All 50 states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have enacted data breach notification laws. The first data breach law was passed in 2002 in California, and in 2018 the final two states, South Dakota and Alabama, passed their data breach laws. Some states require ...
The World Privacy Forum advised the SEC in comments today regarding the SEC proposal to modernize the description of business, legal proceedings, and risk factor disclosures pursuant to Regulation S-K. In its notice, the SEC described risk from environmental regulation as material to companies. In its comments to the SEC, ...
The US Department of Health and Human Services (HHS) has produced a set of cybersecurity resources for healthcare provider organizations from small to large. So far, HHS has published four documents: an overview report of cybersecurity issues and practices, two technical volumes, and a toolkit. The documents focus on what an expert multistakeholder consensus group determined to be the five most prevalent cybersecurity threats and the ten core cybersecurity practices. The practices are voluntary, and utilize the NIST cybersecurity framework. The documentation is based in reality, not conjecture, and the documents are not intended to sell any particular products for any particular vendor. This has allowed for a rich and helpful documentation of current challenges along with solutions. See our overview of the four new resources.
The National Academies of Science have released Securing the Vote: Protecting American Democracy . The consensus report richly documents how, during the 2016 presidential election, actors sponsored by the Russian government attacked the US voting and election infrastructure. The report assesses the web of technology infrastructures related to voting, and ...
PDF Version of Release here 24 May 2018 For Immediate Release Historic Data Broker Regulation in the United States Welcomed by World Privacy Forum Vermont: First state to adopt modern rules for unregulated data brokers WPF call for data broker protections to be elevated to national level and provided for ...
Here is a spring 2018 update on a selection of privacy stories WPF has been quoted in over the past few months, many of them quoting our work on privacy. For more articles, see our full World Privacy Forum in the News page. In you missed our recent posts on ...
The government of India has published an important white paper discussing its approach to data protection legislation, White Paper of the Committee of Experts on Data Protection Framework for India . The government of India is accepting comments on its white paper until January 31, 2018. This paper is particularly ...
The US Federal Bureau of Investigation (FBI) issued a rare alert to parents about "smart toys," that is, those that connect to WiFi, and may contain microphones, sensors, and other information-gathering capacities. The alert states that these kinds of toys could pose risks to childrens' privacy and safety. The alert, ...
The Global Risk Report 2017 from the World Economic Forum cites threats to global economic wellbeing ranging from natural disasters and large scale involuntary migration to -- this year -- risks arising from a "growing cyberdependency." Specific risks the report calls out in this category are cyberattacks, data fraud and ...
At Biometrics 2016 in London, I gave a keynote presentation on the state of biometrics policy and privacy, with suggestions for further work. Several aspects of that presentation have garnered follow-up requests, including requests for more information about my discussion of the "Fishbone Model" of biometric template security, a model ...
The US Postal Service's new Informed Delivery system has the potential to impact every household in the United States that receives mail. It's important, and there are plenty of privacy issues. The World Privacy Forum wrote extensive comments to the United States Postal Service warning it about certain consumer privacy and security risks of its Informed Delivery service. Here's more information about Informed Delivery, and why it may create new phishing risks.
This coming Thursday, WPF Executive Director Pam Dixon will give a keynote speech on health privacy and security, "The New Healthcare Fraud Continuum." Based on her latest research in health privacy, this talk will be Dixon's first talk about the new fraud continuum, what it is, how it operates, what ...
The World Privacy Forum submitted comments to the Food and Drug Administration in response to its request for public input on its draft guidance on the cybersecurity of medical devices. The privacy considerations for medical devices is significant. Because there are a large number of stakeholders in the life cycle ...
WPF's Congressional testimony of Nov. 3, 2015 before the US Senate Judiciary Committee is now available online. Please visit the Senate download site here to access the written testimony. The testimony focuses on data brokers, information security, and regulatory controls. A video of the actual hearing is also available from ...
WPF Executive Director Pam Dixon will testify before the Senate Judiciary this Tuesday, Nov. 3. The hearing is on data broker security, with Chairman Flake presiding. Hearing details: Data Brokers – Is Consumers’ Information Secure? Subcommittee on Privacy, Technology and the Law Date: Tuesday, November 3, 2015 Time: 2:30 pm ...
At the World Privacy Forum, consumers frequently approach us and ask us where they can complain about privacy and security issues. It is not unusual for us to hear about issues like online scams and phishing schemes that cross country borders. The Econsumer.gov website is designed to help consumers with ...
Drones -- A recent item about drones in the GWU CyberSecurity Policy Newsletter revealed that drones can be hacked via spoofing the drone GPS systems. Government drones in US airspace are poised to become a privacy issue of increasing concern.
US Department of Commerce | Cybersecurity -- The US Department of Commerce released a green paper on cybersecurity with recommendations for improving cybersecurity via self regulation, or voluntary codes of conduct. The report, Cybersecurity, Innovation, and the Internet Economy also contains a discussion of some privacy issues, such as the impact of data breach notification laws. Comments are due in 45 days.
Health privacy -- The World Privacy Forum filed comments today about how medical records and other health information is intersecting with online advertising and online activities. The WPF comments were filed with the Department of Health and Human Services in response to its request for comments on personal health records, privacy, and social media.
European Privacy Seal -- Ixquick.com is the first search engine to receive formal EU privacy approval. The EuroPriSe (European Privacy Seal) was awarded to Ixquick after a lengthy certification process. Ixquick deletes its users\' IP addresses after 48 hours.
OECD | Fair Information Practices -- At a key meeting of the OECD on the future of the Internet economy, the OECD Secretary General Angel Gurria reaffirmed support of the 1980 OECD Privacy Principles. Also, Secretary General Angel Gurria expressed support for formalizing the participation of civil society in OECD going forward and for paying more attention to information security and identity theft problems. Secretary General Gurria noted that "A more decentralised, networked approach to policy formulation for the Internet Economy that includes the active participation of stakeholders needs to be the norm." Many parts of the recent OECD meeting may be viewed online.
New publication | PHRs and privacy -- The World Privacy Forum has published a new legal and policy analysis examining Personal Health Records -- or PHRs -- and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs.
Genetic privacy -- Executive director Pam Dixon presented key issues and potential solutions regarding privacy and Genome Wide Association Studies at the Institute of Medicine's Board on Health Sciences Policy meeting. Her presentation included recommendations to engage in a comprehensive study of certificates of confidentiality, to encourage standards of identifiability, to encourage study of what more uniform standards of privacy and security for researchers might look like, and a recommendation to work toward broad solutions that extend beyond GWAS activities.
Genetic Privacy -- The World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests.
e-Government /CIPSEA -- The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.
