In the wake of the UK’s proliferating security breaches, they’ve taken the first steps towards increased regulations. The Times Online reports that MPs are considering a proposal (after Information Commissioner Thomas’s proposal) that would make company executives responsible for the data they hold, including certification requirements that security protections are in place (a la Sarbanes Oxley). (Credit to the always useful Canadian Privacy Law Blog.)
Another interesting thing I learned from that profile of Joanne McNabb . . . beginning January 1, the California Office of Privacy Protection will merge with the State Information Security Office, to create a new Office of Information Security and Privacy Protection.
It’s apparently privacy day at the San Francisciso Chronice, with two profiles of privacy industry movers and shakers in the business section, one of which might provide some insight into developments in California privacy law.
The first is on Eric Fleischer, Google’s global privacy counsel, who notes that his job has made him cautious about providing information online (but apparently not too cautious to publish a diatribe against the suit and tie). The article provides a rundown of some of the privacy challenges Google has faced, as well as an interesting few paragraphs about the elements of proper notice and consent.
The second profiles Joanne McNabb, chief of the California Office of Privacy Protection, the first of its kind in the United States. It describes how she provides practical advice to businesses and consumers based on California’s privacy laws (which are groundbreaking but give few real-world guidelines for when issues arise under them), often within strict budget limits.
McNabb’s profile discusses what she sees as the most worrisome development for privacy on the web – the lack of control consumers have over the information that’s posted about them:
"People are unhappy and confused about places like MySpace," she said. "They’ve got your information – your kid’s pictures are online. … When we start explaining about public records, they don’t want to hear it. They want their information off the Web."
She’s decided that California needs better privacy laws, prompted by Daniel Solove’s The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. It’s got her thinking of ways to improve privacy without burdening the court system, for example by placing obligations on employers who run background checks.