November 17th, 2008 by ATIP1

A federal appeals court in Boston on Tuesday dealt a setback to the pharmaceutical industry and companies that collect prescription data for use in drug marketing.

Ruling in support of a New Hampshire law, the court upheld the right of states to prohibit the sale of doctor-specific prescription drug data that is widely used in pharmaceutical marketing.

The case is a defeat for two large data-mining companies, IMS Health and Verispan. They sued in 2006 to block implementation of the New Hampshire law, which prohibited the sale of computerized data showing which doctors were prescribing what drugs.

The law was intended to cut down on state health care costs by eliminating the tool used by drug sales representatives in promoting brand name drugs. By purchasing the data describing which doctors prescribe what drugs, pharmaceutical sales forces are better able to identify which doctors might use their products and be receptive to their sales pitches. They can also focus on persuading doctors who do not write many prescriptions for their products to change their minds.

The sale of prescription data, in which individual patients’ identities have been removed, has become a lucrative industry. The information is purchased from pharmacy chains and the companies that manage drug benefits for employers.

Sales representatives — known as detailers in industry argot — often visit doctors’ offices carrying laptop computers with detailed reports on each doctor’s prescription-writing habits.

Saying in Tuesday’s opinion that the enterprise of buying and reselling prescription information was “mind-boggling” in its scope, United States Court of Appeals Judge Bruce Marshall Selya wrote, “The record contains substantial evidence that, in several instances, detailers armed with prescribing histories encourage the overzealous prescription of more costly brand-name drugs regardless of both the public health consequences and the probable outcome of a sensible cost/benefit analysis.”

The three-judge panel concluded that “the state adequately demonstrated that the Prescription Information Law is reasonably calculated to advance its substantial interest in reducing overall health care costs within New Hampshire.”

The appeals court ruling overturned a decision last year by United States District Judge Paul Barbadoro of Concord, N.H., that stuck down the New Hampshire law on First Amendment grounds.

In a statement, IMS, based in Norwalk, Conn., said it was disappointed with the decision and was evaluating its potential next steps. Shares in IMS fell 12 cents, or 1 percent, to $11.75 on the New York Stock Exchange.

Along with Verispan, which is located in Yardley, Pa., IMS had argued that the purchase and collection of prescription data were valuable for public health reasons and, also, that the law infringed on commercial free speech.

The New Hampshire law, which was to take effect in July 2006 before it was challenged, was the first state law to specifically prohibit the sale or transfer of information identifying doctors for commercial purposes.

Tuesday’s decision could also have implications in other states that have either adopted or are considering similar legislation, particularly Maine, which is in the same appellate district as New Hampshire and where a similar law was also struck down by a district court this year. Vermont has also enacted a similar law that is to take effect next year but is also facing a court challenge.

Such legislation has been urged by doctors who object to the disclosure of their prescribing patterns.

The American College of Physicians asked the larger American Medical Association to prohibit the release or sale of doctors’ prescribing information. In 2006, the A.M.A. established a registry of doctors who could “opt out” of having their prescription data shared with sales representatives. That was part of a voluntary arrangement the A.M.A. reached with the data companies.

In sponsoring the New Hampshire legislation in 2006, Representative Cindy Rosenwald of Nashua, said she was motivated partly by high state Medicaid drug costs, which she said had been driven up by pharmaceutical marketing.

Besides her state, Maine and Vermont, Ms. Rosenwald predicted Tuesday that other states would now take a more serious look at enacting such laws.

“A lot of states have been looking at this and have come very close to enacting it,” she said, “and then they’ve basically said while this is still on appeal, we should just wait.”

Join the forum discussion on this post - (1) Posts

November 17th, 2008 by ATIP1

Photos documenting last week’s wild party or a quick rant about work frustrations could cost someone a job if an employer spots them online, experts warned at a privacy conference Monday in Calgary.

Despite the potential career perils of social networking sites such as Facebook or Nexopia, a Ryerson study shows 90 per cent of young Canadians are connecting online, seemingly oblivious to the minefield their personal posts can create.

