India and Privacy -- WPF has researched privacy extensively in India, and has documented a number of key privacy issues in a video series. So far, 5 videos in the series have been released. All of the videos were shot on location in India and feature Pam Dixon, with videographer Blake Hamilton. These videos offer a rare and early glimpse into privacy interactions and issues in India
Online privacy -- Pam Dixon will participate in the IAB's formal privacy policy debate as a privacy and consumer representative on Tuesday, Feb. 26. This marks the first time the IAB annual leadership summit has hosted a formal policy debate. The debate will be moderated by Katy Kay of Advertising Age.
Reputation and privacy -- Pam Dixon spoke at the Southwestern Law School Privacy Conference on the topic of reputational privacy Friday the 22cnd along with Neville Johnson and Paul Tweed. Dixon highlighted three key consumer situations WPF assisted with recently, discussing the employment challenges consumers faced when harmful material was available online during the job search process.
Mobile Privacy -- The World Privacy Forum attended the NTIA Multistakeholder meeting as one of the core drafters of the code of conduct being considered by the NTIA Multistakeholder process. WPF and the other drafters are accepting comments from all stakeholders in preparation of the next iteration of the draft.
Arizona School of Law -- Pam Dixon participated as a discussant and contributor to the Arizona School of Law's private workshop on the topic of the future of privacy. Key areas of discussion included the European Union's Right to be Forgotten proposal, consent and health privacy, and Do Not Track.
Webinar -- This Thursday, Pam Dixon will be presenting the consumer privacy perspective for a DMA Webinar on data innovation. While marketers are interested in innovating to use consumer data, consumers have real privacy concerns that need to be addressed. Dixon will present some of the key implications.
Pam Dixon to Speak at Churchill Club -- WPF's Pam Dixon will speak on privacy gaps at Silicon Valley's Churchill Club Wednesday, January 23 in San Francisco. The panel is part of International Privacy Day activities and will be moderated by Chris Kelley, Former Chief Privacy Officer of Facebook.
NTIA Mobile privacy -- WPF participated in the January 17th meeting of the NTIA Multistakeholder Process. The jointly crafted code WPF, ACLU, Mobile App Alliance, and Consumer Action created was again discussed and edited. A growing consensus is moving toward the joint code. The next meeting is January 31, 2013.
Facial recognition -- Pam Dixon spoke at a CES panel on privacy issues in facial recognition technologies as part of the Leaders in Technology program at CES. The panel was moderated by Tony Romm of Politico and included FTC Commissioner Maureen Ohlhausen and Harley Geiger, legislative counsel for Representative Zoe Lofgren. Dixon spoke on the need for increased work on consumer options in a "sensor rich environment where there is no option to opt out by walking out." Referenced in the panel was WPF's report on digital signage and facial recognition, The One-Way Mirror Society.
July 21, 2012 San Diego, California -- Today the World Privacy Forum filed comments on California's plan to harmonize existing California state law to federal health privacy laws. California's health privacy law, the CMIA, offers Californian's stronger privacy protections than national level health privacy laws. WPF urges California to reconsider its plan to weaken Californian's privacy. Executive director Pam Dixon said "The harmonization plan coming out of California's Department of Health and Human Services is not in harmony with California patients and their health privacy."
New California privacy enforcement office -- California Attorney General Kamala Harris has created a new privacy protection and enforcement unit. The unit will be housed in the Department of Justice and will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws, a news release said. "The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights. " Joanne McNabb, who ran the now de-funded California Office of Privacy Protection, will serve as director of privacy education and policy for the unit.
Drones -- A recent item about drones in the GWU CyberSecurity Policy Newsletter revealed that drones can be hacked via spoofing the drone GPS systems. Government drones in US airspace are poised to become a privacy issue of increasing concern.
Mobile privacy -- Mobile app privacy is the topic of the multistakeholder process to be undertaken this week under the direction of the US Department of Commerce. Over the weekend, a NYT article revealed that mobile carriers received more than 1.3 million requests by law enforcement for mobile data, including requests for text messages. This article is a focusing event. It is a reminder that in mobile privacy we need to put the consumer first, focus on what is important, and apply responsibility for privacy and transparency throughout the hierarchy of mobile players, from carriers to platforms to app stores to publishers to developers. It is unclear yet what segments of the hierarchy require what amounts of the burden, but what is clear is that carriers will certainly need to do a lot. It is also clear that the idea of just an icon on a screen to communicate the idea of mobile privacy to consumers is a band-aid approach at best when faced with the truth of where some of the real risks are for consumers.
HIE interactive map -- WPF has posted a new interactive map of health information organizations and exchanges in California. This is a map-in-progress, and we will be adding data to the map in stages.
Mobile Apps -- Pam Dixon will be speaking in the Privacy Summit Series in dialogue with the leading mobile app developers in Los Angeles and San Diego, both mobile app hotspots. The dialogues are part of a national series aimed at fostering a robust discussion between privacy experts and leading developers. The Los Angeles event is taking place June 5, the San Diego event is June 6.
