White Paper: Biometric Encryption Technology Promises Privacy, Security and Personal Control
Information and Privacy Commissioner of Ontario Ann Cavoukian, Ph.D., and Alex Stoianov, Ph.D., an internationally recognized biometrics scientist, have published a joint research paper, Biometric Encryption: A Positive Sum Technology That Achieves Strong Authentication, Security AND Privacy.

The white paper sets out the privacy, security and trust problems of current biometric information systems, and explains how an emerging new technology, called Biometric Encryption, can address those concerns.

With Biometric Encryption (BE), instead of storing a sample of one's fingerprint in a database, a fingerprint can be used to encrypt or code some other information, like a PIN or account number, or cryptographic key, and only store the biometrically encrypted code, not the biometric itself. This removes the need for public or private sector organizations to collect and store actual biometric images in their database. The method addresses most privacy and security concerns associated with the creation of centralized databases.

The paper also lays out the privacy and personal control advantages for individuals over their own biometric data, and examines other possibilities for its use and how it can offer stronger information security and greater user confidence and trust in biometric identification systems.

The paper is available at www.ipc.on.ca

European Hotel Collection of Personal Information for Law Enforcement

The Chief Privacy Officer for the Department of Homeland Security (DHS), Hugo Teufel, CIPP/G, and the Chief Privacy and Civil Liberties Officer at the Department of Justice, Jane Horvath, an IAPP board member, have written to European data protection authorities to better understand the European practice of hotels collecting personally identifiable information from guests upon check-in.

The two senior privacy officials personally experienced this practice in Brussels last May when they were asked to complete hotel forms asking for home address, birth date, place of birth, passport number and home telephone number. The hotels explained that this information is collected for safety and security purposes to be shared with local law enforcement. The forms were marked with the notice "Police." 

To understand this practice, the U.S. privacy officers contacted the European Data Protection Supervisor and Article 29 Working Party seeking guidance on the authority for collection of this information, how is it used and safeguarded, how long it is retained and whether it is shared outside EU, non-Schengen countries.

—    Submitted by John Kropf, CIPP/G, DHS Deputy Chief Privacy Officer

Colombian Senate Approves Data Protection Bill
The Colombian Senate recently approved a data protection bill, which could be enacted this month. The bill still must go before the Constitutional Court for review. Colombia has tried unsuccessfully several times in the past to pass a data protection bill.

TRUSTe Has a New Look
TRUSTe, a nonprofit consumer privacy organization, recently launched a new identity for its family of seals as a statement of its continued and evolving focus on protecting consumers' privacy. Since the organization was founded 10 years ago, the TRUSTe seal has become the road sign for Internet users to identify trustworthy Web sites.

The new look is intended to reflect TRUSTe's expanded offerings and reach, including the growing adoption of the EU Safe Harbor Program, and the recent launch of the Trusted Download Program, a whitelist of software applications that are certified to be free of spyware and malware. In addition to monitoring sites for compliance, TRUSTe plays an active role in resolving more than 5,000 disputes per year to ensure trust is built between individuals and Web properties.

Ponemon Study: Nearly 40 Percent of Large Organizations Don't Monitor Databases for Suspicious Activity — Or Don't Know if They Do
Application Security, Inc. recently announced the results of a Ponemon Institute survey underscoring the serious challenges organizations face in securing sensitive data. With more than 150 million data records exposed in the past two years, the survey also highlights an organizational disconnect between the realization of the threat and the urgency in addressing it.

The Ponemon Institute surveyed 649 respondents in corporate information technology (IT) departments worldwide, and found that organizations are wrestling with how to protect data from misuse by external and internal forces while expanding access to the same data to drive business initiatives. Highlighting these challenges, the survey reveals that:

  • Forty percent said their organizations don't monitor their databases for suspicious activity, or don't know if such monitoring occurs. More than half of these organizations have 500 or more databases — and the number of databases is growing.
  • "Trusted" insiders' ability to compromise critical data was cited as the most serious concern — with 57 percent perceiving inadequate protection against malicious insiders and 55 percent for "data loss" by internal entities.
  • Seventy-eight percent believe that databases are either critical or important to their business. Customer data represents the most common data type contained within these databases.
  • Customer/consumer and employee data rank 3rd and 4th respectively in regard to organizations' prioritization of what must be protected.

The full report is available at: www.appsecinc.com/techdocs/whitepapers/2007-Ponemon -Database-Security-Study-Sponsored-by-Application-Security-Inc.pdf.

Websense Unveils Information Leak Prevention Software
Websense, Inc. has announced the development of the industry's first security software that integrates information leak prevention capabilities with Web categorization and filtering to provide organizations with a new level of information protection. According to Websense, this combination of content and destination awareness allows automated enforcement of who has access to what information, how the information can be used, and where it can be sent.

Websense Content Protection Suite v6 combines content and context awareness leveraging Web intelligence through integration with Websense's URL database and ThreatSeekerâ„¢ malicious content classification technology, as well as new context-based data recognition capabilities that increase detection accuracy and enable organizations to create and enforce powerful, user-specific data sharing policies.

The software is slated to be available this month.


If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

Find a KnowledgeNet Chapter Near You

Network and talk privacy at IAPP KnowledgeNet meetings, taking place worldwide.

Women Leading Privacy

Events, volunteer opportunities and more designed to help you give and get career support and expand your network.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

New Web Conferences Added!

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Staff

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

Get Close-up

Looking for tools and info on a hot topic? Our close-up pages organize it for you in one easy-to-find place.

Where's Your DPA?

Our interactive DPA locator helps you find data protection authorities and summary of law by country.

IAPP Westin Research Center

See the latest original research from the IAPP Westin fellows.

Looking for Certification Study Resources?

Find out what you need to prepare for your exams

More Resources »

GDPR Comprehensive: Spots Going Fast

With the top minds in the field leading this exceptional program, it's no wonder it's filling quickly. Register now to secure your spot.

Be Part of Something Big: Join the Summit

Registration is open for the Global Privacy Summit 2016. Discounted early bird rates available for a short time, register today!

Data Protection Intensive Returns to London

Registration is now open for the IAPP Europe Data Protection Intensive in London. Check out the program!

P.S.R. Call for Speakers Open!

P.S.R. is THE privacy + cloud security event of the year, and you can take a leading role. Propose a session for this year's program.

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

Exhibit at an Event

Put your brand in front of the largest gatherings of privacy pros in the world. Learn more.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»