| . | WHAT'S NEW | RESEARCH & TOPICS | WORKPLACE| MEDICAL | ABOUT US | RESOURCES | PRIVACY POLICY |
 |
 |
| . | WHAT'S NEW | RESEARCH & TOPICS | WORKPLACE| MEDICAL | ABOUT US | RESOURCES | PRIVACY POLICY |
|
|
|
PRESS
CONTACT
WHAT'S NEW
SITE NAV OPTIONS |
01/05/2009 School privacy | FERPANew privacy rules for schools released; World Privacy Forum comments had positive impact for student and parent privacyIn May 2008 the World Privacy Forum submitted detailed comments on proposed changes to the Family Educational Rights and Privacy Act regulations (FERPA). The FERPA regulations are the rules that control how schools treat and release student information. The final FERPA regulations have now been published and reveal that the World Privacy Forum comments had a positive impact. The new regulations agreed with WPF's comment that if a school requests a Federal tax return from a parent, that the parent has the right to redact all financial information from the form, and affirmed that the school does not have a requirement to ask for the tax form in the first place. The regulations also agreed with the WPF comment that the risk of re-identification of published student information is cumulative, and made recommendations that educational institutions take into account all releases of student information it has made, not just new releases. Read the new FERPA regulations (PDF) | See the World Privacy Forum FERPA comments
12/12/2008 GINA - Genetic Information Nondiscrimination ActWorld Privacy Forum urges more clarification and privacy protection regarding "incidental collection" of genetic information in GINAIn comments regarding the recently passed GINA (Genetic Information Nondiscrimination Act), the World Privacy Forum said that some aspects of GINA need clarification to enhance privacy. The comments focus on a number of privacy issues the RFI raised, including model privacy notices and the issue of what the GINA statute calls "incidental collection" of genetic information. Currently, GINA states that some kinds of information are exempted from being considered as regulated for medical underwriting purposes. For example, medical information gleaned about patients for underwriting purposes from medical databases is regulated. But medical information gleaned about patients for underwriting purposes from, for example, marketing lists containing robust patient information may be unregulated if the law is not clarified in the regulatory process. The World Privacy Forum urged HHS and the Department of Labor to substantially clarify what constitutes "incidental collection," and urged the agencies to consider lists containing identifiable patient information to be considered in the same category as a "medical database." Read the World Privacy Forum GINA comments | Related: Genetic Privacy Page
12/10/2008 Genetic privacyKeep my genes private: World Congress panel presentationThe World Privacy Forum presented a talk at the World Congress in Washington D.C. today on the intersection between genetic privacy and marketing, and on genetic issues and medical identity theft. The presentation exposed the list marketing activities surrounding health care data, and examined how the current loopholes in the recently passed Genetic Information Nondiscrimination Act (GINA) would not necessarily ease issues with incidental collection and use of genetic information.
12/01/2008 HITSPWorld Privacy Forum elected to HITSP boardWorld Privacy Forum executive director Pam Dixon was elected to be the consumer representative on the HITSP board (Health Information Technology Standards Panel). HITSP is a national standards-setting body that is part of ANSI (The American National Standards Institute) and is working on specifications and standards for the National Health Information Network. The term will begin in January of 2009. More on the NHIN | ANSI's HITSP page
12/01/2008 Telemarketing | Top Ten Opt Out ListNew telemarketing rules take effect today: more power over pre-recorded telemarketing callsBeginning today, pre-recorded telemarketing phone calls must come with an easy opt-out for consumers. If a pre-recorded telemarketing call is left on an answering machine, it must also include opt-out information. These rules will apply to telemarketers already subject to the Federal Trade Commission's Telemarketing Sales Rule and Do Not Call List. There are some exemptions to the rule. For more details about the changes, see our Top Ten Opt Out List, which has been updated with the new information. More on WPF Top Ten Opt Out List; see item #1.
