Privacy and Data Protection

Company Attempts Streamlining Mobile App Privacy Policies

Online privacy policies, particularly those for mobile applications, are often too long and too complicated to be of any use to the average consumer. One company, PrivacyChoice, is attempting to help mobile application companies create privacy policies that are easy for consumers to read and understand. PrivacyChoice has collected data from hundreds of online privacy policies and created a tool that allows application developers to create policies without the help of a lawyer. The tool asks developers to answer questions pertaining to how consumer data is collected, stored, and used. The tool then condenses that information into a policy that is easy to read.
New York Times: Industry Tries to Streamline Privacy Policies for Mobile Users (14 August 2011)
(Source: New York Times)

Google Privacy Audit Finds Improvements, but More Work Needed
Europe, Middle East and Africa

The UK Information Commissioner’s Office (ICO) has released the Google Inc. Data Protection Audit Report: Executive Summary (August 2011), concluding that Google has “taken reasonable steps to improve its privacy policies”. The audit was conducted in July 2011 in relation to Google’s unauthorised collection of data from unsecured wireless networks.

The audit report notes that since the incident, Google has developed a number of areas of good practice, These include undertaking a privacy impact assessment for new projects, allocating resources to privacy throughout the company, and providing additional training for staff.

Although the ICO is satisfied with the improvements instituted so far, it has also urged Google to take further steps, including disclosing to users how each product affects personal information protection, the use of Privacy by Design for new projects, and additional privacy training for engineers.

Information Commissioner Christopher Graham said that the audit is “not a rubber stamp”, and warned that the ICO will continue to monitor Google’s policies and practices.
ICO’s media release (16 August 2011)

Related news items:
Computerworld: UK says Google needs further privacy improvements (16 August 2011)
BBC News: Google gets privacy ‘to-do’ list from watchdog (17 August 2011)
(Source: ICO; Computerworld; BBC News)

FTC Supports Plan to Regulate Online Tracking

The US Federal Trade Commission (FTC) has issued an advisory opinion letter (15 August 2011) stating that it will not challenge the Council of Better Business Bureaus’ (CBBB) proposed “accountability program” to regulate the use of internet browser tracking for behavioural advertising online.
FTC’s media release (15 August 2011)

Related news item:
The Wall Street Journal (WSJ): Council to Enforce Online Tracking Principles (4 March 2011)
(Source: FTC; WSJ)

Phone App Privacy Breach Proceedings Settle

The US Federal Trade Commission (FTC) has announced that W3 Innovations, a developer of mobile applications, will pay $50,000 to settle charges that it violated the Children’s Online Privacy Protection Act 1998 by illegally collecting and disclosing personal information from children without their parents’ consent. FTC chairperson Jon Leibowitz said that “[c]ompanies must give parents the opportunity to make smart choices when it comes to their children’s sharing of information on smart phones”.
FTC’s media release (15 August 2011)
(Source: FTC)

Hospital Discloses Breach of Patient Records

The Brigham and Women’s / Faulkner Hospitals announced last week that a doctor working for both hospitals lost an external hard drive containing the medical records of 638 patients. The hard drive was lost when the doctor left his luggage in a cab. After conducting an internal investigation, the hospitals discovered that the patient information that was once stored on the hard drive had been deleted. Because the hospitals could not confirm, however, that the information was permanently erased from the hard drive, they have notified affected patients. At this point, even though there is no reason to suspect that the medical records have been accessed, both hospitals are offering identity protection services to those patients whose information has been compromised.
Boston Herald: Brigham and Women’s discloses patient data breach (5 August 2011)
(Source: Boston Herald)