Data privacy: Be extra alert these days

This is timely news, since yesterday the United States, Canada, and 27 European celebrated the third-annual Data Protection Day (see Computer Weekly). Computer security experts are saying that cybercriminals are taking advantage of "the fear and confusion created by tumbling financial markets" with a "massive wave of schemes to steal people's personal data," USATODAY reports. Panda Security told the paper that the number of malicious software programs circulating around the Net "tripled to more than 31,000 a day in mid-September, coinciding with the sudden collapse of the US financial sector." What to be on the alert for: ads, emails, IMs, bulletins, comments, etc. promoting anti-virus programs, get-rich-quick opps, funny or suggestive videos, etc. - basically everything. Just be on the alert and tell your kids it's just good to be skeptical about messages that make something sound really good or interesting. There really is something to "think before you click." [See also "Beware of Facebook 'Friends' Who May Trash Your Laptop" in a Wall Street Journal blog.]

Britain's 'child protection database'

This is what some in the UK call "child protection"? The BBC reports that "a child protection database" containing "the name, address, parents' contact details, date of birth, school, and doctor of every child in England" is being established "to improve information-sharing between professionals working with children." It will be accessible to 390,000 people described in the article as "local authorities, police, health services, and children's charities." Parents will not be allowed to remove their children's information from the database, the BBC adds. Children's Minister Baroness Morgan said "there will be provision for 'shielding' the details of young people facing risk if they were identified," the BBC reports. It says Conservatives attacked the £224m ($315.5 million) database as "another expensive data disaster waiting to happen," leading one to wonder if anyone remembers that UK database security breach in 2007 that jeopardized the personal information of "virtually every child in Britain" (see my item on this). [Thanks to QuickLinks for pointing this news out.]

Data breaches way up

Whether or not age verification would help keep kids safe online, as state attorneys general suggest, it would require the collection of children's personal information into some database(s) somewhere. Consider that possibility against the news of where we are with the security of personal information in databases right now. "Businesses, governments and educational institutions reported nearly 50% more data breaches last year than in 2007, exposing the personal records of at least 35.7 million Americans," the Washington Post reports, citing a report from the Identity Theft Resource Center of San Diego. Nearly 37% of the breaches happened at businesses and about 20% at schools, the Center found. See also "Social networker age verification revisited" and "Europe on age verification, social networking."

European call for social-site privacy rules

The EU's Data Protection Authority has urged social-network sites to "warn users about the low level of protection given to their profiles," Agence France-Presse reports. At a two-day conference in Strasbourg, the regulatory body called for "a standard set of international rules" for privacy protection and user education. According to the AFP, it said that "users, especially minors, should be told about the risks they face by going online and given clear instructions on how to change their data protection settings." The AFP added that 70 countries stressed the need for a universal data-protection standard at the Strasbourg conference, which was organized by the Council of Europe.

Child info floating around the Net

The Los Angeles Times article features a very anxious mom whose story illustrates a data security issue much broader than lost or stolen laptops with databases of people's personal info on their hard drives. It's about what's happening as "vast databases of sensitive information are bought and sold by private companies" focused a lot more on monetizing millions of registered users than on protecting the users' privacy. "Reunion.com's privacy policy says the site "prohibits registration by and will not knowingly collect personally identifiable information from anyone under 13'," the Times reports. "But that doesn't address the site's own data-gathering." The company told the Times it had bought the records of 260 million people from a data broker that it said was told not to include minors in the purchased data. Still, the name of the mom's 4-year-old child showed up on a page she stumbled on in Reunion.com. "She was especially distressed that the listing for her husband's name included the family's town, Beaverton - not the sort of information she wanted anywhere near her son's identity." And now it's in the L.A. Times too.