Source: Proofpoint, May 2008
From the press release:
In its fifth-annual study of outbound email and data loss prevention issues, Proofpoint, Inc. found that large enterprises continue to incur risk from–and take action against–information leaks over outbound email, as well as newer communications media such as blogs, message boards, media sharing sites and mobile devices.
41% of Large U.S. Corporations Employ Staff to Read Employee Email; 26% Terminated Employees for Email Policy Violations in the Past Year
11% Of U.S. Companies Disciplined Employees for Improper Use of Blogs/Message Boards; 13% for Social Network Violations; 14% for Improper Use of Media Sharing Sites
Source: Consumer’s Union, Press release, December 11, 2007
WASHINGTON, D.C. – The widespread use and availability of Social Security numbers puts Americans at risk for identity theft and should be restricted, according to Consumers Union, nonprofit publisher of Consumer Reports.
The group urged policymakers to take action to protect consumers as part of a public forum on the issue organized by the Federal Trade Commission in conjunction with the President’s Identity Theft Task Force. Social Security numbers are particularly sensitive information because they can provide the key to unlocking a consumer’s financial identity.
Source: U.S. Department of Homeland Security
From press release:
The U.S. Department of Homeland Security (DHS) announced today a final rule establishing minimum security standards for state-issued drivers’ licenses and identification cards. The rule sets uniform standards that enhance the integrity and reliability of drivers’ licenses and identification cards, strengthen issuance capabilities, and increase security at drivers’ license and identification card production facilities. The final rule also dramatically reduces state implementation costs by roughly 73 percent.
Final Rule, Part 1 (PDF, 120 pages – 4.2 MB)
Final Rule, Part 2 (PDF, 164 pages – 5.6 MB)
Privacy Impact Assessment for REAL-ID (PDF; 277 KB)
Source: Privacy Rights Clearinghouse
The Privacy Rights Clearinghouse (PRC) is a nonprofit consumer organization with a two-part mission — consumer information and consumer advocacy. It was established in 1992 and is based in San Diego, California. It is primarily grant-supported and serves individuals nationwide.
The PRC’s goals are to:
•Raise consumers’ awareness of how technology affects personal privacy.
•Empower consumers to take action to control their own personal information by providing practical tips on privacy protection.
•Respond to specific privacy-related complaints from consumers, intercede on their behalf, and, when appropriate, refer them to the proper organizations for further assistance.
•Document the nature of consumers’ complaints and questions about privacy in reports, testimony, and speeches and make them available to policy makers, industry representatives, consumer advocates, and the media.
•Advocate for consumers’ privacy rights in local, state, and federal public policy proceedings, including legislative testimony, regulatory agency hearings, task forces, and study commissions as well as conferences and workshops.
Also in Spanish
Source: Frederick Lane, IPMA-HR News, June 2007
Will your next security badge be a small chip in your hand or forearm? Thanks to an emerging technology known as radio-frequency identification (RFID), that’s a distinct possibility. RFID is already in use in a wide range of applications, from electronic toll systems to retail inventory systems, and a number of companies are putting RFID chips on existing security badges. While there are no credible reports of companies or governmental agencies in the United States requiring their employees to get chipped, concerns about the possibility are strong enough that several state legislatures have passed or are considering legislation to outlaw the practice.
Source: Molly Ramsdell and Matt Sundeen, NCSL Legisbrief, Vol. 15 no. 22, April/May 2007
In early March, the Department of Homeland Security (DHS) issued the long-awaited draft regulations on Real ID Act implementation. The Real ID Act of 2005 requires states to adopt federal standards for driver’s licenses and identification cards by May 11, 2008. If they do not, the federal government will not accept the driver’s licenses or identification cards for federal purposes—boarding commercial aircraft, entering a federal building or nuclear power plant, or other purposes as determined by the secretary of the Department of Homeland Security. DHS estimated the cost of implementation at $23.1 billion over 10 years; the states’ cost is $10 billion to $14 billion.
NCSL’s Countdown to Real ID
ACLU’s Real Nightmare
Source: Ellen Perlman, Governing, Vol. 20 no. 9, June 2007
States are on the hook to turn driver’s licenses into secure ID cards. The size of the job is scaring them.
For the past five years, clerks at the Colorado Department of Motor Vehicles have been enforcing new rules for getting a driver’s license. It hasn’t been pleasant. As the new system has been put in place — a new requirement here, followed by another one there — DMV employees have been dressed down, yelled at, spat on and cursed by those in line.
This is not the usual situation at today’s DMVs, because states have gone to great efforts in the past decade to make license renewal a friendlier, more convenient experience — letting drivers renew online or by mail; putting small DMV offices in local shopping malls. But there’s a reason why Colorado clerks are under fire: The new rules, which have to do with creating a more secure license, have brought back long lines and frustrating misunderstandings about just exactly what documents drivers need to bring in and how long it will take the DMV to verify those papers. That’s why Colorado, which established its own rules for securing licenses, may be the best place to look to see what it’s going to be like when the REAL ID Act, the 2005 federal law that calls for a higher level of security for driver’s licenses, starts going into effect next year.
Source: Jake Bernstein, The Texas Observer, Vol. 99 no. 8, April 20, 2007
Texas is amassing an unprecedented amount of information on its citizens
Piece by piece, Gov. Rick Perry’s homeland security office is gathering massive amounts of information about Texas residents and merging it to create the most exhaustive centralized database in state history. Warehoused far from Texas on servers housed at a private company in Louisville, Kentucky, the Texas Data Exchange—TDEx to those in the loop—is designed to be an all-encompassing intelligence database. It is supposed to help catch criminals, ferret out terrorist cells, and allow disparate law enforcement agencies to share information. More than $3.6 million has been spent on the project so far, and it already has tens of millions of records. At least 7,000 users are presently allowed access to this information, and tens of thousands more are anticipated.
What is most striking, and disturbing, about the database is that it is not being run by the state’s highest law enforcement agency—the Texas Department of Public Safety. Instead, control of TDEx, and the power to decide who can use it, resides in the governor’s office.
Source: Alissa Johnson, State Legislatures, Vol. 33 no. 3, March 2007
Even though the legal landscape has changed, concerns about the abuse of genetic testing persist.
Is your genetic information safe? Sixteen years have passed since Wisconsin Governor Tommy Thompson signed the first state law to prevent genetic discrimination in March 1991. A tidal wave of genetics legislation followed, propelled by the anticipated completion of the Human Genome Project to sequence and map the genes that make up a human being. Public fears continue, however, over the possible abuse of genetic testing technology.
Source: National Governors Association, National Conference of State Legislatures, American Association of Motor Vehicle Administrators, September 2006
On May 11, 2005, Congress passed the Real ID Act (Real ID) as part of the Emergency Supplemental Appropriations Act for Defense, the Global War on Terror, and Tsunami Relief Act (P.L. 109-13), creating national standards for the issuance of state driver’s licenses (DLs) and identification cards (IDs). The act establishes certain standards, procedures and requirements that must be met by May 11, 2008 if state-issued DL/Ids are to be accepted as valid identification by the federal government. These standards are likely to alter long-standing state laws, regulations and practices governing the qualifications for and the production and issuance of DL/IDs in every state. They also will require substantial investments by states and the federal government to meet the objectives of the act.