11/11/2008 IPSC2008 Day OneInternational Privacy and Security Conference in Tokyo, Japan beginsThe World Privacy Forum is co-hosting the 1st International Privacy and Security Conference (IPSC2008) in Tokyo, Japan. The conference focuses on examining and discussing a range of privacy and security issues from a global perspective. Today was conference day one at Belle Salle Kudan in central Tokyo. The conference hall was packed, and the sessions were excellent. Prof. Masao Horibe, Prof. Ryoichi Sasaki, and Peter Cullen opened the conference with overviews and a keynote. Session One included a panel of prominent experts and focused on information security and privacy both technically and legally from a Japanese, US, and EU perspective. More info on IPSC 2008 | IPSC2008 conference web site
11/03/2008 Upcoming lecture, consumer privacy and securityElectronic health records: the good the bad, and the futureWPF Executive Director Pam Dixon will be speaking at the Center for Ethics in Science and Technology's monthly lecture series in San Diego, California Wednesday, Nov. 5th at 5:30 pm. The lecture will focus on the big-picture view of the health care and patient privacy landscape, and will explore how electronic health care records are set to shift into prominence in the coming months and years. The lecture will be held at the Reuben H. Fleet Science Center in San Diego's Balboa Park. See more about the lecture from the Center for Ethics in Science and Technology | Related: PHR Page
10/22/2008 Red Flag Rule - ID TheftFTC delays Red Flag Rule enforcement until May 1, 2009The Federal Trade Commission announced that it will delay by 6 months the enforcement of its Red Flag Rule that requires certain businesses to have a written identity theft prevention program. The Red Flag rule still goes into effect November 1, 2008, but the new date for enforcement of the rule is May 1, 2009. The FTC issued a "Enforcement Policy Statement" Oct. 22, 2008 regarding its reasons for the delay, which is available here. Read the WPF Red Flag report | Read the FTC press release announcing the delay
10/17/2008 Medical ID theftWorld Privacy Forum speaks at medical identity theft town hall meetingThe Department of Health and Human Services held a town hall meeting Oct. 15 about medical identity theft in the FTC's Washington DC conference center. Pam Dixon of the World Privacy Forum spoke at the event, noting that the problems and harms of medical identity theft were not theoretical, but are present now, and create profound harm in the lives of victims. Dixon also emphasized that the crime had gone unnoticed for years before the World Privacy Forum's 2006 report on the issue, and that solutions to the crime must include the perspective and input of individual victims and provide real remedies from the harms. Dixon also discussed the current focus on patient authentication and noted that patient authentication did not resolve the problems of systemic medical identity theft committed by insiders. Dixon also noted that some forms of patient authentication, if implemented improperly, could potentially increase risk rather than decrease it. See the World Privacy Forum 2006 Medical ID Theft report | See the WPF medical identity theft page | See the HHS town hall site
10/07/2008 Transatlantic Consumer Dialogue (TACD)World Privacy Forum joins Transatlantic Consumer DialogueThe World Privacy Forum is pleased to announce it is now a member of the Transatlantic Consumer Dialogue (TACD), a forum of US and EU consumer organizations. TACD develops joint consumer policy recommendations to the European Commission and the US government. TACD was founded in 1998 and is organized by Consumers International. The European Commission provides financial and coordination support for the TACD. TACD web site | European Commission archives of TACD recommendations
10/03/2008 National Health Information NetworkNational Health Information Network chronology updatedAt the December National Health Information Network meeting noted in the updated WPF chronology, the health care providers and others who have built the trial versions of the NHIN will give their progress reports. For those who are not yet familiar with the ambitious plans for a national health information network, see the World Privacy Forum's NHIN background information page. This is a critical time in the development of the NHIN; in 2004 it was nothing more than a thought; in December, it will be partially implemented at the trial level. The World Privacy Forum has consistently voiced concerns about the need to ensure robust patient privacy protections in the NHIN. See the updated NHIN chronology | See the NHIN background information page
10/01/2008 New privacy and security laws and regulationsNew requirements for protecting consumer informationA new law in Nevada and new regulations in Massachusetts increase the requirements for protection of consumer information. A Nevada law that took effect Oct. 1, 2008 (NRS 597.970: Restrictions on transfer of personal information through electronic transmission) requires that businesses in the state of Nevada must encrypt customers' personal information when transferred via an electronic transmission, excluding faxes. In Massachusetts, new regulations that take effect Jan. 1, 2009 spell out specific security measures that businesses owning, storing, or maintaining consumers' personal information in paper or electronic form must take (201 CMR 17.03: Duty to Protect and Standards for Protecting Personal Information). See the Nevada law | See the Massachusetts regulation