“There seems to be a different awareness of privacy (among young users),” Philippa Lawson, director of the University of Ottawa’s Canadian Internet Policy and Public Interest Clinic, told dozens of business representatives gathered for the two-day private sector privacy conference.
“They think the information should be treated as private, even if it’s technically not.”

Alberta’s privacy commissioner, Frank Work, isn’t aware of any formal complaints of Albertans losing their job due to Facebook posts or pictures, but he knows it has occurred elsewhere.

“We can try to regulate the sites better, try to educate the users better and try to get businesses more enlightened about this . . . but at the end of the day this is the brave new world. The coming generation loves it. It’s their technology and we’re not going to stop them,” said Work.

Surfing online at Eau Claire mall, Facebook-user Bonnie Pavlovich knows there are security settings she could engage — but she doesn’t bother with them.

“I’m pretty open. I don’t have anything strange on there, but I know some people can belong to certain groups which point to certain interests that maybe they wouldn’t really want everyone to know,” she said.

Brian Pike takes the opposite approach to posting personal information online. The IT worker uses business networking sites for business but steers clear of them for personal use.

Both agree younger users tend to ignore the dangers of sharing too much online.

“The younger crowd doesn’t worry about it, (but) by the time they get older in life they’ll realize the stuff they posted five years ago is still floating around on the Internet,” he said.

“I think people have to be really careful (about) what they post now because I think it is going to come back to you in the future.”

Getting embarrassing information taken off websites years later can be difficult, said Toronto-based lawyer Jason Young.

Individuals can write to the website owner and ask that the item be removed. They can also contact search engines requesting the information be purged from cached sites, but there is no guarantee it will be taken down.

“It’s a process, even if it works, that can take many, many months. In many cases you are left at the discretion of the owners of the site. If they choose not to remove the information, there’s not a lot you can do,” Young said.

Not all employers are heading straight to Facebook or Nexopia before making hiring decisions.

Telus doesn’t surf social networking sites for information about prospective candidates over concerns the material may not be reliable, Telus chief privacy officer Kevin Doyle said at the conference. The telecommunications company also isn’t convinced existing privacy legislation would permit using data uploaded on Facebook as part of the hiring process, he said.
Work hopes more companies take this approach to respecting the online lives of their employees.
With an increasing number of people blogging, twittering and sharing photos online, Work warns employers could have little choice but to accept the online openness of their staff.
Companies searching for potential staff with squeaky-clean digital personas may soon find there’s no one out there left to hire, he said.

