On December 14 Yahoo announced a serious security breach in which sophisticated data attackers grabbed users’ answers to security questions, among other information such as names, email addresses, phone numbers, and birth dates. This breach is particularly worrisome because it culled sensitive information from 1 billion Yahoo customers, which makes this the largest data breach known to date. The
At Biometrics 2016 in London, I gave a keynote presentation on the state of biometrics policy and privacy, with suggestions for further work. Several aspects of that presentation have garnered follow-up requests, including requests for more information about my discussion of the “Fishbone Model” of biometric template security, a model I like very much and have
The World Privacy Forum submitted comments today on an important proposal from the US Executive Office of the President, Office of Management and Budget regarding a circular directing agencies how to write, post, review, and generally handle Privacy Act notices. The proposal, called Circular A-108 Federal Agency Responsibilities for Review, Reporting, and Publication under the
The World Privacy Forum filed a pair of comments about a US Department of Justice proposal regarding treatment of insider threat records at the FBI. Our first comments respond to a Systems of Records notice, our second comments respond to a Notice of Proposed Rulemaking on the same issue. In our first set of comments
The US Postal Service’s new Informed Delivery system has the potential to impact every household in the United States that receives mail. It’s important, and there are plenty of privacy issues. The World Privacy Forum wrote extensive comments to the United States Postal Service warning it about certain consumer privacy and security risks of its Informed Delivery service. Here’s more information about Informed Delivery, and why it may create new phishing risks.