According to the Center for Democracy and Technology, group of nine privacy organizations have asked the FTC to implement a “Do Not Track List” intended to protect consumers from having their online activities unknowingly tracked, stored, and used by marketers and advertising networks.

The Do Not Track List, which would function much like the national “Do Not Call” list, is one of several consumer privacy protections the group asked the FTC to adopt as part of a broader effort to correct a privacy imbalance that deprives Americans of the ability to control their own valuable personal information.

The groups also recommended:
• The adoption of a new definition of “personally identifiable information” updated to reflect the realities of today’s Internet;
• Providing more robust disclosures to consumers about behavioral tracking;
• Ensuring that information about consumer privacy and choices is available to all individuals, including those who have visual, hearing, or other disabilities;
• Independent auditing of those engaged in behavioral tracking to ensure adherence to privacy standards;
• Providing consumers with access to personally identifiable information collected about them by companies engaged in behavioral tracking;
• Prohibiting advertisers from collecting and using personally identifiable information about health, financial activities, and other sensitive data; and
• Establishing a national “Online Consumer Protection Advisory Committee.”

The Center for Democracy and Technology, Consumer Action, Consumer Federation of America, Electronic Frontier Foundation, Privacy Activism, Public Information Research, Privacy Journal, Privacy Rights Clearinghouse, and World Privacy Forum are the groups behind the recommendations.

According to the Press Association, when actor George Clooney was treated at the Palisades Medical Centre in North Bergen, New Jersey, his medical information was compromised. As a result, several hospital workers have been suspended.

As many as 40 employees, including doctors, were suspended without pay, accused of accessing Clooney’s medical records and possibly providing information to the media, a violation of federal law. The Jersey Journal of Jersey City reported that 27 staff, but no doctors, had been disciplined, and only for looking at the records without authorization.

A spokeswoman for the union representing some of the employees said they had been suspended without pay for four weeks.

Eurice Rojas, the hospital’s vice president of external affairs, told The Jersey Journal that hospital officials do not believe any employees leaked Clooney’s medical information, but some did improperly access his records.

Federal law says that only direct caregivers – including doctors, nurses, technicians and support staff involved in a patient’s care – can view such information.

ComputerWorld reports that California Gov. Arnold Schwarzenegger vetoed a bill that would have made merchants in California liable for the costs incurred by financial institutions as a result of retail data breaches. In a statement explaining his veto, the governor says that the measure “attempts to legislate in an area where the marketplace has already assigned responsibilities and liabilities that provide for the protection of consumers.”

AB 779 would have required retailers affected by breaches to reimburse banks and credit unions for the costs of alerting customers and reissuing credit and debit cards. It would also have prohibited merchants from storing some information and required them to use so-called strong authentication technologies to protect cardholder data.

The California Credit Union League, the bill’s chief proponent, expressed disappointment at the veto but vowed to try to get the measure passed in the state’s next legislative session.

The California bill’s demise means that Minnesota remains the only state to have passed a data breach cost-reimbursement law.

Retail industry groups have complained that such measures would unfairly penalize merchants that already pay for fraud-related costs via the so-called interchange fees that credit card companies assess on each transaction.

A new study of U.S. Secret Service cases shows that identity thieves are typically young, work solo and rely on the Internet for fewer than a fifth of their crimes. The Center for Identity Management and Information Protection (CIMIP) also found that “insider” employees were the offenders in just one-third of the cases examined. However, when an employee stole identity information, they often worked in the retail industry.

For its analysis, CIMIP researchers reviewed 517 cases closed by the Secret Service between 2000 and 2006. They found that 42.5 percent of offenders were between the ages of 25 and 34. Another 18 percent were between the ages of 18 and 24. Two-thirds of the identity thieves were male. Nearly a quarter of the offenders were born outside the United States.

Here are some additional findings:
o Eighty percent of the cases involved an offender working solo or with a single partner;
o Most of the offenses were committed by non-employees who victimized strangers. Employee insiders were the offenders in just one-third of the 517 cases.
o Of the 933 offenders, 609 said they initiated their crime by stealing fragments of personal identifying information, as opposed to stealing entire documents, such as bank cards or driver’s licenses.
o While identity thieves used a wide combination of methods, fewer than 20 percent of the crimes involved using the Internet. In half the cases, no Internet or technological devices at all were used.

According to the Washington Post, a bipartisan bill that would let victims of identity theft seek restitution for money and time they spent repairing their credit history has been introduced on in the Senate.

The legislation also gives federal prosecutors more tools to fight identity theft and cyber crime, according to sponsors Democrat Patrick Leahy of Vermont and Republican Arlen Specter of Pennsylvania.

“Cyber criminals are getting smarter and more effective in their online efforts to strip Americans of their privacy, and their property,” Leahy said in a statement.
The bill would also do the following:
o eliminate a requirement that the loss resulting from damage to a victim’s computer must exceed $5,000 for prosecution;
o make it a felony to use spyware or keyloggers to damage 10 or more computers; and
o expand the definition of cyber crime to include extortion schemes that threaten to damage or access confidential information on a computer.