The European Union (EU) has ordered its member states to implement the cookie law. In an effort to address internet privacy, this law was approved in November 2009. From that time on, websites have been required to provide user opt-in before they could install cookies on anyone’s computer.

One problem still remains after two years of its implementation. Until today, the specific requirement for cookie opt-out has yet to be clarified. Those who have implemented this directive do not have a clear understanding of what really would constitute an opt-out requirement. Group members of the EU met in an attempt to spell out things. There are those who say that the user’s decision to enter the website is in itself a suggestion that he or she agrees with the website’s practices. Others, who are directly involved in implementing the policy, think that there should be a clear opt-in process.

The major basis as to why some do not buy into the idea of the directive is that it will cause a bit of a disruption to users. Nowadays, websites have advertisers that unknowingly store cookies on users’ computer. When the order is implemented, pop-up windows would persistently appear on the user’s screen. These would contain opt-in instructions about storing cookies. What is troublesome is when a website has nine companies that advertise on it. There would then be nine pop-up windows that would all pertain to the same question. This would happen as a user moves from one website to another.

The increase in the number of online and data privacy cases has triggered the creation of a Privacy Task Force. Connecticut’s Attorney General announced this development last September 15th in response to the increasing internet privacy concerns and data breaches. According to the spokesperson, the task force’s main concern is regarding public education on data protection requirements.

The Attorney General’s office has recognized the need for a program that will openly address these two big issues. Internet and data privacy problems have been affecting the interests of internet users and the public as a whole. At present, there are more or less a dozen current investigations regarding security breaches. Most of these cases involved the loss of medical records of patients, insurance records or customers’ personal information. There are also those that involve the unauthorized gathering of personally identifiable information.

To heighten the campaign in guarding the privacy of consumers, the office has also sought the commitment of giant tech companies. While the investigations are being done, Google and Facebook have also committed to take part in consumer protection. To some extent, the willingness of these companies to get involved in the campaign is gaining success.

Once again, a breach committed against patients’ hospital records stirred up privacy concerns. As a result, thousands of emergency room patients’ personal information was posted on an internet site. A New York Times report said that Stanford Hospital in California confirmed that the data belonged to them, however, they do not know yet how that data was stolen or who stole it.

The breach was discovered only last month, but the data has been on a commercial website for almost a year. A hospital spokesperson said that the data first appeared on that website on September 9, 2010. This makes it difficult for hospital officials to identify exactly who committed the crime because there are many third parties who can actually gain access to hospital information.

There are a number of regulations that pertain to compelling companies to publicly disclose data breaches. Heavy fines are also imposed just to give strength to such legislation. However, experts on medical security blame the incident on the presence of too many outside contractors that can gain access to private hospital data.

Employees, in the course of their daily work, cannot avoid using the company’s IT facilities. They send and receive private emails aside from the business-related ones, which are considered official. For an indefinite period of time, emails received by employees might stay in their inbox. Private emails are supposed to be only for the employee’s own personal use.

Problems might come up if an employer needed to access an employee’s email account during the employee’s prolonged unavailability or absence. This could entail legal implications when employers open their employee’s emails. The German Higher Labor Court ruled early this year that an employee’s work-related email correspondence can be reviewed by his or her employer. The provisions of the “secrecy of telecommunications” do not apply in this case because although the employee was permitted to use the employer’s email facilities, the employer cannot be considered a “provider of telecommunication services”.

There was a case when an employee was absent from work due to a long-term illness. The employer, despite repeated efforts, was not able to obtain the employee’s permission. The employer then opened the employee’s email account, but did not read emails marked “private”. There were two qualified witnesses present when the employer opened the account. The employer read and printed only those emails that were business-related.

A public disclosure of the most threatening and pervasive online espionage was made last August. Internet security experts at Silicon Valley decided to divulge this after years of surveillance. It is estimated that the cyberattacks had already been happening for five years. Included on the target list were some U.S. companies and government agencies. There is no doubt that these attacks endanger the country’s national security and economy.

A McAfee Company spokesperson said that there were 72 organizations targeted, but the total number could be as many as thousands, which may include companies and government agencies. The attacks seemed to be aimed at only one goal, and that is in obtaining sensitive information. A deeper look into the nature of the attacks gave experts the suggestion that the perpetrator is a nation-state. At present, they have decided not to identify the offender.

A representative of McAfee said that the spying slowly disables both the economic and national security advantages of the U.S. He considers the activities as something that must not be taken lightly as they steal important intellectual property. As a result, these will negatively affect jobs and the state of the economic community. The spokesperson withheld the details of the data that is being stolen because doing so might cause some privacy concerns with the targeted organizations. He simply repeated that a nation-state is conducting all these attacks.

The recent issues regarding “supercookies” have prompted MSN to reassess its use of this tracking tool. The company announced that it has discontinued its secret tracking of users’ browsing habits. Microsoft’s Associate General Counsel made public that the company investigated the code without delay, after researchers brought the matter to its attention.

It could be remembered that some time ago, researchers at Stanford University identified a “supercookie” that is capable of resurrecting users’ cookies after they were deleted. In other words, the cookies persist even after a user purposely deletes them. Because of this, users’ browsing habits can still be monitored without their knowledge. They think that everything is “safe” because they deleted the cookies, but that is not true.

MSN was quick to respond to the users’ protests by disabling the code. Its remedial measures extended to giving reassurance to users about the company’s commitment to upholding users’ privacy. It made clear that whatever information was gathered by using the code was never shared with other companies or organizations.