Practical Privacy Practices

Save the Date!
Choose Privacy Week is held annually May 1-7. Start planning now for your library’s participation and programming. Choose Privacy Week materials are available now in the ALA Store.
Information and tools to help libraries protect the privacy of online users.
Events and activities to raise awareness and engage users on privacy issues.

Voices For Privacy Blog

Privacy News and Views for December 8

Posted by on December 8, 2017 in News and Updates | 0 comments


Libraries and the Fight for Privacy | Cor Lehane, Huffington Post

Government Surveillance

Lawmakers Tie FISA Data Disclosures to Section 702 Reauthorization |  The District Sentinel

The White House just bought four more months for NSA reauthorization | The Verge

Warrantless surveillance can continue even if law expires, officials say | The New York Times

These Are the Technology Firms Lining Up To Build Trump’s “Extreme Vetting” Program | The Intercept

Big Brother is Watching You: Feds Now Vetting Foreign Workers Via Social Media | Lexology

Trump’s voter fraud commission plans to create a massive voter database. Former national security officials say it could be hacked. | Washington Post

Corporate Surveillance

Your Geolocation Data Is Already For Sale | International Business Times

How identity data is turning toxic for big companies | The Conversation

Libraries and Privacy

Alameda County library still doesn’t know how many patrons were hacked | East Bay Times

Students’ and Minors’ Privacy

Democratic senators question privacy, security of Facebook’s ‘Messenger Kids’ | The Hill

Dummy Christmas CCTV camera for kids is a real lump of coal | IAPP Privacy Perspectives


Intelligence Director Says Gov’t Can Demand Encryption Backdoors Without Having To Run It By The FISA Court | Techdirt


No boundaries: Exfiltration of personal data by session-replay scripts | Freedom to Tinker

Law and Regulation

Following Uber Breach, Senators Introduce Data Breach Notification Act | Digital Guardian

EU regulators threaten court challenge to EU-U.S. data transfer pact | Reuters

Transatlantic Data Privacy | Social Science Research Network

English High Court Finds Supermarket Liable for Data Breach by Employee in First Successful Privacy Class Action | National Law Journal

This Week in Data Breaches

Nearly 20,000 patients compromised by Henry Ford hospital data breach | Detroit Free Press

Former employee reportedly steals mental health data on 28,434 Bexar County patients | San Antonio Express News

PayPal’s TIO Networks reveals data breach impacted 1.6M users | WBNS 10TV

City Utilities discloses possible data breach | Fox5 Ozarks (Missouri)

Five Denton County schools impacted by state agency data breach | Denton Record-Chronicle

Exclusive: Uber paid 20-year-old Florida man to keep data breach secret – sources | Reuters

Privacy News and Views for December 1

Posted by on December 1, 2017 in News and Updates | 0 comments


Brooklyn, Queens, and New York Public Libraries Launch a New Digital Privacy Initiative | Choose Privacy Week

ALA joins the ACLU and 35 other nonprofit and civil society groups to sign a letter urging Congress to reject the “FISA Amendments Reauthorization Act of 2017,” which would expand Section 702 of the Foreign Intelligence Surveillance Act, and other surveillance authorities.

Featured: Carpenter v. United States

This week the Supreme Court heard oral argument in Carpenter v. United States, a criminal case testing the scope of the Fourth Amendment’s right to privacy in the digital age.  At issue is a precedent decided long before the Internet, smartphones, GPS, and other electronic communications devices became an inescapable part of our daily lives: in Smith v. Maryland, the Supreme Court held that a person had no reasonable expectation of privacy in information voluntarily shared with a third party, and thus the police had no need of a probable cause warrant to obtain phone numbers and other metadata associated with phone calls.  It is anticipated that the Supreme Court will revisit that precedent when deciding Carpenter, and perhaps put the brakes on law enforcement’s ability to access without a warrant to a wide range and volume of citizens’ personal information that includes cellphone location data.  Here is a round-up of the news coverage:  

Government Surveillance

New Surveillance Bill Would Dramatically Expand NSA Powers | ACLU

Lawsuit aims to uncover how government surveils journalists | Columbia Journalism Review

Senate bill would impose new privacy limits on accessing NSA’s surveillance data |Washington Post

Extreme digital vetting of visitors to the U.S. moves forward under a new name | ProPublica

‘Revenge porn’ bill would criminalize posting nude photos without consent nationwide | Mashable

Corporate Surveillance

Facebook’s New Captcha Test: ‘Upload A Clear Photo Of Your Face’ | Wired

Facebook’s AI Scan Of Your Posts For Suicide Prevention Can’t Be Disabled | International Business Times

Staggering Variety of Clandestine Trackers Found in Popular Android Apps | The Intercept

How Smartphone Apps Are Selling Personal Data Without Our Consent—Legally | The Observer

