WPF submitted comments regarding how commercially available information (CAI) — also known as data broker data — will be handled by U.S. Executive Agencies. The Request for Information from OMB was an important opportunity to comment on a topic that has only rarely been opened for public comment. OMB Request ...
The World Privacy Forum has filed comments to the U.S. Office of Management and Budget in response to its Request for Feedback on Draft Guidance: Broadening Public Participation and Community Engagement with the Federal Government. WPF made three specific suggestions to OMB regarding how Privacy Act notices might be managed in a way that facilitates better feedback from those interested specifically in Privacy Act of 1974 notices, which have meaningful bearing on matters relating to data governance, privacy, and data protection.
The World Privacy Forum has filed detailed comments to the U.S. Office of Management and Budget (OMB) in response to its Request for Information on Privacy Impact Assessments. Specifically, OMB requested information about how the U.S. Federal government should update or adjust its requirements for Privacy Impact Assessments (PIAs) in regards to changes to data ecosystems brought about by Artificial Intelligence (AI). WPF provided substantive recommendations regarding administrative provisions of the Privacy Act, scalable automated AI governance tools for privacy and trustworthy AI, ensuring nimble processes for privacy and AI assessments, and ensuring balanced, skillful socio-legal-technical decisionmaking.
September 2022 By Robert Gellman and Pam Dixon Download this Report Executive Summary This report suggests specific procedural and substantive ways that the Executive Branch can revise implementation of the Privacy Act of 1974 to restrict and more carefully administer some disclosures of reproductive health information by federal agencies to ...
This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
There are many transparency documents that have been published relating to the US Intelligence Community. There are new updates to several key documents, which we have listed and linked below. While admittedly dense reading, these are key privacy-related documents relevant to US Government operations and activities and taken together, are ...
The World Privacy Forum sent a detailed letter (PDF, 18 pages) September 18, 2018 to the Secretary of Homeland security outlining our substantive concerns regarding the US Department of Homeland Security (DHS) Customs and Border Protection (CBP) and Transportation Security Administration (TSA) biometric [1]entry and exit program. The World Privacy ...
The World Privacy Forum has submitted detailed comments on the US Department of Homeland Security's External Biometric Records database (EBR database) , which DHS describes as a large biometric and demographic database drawn from foreign and domestic sources. WPF has a number of concerns about the proposal, including that the ...
In recent days, there has been an uptick in discussion regarding the potential fate of the EU-US Privacy Shield. Some of the discussion has been spurred by Cam Kerry's recent analysis of several critical weaknesses of the EU-US Privacy Shield, which is now under review by the European Commission. The ...
This analysis is an in-depth look at the January 2017 Executive Order 13768, Enhancing Public Safety in the Interior of the United States, and its interaction with two laws, the Privacy Act of 1974 and the Judicial Redress Act of 2015. Regardless of the reasons underlying why the order was written, a key question this analysis considers is if the order damages the EU-US Privacy Shield agreement, and what that means.
The World Privacy Forum submitted comments today on an important proposal from the US Executive Office of the President, Office of Management and Budget regarding a circular directing agencies how to write, post, review, and generally handle Privacy Act notices. The proposal, called Circular A-108 Federal Agency Responsibilities for Review, ...
The World Privacy Forum filed a pair of comments about a US Department of Justice proposal regarding treatment of insider threat records at the FBI. Our first comments respond to a Systems of Records notice, our second comments respond to a Notice of Proposed Rulemaking on the same issue. In ...
The World Privacy Forum filed comments today on the Office of Management and Budget's proposed revision to a document that advises Federal agencies on how to handle the information they store. The document, OMB Circular A-130, Managing Information as a Strategic Resource , establishes policies for the management of federal ...
This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.
The US federal government uses commercial data brokers [1] extensively for a wide variety of governmental activities. It is unquestioned that the government provides considerable revenue to commercial data brokers. How much? A reasonable and conservative estimate is that the number ranges in the billions of dollars. Over the course of the last 20 years, the extent of the relationship has become clear through a series of detailed investigations and scholarly research. For background purposes, we reference a leading study and discuss a newer use. This report does not seek to reinvestigate and re-document known uses.
