So, as we mentioned last week, Google finally resolved its dispute with the FTC over its Google Buzz introduction last year and the privacy violations that came with it. But not everyone was pleased with the result…the Electronic Privacy Information Center (the privacy advocacy group that filed the original complaint), in conjunction with a number of its brethren, is a little less than enthused that it isn’t slated to receive any of the $8.5 million Google agreed to pay out as part of the settlement… [Ars Technica]

Speaking of privacy advocacy groups, Consumer Watchdog apparently just introduced (in conjunction with CA Senator Alan Lowenthal) a privacy bill for California that would “allow consumers in the state to stop unwanted online tracking”…and it did so today specifically to challenge new Google CEO Larry Page on privacy… [Press Release]

Finally, if you’ve received emails from Tivo, Marriot Rewards, Capital One, Citi, Disney or a number of other businesses, your email may have been compromised. Apparently the vendor that handles email marketing (or at least the databases) for the aforementioned clients (and others) had its database breached over the weekend, exposing many users email addresses… [TechCrunch]

Just in case you hadn’t already noticed, the government is taking online privacy very seriously lately. So much so that the White House has created a subcommittee to advise it on the issue [Washington Post]

Perhaps that has something to do with the fact that the Electronic Privacy Information Center recently graded the Obama Administration a C in consumer privacy…although it gave the administration a B in cybersecurity [CMIO]

And a somewhat long saga finally ends in North Carolina, as a judge ruled yesterday that Amazon does NOT have to turn over customer records for North Carolina customers who made purchases through Amazon.com between 2003 and 2010 [CNET]

Remember that Firefox extension we mentioned yesterday that allowed anyone to access your social networking presences through insecure wi-fi networks? Apparently it’s been downloaded 104,000 times already, in just 24 hours… [TechCrunch]

And iPhone owners – if you think putting a password on your phone will keep unauthorized users out, you might want to read this… [Wired]

Augmented Reality apps are all fun and games, but have we stopped to think about the privacy implications? Personally, I don’t think having an augmented reality app that shows you where sexual offenders live is an invasion of privacy, considering there is a public registration for those individuals, but I can see where they’re going with this… [GigaOm]

Finally, today in Eric Schmidt-isms – Google’s CEO said in a CNN interview that if people don’t want to be captured by Google Street View, they can just move. Probably not the daftest move, but maybe a little more harmless than it seems… [Search Engine Watch]

How could we go a week without some sort of Facebook privacy “fiasco?” Facebook’s latest privacy problem is allegedly “leaking” user information (regardless of privacy settings) and information about users’ friends to 3rd party websites, which according to the Wall Street Journal, violates Facebook’s own privacy policy… [WSJ]

So, of course Germany – which has had an issue with basically anything that has privacy implications – is none too pleased with Facebook… [AFP]

And speaking of Germany, Google appears to be “on course” to resume its Street View efforts in the country, despite a soon-to-be-released number of Germans who have “opted out,” citing privacy issues [NY Times]

Before a new website that professed to track celebrities based on users’ (celeb or otherwise) tweets could get off the ground, Twitter stepped in and cut them off… [Forbes]

The Electronic Privacy Information Center, along with its friends at the Center for Democracy and Technology and several other like-minded organizations, has officially launched the “Privacy 2010 Campaign,” which includes a “report card” on how well the Obama Administration handles privacy issues in different contexts [Examiner.com]

And finally, this isn’t privacy news so much as it is security news, but the US is apparently evaluating an Australian plan to have ISPs cut off internet access to users with “infected” devices and alert them to such “infection”… [Associated Press]

The Electronic Privacy Information Center – along with a few similarly-minded friends – isn’t a fan of Google‘s “new” privacy policy, which took effect yesterday. It has asked Google to make some changes, particularly criticizing Google’s new-found liberty of sharing a user’s information between Google services without the user’s consent [MediaPost]

Leave it to a Brit to propose that “good manners” and not laws are the key to stopping people from invading others’ privacy online…I actually happen to agree, but I still think it’s funny [BBC News]

The UK Ministry of Defense has cautioned all of its personnel to turn off Facebook’s Places service (which it recently rolled out in the UK) because of the potential for terrorists (particularly in Northern Ireland) to exploit it [Register]

The Czech Republic has drawn its line in the sand – Google is not to continue expanding its Street View service within the country [AP]

So, that iris-scanning technology we recently mentioned was being employed down in Mexico – the Department of Homeland Security here in the US is also giving it a trial run at a border station in Texas [Fast Company]

The Electronic Privacy Information Center has sued the NSA spy agency hoping to compel the agency to divulge the details of a reported agreement between it and internet behemoth, Google [LA Times]

Elsewhere in privacy litigation – a DC Circuit judge allowed a group of independent filmmakers to obtain the identities of a bunch of users who had “pirated” the filmmakers’ movies. The judge said that users have no expectation of privacy in the subscriber information they provide in order to facilitate their internet connections [MediaPost]

Just as the Federal Government is about to extend body scan imaging to every major airport in the country, the Federal Marshal’s Service has admitted storing tens of thousands of images just on a single machine in a court house in Florida. This would seem to give further ammunition to privacy advocates who argue that the program represents a significant invasion of privacy. The DC based Electronic Privacy Information Center has filed a suit intended to stop the airport program.