09/24/2008 Report: Red Flag Rules and Medical ID theft prevention programsNew World Privacy Forum Report: Red Flag suggestions for hospitals and providersThe World Privacy Forum published a new report today, Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers. The report discusses the applicability of the new FTC Red Flag regulations to the health care sector along with suggestions for providers. The recently issued regulations by the FTC require financial institutions and creditors to develop and implement written identity theft prevention programs. The rules take effect Nov. 1. Health care providers -- whether they are for-profit, non-profit, or governmental entities -- may have obligations under the new rules. Medical identity theft is a real concern in the health care sector, and is included expressly in the Red Flag Rules Guidelines. Read the World Privacy Forum's Red Flag report | See the WPF medical identity theft page for more information and to sign up for the latest medical ID theft news
09/22/2008 Human Subjects Research Protection (OHRP)World Privacy Forum urges more attention to the protection of research study participantsThe World Privacy Forum filed comments today with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that "nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study." OHRP will be accepting comments until Sept. 29. See the WPF comments on human subject research | Related: WPF Medical privacy project page | Related: OHRP request for comments page
08/27/2008 National Health Information Network (NHIN)Updates to NHIN timelineThe National Health Information Network timeline and chronology that the World Privacy Forum maintains has been updated. Materials from the April/May public forum in Dallas are now online and linked, as are key upcoming events regarding the NHIN. Notably, in September the nine existing NHIN trial implementation projects that have been running and exchanging health data in California, North Carolina, New York, and other states are set to be demonstrated in Washington DC. These demonstrations are pivotal for the NHIN and how it takes shape going forward. See the NHIN timeline | Related: World Privacy Forum NHIN page
08/21/2008 Border Crossing Information System, DHSComments of the World Privacy Forum regarding the Border Crossing Information System; Some proposed routine uses of the system directly contravene the Privacy Act of 1974The World Privacy Forum submitted public comments today to the Department of Homeland Security regarding its proposed Border Crossing Information System. The BCI system would set up a database of all border crossings via car, rail, air and other means, including collecting identifiable data on the activities of American citizens. Information collected includes biographical and other information such as name, date of birth, gender, a photograph, itinerary information, and the time and location of the border crossing. The WPF comments focus entirely on the proposed Routine Uses of the system. As currently written, the DHS proposal contains some Routine Uses that directly contravene the Privacy Act of 1974 and are illegal. Other Routine Uses are overbroad and vague, and still others contravene guidance from the Office of Management and Budget (OMB). One example of an overbroad Routine Use is Routine Use J, which will allow DHS to release data collected for the Border Crossing Information System for hiring decisions or contract awards. This information may be requested by Federal, state, local, tribal, foreign, or international agencies. Another Routine Use, G, impermissibly duplicates and weakens the Privacy Act's condition of requirement for notice when information is disclosed in certain circumstances. See the World Privacy Forum comments on the DHS Border Crossing Information System | Related: See the proposed BCI notice | Related: WPF Agency Comment Page
08/19/2008 Privacy and the class of 2012Perceptions of privacy by the class of 2012Each year Beloit College publishes a "Mindset List" to share incoming college students' rapidly changing cultural frames of reference with the faculty. For the class of 2012, several privacy-related items made the Mindset List for the first time. The list notes that these students' frames of privacy references are that "Personal privacy has always been threatened" (#43) and "Employers have always been able to do credit checks on employees" (# 39). See the Beloit College Mindset List
08/07/2008 IPSC2008 ConferenceWorld Privacy Forum Announces IPSC2008 Conference in Tokyo, JapanThe World Privacy Forum is co-hosting the first International Privacy and Security Conference 2008 (IPSC2008), to be held in Tokyo, Japan on November 11-12, 2008. Also co-hosting the conference are the Japan-based Institute of Electronics, Information and Communication Engineers (IEICE), Social Implications of Technology and Information Ethics, and the Japan Society of Security Management. This conference brings together Japan's leading privacy and security experts and scholars as well as experts from the US and the EU. See more about IPSC2008 here, including venue, registration, and other conference details.
