Skip to main content

Privacy Monday - August 26, 2013

As the summer winds down, we find that privacy and security issues remain at the top of mind for companies, hackers, and regulators alike.

 

EMPLOYEE PERSONAL INFORMATION EXPOSED AT FED

Bloomberg is reporting today on a large-scale exposure of the personal information of every employee of the Federal Reserve Bank.   According to the article, a website associated with the hacktivist group Anonymous has posted what the group said were “full details of every single employee at Federal Reserve Bank of America,” adding central banks have “systematically defrauded the planet.” The post included a spreadsheet containing phone numbers, e-mails and other employee information that the Federal Reserve said today was probably accessed more than six months ago.  According to the Fed, the bank's critical operations were not affected.

Read more:  Bloomberg Business News

 

PIN THIS

A security researcher has discovered a vulnerability in Pinterest.   According to Threatpost, the researcher discovered a hole that enables an attacker who knows a target's username or user ID to discover that user's email address.  The bug could provide an attacker a ready-made (and huge) target list for phishing attacks.

Read more: Threatpost

 

BIG DATA IS ON THE FTC RADAR - THE "LIFEGUARD ON THE BEACH"

In her keynote address delivered at the Technology Policy Institute Aspen Forum last week, FTC Chairwoman Edith Ramirez spoke about the privacy challenges of Big Data. While recognizing the tangible benefits of innovative ways of collecting, analyzing and storing the aggregation of decades of information we refer to as “Big Data” to consumer and businesses alike, Chairwoman Ramirez expressed concern that these Big Data-driven innovations offer great potential for misuse of personal information and pose significant privacy risks to consumers.

In speaking about the FTC’s role in Big Data, Ramirez described the enforcement tools that can be used by the Commission to protect consumers against the privacy challenges posed by Big Data and  promised to continue to use these tools aggressively against entities that breach their commitments to safeguard consumer information. The Chairwoman gave as examples the FTC’s actions against data giants Google, Facebook, and Myspace for deceiving consumers by breaching commitments to keep their data confidential, and the forty-plus actions brought by the Commission under its unfairness and deception authority against large data companies like LexisNexis, ChoicePoint, and Twitter for failing to provide reasonable security safeguards.

Ramirez urged businesses that use Big Data to design their data collection and use approach based on the three core principles set forth in the FTC’s 2012 Privacy Report, specifically, privacy-by-design, simplified choice, and greater transparency, to ensure that consumers understand who is collecting their data, how their data is used, and are given a choice in whether their data is collected and how it is used.

Ramirez ended her address by noting that while the FTC will not stand in the way of innovation, the Commission will play an active, central role in ensuring that consumer privacy is respected. In fact, the Chairwoman characterized the FTC as “lifeguard at the beach”, that “will remain vigilant to ensure that while innovation pushes forward, consumer privacy is not engulfed by that wave.”

If you are interested in reading more about privacy considerations of Big Data, please see two recently published articles with competing views on this point.  The Underwhelming Benefits Of Big Data, authored by Paul Ohm, a professor of law at the University of Colorado and former senior policy advisor to the FTC was published this month in the Penn Law Review. Big Data for All: Privacy and User Control in the Age of Analytics, co-authored by Omer Tene, Vice President of Research and Education at the IAPP and Jules Polonetsky, Director of the Future of Privacy Forum was published in the Northwestern Journal of Technology and Intellectual Property in April.

 

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.