Google Privacy Policy Class Action Lawsuit Filed

March 23rd, 2012. By AbiK

You knew it was coming. The minute everyone started to catch on amidst all those Google “new privacy policy” banners that, hey, Google’s going to be tracking every move you make in the name of intuition and “service”, well, you knew a privacy lawsuit would be brewing somewhere.

And so it was.

The Google privacy policy lawsuit was filed in US District Court in Manhattan on behalf of all Google and Android users who signed up for any Google service (Google+, YouTube, Picasa, Gmail, Blogger to name a few) from August 19, 2004 to February 29, 2012 and continued to use a Google account on or after March 1, 2012 when the new Google privacy policy kicked in.

The plaintiffs in the Google lawsuit—David Nisenbaum, Pedro Marti and Allison C. Weiss—are alleging violation of the Computer Fraud Abuse Act, the Federal Wiretap Act and the Stored Electronic Communications Act.

We posted—right before the Google privacy policy went into effect—on how to protect yourself from Google’s monitoring all your comings and goings. Check it out if you haven’t–and update your account settings.

So this one will be one to keep an eye on. The Google privacy policy lawsuit seeks class action status (ie, it’s not certified as a class action lawsuit yet) and the complaint is seeking financial damages.

Asbestos News Roundup: 3.22.12 (Aircraft Mechanics Asbestos Risk)

March 22nd, 2012. By LucyC

A roundup of recent asbestos-related news and information that you should be aware of. An ongoing list of reported asbestos hot spots in the US from the Asbestos News Roundup archive appears on our asbestos map.

Asbestos Workers at Risk

Wichita, KS: Aircraft mechanics and metal workers who were involved in the manufacture and maintenance of airplanes at Boeing and other aircraft manufacturing facilities in the state of Kansas may have been exposed to asbestos and as such at risk for asbestos-related diseases.

Up to the 1970s, asbestos was used in aircraft brakes. Boeing began phasing out asbestos-containing products in the 1970s, and by the 1990s Boeing was nearly asbestos-free. However, people who worked as aircraft mechanics prior to this could have been exposed to asbestos and as such at risk for developing asbestos mesothelioma and asbestosis.

To date, companies which have exposed their employees to asbestos have faced thousands of lawsuits and settled hundreds of millions in damages.

Asbestos Lawsuits

Charleston, WV: Following his diagnosis of asbestos-related lung cancer, Ward T. McFadden and his wife, Margaret E. McFadden, have filed an asbestos lawsuit naming 85 companies as defendants.

McFadden was diagnosed with lung cancer in October 2011, according to his lawsuit. The couple claim Ward was exposed to asbestos during his working career and that the exposures were a substantial contributing factor in his development of lung cancer. They also claim that the defendants either failed or omitted to provide Ward with knowledge of the dangers of asbestos and what would be reasonably safe and sufficient clothing and protective equipment. As a consequence, McFadden was unnecessarily exposed to and to inhale dust and asbestos fibers, which caused his lung injury, the asbestos lawsuit states.

The 85 companies named as defendants in the suit are A.O. Smith Corporation; Ajax Magnethermic Corporation; Allied Glove Corporation; American Optical Corporation; Aqua- Read the rest of this entry »

GAO: IRS Taxpayer Data not Secure Enough

March 22nd, 2012. By AbiK

Your taxpayer info may be at risk. That’s comforting news as millions of Americans are gearing up to submit those 1040’s, eh?

Yes, the GAO—that would be the US Government Accountability Office—released a report this month titled: “Report to the Commissioner of Internal Revenue; Information Security: IRS Needs to Further Enhance Internal Control over Financial Reporting and Taxpayer Data”. It gives new meaning to the phrase “IRS Audit”…

So here’s the deal:  your taxpayer information may not be safe over at the IRS, which sounds like a security breach waiting to happen.