08/04/2008 Medical privacyComments of the World Privacy Forum to the FTC re: Ingenix and Milliman FCRA enforcement actionSome recent articles about the sale of patients' prescription histories to insurance companies have raised many consumer questions about this practice. Ingenix and Milliman -- two companies engaged in this practice -- were the subject of a Federal Trade Commission enforcement action which was published for comment in September 2007. The World Privacy Forum provided formal comments to the Federal Trade Commission last year about this enforcement action; the WPF sought to have all affected consumers notified of adverse actions taken based on the information, and asked the FTC to modify its enforcement action to include an appropriate monetary penalty against the two companies. World Privacy Forum letter to the FTC | FTC letter responding to the World Privacy Forum | Related: FTC Case files for Ingenix and Milliman
07/14/2008 European Privacy SealFirst EU Privacy Seal granted to search engineIxquick.com is the first search engine to receive formal EU privacy approval. The EuroPriSe (European Privacy Seal) was awarded to Ixquick after a lengthy certification process. Ixquick deletes its users' IP addresses after 48 hours. European Privacy Seal (EuroPriSe) | Related: Search Engine Privacy Page
07/12/2008 Security freezeSecurity Freeze Page updated with new statesMore than 45 states now have credit freeze laws, sometimes called security freeze laws. The World Privacy Forum security freeze page discusses what a security freeze is, who can place a freeze, and is newly updated with links to state-by-state laws and when available, tips for consumers from the relevant Attorney General web site. See the updated World Privacy Forum Security Freeze page | Related: Top Ten Opt Out List
07/10/2008 Do Not Call RegistryFTC reports more than 145 million telephone numbers are in the National Do Not Call RegistryIn its fourth annual report to Congress on the Do Not Call Registry, the Federal Trade Commission released some interesting new statistics. As of September 2007, there were 145,498,656 telephone numbers in the Do Not Call Registry. The FTC also reported that 6,242 entities paid over $21 million for access to the DNC Registry in 2007. The report also details the FTC's enforcement actions against businesses violating the DNC Registry rules. As of September 30, 2007, the FTC had filed 25 cases regarding DNC Registry violations and had settled 22 of the cases. Read the FTC's report to Congress | To register for the Do Not Call list, see WPF's Top Ten Opt-Out List, #1. | Permalink
07/09/2008 Financial privacyCall Don't Click: WPF's Free Annual Credit Report page and tips updatedU.S. consumers have the right to order one free credit report per year from each of the three national credit bureaus. The World Privacy Forum's landing page about federally-mandated free Annual Credit Reports and the consumer tips for ordering a free annual credit report have been fully updated. See the "Call Don't Click" landing page about free Annual Credit Reports | Read the consumer tips for ordering a free Annual Credit Report
07/08/2008 Internet privacyMajor update to cookie opt-out pageThe World Privacy Forum's guide on how to opt-out of tracking cookies has undergone a complete update. We have added new cookie opt-outs and have updated all of our descriptions of where and how to opt out of online ad tracking. See the Tracking Cookies Opt Out Page | Related: Internet Privacy Page
07/02/2008 Job search privacyResume posting guide updatedThe World Privacy Forum's popular resume posting guide, 12 Resume Posting Truths, has been updated. This update is part of an ongoing project on job search privacy. The World Privacy Forum has extensive materials on job search privacy and job scams. Read the updated 12 Resume Posting Truths | See the Job Search Privacy landing page for more job search privacy resources
06/30/2008 Consumer Excellence AwardWorld Privacy Forum receives 2008 Consumer Excellence AwardWorld Privacy Forum executive director Pam Dixon has received a 2008 Consumer Excellence Award for her leadership and work in the area of medical identity theft and consumer privacy from Consumer Action. Also honored was Herb Weisbaum, a 5-time Emmy-winner who is a consumer contributor to NBC's Today Show. Consumer Action was founded in 1971 and is a national non-profit organization focused on consumer education and advocacy. The awards ceremony was held in San Francisco on June 26th. The World Privacy Forum is honored to accept this award.
