ISO 27018 and protecting personal information in the cloud: a first year scorecard

Richard Kemp, Business Cloud News,  Thursday, April 23, 2015

A year after it was published, – the first international standard focusing on the protection of personal data in the public cloud – continues, unobtrusively and out of the spotlight, to move centre stage as the battle for cloud pre-eminence heats up.

NIST issues draft de-identification guidance for personally identifiable information

Molly Bernhart Walker, FierceGovernmentIT,  Wednesday, April 22, 2015

As federal agencies deal with more sensitive information – from digital documents to troves of "big data" – de-identifying personally identifiable information is an emerging challenge. Because agencies are under increased pressure to make raw data open to the public, the removal of sensitive personal information from that data is critical. In a new draft publication, the National Institute of Standards and Technology explores techniques for de-identification and summarizes almost 20 years of research.

Is Android a threat to privacy?

Jeff Gould by Jeff Gould,
Friday, April 17, 2015

This week the European Commission took not one but two momentous actions against Google. The first  was the filing of formal antitrust charges accusing Google of abuse of dominance in online search. The second, was the launch of an investigation into Google’s practice of forcing mobile device manufacturers to use its purportedly open source Android operating system in only the way that Google prefers. Android of course is the world’s most widely used operating system, with a rapidly growing user base that now numbers more than one billion. While we usually think of it as something for consumers, Android devices are also used in countless enterprises, schools and government agencies. It’s worth taking a look at what the EU’s Android investigation means for those users.

27018 and Higher Education

Tracy Mitrano, Inside Higher Ed,  Monday, April 13, 2015

While many readers may not be familiar with the International Standards Organization, the rigorous formal standards established by this UN-sponsored body form the backbone of data security best practices in large organizations everywhere. Collectively the standards are known as the ISO 27000 family. American colleges and universities in particular, which are busily outsourcing many key online services to outside cloud providers, would do well to pay close attention to the newest member of this family, ISO 27018, which sets out best practices for personally identifiable information (PII) held in the cloud. ISO 27018 is the first international standard for privacy practices. Published in July 2014, the standard warrants the full attention of higher educational institutions as they consider the procurement of cloud services.

4 ways your Android device is tracking you (and how to stop it)

Ben Patterson, PC World,  Monday, April 13, 2015

Turns out that each time you say something to the Google Now search box, Android saves a copy of what you said in your "Voice & Audio" history. Your voice history can go back months or even years, and it includes a transcript of what you said plus a playback button, so you can relive the moment. That's not all. Your Android device—and, indeed, all your Google accounts, mobile or otherwise—can also save a "history" of your web searches and clicks, as well as what you've searched for and watched on YouTube. Android can also save a map of where you and your phone or tablet have been, even when you weren't actively using your handset.

Can FCC’s Data Breach Settlement With AT&T Inc. Help Change Behaviors In The Wireless Industry?

Larry Darrell, Bidness Etc,  Monday, April 13, 2015

Last month, the US government fined AT&T, accusing it for inadequate and unsatisfactory protection of consumer data. However, cyber security experts believe that the punishment was not strict enough to intimidate other players in the industry to take extra safety precautions. In the event that the carriers are faced with a similar situation as AT&T, perhaps they would take better and more adequate measures to ensure consumer privacy if AT&T was dealt with more strictly.

Our legal challenge to a US government search warrant

Brad Smith, Microsoft on the Issues,  Friday, April 10, 2015

Last evening, we filed our reply brief in our ongoing legal challenge to the U.S. government’s attempt to force us to turn over a customer’s email stored in our Irish data center. As we stated in our brief, we believe the law is on the side of privacy in this case. We were gratified by the large number of organizations and individuals that filed amicus briefs in this case in December. They include leading technology and media companies, expert computer scientists, and trade associations and advocacy organizations that together represent millions of members on both sides of the Atlantic. As we said then, this case involves a broad policy issue that is important to the future of cloud computing. In a nutshell, this case is about how we best protect privacy, ensure that governments keep people safe, and respect national sovereignty while preserving the global nature of the internet.

FCC To Examine Verizon's Supercookies

Katy Bachman, Media Post,  Friday, April 10, 2015

The Federal Communications Commission will examine Verizon’s use of supercookies for potential privacy violations. Verizon Wireless came under fire earlier this year from privacy advocates for using a tracking technology known as “supercookies” or “zombie cookies.” The technology -- which relies on injecting a unique code into a user's mobile traffic -- allows the company to track users' mobile Web browsing in order to serve them targeted ads. The injected code also enables Verizon and other companies to recreate information about people's Web activity, even if they delete their cookies.

Google gaffe: You Tube for Kids disregards rules, common sense

Dale Kunkel, San Jose Mercury News,  Thursday, April 09, 2015

First, Google overlooked all of the relevant research on children's limited ability to recognize and defend against television advertising, the most similar venue for an app that displays video cartoons, many of which are recycled from TV. Young children lack fully developed cognitive defenses against screen-based commercial persuasion. As a result, youngsters are readily susceptible to commercial influence, much more so than adults. Given this evidence, federal regulators as far back as the 1970s ruled that special protections are required when advertising targets kids. So the second mistake Google made was to overlook existing legal precedent. The FCC long ago specified there must be "clear separation" between entertainment and marketing content when kids are involved. If it's unfair for TV programs to use a star character such as Fred Flintstone to introduce products during a show, why should it be any different for a digital app? Is a child any less exploited because the commercial pitch was delivered via the Internet rather than a TV signal?

German privacy regulator orders Google to limit its use of customers’ data

Chris O'Brien, Venture Beat,  Wednesday, April 08, 2015

Google lost another battle on the European regulatory front today when a German privacy commissioner ordered the Silicon Valley search giant to implement strict new controls on how it uses customers’ data. The Hamburg Commissioner for Data Protection and Freedom of Information had originally ordered the changes last fall following an investigation launched earlier in 2014. Google filed an appeal of that decision, but the commissioner, while making some small modifications, overruled the objections and fundamentally upheld the previous decision.