November 16th, 2008 by ATIP1

Privacy breaches are shaping as the new pandemic infecting business stability,

The lapses came at a rate of one a week: hundreds of credit card receipts from a Bondi Junction chemist are strewn across Mascot Oval; names and dates of birth for 3500 customers of a Sydney restaurant are inadvertently attached to a mass email; detailed financial records for Aussie Home Loans customers are dumped in an unsecured bin; and, most worrying, a Tax Office CD of documents about 3122 taxpayers vanishes after reaching a courier.
And those losses of personal information, all from last month, were the ones made public.
October, though, was not alone as a bad month. A recent survey by the computer security company Symantec found 79 per cent of Australian businesses know they have lost sensitive information about themselves or their customers.
The survey of nearly 200 businesses with more than 100 employees shows data loss is anything but rare. Forty per cent of companies that lost information acknowledged six to 20 losses in the previous year. Eight per cent admitted 100 or more instances. Data losses cost one industrial company $8 million.
What is going astray? Everything from customer and financial details to employee records and competitive intellectual property. The biggest causes: lost laptop computers and mobile phones, and human error. Lower on the list, but still statistically alarming, are corporate espionage, hacking and insider sabotage.
“What the survey results show is this is not hype,” Craig Scroggie, regional managing director of Symantec, says. “This is a real and present challenge.”
Certainly it will assist the bottom line for Symantec, a seller of software to monitor documents and protect data, but the risks to companies and consumers are enormous.
Australia does not require companies or government departments to reveal breaches of personal information to the people affected. It is not possible, therefore, to know precisely the number of stuff-ups and the number of people affected, but there are clues from overseas.
In Britain last year government officials lost two CDs containing birth dates, addresses, bank accounts and national insurance numbers for 25 million child benefit recipients.
In America, 44 states have laws requiring businesses to inform consumers when personal details have been compromised and the Privacy Rights Clearinghouse (www.privacyrights.org) monitors such breaches.
A scan of cases from recent weeks is revealing. A Seattle school district inadvertently released 5000 social security numbers (similar to a tax file number) to a union and a US State Department breach allowed the theft of details from 400 passport applications.
An Ohio health insurer lost 11 computer disks with personal data on 36,000 retirees and employees; a burglary at a Californian risk management company resulted in the theft of details on 5700 workers who had filed compensation claims.
Since it began monitoring breaches in 2005, the Privacy Rights Clearinghouse has tallied more than 245 million compromised records.
Bill Hay, a Queensland detective superintendent and expert on computer crime, says Australia is no safer and that “it’s going to get worse”. Data theft, Hay fears, will boom because of profits in individuals and companies trading sensitive information to obtain personal identities and corporate secrets. Australia’s attitude, he says, is “a wait-and-see approach, as opposed to a fraud prevention approach”.
Data losses have grown exponentially as technologies have made more things possible. Symantec’s Scroggie sees the risk daily because he spends most of his time out of the office with a laptop containing payroll records, patent applications, tax returns and more. His files are encrypted and backed up, but that’s not true for everyone.
Information walks out of government and corporate offices via every conceivable avenue: burned to DVDs, downloaded to USB drives, copied to MP3 players and stored on Blackberries. It travels by email, across the web and over wireless networks.
One result? Identity theft. According to Personal Fraud, a landmark Australian Bureau of Statistics study in June, 124,000 instances of ID theft were reported in the previous 12 months.
For business, the risks are potentially catastrophic. A seller of computer security, McAfee, surveyed 1400 large companies in the US, Britain, France, Germany and Australia, and found 60 per cent reported losses of confidential data in the preceding 12 months.
“Even more frightening,” the McAfee report says, “a full third of them believe a major breach could put them out of business.” The McAfee investigation predicts “it’s only a matter of time before a high-profile company, perhaps a squeaky clean one bursting with integrity and good will, is brought to its knees by a breach”.
A global study by Ernst & Young explains in Moving Beyond Compliance that the great concern of businesses is the loss of reputation. That is, they fear their customers will go elsewhere if news of a breach becomes public.
Against this backdrop, the Australian Law Reform Commission released recommendations in August for an overhaul of the Privacy Act, in light of the remarkable transformation in technology during the act’s 20 years. When it began, laptop computers resembled suitcases and mobile phones house bricks. Personal risk associated with them was more likely to refer to muscle injuries rather than lost information.
The commission’s report - all three volumes, 2700 pages, 74 chapters and 4.8 kilograms - contains a call for mandatory notification of lost personal information. The 295 recommendations include a requirement that organisations - public and private - inform people if a loss “may give rise to a real risk of serious harm to an individual”.
“Serious harm is not limited to identity theft or fraud,” the report says. “The harm could include, for example, discrimination, if sensitive medical information was released.”
The report indicates that pre-emptive shots have been fired across the bow to defend parts of the business world from inclusion. Banks, for instance, might be regarded as a key justification for mandatory notification, but they have sought exemption.
Boiled down to 10 key issues, the Law Reform Commission recommendations are in the hands of John Faulkner, the Special Minister of State with stewardship of Privacy Act changes. The senator’s office will limit itself initially to establishing a national set of privacy principles to resolve discrepancies at state and territory level. It will address privacy matters about credit reporting and health information, and will attempt to update the law to take account of technology change.
Excluded from this first round of legislation is mandatory notification of privacy breaches.
The Law Reform Commission president, Professor David Weisbrot, praises the timetable for approving the first changes to the Privacy Act by early 2010, arguing it will establish important building blocks for further improvement. But Weisbrot wants mandatory notification included as soon as possible.
Companies, he says, must be pushed into proactively protecting customer information.
“I’ve spoken to Senator Faulkner’s office and I said I hope they might rethink that. I think it’s something that should be done as soon as practicable.”
Unsurprisingly, privacy advocates have also lobbied for this. Nigel Waters, a board member of the Australian Privacy Foundation, says: “We’re a bit disappointed. It’s the single best thing we could do to get organisations to take privacy seriously.”
David Vaille, the executive director of the Cyberspace Law and Policy Centre, fears the issue will be dismissed as too hard, saying: “One problem with having a 2700-page review of privacy, which is fantastically detailed, is that most of it just gets put off for years.”
Despite such appeals, Faulkner’s office says mandatory notification will fall into a second round of changes. In the meantime, the Privacy Commissioner, Karen Curtis, who supports compulsory notification, has issued voluntary guidelines to help businesses and government departments assess when notification is needed.
“I think mandatory breach notification or some form of it is a natural evolution of our privacy laws,” she says. “I think it will be useful to see how our voluntary guide works in practice. That will ensure we get a better law.
“Touch wood, we’ve been very lucky in Australia. To date there haven’t been large-scale breaches,” Curtis says before adding a caveat: “That we know of.”