06/20/2008 OECD | Fair Information PracticesOECD reaffirms its support for the 1980 OECD principles on privacy, or "Fair Information Practices"At a key meeting of the OECD on the future of the Internet economy, the OECD Secretary General Angel Gurria reaffirmed support of the 1980 OECD Privacy Principles. Also, Secretary General Angel Gurria expressed support for formalizing the participation of civil society in OECD going forward and for paying more attention to information security and identity theft problems. Secretary General Gurria noted that "A more decentralised, networked approach to policy formulation for the Internet Economy that includes the active participation of stakeholders needs to be the norm." Many parts of the recent OECD meeting may be viewed online. Statement of the Secretary General | OECD Seoul Declaration on roadmap for the future of the Internet economy Related: OECD 1980 Guidelines | Related: World Privacy Forum Fair Information Practices Page
06/19/2008 Genetic privacyCouncil for Responsible Genetics convenes experts and the public for database and genetics conferenceThe World Privacy Forum participated in a Council for Responsible Genetics (CRG) conference on genetic databases at New York University. The groundbreaking conference focused on key issues of race and genetic databases, fairness, accuracy, and privacy. The World Privacy Forum discussed a paper by Dr. Harry G. Levine, Drug Arrests and DNA, noting that innocent victims of medical identity theft may be arrested for the "drug seeking behavior" of the criminals impersonating them. CRG page | World Privacy Forum genetic privacy page | Related: Medical identity theft page
06/18/2008 Financial privacyWorld Privacy Forum files comments with FTC regarding credit -based insurance scoringThe World Privacy Forum filed comments with the Federal Trade Commission today about its proposed study of credit -based pricing practices for homeowners insurance. The World Privacy Forum requested that the FTC ask insurers if there are specific procedures in place for detecting, mitigating, and responding to consumers who have been victims of identity theft. The WPF noted its support for the FTC's use of the FTC Act Section 6(b) authority to acquire robust information from the insurance companies. Read the FTC's request for public comment
06/03/2008 Internet privacyWorld Privacy Forum, Privacy Rights Clearinghouse, EPIC, and other consumer groups urge Google to post a link to its privacy policy from its home pageThe World Privacy Forum, Privacy Rights Clearinghouse and EPIC were joined by California-based EFF, the ACLU of Northern California, Consumer Action, Consumer Federation of California and other national groups in asking Google's CEO Eric Schmidt to provide a prominent link to the Google privacy policy directly from its home page. Google has recently been criticized for not providing a link to its privacy policy from its home page, as the California Online Privacy Protection Act requires. The groups noted that linking to a privacy policy on a home page is considered a widespread best practice. Read the letter to Google | Related: WPF Internet Privacy Page
05/08/2008 SACGHS | Oversight of genetic testingKey genetic oversight report released; includes changes based on World Privacy Forum commentsThe Secretary's Advisory Committee on Genetics, Health and Society (SACGHS) released its final report on Oversight of Genetic Testing (U.S. System of Oversight of Genetic Testing: A Response to the Charge of the Secretary of Health and Human Services, April 2008, PDF, 276 pages). This is a substantial, thoughtful report that is likely to have a long-term impact on the field. The World Privacy Forum submitted formal written comments regarding this report when it was in draft form, and also appeared before the Committee in person in February of 2008 to discuss additional information relevant to the report. The final report reflects the World Privacy Forum comments and testimony. The report now includes a discussion about Direct to Consumer advertising and marketing as well as related privacy issues. The discussion in the final report also now acknowledges the implications of Direct to Consumer marketing of genetic tests regarding online privacy. The final report also reflects generally increased attention to privacy issues. Read the SACGHS report | Read the WPF comments on the draft SACGHS report | Related: Genetic Privacy Page | Related: WPF behavioral advertising comments
