Friday, January 8, 2016

Uber agrees to enhance user privacy in settlement

New York's attorney general has announced a settlement with Uber requiring the car service app to protect riders' personal information.

The agreement follows an investigation by the AG's office amid reports that Uber executives had access to riders' locations and displayed it in an aerial view, known internally as "God View." 

read full article at CrainsNewYork

FTC’s credibility tarnishes as its privacy offensives grow

Having worked for an FTC commissioner, I've seen first hand the commission's regulatory successes. Imbued with the powers of competitive oversight and consumer protection, the Federal Trade Commission (FTC) was a beacon for other governmental agencies.

Unfortunately, times have changed. The commission's recent obsession with media exposure has darkened the FTC's luminescence.  The FTC has forgotten its core foundational tenet: identify practices that actually harm consumers. 

By Carl Szabo
read full article at TheHill

Snooper's charter would be out of date in five years, says defence industry

The accelerating pace of technology means the government’s landmark snooper’s charter bill will only have a limited shelf life and will need to be revisited within five years, Britain’s defence and security industry has told MPs and peers.

They have warned that there are serious questions over whether fundamental parts of the new law that will overhaul of surveillance powers will be relevant in the near future as the technological landscape changes. 

by Alan Travis
read full article at TheGuardian

U.S. Department of Homeland Security Best Practices for Protecting Privacy, Civil Rights & Civil Liberties In Unmanned Aircraft Systems Programs

As co-chairs of the Department of Homeland Security’s (DHS) Privacy, Civil Rights & Civil Liberties Unmanned Aircraft Systems Working Group (DHS Working Group), we are pleased to present these best practices, which reflect DHS’ experiences in building unmanned aircraft system programs founded on strong privacy, civil rights, and civil liberties protections. Unmanned aircraft systems are an essential tool in DHS’s border security mission and present a great deal of promise for assisting first responders and improving situational awareness. These best practices represent an optimal approach to protecting individual rights that is influenced by U.S. Customs and Border Protection’s (CBP) ten years of experience using unmanned aircraft systems as a tool in protecting and securing the Nation’s borders. 

We are sharing these reflections broadly, recognizing that government entities (including CBP) have various limitations based upon their respective missions, operating characteristics, and legal authorities, and that many of the considerations that apply to our agency may not be applicable or appropriate for other entities. The DHS Working Group neither proposes nor intends that this document regulate any other government entity. Our goal, rather, is simply to share the best practices we have identified as helping to sustain privacy, civil rights, and civil liberties throughout the lifecycle of an unmanned aircraft systems program. 

read full article at DHS

Key U.S. Cybersecurity Provisions Signed into Law

Last month, tucked into a 2,000-page spending bill, the Cybersecurity Information Sharing Act of 2015 (CISA) was enacted into law. Years in the making, CISA is intended to incentivize organizations to share cyber threat indicators with the federal government and to promote the dissemination of this information to organizations facing similar threats. CISA sponsors and supporters hope that such information exchange will help organizations prepare for and respond more effectively to cyber threats.

In addition to CISA, the spending bill included a number of other cybersecurity provisions covering topics ranging from federal preparedness to foreign policy strategy. Most notably, the bill directs the Department of Health and Human Services (HHS) to develop cybersecurity best practices for organizations in the healthcare industry. The bill also directs federal agencies to create new plans to fortify federal information systems and identify cyber-related gaps in the federal workforce. 

by Hogan Lovells
read full article at IAPP

NIS + GDPR = A New Breach Regime in the EU

European lawmakers capped off a blockbuster week for privacy with an important step towards the first comprehensive information security legislation in the EU. The Network Information Security (NIS) Directive was initially proposed by the European Commission in February 2013 to raise cybersecurity capabilities across the EU’s 28 member states. After more than two years of negotiation, the European Council reached an informal agreement with the Parliament on December 7, and the agreed text was approved by the Member States December 18.

The text now must undergo “technical finalisation,” and then needs to be formally approved by both the Council and the Parliament, which is expected, according to the Council, this spring. Member States will then have 21 months to implement the Directive into law, passing their own legislation in accordance with the Directive.

by Gabriel Maldoff
read full article at IAPP

Researchers investigate the ethics of the Internet of Things

Researchers at nine UK universities will work together over the next three years on a £23m ($33.5m) project to explore the privacy, ethics, and security of the Internet of Things.

The project is part of 'IoTUK', a three-year, £40m government programme to boost the adoption of IoT technologies and services by business and the public sector. 

By Steve Ranger 
read full article at ZDNet