Hearing this is reminiscent of that AA 12-step adage: ‘admission is the first step to recovery’; i.e., it’s one thing when others point the finger about a problem—it’s another when you point the finger at yourself. Hell, then the problem must really exist—and that’s what’s a bit disturbing here—this is a government report pointing the finger at…the government. Time to raise an eyebrow, folks.

According to the GAO Report (GAO-12-393, 3/16/12), while the IRS did implement security controls and procedures for its financial and tax-processing systems, there are weaknesses in those controls and procedures. Weaknesses the GAO point-blank states “continue to jeopardize the confidentiality, integrity, and availability of the financial and sensitive taxpayer information processed by IRS’systems.”

Here’s another gem from the report: “…IRS’s security testing and monitoring continued to not detect many of the vulnerabilities GAO identified during this audit.”

Remember that viral TSA video last week—the one where Jonathan Corbett makes a mockery of TSA full-body scanners? The scanner in that instance ‘continued to not detect vulnerabilities’, too. That video has gotten roughly 1.9M views on YouTube to date and caused outrage on social networks. But, ok, not everyone flies or is online keeping abreast of viral videos—everyone, however, pays taxes. Everyone should be outraged by this.

Specifically, the GAO points to the following as examples in which the IRS systems fail to control access to information:

• IRS had not always implemented controls for identifying and authenticating users–such as having users create new passwords after set time intervals;
• IRS hadn’t appropriately restricted access to certain servers;
• IRS had not always ensured that sensitive data were encrypted as the data were being transmitted;
• IRS didn’t always audit and monitor systems to ensure that unauthorized activities would be detected;
• IRS had not always ensured management validation of access to restricted areas;
• IRS had not always patched or updated software leaving the agency exposed to known vulnerabilities;
• IRS had not enforced backup procedures for a ‘key system’;

Anyone for storming the Bastille after reading that?

Would you Hand Over your Facebook Password on a Job Interview?

March 21st, 2012. By AbiK

You’ve made it to the interview stage—congratulations! Now fork over your Facebook login and password.

Would you do it?

If you really wanted the job, chances are you would. But is it right? Or is it an invasion of privacy? Many would say it’s cause for a Facebook privacy lawsuit.

Being asked for your Facebook password is becoming more commonplace as part of the job interview process. Apparently, for the recruiters, it’s the modern day version of a background check, work history and reference check all wrapped up in one. Unfortunately, even innocent posts—or those times you’ve been tagged in friends’ photos—are up for interpretation by the hiring manager or HR person. Beer in hand? Maybe you party too much. And let’s not even talk about those more ‘viewer discretion advised’ posts—or worse.

For job applicants, however, it’s sort of like finding bed bugs in your hotel bed—completely uninvited and unwanted, but you need the darn bed to get some sleep. What to do? Chances are, you ask for another room or find another hotel–but in this job market, other jobs aren’t as easy to come by as a new hotel room.

If ever there were a doubt that employment recruiters and HR professionals are trolling online for dirt on prospective hires, just listen to this:

A recent survey done by the Society for Human Resource Management (SHRM) found that 56 percent of HR pros admit to using social media sites for recruiting; 95 percent say they use LinkedIn; and 58 percent use Facebook.

And while most web-savvier folks correlate LinkedIn with “job search mecca”, many job seekers don’t even know LinkedIn exists. But they know Facebook does. And recruiters know this. So, particularly when targeting non-executive positions, Facebook becomes a go-to source for a wealth of information—supplemental information that otherwise may not bubble up in the interview or reference check process.

But, if a Facebook account is private, well, that little ol’ login and password are needed. And who better to ask for it than the person who created it? And, what better time to ask them for it than when they’re sitting anxiously across the desk from you during their job interview?

In any other setting, most people would withhold such information; after all, isn’t Facebook for connecting with ‘friends’? And for most, it’ll be a cold day in h#ll before they include their HR manager in their circle of FB friends. (Notwithstanding that recent article about Facebook narcissism based on the number of friends you have.)

So handing over a Facebook password would appear to be something you’d only do under duress; you’d only be compelled (coerced?) to provide such information if you felt you HAD to do so—as would be the case if you thought a possible job were on the line.

