Cross-posted from Chronicles of Dissent.
For better or worse, and mostly worse, here's my list of top 10 privacy breaches or outrages of the year. Some of the entries below received a lot of media coverage, while others seem to have been ignored or only had 15 minutes of fame.
10. Fidelity Federal Bank settled a class-action suit for illegally purchasing motor vehicle records on over 550,000 Florida motorists, but the State of Florida didn't pay a dime despite violating federal law by selling the records to Fidelity Federal.
9. Ohio University suffered several data breaches earlier this year, affecting hundreds of thousands of records or individuals. After the third hack in two months was discovered, two IT executives were fired.
8. The Ninth Circuit thinks that forensic searches of laptop computers at the border -- even when a traveller spends absolutely no time outside the airport in the foreign country and is not under any suspicion of being in possession of any contraband -- are just fine.
7. Approximately 658,000 AOL subscribers had their search queries revealed for 10 days when the data were mistakenly released on the web. Although AOL removed the data, they had already been cached and mirrored on other sites, and it was possible to identify some of the users by their queries.
6. UCLA reported that a database containing Social Security numbers and personal information on 800,000 was breached. Attempts to hack the database had occurred as early as October 2005 and didn't end until Nov. 21, 2006 when the suspicious activity was (finally) detected.
5. Boeing Co., apparently on a slow learning curve, reported that Social Security numbers and personal information on 382,000 employees were on a stolen laptop. This was their fourth laptop containing personnally identifiable information that they reported stolen since Nov. 2005, bringing their number of records breached to over 500,000.
4. Telecoms such as AT&T seemingly continued to cooperate with the NSA in violating our privacy while they sought immunity for their actions and simultaneously sued other businesses for tricking them into revealing customer records.
3. The Veterans Affairs Department reported that a laptop with the details of over 26 million veterans was stolen. The laptop was eventually recovered, but the VA also suffered other breaches and data losses in 2006. Congress held its usual hearings to get on camera. By the end of the year, the VA reported that it was implementing new security policies and protections.
2. The Department of Homeland Security revealed that its Automated Targeting System (ATS) that creates and assigns "risk asessments" to millions of citizens has actually been in effect for several years, although it was not supposed to go into effect until December 2006. As the EFF explains, individuals have no way to find out their "risk assessment" score, no way to correct any false information, and your score will be shared with untold numbers of federal, state, local, and foreign agencies. To make matters worse (if that's even possible!), the government will retain the data for 40 years.
1. The NSA continued to engage in warrantless wiretapping and surveillance without FISA court approval or oversight. Congress bickered and postured, but ultimately did nothing.
Feel free to add or suggest your own privacy outrages or breaches, as there were certainly plenty to choose from in 2006. And if your favorite outrage didn't make my list, take heart: I finally decided not to include VeriChip's ill-conceived promotion of implanting RFID chips in immigrants in my top 10 list, even though it is certainly deserving of special recognition.