05/07/2008 FERPAWorld Privacy Forum files comments on proposed changes to FERPA; requests changes to protect student and parent privacyThe U.S. Department of Education has published proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information. FERPA comments may be filed until close of business Eastern time May 8, 2008. Read the WPF FERPA comments | Read the Notice of Proposed Rulemaking, FERPA
04/22/2008 Health Care Innovations workshopWorld Privacy Forum to speak at Federal Trade Commission health workshopThe World Privacy Forum will be speaking at an upcoming FTC workshop on the topics of medical identity theft, personal health records, and direct-to-consumer genetic tests and marketing. The workshop is April 24, 2008. Workshop information is available at the FTC web site. See the FTC HCI workshop web page | World Privacy Forum PHR page | WPF genetic privacy page | WPF medical identity theft page
04/11/2008 Behaviorally targeted advertising | FTC proposed rulesWorld Privacy Forum files comments on behaviorally targeted ads online; requests separate rulemaking for sensitive medical informationThe World Privacy Forum filed comments in response to the Federal Trade Commission's proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly. Read the WPF comments on the FTC proposed self-regulatory rules (PDF ) | WPF Internet privacy page
04/04/2008 Patient Safety Organizations | Proposed rulemakingWorld Privacy Forum files comments on proposed rules regarding Patient Safety OrganizationsThe World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Healthcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations. The full set of recommendations is available in the WPF comments. The proposed rulemaking will be open for public comments until April 14, 2008. Read the WPF patient safety comments (PDF) | Permalink | Related: See the HHS press release on its proposed regulation
03/31/2008 Genetic privacy | medical privacyGenetic Privacy PageThe World Privacy Forum has published a new page on genetic privacy outlining basic policy issues and collecting World Privacy Forum work in the area. The page also links to key external research being done in privacy and genetics, and also links to key organizations doing work in this area in the U.S. and the U.K. See the Genetic Privacy page | Related: Medical privacy page
03/18 Medical ID theftUpdated Consumer Tips for Medical ID TheftBased on interviews with numerous victims and others involved in the crime of medical identity theft, and based on our own work with victims, the World Privacy Forum has added some new information to its 2006 consumer tips for medical identity theft. We have also slightly updated some of the older tips based on new information. The Forum has also updated its medical identity theft landing page to reflect our new and ongoing work in this area. See the updated consumer tips | See the updated medical identity theft page
02/20/2008 New publication | PHRs and privacyLegal and Policy Analysis: Personal Health Records: Why Many PHRs Threaten PrivacyThe World Privacy Forum has published a new legal and policy analysis examining Personal Health Records -- or PHRs -- and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs. Read the legal analysis (PDF) | Related: PHR Page | Related: PHR Consumer Advisory (PDF)
02/20/2008 Consumer advisory | PHRs and privacyWPF Consumer Advisory: The Potential Privacy Risks in Personal Health Records Every Consumer Needs to Know AboutThe World Privacy Forum has issued a consumer advisory about the privacy of PHRs to help consumers understand and approach the complex privacy issues PHRs can raise. Consumers need to know that not all PHRs protect privacy in the same way, and some PHR systems can undermine consumer privacy in serious ways that consumers may not be expecting. Read the Consumer Advisory (PDF) | Related: PHR Page | Related: PHR legal analysis (PDF)
