Yahoo Adopts New Search Engine Retention Policy

Yahoo announced that, after 90 days, it will obscure some elements in the records that it keeps about all Internet users who use the company's services. The search company will continue to keep modified record locators, time/date stamps, web pages viewed, and a persistent user identifier, known as a "cookie" for an indefinite period. Yahoo is also retaining much of the IP address, which typically identifies a user's device, such as a laptop or a mobile phone. Privacy rules classify IP addresses as "personal data." Experts have criticized the partial deletion of IP address data as insufficient to protect search engine consumers, and called for complete deletion.

Yahool Limits Retention of Personal Data, New York Times, December 18, 2008

DHS Release Fusion Center Report

The Department of Homeland Security has released the Privacy Impact Assessment for the State, Local, and Regional Fusion Center Initiative. The assessment examines the privacy implications of the State, Local and Regional Fusion Centers and the DHS' State and Local Program Management Office. In May, EPIC prevailed in its freedom of information request to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws and uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them.

Supreme Court Backs State Consumer Protection Law

The Supreme Court affirmed the authority of states to establish safeguards that provide stronger consumer protections than federal laws. Cigarette companies challenged a Maine consumer protection law that prohibits unfair or deceptive trade practices, claiming that a weaker federal law "pre-empted" the Maine measure. However, the Supreme Court upheld the state protections, holding that the Maine law was not pre-empted by the Federal Cigarette Labeling and Advertising Act or federal regulators' authority. Many states have passed strong consumer privacy laws that private companies hope to preempt with weaker federal laws. The decision also follows President-elect Barack Obama's statement that "a single courageous state may, if its citizens choose, serve as a laboratory." Obama's statement echoes Supreme Court Justice Louis Brandeis, who advocated for state lawmakers' broad freedom to create innovative consumer protections as "laboratories of democracy."

International Human Rights Day 2008

International Human Rights Day - Privacy is a Fundamental Right. December 10, International Human Rights Day, commemorates the 1948 adoption of the Universal Declaration of Human Rights. Human Rights Day 2008 marks the start of a year-long commemoration of the 61st anniversary of the Declaration. The document is the foundation of international human rights law, the first universal statement on the basic principles of inalienable human rights, and a common standard of achievement for all peoples and all nations. Article 12 of the Declaration includes privacy as a fundamental human right.

Verizon Employees Snoop on President-Elect Obama's Cellphone Records

It was recently disclosed that curious Verizon employees snooped into then Senator Obama's cellphone records during the recent election. Senator Patrick Leahy has asked the Department of Justice to provide information about investigations and prosecutions under the federal law that prohibits viewing confidential phone records information, related to the reports about Verizon employees improperly accessed President-elect Obama's cell phone records. The employees were dismissed but no criminal investigation was pursued. Unauthorized or illegal access to telephone records through pretexting, domestic surveillance, and now employee curiosity are posing problems for telecommunication privacy.

Who's Been Reading My Cell-phone Records?, PC World, November 25, 2008

Court Upholds New Hampshire Prescription Privacy Law

The First Circuit Court of Appeals upheld a New Hampshire law that bans the sale of prescriber-identifiable prescription drug data for marketing purposes. In August, the Electronic Privacy Information Center (EPIC) and 16 experts in privacy and technology filed a "friend of the court" brief urging the federal appellate court to reverse a lower court ruling that delayed enforcement of the New Hampshire Prescription Confidentiality Act. Privacy experts said the lower court should be reversed because there is a substantial privacy interest in patient data that the lower court failed to consider.

NH prescription privacy law upheld, CNN Money.com, November 18, 2008

FTC Halts Stalker Spyware Distribution

Following an EPIC complaint, a federal court has ordered CyberSpy Software to stop selling malicious computer software. In March, EPIC filed a complaint with the Federal Trade Commission alleging that the spyware purveyor engages in unfair and deceptive practices by: (1) promoting illegal surveillance; (2) encouraging "Trojan Horse" email attacks; and (3) failing to warn customers of the legal dangers arising from misuse of the software. The federal regulators agreed, and asked the court for a permanent injunction barring sales of CyberSpy's "stalker spyware," over the counter surveillance technology sold for individuals to spy on other individuals. The court entered a temporary restraining order on November 6, 2008. Further litigation is expected before the court rules on the government's request for a permanent ban.

US Court Halts Sale of Spyware Program, PC World, November 18, 2008