Modern Permanent Record

United States' Postal Service "Informed Delivery" plan puts consumers at risk

The US Postal Service's new Informed Delivery system has the potential to impact every household in the United States that receives mail. It's important, and there are plenty of privacy issues. The World Privacy Forum wrote extensive comments to the United States Postal Service warning it about certain consumer privacy and security risks of its Informed Delivery service. Here's more information about Informed Delivery, and why it may create new phishing risks.

FTC’s Data Broker Report Brings New Facts to Light about how Consumer Data is Captured and Sold

Forget worrying about loyalty cards or programs: it’s the everyday purchases you make tied to your name with a debit or credit card that can land you on data brokers’ lists. That is one of the many facts that the new FTC report on data brokers sets forth. The report offers a high-level analysis with establishing new fact patterns about the industry based on the Commission’s investigation of nine major data brokers. Overall, we find things to like in the report, but we wish the FTC had gone further in some areas. Here are some of the high points that stood out to us.

California issues first statewide breach report

Data breach -- The state of California issues a first-ever statewide data breach report. In 2012, 2.5 million Californians had their data breached. Of those breached, the study found that The report found that "1.4 million Californians would have been protected if companies had encrypted data when moving or sending the data out of the company’s network."

Pam Dixon writes about India's National ID Card in May/June issue of Foreign Policy Magazine

India's national biometric ID card -- In the May/June, 2013 issue of Foreign Policy Magazine, Pam Dixon writes about the privacy issues related to India's national biometric ID card. In the piece, Mission Creep, Dixon discusses how government-issued biometric ID cards that serve as national ID cards and as the basis for employment and financial transactions create profound civil liberties and privacy challenges that are neither easily or well-constrained by government policy.

Consumer experiences of job searching and online reputation

Reputation and privacy -- Pam Dixon spoke at the Southwestern Law School Privacy Conference on the topic of reputational privacy Friday the 22cnd along with Neville Johnson and Paul Tweed. Dixon highlighted three key consumer situations WPF assisted with recently, discussing the employment challenges consumers faced when harmful material was available online during the job search process.

WPF on CES Panel on Facial Recognition

Facial recognition -- Pam Dixon spoke at a CES panel on privacy issues in facial recognition technologies as part of the Leaders in Technology program at CES. The panel was moderated by Tony Romm of Politico and included FTC Commissioner Maureen Ohlhausen and Harley Geiger, legislative counsel for Representative Zoe Lofgren. Dixon spoke on the need for increased work on consumer options in a "sensor rich environment where there is no option to opt out by walking out." Referenced in the panel was WPF's report on digital signage and facial recognition, The One-Way Mirror Society.

US Supreme Court delivers opinion about GPS tracking

01/23/2012 GPS tracking | United States v. Jones -- The US Supreme Court unanimously ruled that police must get a warrant before using GPS devices to track criminal suspects. This case was narrow and dealt specifically with a GPS device physically attached to a suspect's vehicle. The concurring opinion of Justice Sotomayor points out that the subtler issues of digital era tracking were not dealt with in this case, for example, cell phone tracking, web site tracking, etc. She wrote: "More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. E.g., Smith, 442 U. S., at 742; United States v. Miller, 425 U. S. 435, 443 (1976)." She continued: "This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks."

FTC Privacy Roundtable: WPF to testify on information brokers

FTC Privacy Roundtable -- WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.

World Privacy Forum comments on genetic non-discrimination to HHS

Genetic non-discrimination regulations (GINA) -- The World Privacy Forum filed comments on proposed regulations for implementing Title I of GINA, the Genetic Non-Discrimination Act. The WPF requested a change to the proposed regulations, asking the Department of Health and Human Services require immediate posting of revised notices of privacy practices on the web sites of affected health plans. Under the proposed regulations, written notice of revised privacy practices to individuals could be delayed due to the cost of postal mailing. The WPF noted that a revised privacy notice posted on a health plan's web site would not incur postal costs, and that regulated entities should take this minimum step to inform consumers of any changes regarding privacy practices affecting genetic non-discrimination.

Facebook, MySpace, Xing receive warning letters from EU consumer group

Social networks -- In the wake of Europe's Article 29 Working Party Opinion on Social Network Providers adopted in June, the Federation of German Consumer Organizations (VZBV) has sent out warning letters to five social networking providers in Germany, including Facebook and MySpace. The letters focus on the excessive rights the companies allow themselves in their respective Terms of Use agreements, and on shortcomings in the privacy policies. VZBV is comprised of 41 German consumer associations.

World Privacy Forum files comments on proposed genetic discrimination regulations

Genetic Privacy | GINA -- The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loopholes in consumer protection in the proposed regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way so as to prevent information leakage through billing and other activities.

When opting out is hard to do: World Privacy Forum sends letter to FTC about data broker companies offering mail-based opt outs

Data broker opt out issue -- The World Privacy Forum sent a letter to the Federal Trade Commission asking it to look into four companies offering online consumers the ability to opt out, then asking those consumers to use a variety of postal-mail-based methods to do so.

