News Stream Books Videos Web Conferences Subscriptions Advertise About IAPP Publications
Daily Dashboard Daily Dashboard

The day’s top stories from around the world

 AI Governance Dashboard – New AI Governance Dashboard – New

Stay on top of the latest AI governance news and developments of the profession.

 The Privacy Advisor The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

 Privacy Perspectives Privacy Perspectives

Where the real conversations in privacy happen

 Privacy Tech Privacy Tech

Exploring the technology of privacy

 Canada Dashboard Digest Canada Dashboard Digest

A roundup of the top Canadian privacy news

 Europe Data Protection Digest Europe Data Protection Digest

A roundup of the top European data protection news

 Asia-Pacific Dashboard Digest Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

 Latin America Dashboard Digest Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

 U.S. Privacy Digest U.S. Privacy Digest

A roundup of US privacy news
Overview KnowledgeNet Chapters Sections Affinity Groups Volunteer Annual Awards Career Central
Find a KnowledgeNet Chapter Near You

Talk privacy and network with local members at IAPP KnowledgeNet Chapter meetings, taking place worldwide.

 IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

 IAPP Calendar

Review a filterable list of conferences, KnowledgeNets, LinkedIn Live broadcasts, networking events, web conferences and more.
Overview Online Training Live Online Training In-Person Training Books Practice Exams Train Your Staff Official Training Partners Web Conferences
Artificial Intelligence Governance Professional Artificial Intelligence Governance Professional

Learn how to surround AI with policies and procedures that make the most of its potential by reducing its risks.

 European Data Protection (CIPP/E)

Understand Europe’s framework of laws, regulations and policies, most significantly the GDPR.

 U.S. Private-Sector Privacy (CIPP/US)

Steer a course through the interconnected web of federal and state laws governing U.S. data privacy.

 Canadian Privacy (CIPP/C)

Learn the intricacies of Canada’s distinctive federal/provincial/territorial data privacy governance systems.

 Privacy Program Management (CIPM)

Develop the skills to design, build and operate a comprehensive data protection program.

Privacy in Technology (CIPT)

Add to your tech knowledge with deep training in privacy-enhancing technologies and how to deploy them.

 Foundations of Privacy and Data Protection

Introductory training that builds organizations of professionals with working privacy knowledge.

 Privacy Law Specialist Training (PLS)

Meet the stringent requirements to earn this American Bar Association-certified designation.
Overview Certification Programs Get Certified How to Prepare Continuing Privacy Education (CPE) Fees Certify Your Staff Verify a Certification
CIPP Certification CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

 CIPM Certification CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

 CIPT Certification CIPT Certification

As technology professionals take on greater privacy responsibilities, our updated certification is keeping pace with 50% new content covering the latest developments.

 FIP Designation FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

 Privacy Law Specialist Privacy Law Specialist

The first title to verify you meet stringent requirements for knowledge, skill, proficiency and ethics in privacy law, and one of the ABA’s newest accredited specialties.

 AIGP Certification AIGP Certification

Ensures individuals responsible for AI systems can reduce the risks associated with this technology.

 Certificação CDPO/BR Certificação CDPO/BR

Mostre seus conhecimentos na gestão do programa de privacidade e na legislação brasileira sobre privacidade.

 Certification CDPO/FR Certification CDPO/FR

Certification des compétences du DPO fondée sur la législation et règlementation française et européenne, agréée par la CNIL.
Tools and Trackers Research Glossary Global Privacy Directory Enforcement Database Westin Research Center Web Conferences Jobs Privacy Vendor Marketplace
Global Privacy Directory

This tool identifies global data protection authorities and privacy legislation.
US State Privacy Legislation Tracker

The IAPP’s US State Privacy Legislation Tracker consists of proposed and enacted comprehensive state privacy bills from across the U.S.
Reports and Surveys

Access all reports and surveys published by the IAPP.
Privacy Governance Report

This report shines a light on the location, performance and significance of privacy governance within organizations.
Privacy Risk Study

This year’s Privacy Risk Study represents the most comprehensive study of privacy risk undertaken by the IAPP in collaboration with KPMG.
Artificial Intelligence

On this topic page, you can find the IAPP’s collection of coverage, analysis and resources covering AI connections to the privacy space.
CCPA and CPRA

IAPP members can get up-to-date information here on the California Consumer Privacy Act and the California Privacy Rights Act.
EU General Data Protection Regulation

The IAPP's EU General Data Protection Regulation page collects the guidance, analysis, tools and resources you need to make sure you're meeting your obligations.
Data Protection Intensive: UK Data Protection Intensive: UK

Explore the full range of U.K. data protection issues, from global policy to daily operational details.

Global Privacy Summit Global Privacy Summit

Expand your network and expertise at the world’s top privacy event featuring A-list keynotes and high-profile experts.

AI Governance Global AI Governance Global

A new event in Brussels for business leaders, tech and privacy pros who work with AI to learn about practical AI governance, accountability, the EU AI Act and more.

 Canada Privacy Symposium Canada Privacy Symposium

Leaders from across the Canadian privacy field deliver insights, discuss trends, offer predictions and share best practices.

Asia Privacy Forum Asia Privacy Forum

Hear top experts discuss global privacy issues and regulations affecting business across Asia.

 Privacy. Security. Risk. (P.S.R.) Privacy. Security. Risk. (P.S.R.)

P.S.R. focuses on the intersection of privacy and technology. The call for proposals to speak at the 2024 event is open. Submit your ideas today.

