29 Gen Data Privacy Day’s messages for Obama, consumers
CNET News, By Elinor Mills, January 27, 2009
We have Valentines Day and Mothers Day and even Inauguration Day. And now that cyber crooks have turned the Internet into their playground, we’ve got Data Privacy Day. Companies and agencies in the U.S. and more than two dozen European countries will be holding events in honor of Data Privacy Day on Wednesday geared toward educating consumers as to how to better protect themselves online. And privacy groups are sending messages to the newly installed administration of President Obama. In the latest issue of The Identity Theft Newsletter, three consumer privacy experts give their advice. Jay Foley, who founded the nonprofitIdentity Theft Resource Center, suggests ways to curb identity fraud that uses the identities of children and the deceased. Pam Dixon, executive director of the World Privacy Forum, suggests centralizing control of all identity fraud-related issues under the Federal Trade Commission and adopt a federal law requiring companies to report data breaches to the agency. Similarly, Chris Hoofnagle, director of the Berkeley Center for Law and Technology, wants a “codified mandate” requiring companies to share information on identity-fraud rates. The Electronic Frontier Foundation, a group that advocates for the rights of Internet users, has its own suggestion for Obama’s administration. In a statement published on its Web site on Tuesday, the EFF said the new Whitehouse.gov site uses embedded YouTube movies that place a cookie on the visitor’s computer, which enables tracking of the computer as it visits different Web sites. The White House should work with YouTube to end the retention of cookie data for any video on a government site, the EFF said. Even privatecompanies were getting in on the act. Executives at one pharmaceutical research company in the U.S. distributed an e-mail to workers encouraging them to clean up their data files on Wednesday. “Never have time to send those files to off-site storage or identify piles of old papers that should to be shredded? Have you neglected to clean out your e-mail folders? Take time to do it on Data Privacy Day!” the e-mail says. “Don’t retain sensitive data longer than it needs to be kept. This applies to paper documents, as well as computer files and e-mails. Keeping unnecessary data creates risks to the individuals whose data is kept beyond the required date and takes up valuable storage space both in file rooms and online.” Meanwhile, Microsoft was preparing to host a Data Privacy Day panel in San Francisco on Wednesday afternoon. The panel will include representatives from MySpace, Intel, the California Office of Privacy Protection, Teenangels and the Center for Democracy and Technology. Microsoft also will discuss findings of two focus groups, including the fact that while consumers are concerned about online privacy, they tend to have a “surface understanding” of the how to protect against the threats they face online. Identity fraud is the most prevalent concern for consumers, while another top concern is the sharing or selling of personal information without their consent. “There’s a sense of resignation” among consumers, but education is the key, Peter Cullen, Microsoft’s chief privacy strategist, said in an interview on Tuesday. “To say its hopeless is not accurate at all,” he said. “It means all of us have to be prepared to invest so we don’t lose the consumer trust.” To get the word out to people, Microsoft partners with organizations like the American Association of Retired People to reach certain groups and offers basic tools and tips for consumers on its Web site, according to Cullen. Microsoft also provides information in its products that users can see when they are surfing. For instance, Internet Explorer 8 has a filtering agent that alerts users when one online site seems to be collecting a lot of data that could be used for behavioral targeting and other advertising means, he said. Microsoft was one of the companies that, a decade ago, liberal privacy groups loved to hate. The Electronic Privacy Information Center, for instance, sent letters to state attorneys general and the Federal Trade Commission urging action against the company’s authentication system called Microsoft Passport. The FTC and Microsoft eventually settled; Microsoft also abandoned its so-called Hailstorm program, which would have expanded passport.
But now two things have happened to change how Microsoft approaches privacy. The first is being under an antitrust consent decree, which has subjected the Redmond, Washington-based company to ongoing regulation and has made it less aggressive in some areas. The second is that it has found privacy to be a useful argument against “cloud computing” in general and Google in particular, and it is trying to restyle itself as a “pro-privacy” company and Google as the opposite.