Key report

Privacy, Identity and Trust in C2PA

This report is a technical review and analysis of the C2PA technical framework that connects digital media content such as images, video, audio and documents to data about the origins of and changes made to that content. C2PA is designed to undergird media infrastructures with detailed, automated, encoded and shareable data and trust signals about media and its creators. In its analysis of C2PA, this report considers and discusses C2PA use cases and interactions with data privacy, identity and trust in digital information ecosystems. C2PA is an abbreviation for the Coalition for Content Provenance and Authenticity, which developed the framework.

Global Table of Countries with Data Privacy Laws, Treaties, or Conventions

To see the research and use this data visualization : Each jurisdiction or country in the world has an associated country card with extensive data governance information and links. The power of this data visualization is to filter and sort the country cards to reveal patterns and regional details. Filter ...

Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.

WPF Report - Privacy, the Precision Medicine Initiative, & the All of Us Research Program: Will Any Legal Protections Apply?

Medical treatments tailored to each individual’s physiology and genetic history have long been a dream, but this dream is data-intensive. The most current effort to turn personalized medicine into a reality is the Precision Medicine Initiative (PMI), which will collect and share biospecimens and health data from over a million volunteers for research -- this report analyzes the privacy protections for this initiative.

WPF Report - The Precision Medicine Initiative and Privacy: Will Any Legal Protections Apply?

This new World Privacy Forum report reviews privacy law applicable to the Precision Medicine Initiative (PMI), and the large medical information and biospecimen database at its center. The HIPAA health privacy rule and its protections for individuals will not apply to PMI research activities. The key privacy concerns raised by the PMI are the lack of applicable law to govern its collection and use of individuals’ health data, the potential waiver of the patient-physician legal privilege that can shield data from disclosure through litigation, and the possibility of law enforcement access to patient records held in the PMI.

WPF Report -- The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future

To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions. This new report by Pam Dixon and Robert Gellman explores this issue of predictive scores and privacy.

WPF Report - Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens, Part III in a series

This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.