Recommendations for the Office of Management and Budget: OMB should establish privacy standards that are at least a good as those in and recommended for the Do Not Pay Initiative to cover all government purchases of commercial databases with personal information. OMB should consider accomplishing an expansion by establishing a task force that includes representatives of consumer and privacy groups.
OMB deserves much praise for this novel privacy initiative, but it has more work to do. The evaluation of the first private sector database in the Do Not Pay Initiative needs to be accomplished in the open with full participation by all interested parties. The OMB memo provides for that. We need to see how well that process works.
The best starting point for understanding the OMB Do Not Pay memo is with the legal framework behind the Do Not Pay Initiative. The Initiative derives from a combination of little-noticed executive orders and updates to existing laws. In 2009, Executive Order 13520, Reducing Improper Payments, [29] directed agencies to identify "ways in which information sharing may improve eligibility verification and pre-payment scrutiny." This was the start of the current Do Not Pay Initiative.
You are reading the Executive Summary of Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens Report Links: Report Home & Executive Summary Download the full report (PDF) Jump to other sections of the report: Executive Summary | I. Introduction | II. Discussion | ...
You are reading Appendices A, B, and C of Data Brokers and the Federal Government: A New Front in the Battle for Privacy Opens Report Links: Report Home & Executive Summary Download the full report (PDF) Jump to other sections of the report: Executive Summary | I.Introduction | II. Discussion ...
Commercial drone privacy – In comments filed with the FAA, the World Privacy Forum urged the agency to establish a robust privacy committee to focus on drone privacy and to clarify the applicability of the Privacy Act of 1974 to UAS test site operators. WPF also requested the FAA conduct mandatory Privacy Impact Assessments and provide a FIPS-compliant privacy notice. ”We have offered our comments to the FAA with the acknowledgement that everyone has much to learn in the area of commercial drone privacy. Our suggestions to the FAA seek to increase general knowledge about drones and their effect on privacy,” said Pam Dixon.
The World Privacy Forum filed comments today criticizing the SEC proposed regulations that would release an unprecedented amount of financial details about individual borrowers through the EDGAR database. The WPF was joined by other privacy, consumer, and human rights organizations in its comments, which focused on the privacy issues with the proposed regulations. Pam Dixon, executive director of the WPF, stated in the comments that the SEC's new regulations would "Place on the public record and online the largest amount of personal financial information about borrowers ever disclosed, including information never before made public." The comments also note that the SEC's plan greatly increases the risk of identity theft for individual borrowers whose information will be released publicly.
Financial privacy - Privacy Act -- The World Privacy Forum filed comments today urging the U.S. Treasury Department to obtain consumers' consent before checking their credit reports. Consumers who participate in the government's Home Affordable Modification Program (HAMP) -- an Obama administration program created to help consumers renegotiate their mortgages so they can keep their homes -- must allow the Federal Government to check their credit reports without first obtaining consent. This procedure sets a negative precedent, and is at odds with consumer expectations of privacy. The Treasury gave itself this power in an obscure set of "Routine Uses" in a Privacy Act notice published along with the proposed system of records for the program. The World Privacy Forum has objected to this, and has filed detailed comments with the Treasury about the lack of consumer consent. The public comment period on this program is open until September 4, 2009.
The World Privacy Forum filed comments regarding DHS's proposed Border Crossing Information system of records, finding that many of the Routine Uses proposed for the system were impermissible and illegal under the Privacy Act of 1974. The comments focus on the Routine Uses, rather than the system itself.
National Disaster Medical System | Privacy Act of 1974 -- The World Privacy Forum has filed public comments with the Department of Health and Human Services requesting that its new National Disaster Medical System protect all patient information to at least the baseline protections that HIPAA affords, including the HIPAA security and privacy protections. Currently, the new system does not do this, even though the system is housed at HHS, the agency which promulgated the HIPAA standards. The National Disaster Medical System currently contains overbroad routine uses which could potentially result in significant privacy and even public health issues. For example, public health information will not be able to be disclosed under the National Disaster Medical System as the system is currently organized. Additionally, some of the current routine uses in the system would authorize disclosures that would be illegal under HIPAA. For example, Congressional disclosure of a HIPAA record requires a written authorization, something the new system does not require.