World Privacy Forum opposes California DMV plan

Biometrics and ID -- The California DMV (Division of Motor Vehicles) has proposed, through an expedited 30- day process, that it begin taking detailed facial scans of drivers and storing the scans in a state-wide database. This change, among other proposed DMV changes, represents a substantial policy shift for the state of California. The World Privacy Forum has urged that this process goes through normal legislative procedures so that there is adequate time for public input and for formal hearings.

Legal and Policy Analysis: Personal Health Records: Why Many PHRs Threaten Privacy

New publication | PHRs and privacy -- The World Privacy Forum has published a new legal and policy analysis examining Personal Health Records -- or PHRs -- and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs.

World Privacy Forum requests that the new National Disaster Medical System protect all patient information to standards at least equal to HIPAA

National Disaster Medical System | Privacy Act of 1974 -- The World Privacy Forum has filed public comments with the Department of Health and Human Services requesting that its new National Disaster Medical System protect all patient information to at least the baseline protections that HIPAA affords, including the HIPAA security and privacy protections. Currently, the new system does not do this, even though the system is housed at HHS, the agency which promulgated the HIPAA standards. The National Disaster Medical System currently contains overbroad routine uses which could potentially result in significant privacy and even public health issues. For example, public health information will not be able to be disclosed under the National Disaster Medical System as the system is currently organized. Additionally, some of the current routine uses in the system would authorize disclosures that would be illegal under HIPAA. For example, Congressional disclosure of a HIPAA record requires a written authorization, something the new system does not require.

World Privacy Forum and Electronic Frontier Foundation File Public Comments on REAL ID

REAL ID | National ID -- The World Privacy Forum and the Electronic Frontier Foundation (EFF) filed joint comments with the Department of Homeland Security about the proposed national ID system, REAL ID. The comments discuss the substantial flaws in the proposed REAL ID system including concerns about the overall structure of the program, the cards, the databases attached to the cards, the lack of controls on "function creep," the possibilities for discrimination, the potential for increased risk of identity theft, issues related to potential gaps in coverage for recipients on Federal programs, among other issues.

Stop REAL ID

REAL ID -- REAL ID is a national ID card program. Currently, the Department of Homeland Security is accepting public comments on the REAL ID plan. Comments will be accepted until Tuesday, May 8. The World Privacy Forum has joined with a large coalition of groups to solicit public comments on REAL ID; to file comments, please visit the Speak Out Against REAL ID coalition page for more information. http://www.privacycoalition.org/stoprealid/

Update: World Privacy Forum's National Health Information Network Timeline

National Health Information Network -- Recently, the first live prototypes of the NHIN were demonstrated in Washington, D.C. This was a milestone event in the development of the planned network. The National Health Information Network is an ambitious project the U.S. government undertook in 2004 to digitize and network patient health records across the nation. This project raises challenging confidentiality, privacy, and security issues.

World Privacy Forum Files Comments on a Proposed DHS rulemaking; asks the Department to make a Commitment to Transparency and Accountability

Privacy Act of 1974 -- In response to a proposed Department of Homeland Security rulemaking regarding a system of records, the World Privacy Forum filed comments requesting changes. The primary objections are that the proposed system of records commingles records and functions, the proposed exemption is inconsistent with the system notice, and DHS's proposed exemption from civil remedies was not correct, among other issues. The World Privacy Forum stated in its comments that the Department of Homeland Security should demonstrate its commitment to accountability and transparency in the rulemaking.

World Privacy Forum Announces Plans to File FTC Complaint About AOL Search Data Release

Internet privacy -- The World Privacy Forum announced today that it would be filing a complaint with the Federal Trade Commission about the posting by AOL of a portion of its users’ search data on the Internet. While the data was not expressly identified by name, the search queries themselves included in some cases personally identifiable information such as individuals’ names, Social Security Numbers, and myriad other personal information. The World Privacy Forum urges consumers to take precautions when using search engines.

How to say no to the cookies that track you

Consumer tips on managing cookies -- Some computer cookies are harmless, but others can track your moves across many Web sites, eventually building a detailed history of your preferences. The good news is that you can manage these persistent tracking cookies to some degree. To do this, you need to know how to say no to the third party tracking cookies you don't want while still allowing yourself to say yes to the cookies you do want. There are several ways to do this. One way is to download "opt-out cookies." Another way is to use your browser's cookie management tools to manage your cookies. Another method is to regularly delete unwanted cookies. In some cases, you can stop tracking through account preferences at some web sites.

Inaugural World Privacy Forum Report, 11 November 2003

Job Searching in the Networked Environment: Consumer Benchmarks -- The World Privacy Forum officially launches with this inaugural report, a study a year in its research on the job search sector. This study, The 2003 Job Search Privacy Study: Job Searching in the Networked Environment: Consumer Benchmarks , documents job applicant privacy across the job search industry from resume writers to job search sites to resume blasters and other parts of the job search infrastructure.