Join the forum discussion on this post - (1) Posts

November 15th, 2008 by ATIP1

1. Leading California Healthcare Providers Invest in Automated ... - MarketWatch -

   Leading California Healthcare Providers Invest in Automated ... MarketWatch - 10 hours ago "UCSD Medical Center has deployed various tools to ensure the privacy and security of our patient's data. By adding FairWarning(R) to our environment, ...

2. France drops security database over privacy fears - International Herald Tribune -

   France drops security database over privacy fears International Herald Tribune, France - 7 hours ago AP PARIS: The French government has scrapped a security database that could have tracked anyone deemed a possible threat after protests by privacy crusaders ...

3. Marco Pierre White loses privacy case - Times Online -

   Metro

   Marco Pierre White loses privacy case Times Online, UK - 14 hours ago Marco Pierre White lost his privacy action yesterday against lawyers acting for his wife who obtained his private documents. In a key decision that backs ... Chef loses privacy claim against wife's lawyers Telegraph.co.uk Eady J backs Withers over TV chef's privacy claims The Lawyer Top chef Marco loses privacy battle Metro Mirror.co.uk all 7 news articles

4. Sharing privacy - Concordia Journal -

   Sharing privacy Concordia Journal, Canada - 6 hours ago By Russ Cooper Personal privacy is something many of us hold dear – it's something we don't (by definition) share. But for those involved in the Inner ...

5. New privacy group to shape policy - BBC News -

   BBC News

   New privacy group to shape policy BBC News, UK - 14 hours ago By Maggie Shiels Privacy experts have banded together to influence policy in the new Obama administration and set best practices for the industry. ...

6. 'Enhanced' driver's licence plan embedded with privacy issues - Canada.com -

   CityNews

   'Enhanced' driver's licence plan embedded with privacy issues Canada.com, Canada - 18 Nov 2008 As Ontario moves closer to an EDL with this new legislation, the concern from the privacy and civil liberties communities -- who point to three overarching ... Way cleared for high-tech ID card Toronto Star Bradley says new, enhanced driver's licences will be 'strictly ... St. Catharines Standard Ontario high-tech licences serve as border ID Times and Transcript Pulse 24 - The Canadian Press all 85 news articles

7. Does AT&T’s Newfound Interest in Privacy Hurt Google? - New York Times -

   Does AT&T’s Newfound Interest in Privacy Hurt Google? New York Times, United States - 10 hours ago By Saul Hansell When I first read about the formation of a new privacy think tank in Washington funded initially by AT&T, my first instinct was to see it in ...

8. Privacy issues for BNP members - BBC News -

   The Age

   Privacy issues for BNP members BBC News, UK - 19 Nov 2008 While a leak of this kind might improve the BNP's image overall, not every individual party member is too keen to sacrifice their privacy and possibly their ... BNP members in disarray guardian.co.uk Seven journalists appear on leaked BNP member list Press Gazette BNP members list leak gathers pace online - to link or not to link? Journalism.co.uk Times Online - Scotsman all 1,275 news articles

9. Google's privacy protections - International Herald Tribune -

   Google's privacy protections International Herald Tribune, France - 10 hours ago 17) said that Google's knowledge innovations are generating a backlash among Europeans concerned about privacy. It cited as evidence comments made about a ...