A recent Associated Press article quotes George Washington University law professor, Orin Kerr, as likening the situation to “requiring someone’s house keys” for the interview. Kerr goes on to call it an “egregious privacy violation”.

And it is. After all, when you consider that an interviewer is not supposed to ask questions about age, marital status, children or health concerns, how is it that the same interviewer should potentially have access to all such information by asking for your Facebook password? Something isn’t right there.

Undoubtedly, we’ll be seeing more Facebook privacy lawsuits sprouting up. But in the meantime, here’s a tip: if you’re job hunting, get a LinkedIn profile. Anything and everything a prospective employer should want or need to know about you can be housed there. Even the professional ‘company you keep’—and linking in with an HR rep is surely less creepy on LinkedIn than on Facebook. Any other information about you can be found via the less intrusive methods: background check, reference checks, drug testing…the usual suspects.

Has ADA Gone Too Far with Poolmageddon?

March 16th, 2012. By AbiK

So pool operators have been given a 60-day extension to come up with an ADA-compliant plan for having public pool access for disabled individuals. The ADA pool access law was passed in 2010; the original deadline to comply with it was March 15, 2012. And somewhere in between, the new ADA pool lift regulation law has earned the moniker, “Poolmageddon”.

Even with the year+ lead time, did anyone really think that every pool affected by the ADA pool access law would a) figure out exactly what the law–the nitty gritty parts one needs to understand in order to comply—meant; and b) be able to source pool lifts, install the pool lifts, train staff, and do whatever else was needed to remain open (or avoid risking a DOJ wrist-slap or worse) by March 15?

One could argue that the public pools had plenty of time to be planning for this—but, if you’re at all familiar with public pool operation, it’s not like money is pouring in, so even a portable pool lift that doesn’t require electrical grounding or ripping up the pool deck can cost in the range of $6,000. Not pocket change for most pools. So it’s easy to see how compliance in providing disabled individuals with pool access may have been pushed to the back burner in many a pool budget meeting.

But once the public pool owners’ and operators’ backs were to the wall, and they had to figure out exactly what was required by the ADA pool accessibility law, well, who knew?

If it weren’t for the fact that ADA compliance is a serious issue—and no one wants to see the rights of a disabled individual curtailed or not honored, nor does anyone what the DOJ breathing down his neck—there would almost be a comical element to pool operators scrambling to figure out what the hell the ADA pool lift law means. There’s even an ADA Pool Lift Regulations group on LinkedIn—and the questions and comments sound in line with someone who’d been dropped into a corn maze at dusk without a flashlight and is screaming for help.

Much of the issue is the wording (ain’t it always so?) of the law. In order to comply, public pool operators must accommodate disabled individuals to the extent that it is “readily achievable” to do so. Uh, yeah. So if cash flow is not readily flowing, does that mean a pool lift is not readily achievable?

In reading a LinkedIn comment, it seems the Assistant AG for the Civil Rights Division at the DOJ responded to the “readily achievable” question posed in a letter from the American Hotel & Lodging Association (AH&LA). The response stated:

• “readily achievable [ is,] i.e., easily accomplished without significant difficulty or expense.”
• “…portable lifts can be used at existing pools if affixing the portable lift or installing a fixed lift is not readily achievable”, but must be fixed when it is readily achievable.
• The DOJ believes that the regulation as written provides the flexibility necessary for these entitles to evaluate whether and how to remove barriers to access and to take only actions that they deem are “readily achievable.”

Hmm. So you’re telling me I have to comply, but I have complete latitude to determine if—based on if I think it’s readily achievable—I will or will not comply—right?

You can see where this is heading, right?

Hello litigation!

There are other rather gray or vague areas to figure out as well—such as whether the need to comply with a pool lift is actually still an issue if you’re pool has a sloping entry. Good question. So it’s a veritable can of worms….

Let us know what you think—keeping in mind the issue is not whether or not disabled individuals should have pool access—they should. The issue is in how it’s regulated.