Senior Identity Theft - FTC -- WPF Executive Director Pam Dixon will be speaking at the Federal Trade Commission Tuesday on the issue of Senior ID theft, and specifically, about medical forms of the crime. Dixon, who wrote the first report on medical ID theft and coined the term for the crime, will be presenting new research at the panel.
In 2012, the US Federal Trade Commission brought a remarkable case against Equifax for selling consumer financial information -- which included credit scores and late mortgage payment information-- to companies offering services to consumers in financial distress. The World Privacy Forum commented to the FTC on this case, which was important for a number of reasons.
Privacy in India and Developing Economies -- World Privacy Forum Executive Director Pam Dixon will present WPF's research and India privacy videos at the FTC - IAPP Global Privacy Conference workshop Wednesday, March 7. The session, Global Perspectives on Consumer Privacy, is the first session of its kind at IAPP or the FTC focused on privacy in developing economies. WPF has researched privacy extensively in India, and has documented a number of key privacy issues in a video series. So far, 5 videos in the series have been released. All of the videos were shot on location in India and feature Pam Dixon, with videographer Blake Hamilton. These videos offer a rare and early glimpse into privacy interactions and issues in India. WPF will be releasing one more video on biometric ID cards in India.
FTC | Mobile privacy – Pam Dixon spoke at the FTC’s May 30 mobile disclosures workshop. The panel focused on exploring privacy in the mobile applications and mobile wireless space. Some of the privacy topics Dixon covered at the workshop included the role and use of unique identifiers in wireless technologies.
Data Broker opt out -- WPF, in 2011 comments to the FTC, urged the FTC to create a centralized place for consumers to opt-out of data broker tracking. This is a long-standing issue WPF has worked on. Previously, WPF filed a petition in 2009 to the FTC regarding mail-in data broker opt outs, which resulted in an FTC action and improvements for consumers. In its new report published today, the FTC has picked up WPF's centralized opt out recommendation, specifically citing WPF's comments. From its report: "The Commission recommends that the data broker industry explore the idea of creating a centralized website where data brokers that compile and sell data for marketing could identify themselves to consumers and describe how they collect consumer data and disclose the types of companies to which they sell the information." The WPF strongly supports this idea and views assistance to consumers in this area as vital.
The FTC's new privacy report -- a long -awaited planbook for privacy in the digital age - has picked up several key recommendations the WPF has made. First, the report picks up WPF's direct recommendation in its 2011 comments that the FTC set up a centralized web site to allow consumers to opt out of data brokers. The FTC has directly called for this as a primary part of its report. The WPF strongly supports this. Pam Dixon of the WPF originated the Do Not Track idea in 2007, and with a group of privacy experts, submitted the original idea to the FTC that year. Now, DNT has also made it into the final FTC report.
Facial recognition | Digital signage -- The World Privacy Forum filed extensive comments to the FTC today following up on Pam Dixon's testimony at a December 2011 FTC facial recognition privacy workshop. The WPF comments noted that "A walk-out opt-out is not a viable way of managing consumer consent in the area of facial recognition or detection technologies." The comments discussed the importance of recognizing the Face Print as a unique biometric, and also discussed the need for finding ways of consumer consent that are reasonable. Given the ubiquity of cameras in some retail and public spaces, just walking away will become less and less of an option for consumers going forward, the comments argued. The comments also included the WPF's ground breaking report, The One-Way Mirror Society, and the joint Consumer Privacy Principles for Digital Signage.These principles were signed by the nation's leading privacy and consumer groups.
The World Privacy Forum appreciates the opportunity to comment on the issue of facial recognition pursuant to the FTC Face Facts Workshop held on December 8, 2011. [1] The World Privacy Forum spoke on Panel 4 of the workshop, and those comments are already on the record. In these written comments, we would like to submit several key documents for the record and reaffirm several ideas from the workshop. The documents we are including as part of these comments include the World Privacy Forum’s groundbreaking report on digital signage, The One Way Mirror Society. Also included as part of these comments are the consensus privacy principles for digital signage installations that were signed by the leading US consumer and privacy groups.
Facebook -- In response to the FTC's proposed settlement with Facebook over the company's multiple privacy violations, the World Privacy Forum has asked the FTC to make key changes. "We applaud the FTC for its work on the Facebook case," said executive director Pam Dixon. "We support many parts of the settlement. However, we urge the FTC to provide full redress for affected consumers by rolling back the privacy controls to the 2009 defaults, and we also urge the FTC to follow the 2004 Gateway Learning, Corp. precedent and require Facebook to disgorge profits they made from violating their privacy policy retroactively." The comment period is open to the public until December 30.
