fbpx

Free tools and resources for Data Protection Officers!

Tag Archives for " identity "

Data Breaches Show it’s Time to Rethink Use of Social Security Numbers

The Social Security number — created in 1936 to track Americans’ social benefits — was never meant to be a form of identity verification. But that line disappeared in the mid-1970s, and the single identifier proved convenient when it came time for the U.S. to handle information using computers.

But we shouldn’t be using an unchangeable nine-digit code for verification. It’s a little like having a Facebook password that we can’t change even if we know somebody else has it.

Full article: Data Breaches Show it’s Time to Rethink Social Security Numbers | Time.com

Privacy rights under threat with Irish government’s national ID card

A UN representative has called out the Irish government’s introduction of an ID card which contains biometric information.

UN special rapporteur on extreme poverty Prof Philip Alston criticised the roll-out of the Public Services Card (PSC), saying the government introduced the card “without any transparency of public debate”.

Source: UN official says privacy rights under threat with Irish government’s national ID card | The Canary

New rules for biometric EU identity and residence cards given final approval

The European Union’s Council has approved new rules for biometric fingerprint and photo security features of identity and residence cards, as proposed by the European Commission.

The biometric features of European ID cards will be stored on a contactless chip, making them similar in security to passports.

Source: New rules for biometric EU identity and residence cards given final approval | Biometric Update

Deidentification versus anonymization

Anonymization is hard. Just like cryptography, most people are not qualified to build their own.

Unlike cryptography, the research is far earlier-stage, and the pre-built code is virtually unavailable. That hasn’t stopped people from claiming certain datasets (like this ) are anonymized and (sadly) having them re-identified.

Full article: Deidentification versus anonymization

The growing legal and regulatory implications of collecting biometric data

Although biometric technologies make the authentication experience easier, the actual collection and storage of the data is presenting new security risks.

In EU use of biometric data now is now regulated by General Data Protection Regulation (GDPR). In the US, state regulators have reacted to these growing concerns around biometric data by enacting or proposing legislation. The Illinois Supreme Court reversed the lower court rulings and ruled that Six Flags had violated BIPA. Massachusetts, New York, and Michigan all have privacy bills in development that have similar requirements to BIPA, and more states are likely to consider drafting laws governing the collection, usage, and storage of biometric data.

Full article: The growing legal and regulatory implications of collecting biometric data | ZDNet

Microsoft working to support decentralised identity

Microsoft is among the big tech players aiming to help enable personalisation of products and services without putting privacy at risk.

Microsoft believes there are three important steps that will help to rebalance the equation, said Chik – first, enable individuals to bring their own identity; second, accept independently verified information from individuals; and third, recognise individuals as data controllers.

Source: Microsoft working to support decentralised identity

De-Identification Should Be Relevant to a Privacy Law, But Not an Automatic Get-Out-of-Jail-Free Card

The most important definition in any privacy law is the scope of information that is covered by that law. A line must be drawn somewhere between personal and non-personal data, the argument goes , or else laws will capture all information even if it presents no risks to an individual’s privacy.

Full article: De-Identification Should Be Relevant to a Privacy Law, But Not an Automatic Get-Out-of-Jail-Free Card

Why companies want to mine the secrets in your voice

The voice is highly personal, hard to fake, and it contains surprising information about our mental health and behaviors.

The Israeli company uses real-time voice analysis during calls to evaluate whether someone is likely to default on a bank loan, buy a more expensive product, or be the best candidate for a job.

Full article: Why companies want to mine the secrets in your voice – The Verge

Children’s identity theft on rise

Cyber criminals are hacking into sensitive networks to steal the identities of children and are selling it on in underground market places.

Personal information is leaked in data breaches all the time, but what makes the data on children so useful to cyber criminals is how they don’t have any credit history – so they offer a free pass for fraudulent purchases, loans and other transactions without the barriers that might be associated with data belonging to adults.

Source: The latest dark web cyber-criminal trend: Selling children’s personal data | ZDNet

How should we regulate facial-recognition technology?

The privacy concerns with facial-recognition technology are obvious: Nothing is more “personal” than one’s face.

So how is the processing of facial data regulated, whether such data is collected by a government agency as in China, or by a private entity like Apple or Facebook? And as facial-recognition technology use becomes more pervasive (as widely predicted), what restrictions are appropriate in the future?

Full article: How should we regulate facial-recognition technology?

1 2 3 8
>