Maybe Data Privacy Day should be every day


It's over. Data Privacy Day came and went yesterday. Proclamations were made. New state privacy units sprouted. Google (NASDAQ: GOOG) and Twitter opened up about the number of information requests and calls that were made for action on pending legislation. People are now free to get back to ignoring the erosion of their privacy.

In Maryland, Assistant Attorney General Steve Ruckman will direct a new unit created to protect the privacy of the state's Internet users. The new unit will monitor companies' compliance with state and federal consumer protection laws, including the Children's Online Privacy Protection Act. Ruckman's unit also will examine weaknesses in online privacy policies and provide outreach and education to businesses and consumers.

This last directive caused some angst for law firm Mintz Levin, which warned Maryland residents to look out for the Maryland privacy police." The chair of the firm's Privacy & Security Practice (and a certified information privacy professional) Cynthia J. Larose, said that without clear legislative standards, determination of what the Maryland Internet Privacy Unit considers to be a "weakness" could well be a data protection practice that is within the scope of existing law. He firm will be watching developments on this front with great interest, she said.

Larose said California has been enforcing similar rules since July, when it established specific units within its Attorney General's office to deal with privacy. Since then, the attorney general of that state took on mobile application developers, despite not having specific mobile privacy policies in place. In December, the state sued Delta Air Lines for allegedly failing to post a privacy policy for its Fly Delta app.

While Larose is protecting the rights of businesses, Maryland Attorney General Douglas Gansler feels he is protecting consumers. "Internet privacy is one of the most essential consumer protection issues of the 21st century," he said in a statement. "I created this new unit to ensure that Marylanders who use the Internet every day have someone on their side, watching out for illicit online activities and working with key stakeholders to improve gaps in privacy policies."

Gansler's initiative will look for better ways to manage privacy risks, such as geo-location tracking, cyber bullying, data collection and data breaches. Last year, Gansler led an effort by 36 state attorneys general to demand accountability from Google when it unilaterally changed its privacy policy.

"The free flow of information in the Digital Age has made it easier for private records to fall into the wrong hands," Gansler said.

But on this Data Privacy Day, many were saying that those "wrong hands" belong to the government.

The ACLU of Maine, the Left-Right Coalition and bipartisan legislators used the day to detail a legislative privacy package underscoring key priorities for protecting individual privacy. Shenna Bellows, executive director of the ACLU of Maine, said "Maine needs stronger laws that shield us from overreaching surveillance by the government and corporations, and ensure that the most personal details of our private lives stay private."

Maine state Rep. Diane Russell (D-Portland), sponsored "The Maine Online Privacy Protection Act," a bill requiring operators of commercial websites that collect people's personally identifiable information to conspicuously post and comply with a privacy policy that meets certain conditions. And Rep. Michael McClellan (R-Raymond) sponsored "An Act to Protect Social Media Privacy in the Workplace," which prohibits employers and schools from accessing passwords to the private accounts of their employees or students.

The bills are comprehensive and also include language dealing with the use of domestic drones, warrantless tracking of GPS devices--including cell phones--and the warrantless collection by law enforcement of content created by cell phone users, such as text messages and text and call records. "These bills would keep us from sliding further into a surveillance society where the government can monitor everything we do, say or write at any time, for any reason," said Bellows.

Meanwhile, in Ohio, Attorney General Mike DeWine used the day to encourage consumers to protect their personal information to avoid tax-related fraud and identity theft. He also provided detailed information on how criminals were able to perpetrate this fraud. The state now has an Identity Theft Unit to help victims rectify the effects of identity theft. The unit currently offers two programs for victims: traditional assistance and self-help assistance.

Over the last year, requests from government entities to companies like Twitter and Google continued to climb. Google said last week that from July through December 2012, 68 percent of the requests Google received from government entities in the U.S. were through subpoenas, issued under the "Electronic Communications Privacy Act" (ECPA), and are the easiest to get because they typically don't involve judges. 22 percent were through ECPA search warrants which are issued by judges based on a demonstration of "probable cause" to believe that certain information relating to a crime is presently in the place to be searched. The remaining 10 percent were mostly court orders issued under the ECPA by judges or other processes that are difficult to categorize.

The number of requests almost doubled from the December reporting period of 2009 (12, 539 requests) to the same period in 2012 (21,389 requests). On Data Privacy Day this week, Google reiterated its policy, saying the company wants digital information laws updated so the same protections that apply to your personal documents also apply to your email and online documents.

Forbes used the occasion to bash the Obama administration on its privacy performance and its Privacy Bill of Rights, which has stated an intent to guide efforts to give users more control over how their personal information is used on the Internet and to help businesses maintain consumer trust and grow in the rapidly changing digital environment.

Forbes says they haven't come close. "Government has an important role to play in protecting consumer privacy, but it's snooping and surveillance are far bigger problems--which have only grown worse. While Washington talks of a new commercial privacy "Bill of Rights," the real Bill of Rights is in peril," said Berin Szoka in the Forbes article.

For more :
- see the Forbes article

Related Articles:
Privacy groups call on Skype to issue regular transparency reports
Calling for a spectrum of intent in prosecuting hackers
Big data's 4th Amendment problem