10. Leading Privacy Experts Launch 'Future of Privacy Forum' - MarketWatch -

    Leading Privacy Experts Launch 'Future of Privacy Forum' MarketWatch - 19 Nov 2008 With online privacy concerns growing for consumers across the country, Jules Polonetsky, former AOL Chief Privacy Officer and Christopher Wolf, ... Privacy Think Tank Prepares For Launch Broadcasting & Cable all 12 news articles

November 12th, 2008 by ATIP1

TEHRAN, Nov. 11 (Xinhua) — Iranian Parliament’s National Security Commission said on Tuesday that security cameras for public surveillance should not violate the privacy rights of citizens, Iran’s Press TV reported.

According to the report, Iranian parliamentarian Kazem Jalali warned that the program might violate privacy rights, saying that any use of the technology had to be within existing privacy guidelines.

“It is only acceptable if the systems are installed in public areas,” Jalali was quoted as saying.

Iran’s Law Enforcement Agency (NAJA) had reportedly already proposed to install cameras in the “crime-ridden areas” of major cities to help track the moments of crisis.

Head of NAJA, Brigadier General Ismail Ahmadi-Moqaddam, pledged on Sunday to use surveillance cameras only to monitor crime and not to spy on citizens.

According to the website of Police News Center and following the controversy sparked over the use of public surveillance cameras, Ahmadi-Moqaddam stressed on Tuesday that “The police do not have any camera to control and surveil (people) and they do not intend to violate or limit the private and social freedom.”

Join the forum discussion on this post - (1) Posts

November 11th, 2008 by ATIP1

The French Senate has overwhelmingly voted in favour of a law that would cut off access to the internet to web surfers who repeatedly download copyrighted music, films or video games without paying.

Under the so-called three strikes or “graduated response” legislation - which still needs approval by the lower house before it becomes French law - illegal downloaders are first sent an email warning them of their infraction. They are subsequently sent a warning letter in the post.
If after this second warning they continue to illegally download copyrighted content, the internet service provider will cut off access to the internet for a year.

The legislation passed with a massive cross-party majority of 297 votes to 15. Only a handful of conservatives, centrists and socialists voted against, while the Communists abstained.

In passing the bill, the senators rejected an amendment proposed by senator Bruno Retailleau of the right-wing MPF party replacing internet cut-off with a fine.

Mr Retailleau accused the bill of being too severe. “Cutting access to the internet is discriminatory,” he said, pointing out that often internet access comes bundled with television and fixed-line telephone services and that it is impossible to just cut off the internet.

He added that the internet has become an “essential commodity” that allows people access to social services and that their removal would be “traumatic for a family.”

But the culture minister had earlier warned against the amendment, saying that the introduction of a fine was more severe a punishment.

“The principle of a financial penalty changes the philosophy [of the bill], from instructive to repressive,” Christine Albanel said.

Companies and other enterprises where multiple computers have access to one network however, would instead be required to install firewalls to prevent workers from illegal downloading.

The legislation is the transposition into law of an extra-parliamentary initiative of President Nicholas Sarkozy from last November, the so-called Olivennes accord, in which some 40 stakeholders from the music, cinema and internet service provision sectors agreed that repeat illegal downloaders would have their internet cut off by ISPs. However, the accord was essentially a gentleman’s agreement between the parties and without legislative weight.

The bill sets up a tussle between France and Brussels. In September, the European Parliament approved by a large majority an amendment outlawing internet cut-off.

The amendment, part of a wider telecoms bill, was then defended by information society commissioner Viviane Reding after President Sarkozy earlier this month sent European Commission President Jose Manuel Barroso a letter requesting he work to overturn the parliament’s decision.

Join the forum discussion on this post - (1) Posts