Best Practices

WPF advises NIST regarding synthetic content and data governance

WPF filed comments with the US National Institute of Standards and Technology regarding its draft governance plan regarding synthetic content. WPF's comments focused on 7 recommendationsWPF's comments focused on 7 recommendations ranging from technical to policy issues. One overarching recommendation was that NIST ensure that human rights were attended to in all of its plans. Additional recommendations include requesting that NIST attend to the risks of digital exhaust in metadata, ensure that biometric data is included in the guidance, among other recommendations.

WPF announces participation in the National Institute of Standards and Technology (NIST) AI Safety Institute Consortium (AISIC)

The World Privacy Forum is pleased to announce that it has joined more than 200 of the nation’s leading artificial intelligence (AI) stakeholders to participate in a Department of Commerce initiative to support the development and deployment of trustworthy and safe AI. Established by the Department of Commerce’s National Institute of Standards and Technology (NIST) in February 2024, the U.S. AI Safety Institute Consortium (AISIC) brings together AI creators and users, academics, government and industry researchers, and civil society organizations to meet this mission.

OECD Going Digital Horizontal Project: news and event

WPF’s Executive Director Pam Dixon will be presenting at an upcoming OECD Workshop on the topic of data stewardship, access, sharing, and control in regards to national data strategies. WPF will be speaking as a organizational member of the formal civil society stakeholder group at OECD (CSISAC). https://www.oecd.org/digital/going-digital-project/ ). This ...

WPF commends CAIDP's AI and Democratic Values Index

WPF commends the publication of the Artificial Intelligence and Democratic Values Index by the Center for AI and Digital Policy (CAIDP). The Index, which was published 21 February 2022, contains an overview of AI implementation in the country-level context, covering 50 countries, and focusing on how implementations are progressing. WPF’s ...

Roundtable: Are current models of data protection fit for purpose? Understanding the consequences for economic development

WPF’s Executive Director Pam Dixon will be moderating a Center for Global Development roundtable May 20 to discuss data governance models from the perspective of low and middle income countries. This is part of her ongoing work as co-chair of the Governing Data for Development project working group. Michael Pisa, ...

Governing Data for Development: Trends, Challenges, and Opportunities

The World Privacy Forum is pleased to announce its work on a new project with the Center for Global Development (CGD). This project, Governing Data for Development, is led by CGD, with WPF's Executive Director Pam Dixon as co-chair of the project working group with co-chair and Oxford professor Benno Ndulu, who is also the former Governor of the Central Bank of Tanzania. The project, which has been underway for a year, has produced its first report, which is a scoping report based on interviews with key stakeholders. This blog post, which provides background on the project and links to the first project report, is being jointly posted at WPF and CGD.

Age Appropriate Design: new code of practice regarding online services for children from the UK Information Commissioner

The UK Information Commissioner’s Office has published a new code of practice for online services directed to children, Age appropriate design: A code of practice for online services. The new code sets 15 flexible standards and gives specific explanations of how the GDPR applies to childrens’ online activities and pursuits. ...

Health Industry Cybersecurity Practices: New consensus practices and tools from HHS

The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.

Public Comments: WPF comments on proposed revised consent decree re: Uber; requests FTC to hold workshop to determine standards for privacy assessments

In comments to the FTC regarding a proposed revised consent decree with Uber Technologies, Inc., WPF urged the FTC to clarify what the term "assessment" means in the context of a consent decree with a company. The comments note that the requirement for an assessment is not the same as ...

WPF at RightsCon to Present on Digital Identity, Digital Rights

We are honored to be speaking on two panels at this year’s RightsCon, an event that takes place 29-31 March in Brussels, Belgium. Both of our panels will be on the 31 of March. Here is some additional reading and information for each of the panels: Panel 1: Managing Concerns Around Digital Identity, Fri, 9:00-10:15, Innovation, 1st Floor....

When TVs watch you: What we learned from the FTC's VIZIO case

Television maker VIZIO is paying $2.2 million in penalties to settle charges after the FTC and the New Jersey Attorney General's office brought a complaint against the company for violating its customers' privacy. The complaint against VIZIO stated that the company collected detailed information on millions of its customers TV viewing habits without their express consent, and that VIZIO facilitated something called "data appending," which is when even more detailed information is added to existing customer profiles.