FTC | Mobile privacy – Pam Dixon spoke at the FTC’s May 30 mobile disclosures workshop. The panel focused on exploring privacy in the mobile applications and mobile wireless space. Some of the privacy topics Dixon covered at the workshop included the role and use of unique identifiers in wireless technologies.
Genetic Privacy | Bioethics -- WPF filed comments with the Presidential Commission for the Study of Bioethics today urging the Commission to recognize the need for enhanced genetic privacy protections in a digital world. WPF noted that "The increasing identifiability of genetic data presents major privacy issues for research activities that must be acknowledged and addressed." WPF suggested four key ways that Certificate of Confidentiality programs could be enhanced for privacy protection, and urged the Commission to speak out about the importance of protecting patient privacy in research activities involving genetic information. "The Commission should advocate providing patients with reasonable controls over research uses of their data as electronic records develop and spread throughout the health care system." Public comments may be submitted to the Commission until May 25, 2012.
Medical ID Theft -- WPF has completely updated its landmark medical identity theft tips and advice for patients and consumers. "The new FAQcontains detailed advice for anyone who is a victim of medical ID theft, or is worried about becoming one," says Pam Dixon. "The FAQ and our shorter consumer tips have been updated to reflect our most recent research." In 2006, WPF published the first known report on medical ID theft and coined the term. Since then, WPF has been in the forefront of researching this crime and working to assist victims and those working with victims
WPF Completes Medical ID Theft Training -- Pam Dixon of WPF conducted a detailed training for law enforcement and health care professionals on medical identity theft detection, prevention, and cures. The training was held at the campus of the Denver Health Medical Center.
In a rare enforcement action of HIPAA, HHS fined an Arizona health care provider $100,000 for a variety of HIPAA violations, especially regarding electronic exchanges of protected health information. The HHS document outlining the reasons for the fine should act as a wake-up call to health care providers using public email, calendaring, and other tools for communication of ePHI. HHS specifically noted that the fined health care provider did not conduct an adequate risk assessment prior to using the email and Internet tools. The full HHS document is a must-read for health care providers. WPF has been warning about the need for full e-risk assessments since 2005 and strongly advocates for medical-identity-theft-specific risk assessments.
WPF comments on Multi-Stakeholder Process -- WPF filed two sets of comments with the US Department of Commerce regarding the MultiStakeholder Process and the privacy topics to be taken up. The first set of comments were WPF's formal filing of the joint Civil Society MultiStakeholder Principles on behalf of WPF and the American Civil Liberties Union, Center for Digital Democracy, Consumer Action, Consumer Federation of America, Consumers' Union, Consumer Watchdog, Electronic Frontier Foundation, National Consumers' League, Privacy Rights Clearinghouse, and US PIRG. The second set of comments were WPF's own comments to the Department. WPF urged the Department to employ a fair process, choose focused topics, and to apply the full range of the Consumer Privacy Bill of Rights to each topic.
Data Broker opt out -- WPF, in 2011 comments to the FTC, urged the FTC to create a centralized place for consumers to opt-out of data broker tracking. This is a long-standing issue WPF has worked on. Previously, WPF filed a petition in 2009 to the FTC regarding mail-in data broker opt outs, which resulted in an FTC action and improvements for consumers. In its new report published today, the FTC has picked up WPF's centralized opt out recommendation, specifically citing WPF's comments. From its report: "The Commission recommends that the data broker industry explore the idea of creating a centralized website where data brokers that compile and sell data for marketing could identify themselves to consumers and describe how they collect consumer data and disclose the types of companies to which they sell the information." The WPF strongly supports this idea and views assistance to consumers in this area as vital.
The FTC's new privacy report -- a long -awaited planbook for privacy in the digital age - has picked up several key recommendations the WPF has made. First, the report picks up WPF's direct recommendation in its 2011 comments that the FTC set up a centralized web site to allow consumers to opt out of data brokers. The FTC has directly called for this as a primary part of its report. The WPF strongly supports this. Pam Dixon of the WPF originated the Do Not Track idea in 2007, and with a group of privacy experts, submitted the original idea to the FTC that year. Now, DNT has also made it into the final FTC report.
Following WPF on Facebook -- WPF maintains an active Facebook page, and it features slightly different content than our home website. For Facebook, we make regular newsfeed postings about WPF activities and also post content for people who want to follow privacy via their Facebook newsfeeds. This past week, stories we've posted include a report on the economics of privacy, the new Pew study on privacy, a privacy-related human interest story, and news about the VZBW lawsuit in Germany against Facebook. It's not the only way to keep up with WPF, but if you are on Facebook a lot, it is a good way. Our page is located
MultiStakeholder Privacy Principles -- The World Privacy Forum has led an effort to craft a set of principles with the nation’s leading civil liberties, privacy, and consumer groups. Today, the groups are releasing a set of baseline Multi-Stakeholder Principles in response to the U.S. Department of Commerce’s plan for a multi-stakeholder process on privacy. (The U.S. Department of Commerce is undertaking a representative process for bringing together members of industry and civil society to form new privacy rules.) These leading groups believe that for the multi-stakeholder process to succeed, it must be representative of all stakeholders and must operate under procedures that are fair, transparent, and credible.