02/13/2008 Genetic privacy | SACGHSWorld Privacy Forum testifies on genetic privacy and consumer data marketing issuesThe World Privacy Forum gave testimony to the Secretary's Advisory Committee on Genetics Health and Society regarding privacy issues stemming from direct-to-consumer advertising and consumer-initiated genetic testing. The World Privacy Forum noted that a great deal of consumer health data circulates outside the protections of HIPAA, and a substantial market for this kind of consumer health data already exists. Genetic data about consumers that is acquired outside the clinical context and is not subject to the protections of HIPAA (for example, through consumer-initiated genetic testing) will likely not be any more protected than other forms of consumers' health-related information from the current demands of the market. However, the consequences of leakage of genetic information about consumers into the marketing stream could have potentially negative consequences for both those consumers and their blood relatives. The World Privacy Forum urged the committee to include specific recommendations about privacy in its upcoming report to the Secretary, and also urged the committee to work with other federal agencies to set up a pre-market oversight structure that includes significant and meaningful privacy protections for genetic testing occurring outside of the protections of HIPAA. Read the detailed written statement to the committee (PDF) | Related: Genetic Privacy Section of WPF Medical Privacy Page
02/11/2008 Financial privacy / credit reportsWorld Privacy Forum, NCLC, and Consumer's Union file extensive comments regarding accuracy of credit reportsThe NCLC, Consumer's Union, and the World Privacy Forum filed extensive joint comments today regarding the proposed rulemaking, Procedures to Enhance the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies under Section 312 of the Fair and Accurate Credit Transactions Act. The results of the proposed rulemaking will have a significant impact on how the accuracy of credit reports is defined for consumers, and will have a substantive influence over how consumers may handle credit report disputes directly with those who furnish information for the reports. Read the joint comments (PDF) | See the original proposed rulemaking from the FTC
01/28/2008 Financial privacy / credit reportsOpportunity for public comment on the accuracy of credit reportsConsumers and organizations have an opportunity to submit public comments about the accuracy and integrity of credit reports. Until February 11, the Federal Reserve Board, the Federal Trade Commission and other banking agencies will be accepting comments on their draft rulemaking regarding how creditors and other furnishers provide information to consumer reporting agencies, and which types of direct disputes they must handle. This proposed rulemaking is a key one; it defines what accuracy and integrity of information provided to consumer reporting agencies means, how disputes may be handled directly with the furnishers, and which types of direct disputes furnishers may ignore. The NCLC, Consumer's Union, and the World Privacy Forum have written a sample letter that may be downloaded and used or modified for the comments. To file your letter, submit your comments to the Board of Governors of the Federal Reserve System by mailing the comments to regs.comments@federalreserve.gov with the subject line "Docket No. R–1300." See the Sample Letter | See the FTC's Notice of Proposed Rulemaking
01/28/2008 Opt-out / Financial privacyUpdates to Top Ten Opt-Out ListThe World Privacy Forum has updated its popular Top Ten Opt Out list to reflect several new change made to the Direct Marketing Association opt outs. In the past, some of the DMA opt-outs, like the Direct Marketing Association's mailing preference lists, used to cost $1. That fee has now been removed for people opting out online. Please see item #3 on the Opt Out list for the complete update. See updated WPF Top Ten Opt Out List
Search by date, type of material, or keywordWPF Site Navigation Options
|
|
| © 2003 - 2009 WORLD PRIVACY FORUM | CONTACT | RESOURCES | PRIVACY POLICY |