In response to the FTC's proposed settlement with Facebook over the company's multiple privacy violations, the World Privacy Forum has asked the FTC to make key changes. "We applaud the FTC for its work on the Facebook case," said executive director Pam Dixon. "We support many parts of the settlement. However, we urge the FTC to provide full redress for affected consumers by rolling back the privacy controls to the 2009 defaults, and we also urge the FTC to follow the 2004 Gateway Learning, Corp. precedent and require Facebook to disgorge profits they made from violating their privacy policy retroactively." The comment period is open to the public until December 30.
Facial recognition -- Pam Dixon of WPF testified at the FTC's Facial Recognition workshop, speaking on a panel about the policy implications of facial recognition technology. The World Privacy Forum's report on Digital Signage was mentioned several times at the hearing, as were the collaborative consumer protection principles the WPF led.
The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.
Data Broker Settlement -- In April 2009, the World Privacy Forum sent the FTC a complaint regarding a lack of online opt-outs for consumers at some online data broker web sites. Our complaint focused on the difficulties online consumers would have opting out of certain web sites. In our complaint, we noted that online consumers were having difficulties with the opt outs. Today the FTC issued a final decision in this matter, and specifically improved online opt outs for consumers at US Search.
The World Privacy Forum filed comments with the FTC in response to its preliminary staff report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. In our comments, we urge the FTC to take affirmative steps to protect consumer privacy online and offline. Our comments include a brief history of privacy self regulation, and point out how privacy self regulation has consistently failed. The comments also discuss Do Not Track, and urge the FTC to take a broader look at tracking protections for consumers. WPF also specifically requested that the FTC identify credit reporting bureaus subject to Fair Credit Reporting Act regulations and assist consumers in locating those bureaus.
WPF Comments on the FTC Privacy Report -- The World Privacy Forum filed comments with the FTC in response to its preliminary staff report, Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. In our comments, we urge the FTC to take affirmative steps to protect consumer privacy online and offline. Our comments include a brief history of privacy self regulation, and point out how privacy self regulation has consistently failed. The comments also discuss Do Not Track, and urge the FTC to take a broader look at tracking protections for consumers. WPF also specifically requested that the FTC identify credit reporting bureaus subject to Fair Credit Reporting Act regulations and assist consumers in locating those bureaus.
LifeLock -- The Federal Trade Commission began sending checks to almost a million consumers who were subscribers to the LifeLock ID theft protection service. LifeLock agreed to pay fines of $11 million to the FTC and $1 million to a group of state attorneys generals to settle charges that had been made against the company. Consumers with questions about this distribution may call 888-288-0783 or see the FTC's web page on this, http://www.ftc.gov/refunds.
ID theft -- The FTC has published a new ID Theft guide. The new guide is designed to help attorneys and volunteers who assist ID theft victims. The guide covers laws that protect victims, and pro bono legal information. A must-read for those helping victims.
Online privacy -- The FTC sent a letter to Google today expressing concern about the company's privacy practices, but at the same time, the FTC informed Google that it was dropping its investigation of the Street View WiFi case. The FTC wrote: "FTC staff has concerns about the internal policies and procedures that gave rise to this data collection. ... the company did not discover that it had been collecting payload data until it responded to a request for information from a data protection authority." The FTC told Google it should develop and implement procedures to properly collect, dispose of, and maintain information.
FTC Privacy Roundtable -- Thursday, January 28, WPF Executive Director Pam Dixon will be speaking at the FTC's Privacy Roundtable about the privacy implications of digital signage networks and will be specifically discussing the new report: The One-Way Mirror Society: Privacy Implications of the New Digital Signage Networks. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate.
FTC Privacy Roundtable -- WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.
FTC "Exploring Privacy" Roundtable Series -- The World Privacy Forum has been invited to speak at the Federal Trade Commission's first Privacy Roundtable, to be held December 7, 2009 in Washington DC.
FTC Privacy Roundtable -- The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers' interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.
The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers' interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.
Under recently issued regulations, the Federal Trade Commission requires financial institutions and creditors to develop and implement written identity theft prevention programs. The broad purpose of these Red Flag and Address Discrepancy Rules [1] is to require financial institutions and creditors to formally address the risks of identity theft and develop a mitigation plan. Health care providers can be creditors and, therefore, subject to the new rules, which were originally were scheduled to take effect on November 1, 2008. The FTC suspended enforcement until November 1, 2009. [2]
The Fair Credit Reporting Act (FCRA) as amended in 2003 requires the Federal Trade Commission and bank regulatory agencies to issue joint regulations and guidelines regarding the detection, prevention, and mitigation of identity theft. The requirement includes special regulations directing debit and credit card issuers to validate notifications of changes of address under certain circumstances. 15 U.S.C. § 1681m(e). Another FCRA amendment calls for additional joint regulations offering guidance regarding reasonable policies and procedures that a user of a consumer report (e.g., a credit grantor) should employ when the user receives a Notice of Address Discrepancy. 15 U.S.C. § 1681c(h).