Blog Post

World Privacy Forum Files FTC Complaint About AOL Data Releases

Internet privacy -- The World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL's multiple releases of portions of its users' search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines.

World Privacy Forum Announces IPSC2008 Conference in Tokyo, Japan

IPSC2008 Conference -- The World Privacy Forum is co-hosting the first International Privacy and Security Conference 2008 (IPSC2008), to be held in Tokyo, Japan on November 11-12, 2008. Also co-hosting the conference are the Japan-based Institute of Electronics, Information and Communication Engineers (IEICE), Social Implications of Technology and Information Ethics, and the Japan Society of Security Management. This conference brings together Japan's leading privacy and security experts and scholars as well as experts from the US and the EU.

News Release and Event Announcement: International Privacy and Security Conference 2008

This conference is convened for the purpose of gaining a deepened mutual understanding of privacy and security approaches cross-culturally, with the conference providing an international forum for discussing and understanding the different concepts of privacy and security in the US, Asia, and the EU. Through sharing of current practices and ideas, the participants will explore possible bridges between what these concepts mean in different countries both now and looking to the future as well.

Comments of the World Privacy Forum to the FTC re: Ingenix and Milliman FCRA enforcement action

Medical privacy -- Some recent articles about the sale of patients' prescription histories to insurance companies have raised many consumer questions about this practice. Ingenix and Milliman -- two companies engaged in this practice -- were the subject of a Federal Trade Commission enforcement action which was published for comment in September 2007. The World Privacy Forum provided formal comments to the Federal Trade Commission last year about this enforcement action; the WPF sought to have all affected consumers notified of adverse actions taken based on the information, and asked the FTC to modify its enforcement action to include an appropriate monetary penalty against the two companies.

FTC reports more than 145 million telephone numbers are in the National Do Not Call Registry

Do Not Call Registry -- In its fourth annual report to Congress on the Do Not Call Registry, the Federal Trade Commission released some interesting new statistics. As of September 2007, there were 145,498,656 telephone numbers in the Do Not Call Registry. The FTC also reported that 6,242 entities paid over $21 million for access to the DNC Registry in 2007. The report also details the FTC's enforcement actions against businesses violating the DNC Registry rules. As of September 30, 2007, the FTC had filed 25 cases regarding DNC Registry violations and had settled 22 of the cases.

Resume posting guide updated

Job search privacy -- The World Privacy Forum's popular resume posting guide, 12 Resume Posting Truths, has been updated. This update is part of an ongoing project on job search privacy. The World Privacy Forum has extensive materials on job search privacy and job scams.

World Privacy Forum receives 2008 Consumer Excellence Award

Consumer Excellence Award -- World Privacy Forum executive director Pam Dixon has received a 2008 Consumer Excellence Award for her leadership and work in the area of medical identity theft and consumer privacy from Consumer Action. Also honored was Herb Weisbaum, a 5-time Emmy-winner who is a consumer contributor to NBC's Today Show. Consumer Action was founded in 1971 and is a national non-profit organization focused on consumer education and advocacy. The awards ceremony was held in San Francisco on June 26th. The World Privacy Forum is honored to accept this award.

OECD reaffirms its support for the 1980 OECD principles on privacy, or "Fair Information Practices"

OECD | Fair Information Practices -- At a key meeting of the OECD on the future of the Internet economy, the OECD Secretary General Angel Gurria reaffirmed support of the 1980 OECD Privacy Principles. Also, Secretary General Angel Gurria expressed support for formalizing the participation of civil society in OECD going forward and for paying more attention to information security and identity theft problems. Secretary General Gurria noted that "A more decentralised, networked approach to policy formulation for the Internet Economy that includes the active participation of stakeholders needs to be the norm." Many parts of the recent OECD meeting may be viewed online.

Council for Responsible Genetics convenes experts and the public for database and genetics conference

Genetic privacy -- The World Privacy Forum participated in a Council for Responsible Genetics (CRG) conference on genetic databases at New York University. The groundbreaking conference focused on key issues of race and genetic databases, fairness, accuracy, and privacy. The World Privacy Forum discussed a paper by Dr. Harry G. Levine, Drug Arrests and DNA, noting that innocent victims of medical identity theft may be arrested for the "drug seeking behavior" of the criminals impersonating them.

World Privacy Forum files comments with FTC regarding credit -based insurance scoring

Financial privacy -- The World Privacy Forum filed comments with the Federal Trade Commission today about its proposed study of credit -based pricing practices for homeowners insurance. The World Privacy Forum requested that the FTC ask insurers if there are specific procedures in place for detecting, mitigating, and responding to consumers who have been victims of identity theft. The WPF noted its support for the FTC's use of the FTC Act Section 6(b) authority to acquire robust information from the insurance companies.