The New Healthcare Fraud Continuum: Keynote

This coming Thursday, WPF Executive Director Pam Dixon will give a keynote speech on health privacy and security, "The New Healthcare Fraud Continuum." Based on her latest research in health privacy, this talk will be Dixon's first talk about the new fraud continuum, what it is, how it operates, what ...

Medical identity theft and electronic health care records: risks and solutions

Executive Director Pam Dixon will be speaking this Friday at the National Association of Healthcare Journalists about electronic records, and the risk of medical identity theft and other risks that arise from data breaches of medical records. Dixon's talk will cover new research, as well as discuss potential solutions to ...

Mobil Privacy Summit

Learn to protect mobile users and build safe mobile apps at the Mobile Privacy Summit Oct. 23 in Los Angeles. The office of California Attorney General Kamala Harris and the Federal Trade Commission join WPF's Pam Dixon and other privacy experts to discuss best practices and regulatory requirements you should be aware of to ensure the privacy of mobile app users. Registration is free of charge.

Consumer Tips: What to do about the NSA address book snooping

The Washington Post published new revelations from Edward Snowden’s leaked documents that revealed that the NSA is scooping up millions of email and IM address books globally. This is a serious piece of snooping business, and it deserves immediate attention on a policy level. For people who are reading this and wondering what you can do today, right now, here are some immediate steps to take.

WPF on EASA: Self-Regulation on Online Behavioral Advertising No Longer Credible

Comments on EASA --The World Privacy Forum submitted comments today on the European Advertising Standards Alliance's Best Practice Recommendation on Online Behavioural Advertising. Our comments focus upon three key areas: First, the EASA recommendation fails to recognize the protection of consumer privacy in Online Behavioral Advertising (OBA) as a key policy goal. Second, the recommendation's protections are narrow, creating illusory protections for user privacy, whether or not they opt out of OBA. Finally, we critique the oversight and compliance mechanisms, which are not likely to foster consumer confidence nor police the industry. Drawing upon the WPF's 2007 report, The NAI: Failing at Consumer Protection and at Self-Regulation, the comments argue that EASA's approach suffers from the same weaknesses as self-regulatory approaches deployed in the United States, and that European lawmakers should not replicate the failed American approach. Law students from the Samuelson Law, Technology & Public Policy Clinic helped draft the comments as part of an ongoing project on consumer privacy and OBA.

Briefing Paper - Responses to Medical Identity Theft: Eight best practices for helping victims of medical identity theft

Version 1: October 16, 2007 The World Privacy Forum, as part of its ongoing in-depth research into medical identity theft issues and responses, has outlined 8 best-practice responses to the crime by the health care sector. These best practices are based on interviews with victims, providers, and other stakeholders. These ...

World Privacy Forum gives keynote speech to AHIMA on medical identity theft; outlines 8-point best-practice responses to the crime

Medical identity theft | AHIMA -- Executive director Pam Dixon spoke to thousands of AHIMA delegates in Philadelphia sharing the latest information on medical identity theft and outlining 8 best practice responses to the crime for the health care sector. Dixon specifically asked for the creation of national guidelines for helping medical identity theft victims, the ability for victims to set red flag alerts in their health care files, that providers train and have dedicated personnel to help medical identity theft victims, "john and jane doe" file extractions, a focus on addressing insider access to patient information, risk assessments specifically for medical identity theft, and educational efforts. The information in the speech was based on the latest World Privacy Forum research in the area of medical identity theft.

World Privacy Forum outlines 8 best practice responses to medical identity theft for the healthcare sector

Medical identity theft | Best practice responses -- The World Privacy Forum has outlined 8 best practice responses to medical identity theft for the health care sector. The best practice responses are based on research the Forum is conducting for its second report on medical identity theft, and is a work in progress. The 8 best practice responses were presented to AHIMA delegates October 9; the Forum is soliciting and accepting feedback on the 8 best practices.