 Europe Data Protection Congress Europe Data Protection Congress

Europe’s top experts offer pragmatic insights into the evolving landscape and share knowledge on best practices for your data protection operation.

 ANZ Summit ANZ Summit

Gain exclusive insights about how privacy affects business in Australia and Aotearoa New Zealand.

 Speak at an IAPP Event

View our open calls and submission instructions.

 Sponsor an Event

Increase visibility for your organization — check out sponsorship opportunities today.

Individual Membership Corporate Membership Group Membership Student Membership
Become a Member

Start taking advantage of the many IAPP member benefits today

 Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

 Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits
{[product.name]} {[ product.name ]}
clear
mode_editEdit
remove_circle_outline {[ getCartItemQuantity(product.id) ]} add_circle_outline
{[ product.price | currencyFilter ]}
TOTAL: {[ getCartTotalCost() | currencyFilter ]} Update cart for total shopping_basket Checkout

Privacy Perspectives | PII as a Weapon Related reading: US House commences proposed American Privacy Rights Act debate

rss_feed

""

""

""

As the eyes of the U.S., and perhaps of the world, collectively turn to Ferguson, MO, following the shooting death of unarmed teenager Michael Brown, there are any number of issues that have been the subject of heated conversation: the U.S.'s continuing racial inequality; the ever-widening income gap; the role of a free press in the U.S. (two journalists have been seemingly indiscriminately arrested); the militarization of local police forces; the efficacy of the “wars” on terror and drugs and poverty (remember that one?).

Here at the IAPP, however, we also have been struck by the role of personally identifying information (PII) in what are alternately being called riots and protests.

Most notably, the online “hacktivist” group Anonymous has waded prominently into the fray, releasing an ominous video threatening digital repercussions for physical abuse against Ferguson protestors.

Watch it here:

As police officers employ varying weapons—tear gas, rubber bullets, barking dogs—in their attempts at what might be called controlling the riots (or, alternately, intimidating the protestors), Anonymous has responded by threatening to retaliate with a different sort of weapon altogether: PII.

Per the video, “If you abuse, harass or harm in any the protestors … we will take every web-based asset of your departments and governments offline. That is not a threat. It is a promise. Attacking the protestors will result in the release of personal information on every single member of the Ferguson Police Department, as well as any other jurisdiction that participates in the abuse of this state’s own law. We will seize all your databases and email pools and dump them on the Internet.”

Regardless of your views of the situation in Ferguson, the threat of the use of PII in this way is striking for anyone in the profession of protecting and caring for it. Perhaps it shines new light on the value of personal information in the first place.

Three days following the release of the video, Anonymous has made good on its threats, at least in part.

Yesterday, the St. Louis Dispatch reported, “The Internet crashed at City Hall here on Tuesday morning. Ferguson’s website went dark. The phones died.”

Further, on Tuesday, “someone posted the home address and phone number of Jon Belmar, the relatively new chief of St. Louis County police.” They posted pictures of his family. They made intimidating remarks about a picture featuring his wife. They threatened to release information about his daughter if he didn’t release the name of the officer who shot Michael Brown.

And then they recanted. “We recognize that Jon Belmar has had enough damage done to him,” Anonymous posted on Twitter.

Instead, they reportedly changed tacks and hacked into the dispatch center of the police department and grabbed the recordings of the dispatch log for the day of Brown’s shooting, then released them for public consumption. There’s some question as to the tapes’ veracity, but, again, it’s clear that digital information is being used as a “weapon” in the “battle” between the protestors and the police and other authorities.

Even as we post this blog, Anonymous threatens to release the name (and other PII) of the officer who allegedly shot Brown.

What does this tell us about information’s value? Surely, there is no question about how digital information is valued after the high-profile leaks by the likes of Julian Assange, Chelsea (nee Bradley) Manning and Edward Snowden. And there can be no doubt that “cyber-attacks” will be amongst the salvos of any armed dispute in the future, just as they are becoming amongst the highest-profile risks considered in the boardroom.

For many of you, maybe those leaks didn’t really resonate, though. You’re not exactly holding state secrets there at Acme, Inc. Maybe, however, Ferguson will resonate more closely to home. All of you hold personal data of some sort—names, addresses, email addresses, social security numbers, histories of medical issues and more. What damage could be done via their loss? Via their inappropriate use?

In Ferguson, an address, phone number and family photos are being used as retaliatory measures for tear gas and rubber bullets. That should be at least cause for reflection.

EDIT: Emphasizing how seriously Twitter takes PII, the social media platform has suspended the account Anonymous account @TheAnonMessage in the minutes after this was posted. Per the company's terms of service, or "The Twitter Rules," "You may not publish or post other people's private and confidential information, such as credit card numbers, street address or Social Security/National Identity numbers, without their express authorization and permission."

photo credit: mr.smashy via photopin cc

Author
Headshot Sam Pfeifle Nonmember Contributor
Tags
U.S.
Infosecurity
Privacy Community
Comments

If you want to comment on this post, you need to login.

Related Stories
South Africa approves data management directive
South Africa's Department of Public Service and Administration Minister Noxolo Kiviet approved a directive on data management. The directive is a "legal instrument to give effect to the mainstreaming of knowledge management and data management in the public service." It aims to increase the developm...
Read More queue Save This
FTC advises on data security vulnerabilities
The U.S. Federal Trade Commission's Office of Technology wrote about how to strengthen data security systems to avoid punishable data breaches. The advisory discusses vulnerabilities that include cross-site scripting, structured query language injections and buffer overflows.Full story...
Read More queue Save This
Related Stories
Tags
U.S.
Infosecurity
Privacy Community
Recent Comments