Feds admit storing checkpoint body scan images | Privacy Inc. – CNET News.

[Editor's Note: This post comes to you from Digital Breakfast friend, Andy Harrison - President of the NY-based mobile gaming company, Clout Mobile and Principal of the digital strategic research company, Sixth Man Consulting. Feel free to follow Andy on Twitter, here]

“Six Blind Men and the Elephant”.  It’s the story that I keep going back to when data privacy is discussed.  There are too many issues and too many constituencies to create a simple, all-encompassing explanation.

Privacy is one of today’s “hot button” issues as technological advances have enabled increased access to, accumulation and manipulation of data on an unprecedented scale.  Further, there is a growing societal need to share almost everything; Geolocation services like Foursquare and sites like Blippy and Twitter being but a few examples.  There also seems to be a generational divide where, as a rule, those under 30 share anything about themselves without thinking twice about it.

Where do you draw the line?  How do you protect yourself, if you want protection?  How much should Government regulate or legislate?

We are in a constant state of flux as paradigms get obliterated or reinvented at a dizzying pace.  It gets more complicated because we are in a situation where the vast majority of our world’s decision-makers (government and business) still remember using pay phones, black-and-white televisions and transistor radios.  Wrapping their minds around today’s technology and the accompanying issues is a stretch for most.

So what else is new?

Technology has constantly been challenging privacy.  Thirty-five years ago, it was argued that privacy and security were dead because of the copy machine.  And years before that, it was photography and film.

What is new is the pervasiveness.  Not everyone had immediate access to a copier.  Not everyone had cameras. To understand what is happening, it is important to take a step back to 1)define the components of data privacy, 2) look at some current external pressures and 3) consider data-related key issues for corporations that use data (okay, that’s everyone).

And when you try to absorb everything about data privacy, you can feel like a blind man encountering an elephant.

Two Components

Effective data privacy is a combination of preventing self-inflicted damage and stopping attacks from the outside.  At its root, a company’s data privacy policy has two components.

Individual Privacy – Ensuring that Personally Identifiable Information (PII) is used properly during the regular course of business.  This focuses on how a company uses PII; particularly organizations that meld data from multiple sources and mine it to produce customer insights.  The big challenge here is defining the word “properly.”

Data Security – The means of ensuring that PII data is kept safe from corruption and that access to it is suitably controlled; particularly important for organizations that store and protect massive amounts of personal data (Data Centers, Big Pharmaceutical companies, financial services organizations, credit card processors).

External Pressures – The Current Environment

Shaping data practices and data privacy policy is not done in a vacuum.  Here are some key trends/considerations.

–  Organizations like the Consumer Federation of America, the Electronic Privacy Information Center, the Future of Privacy Forum and the Center for Democracy and Technology are becoming more vocal about all facets of individual privacy and data security.

–  The regulatory environment has not kept pace with the advances in technology and data analysis and practices, but that is changing (e.g., new laws in Massachusetts, Sen. Boucher’s Consumer Privacy Bill). More strident controls will change the landscape.

–  There are key concerns – ethical, legal, etc. – being raised regarding the ability to transform anonymous data into identifiable consumer profiles

–  Data Security is perpetually vulnerable because of technological advances.  Hackers are always one step ahead of programmers and the law.  While there are significant benefits to leveraging technology, it also facilitates theft, intrusion and voyeurism.  Therefore, pressure increases on gatekeepers of data to preserve the sanctity of the information.

–  Data breaches like HSBC are heightening public awareness of and concerns regarding privacy and raises increasing doubts on gatekeepers’ ability to self-regulate and protect confidential data.

Going Forward – The Balancing Act

Within Your Control

Implementing comprehensive data privacy practices can conflict with basic corporate goals (e.g., making money) and impinges on certain business practices. Which is more important?  Here are a few items to consider:

Out of Your Control – Kosher

Individuals and government still matter.

Out of Your Control – Criminal

Even with the best practices and applications in place, no company has complete control in the data chain of custody.  There is always an Achilles’ heel. To wit:

Data Privacy is no longer a topic that is limited to a business’ back room operations.  It touches every facet of business – from the tactical to the strategic.  Give short shrift to it at your own peril.