World Privacy Forum, Privacy Rights Clearinghouse, EPIC, and other consumer groups urge Google to post a link to its privacy policy from its home page

Internet privacy -- The World Privacy Forum, Privacy Rights Clearinghouse and EPIC were joined by California-based EFF, the ACLU of Northern California, Consumer Action, Consumer Federation of California and other national groups in asking Google's CEO Eric Schmidt to provide a prominent link to the Google privacy policy directly from its home page. Google has recently been criticized for not providing a link to its privacy policy from its home page, as the California Online Privacy Protection Act requires. The groups noted that linking to a privacy policy on a home page is considered a widespread best practice.

Key genetic oversight report released; includes changes based on World Privacy Forum comments

SACGHS | Oversight of genetic testing -- The Secretary's Advisory Committee on Genetics, Health and Society (SACGHS) released its final report on Oversight of Genetic Testing (U.S. System of Oversight of Genetic Testing: A Response to the Charge of the Secretary of Health and Human Services, April 2008, PDF, 276 pages). This is a substantial, thoughtful report that is likely to have a long-term impact on the field. The World Privacy Forum submitted formal written comments regarding this report when it was in draft form, and also appeared before the Committee in person in February of 2008 to discuss additional information relevant to the report. The final report reflects the World Privacy Forum comments and testimony. The report now includes a discussion about Direct to Consumer advertising and marketing as well as related privacy issues. The discussion in the final report also now acknowledges the implications of Direct to Consumer marketing of genetic tests regarding online privacy. The final report also reflects generally increased attention to privacy issues.

World Privacy Forum files comments on proposed changes to FERPA; requests changes to protect student and parent privacy

FERPA -- The U.S. Department of Education has published proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information. FERPA comments may be filed until close of business Eastern time May 8, 2008.

World Privacy Forum to speak at Federal Trade Commission health workshop

Health Care Innovations workshop -- The World Privacy Forum will be speaking at an upcoming FTC workshop on the topics of medical identity theft, personal health records, and direct-to-consumer genetic tests and marketing. The workshop is April 24, 2008. Workshop information is available at the FTC web site.

World Privacy Forum files comments on behaviorally targeted ads online; requests separate rulemaking for sensitive medical information

Behaviorally targeted advertising | FTC proposed rules -- The World Privacy Forum filed comments in response to the Federal Trade Commission's proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly.

World Privacy Forum files comments on proposed rules regarding Patient Safety Organizations

Patient Safety Organizations | Proposed rulemaking -- The World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Heathcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations.

Updated Consumer Tips for Medical ID Theft

Medical ID theft -- Based on interviews with numerous victims and others involved in the crime of medical identity theft, and based on our own work with victims, the World Privacy Forum has added some new information to its 2006 consumer tips for medical identity theft. We have also slightly updated some of the older tips based on new information. The Forum has also updated its medical identity theft landing page to reflect our new and ongoing work in this area.

Legal and Policy Analysis: Personal Health Records: Why Many PHRs Threaten Privacy

New publication | PHRs and privacy -- The World Privacy Forum has published a new legal and policy analysis examining Personal Health Records -- or PHRs -- and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs.

WPF Consumer Advisory: The Potential Privacy Risks in Personal Health Records Every Consumer Needs to Know About

Consumer advisory | PHRs and privacy -- The World Privacy Forum has issued a consumer advisory about the privacy of PHRs to help consumers understand and approach the complex privacy issues PHRs can raise. Consumers need to know that not all PHRs protect privacy in the same way, and some PHR systems can undermine consumer privacy in serious ways that consumers may not be expecting.

World Privacy Forum, NCLC, and Consumer's Union file extensive comments regarding accuracy of credit reports

Financial privacy / credit reports -- The NCLC, Consumer's Union, and the World Privacy Forum filed extensive joint comments today regarding the proposed rulemaking, Procedures to Enhance the Accuracy and Integrity of Information Furnished to Consumer Reporting Agencies under Section 312 of the Fair and Accurate Credit Transactions Act. The results of the proposed rulemaking will have a significant impact on how the accuracy of credit reports is defined for consumers, and will have a substantive influence over how consumers may handle credit report disputes directly with those who furnish information for the reports.

Opportunity for public comment on the accuracy of credit reports

Financial privacy | credit reports -- Consumers and organizations have an opportunity to submit public comments about the accuracy and integrity of credit reports. Until February 11, the Federal Reserve Board, the Federal Trade Commission and other banking agencies will be accepting comments on their draft rulemaking regarding how creditors and other furnishers provide information to consumer reporting agencies, and which types of direct disputes they must handle. This proposed rulemaking is a key one; it defines what accuracy and integrity of information provided to consumer reporting agencies means, how disputes may be handled directly with the furnishers, and which types of direct disputes furnishers may ignore. The NCLC, Consumer's Union, and the World Privacy Forum have written a sample letter that may be downloaded and used or modified for the comments. To file your letter, submit your comments to the Board of Governors of the Federal Reserve System by mailing the comments to regs.comments@federalreserve.gov with the subject line "Docket No. R–1300."