No, you’re not being paranoid. Sites really are watching your every move | Ars Technica

Google collects Android users’ locations even when location services are disabled | Quartz

Proposed Bill Would Regulate Faceprints, Location Data, Other ‘Sensitive’ Information | MediaPost

Students’ and Minors’ Privacy

Germany bans children’s smartwatches over privacy concerns | Endgaget

Consumer Notice: Internet-Connected Toys Could Present Privacy And Contact Concerns For Children | FBI

Student Privacy and Ed Tech | Federal Trade Commission

Amid attacks, teachers weigh their safety against student privacy | Pew Charitable Trust Stateline

Biometric Privacy

What You’re Giving Away With Those Home DNA Tests | NBC News 41

Chuck Schumer Takes Aim At 23andMe And Other Home DNA Testing Services | Newburgh Gazette

Growing private sector use of facial scanners worries privacy advocates | The Hill

Law and Regulation

Parallel Universe or Coincidence: The CFPB’s New Data Consumer Protection Principles’ Relationship to GDPR | Lexology

Human subjects, third parties, and the law | Inside Higher Education

This Week in Data Breaches

Hackers stole the personal data of 57 million Uber passengers and drivers | Los Angeles Times

Oxford and Cambridge Club hit by data thieves | The Telegraph

UPMC Susquehanna notifies patients of data breach | The Daily Item

NC DHHS issues warning about data breach affecting thousands | CBS News North Carolina

Imgur Discloses Breach Affecting Email and Passwords of 1.7 Million Users | Data Privacy + Security


Brooklyn, Queens, and New York Public Libraries Launch a New Digital Privacy Initiative

Posted by on December 1, 2017 in libraries, Privacy Awareness, Privacy Education, Protecting Privacy | 0 comments

by William Marden
Chair, ALA-IFC Privacy Subcommittee

The New York Public Library, Brooklyn Public Library, and Queens Library are teaming up with the Metropolitan New York Library Council to bring digital privacy and data-security information to New York City’s 8.5 million residents.

With support from the NYC Mayor’s Office, the project will train the city’s front-line librarians to be able to answer questions about internet privacy and data security, ensuring that NYC residents can rely on public libraries for trusted and current information in this increasingly-important area.

“New Yorkers need resources to protect themselves as they access the Internet,” said Miguel Gamiño, Jr., NYC’s Chief Technology Officer, whose agency is providing financial support. “This initiative is a critical component of the City’s mission to safeguard privacy and security as we continue to expand internet access to all New Yorkers,” he added.

NYC Digital Safety: Privacy & Security, will employ both online-learning modules and in-person workshops to train more than 1,000 library staff members throughout the city’s three main library systems. The specialized training is scheduled to be rolled out in the spring and summer 2018.  An advisory committee with representatives from the NYPL, Brooklyn and Queens library systems is building on curricula already created through the Data Privacy Project. The committee will further leverage resources previously developed by the Mozilla Foundation, Data & Society, the New America Foundation, the Library Freedom Project. Tactical Tech, and others.

Plans are also in the works to make the final curricula, toolkits, and facilitation guides available at the conclusion of the project for use by a broader community of librarians, educators, and technologists.

The senior leaders of all three library systems have already weighed in with their unanimous support. “Threats to digital privacy are rampant,” said Brooklyn Public Library President and CEO Linda E. Johnson. “It is essential our librarians have the tools and knowledge to help our patrons use computers and other devices safely.”

“Libraries are universally trusted resources that provide a safe harbor during difficult times,” said Tony Marx, President of NYPL, who praised the project’s goal of ensuring that “all New Yorkers have the knowledge they need to confidently navigate the World Wide Web safely and securely.”

Queens Library President and CEO Dennis M. Walcott noted, “This initiative will help library staff deliver a higher level of service by showing our customers how to stay safe online,” further citing “the power of libraries to promote digital literacy to anyone who seeks it.”

At the New York Metropolitan Library Council (METRO), which is providing administrative support for this effort, director Nate Hill commented, “As recent events have shown, privacy and security online are incredibly important issues. We know libraries are incredibly well positioned to act as a resource to help the public protect their data.”

Bill Marden became NYPL’s first Director of Data Privacy and Compliance in November 2015. He comes to NYPL with almost 20 years of policy, regulatory, and compliance experience at some of the world’s leading financial institutions including Citigroup, JPMorgan Chase, and UBS. Previous to his time in the financial world, Bill was a librarian in both the public and private sectors, including six years as books and manuscripts curator for the Frederick R. Koch Foundation, now housed at Yale’s Beinecke Library. He also interned at the Pierpont Morgan Library while studying for his MLS, which he received from Columbia University in 1988.

He is the author of two award-winning books about New York City bookstores, and is also a contributor to “Protecting Patron Privacy in the 21st-century Library,” published by Rowman & Littlefield.