forced to reveal private financial dealings. Veda
says a comprehensive credit service would benefit responsible
consumers, who at present often have to borrow at the same rate as
those with a poor credit history.
7:34:43 PM
|
|
The telecoms industry has been accused of
collecting excessive amounts of personal data from its customers, with
telecom firms faring worse for privacy than companies in other
industries.
The accusations come in the
"First Quarter 2007 Online Customer Respect Study of the
Telecommunications Industry", from international research... Editor: Just this teaser unless you register at their site.
7:27:48 PM
|
|
Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations.
The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations.
A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee.
The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said.
The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior.
Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information.
Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress.
"A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor.
7:21:29 PM
|
|
Microsoft Chairman Bill Gates asked the U.S. Congress to pass a comprehensive privacy law this year, allowing consumers to
control how their personal information is used.
Gates
repeated past Microsoft calls for a wide-ranging privacy law during a
speech at advocacy group the Center for Democracy and Technology's
(CDT) annual gala dinner Wednesday. A comprehensive privacy bill should
allow consumers to control their personal data, should provide
transparency about what their data is used for, and should notify them
when their data has been compromised, Gates said.
Gates said he believes the U.S. can achieve a balance between privacy and protecting the country against terrorists and other
criminals. But the balance will not be an easy one to create, Gates said.
While
many U.S. residents would say they want as much privacy "as possible,"
law enforcement needs to be able to track criminals, Gates said. "These
privacy issues are not as easy as you might think," he told the crowd.
7:09:19 PM
|
|
The Census Bureau accidentally posted personal
information on 302 households on a public server several times since
October 2006, officials said.
The personal information,
including names, addresses, phone numbers, birthdates, family income
ranges and other demographic data, was contained in a file that was
placed on a public server for the purposes of testing new software
applications. The file included about 250 fake accounts in addition to
the real information. The bureau found out about the mistake when it
found the file on the server in mid-February.
7:04:50 PM
|
|
Possibly as a reaction to heise Security's report that Windows Genuine Advantage Notification sends back data to Redmond even when users choose to terminate its installation, a Microsoft developer using the pseudonym alexkoc has now posted an entry in the WGA blog. There he reveals that every update that flows through Windows Update at the very least informs Microsoft about whether the installation was successful or not. In the Privacy Statement of Windows Update Microsoft grants itself fairly far-reaching rights. Thus the information collected by the Redmond-based behemoth includes the computer make and model, version information for the operating system, browser, and any other Microsoft software for which updates might be available, Plug&Play ID numbers of hardware devices, region and language setting, Globally Unique Identifier (GUID), Product ID and Product Key, BIOS name, revision number, and revision date. By way of justifying Microsoft's approach, alexkoc writes that the EULA, likewise presented by the WGA installer, also covered the relaying of such information. With some updates such as the WGA Notification, the installer transmits data that Microsoft says it merely requires for quality control purposes and to improve the installer itself. The WGA package thus, among other things, sends back an event code. To calm the fears of users, alexkoc presents a graphic explaining the various fields of such a data packet. When the product IDs and product keys found belong to legal software, Microsoft will delete the data right away; only in cases of suspected software piracy will it store the data, the company has said. In the blog, the company once again explicitly states that it does not use the information gathered to identify or contact users.
6:54:34 PM
|
|
|
© Copyright 2007 Paul Hardwick.
Last update: 3/18/07; 5:10:49 PM.
|
|
|
