You know we’re all guilty in some way… that is those of us that hang-out online in social networking sites of not being as good at protecting our privacy as we should. Most of this is due to the complexity of the whole process.. it really is not straight-forward. Even some of my security friends are partially public online, with changes happening on FB so regularly it is difficult with our busy agendas to keep checking our privacy settings. For example if you are using FB as a tool to keep connected to just close friends and family you should try and have your profile unsearchable both within and outside of FB. This is possible with the privacy settings available.

Well now social networking sites are being forced, at least in California of doing something about this. Read more at SF Chronicle.

Don’t miss the cookie deadline :-P

The deadline for EU member states to implement the new cookie law is today! And not many member states are ready to eat their cookies yet! To date, Denmark and Estonia are the only states to have implemented the amended EU Privacy and Communications Directive, which gives Internet users more control of their data and requires any company with EU customers to comply. This requirement is a provision in an amendment to the E.U.’s Privacy and Electronic Communications Directive, which was adopted in 2009.

One claimed reason for the sluggish implementation of the directive is confusion around its intended purpose, as well as how best to implement it without destroying the businesses that rely on cookie placement to generate revenue, such as online advertising networks. The most visible change is the introduction of an “explicit consent” requirement. Read more at ClickZ.

So how can this be implemented? On a technical level it’s messy because it needs to be added on. It is not a built in privacy functionality so this will result in significant inconvenience for web-users as websites seek explicit consent for cookie placement through pop-ups and other awkward mechanisms. If the privacy function for cookies…. or maybe not cookies…. were an integral function of our PC and of any web-app we happen to be interacting with, perhaps it would be more of a loyalty card function (maybe even shaking hands, representing mutual consent)…used in the physical world for relationship marketing. The customer presents a card each time the approach the checkout. Hence in exchange for sharing personal information the customer should receive certain benefits, and clearly transparency in what is being collected…

Me just brainstorming to myself a little here 🙂

Bloggers used in smear campaign

This is a really interesting development, although not really so surprising in the arena of reputations and using popular bloggers for smear campaigns. Apparently Facebook hired a PR company to further damage the reputation of Google. The PR company contacted a well-known blogger to ask that he take a part in this. He refused and instead published the emails with the request.

However the power of the blogging communities are being used here to damage the reputation of an organisation. I guess this is not the first time this has been done, and it certainly won’t be the last. They are used for example to talk about their favorite products, i.e. they are advocates for a brand. Although this is the first time that I have seen such a public showing of this behaviour.

We can justify our work!

I love this “A UK privacy authority has fined the solicitor behind ACS:Law £1,000 for failing to keep the personal data of at least 6,000 people secure.” Although the fine was pretty pathetic, it is still good to see numbers appearing against cost of lost personal and sensitive data as this helps us justify why we are needed! Read more at ZDNet.

What is more important is the loss to his reputation for his lax security, I can imagine that ACS business cost will be just a little bit more than £1,000 😉

Workplace privacy in the US is getting a new set of clothes

Significant developments in workplace privacy law and policy in the US over the past year have left employers with a number of new obligations. Litigation in state and federal courts, state legislation and federal agency actions have all led to increased protections for employees, requiring employers to carefully consider and, as necessary, revise their workplace privacy policies and procedures.

I am not sure exactly which laws these are? Any links to relevant laws would be really appreciated!

Yes please I would like a cookie :-P

I’ve been posting about this before, the thing on “cookie consent” in the new EU privacy law. Well now there have been some guidelines published by the Information Commissioner’s Office.

Simply advice is as follows:

We advise you to now take the following steps:
1. Check what type of cookies and similar technologies you use
and how you use them.
2. Assess how intrusive your use of cookies is.
3. Decide what solution to obtain consent will be best in your

The main difference in behaviour is often those using cookies to collect your behaviour data used to by default give you the option to opt-out, however now you must consent, i.e. opt-in. This is now aligned to the general collection of personal data in the EU.

Canada wants to start imposing fines

I knew that the privacy laws in Canada were pretty strict, at least when compared with the U.S. variants 😉 Although compared to the E.U. they are lacking in that the privacy commissioners don’t have the power to impose fines on offenders. This could be changing as there is some pressure now to change this. Read more in the Financial Post.