To see the research and use this data visualization : Each jurisdiction or country in the world has an associated country card with extensive data governance information and links. The power of this data visualization is to filter and sort the country cards to reveal patterns and regional details. Filter ...
We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
About this Data Visualization : This interactive map displays the presence of National IDs and electronic IDs, including biometric IDs, in countries globally. The raw dataset used to create the map data originates from the World Bank (See data sourcing below). This dataset covers high, middle and lower income countries. ...
This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.
The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.
Without Consent is the first major benchmarking privacy report to examine school directory information practices and related privacy issues in a multi-year study across more than 5,000 schools at the primary, secondary, and postsecondary levels. The research found troubling and challenging student privacy problems that need to be urgently addressed. The report contains extensive findings and recommendations regarding student privacy, and includes best practices, sample forms, and resources for schools, parents, and students.
Download PDF Download ePub Donate Credits → Version 2.0 Prepared by Robert Gellman for the World Privacy Forum, with assistance from Pam Dixon, executive director, World Privacy Forum. John Fanning, former privacy advocate, U.S. Department of Health and Human Services, and Dr. Lewis Lorton, health technology and privacy expert ...
Identity is a data-rich key that acts to unlock all levels of the emerging digital ecosystem. All forms of ID carry some risk, but digital forms of ID, or “dematerialized ID,” cuts across all sectors and generates particularly copious data about people, their behaviors, financial status, associates, and potentially even political and religious views. Over time, distinct patterns emerge from the data and have in the past created new kinds of risks for individuals and groups.....
This new WPF report finds that medical identity theft is still a crime that causes great harms to its victims, and that it is growing overall in the United States; however, there’s a catch. The national consumer complaint data suggests that the crime is growing at different rates in different states and regions of the US, creating medical identity theft “hotspots.” These hotspots are important for patients, policymakers, and healthcare stakeholders to know about so as to address potential risks.
WPF has conducted original research on India's Aadhaar, a national biometric ID system, including field research in India during 2010-2014. WPF has published the original research in a peer-reviewed journal, Nature-Springer, and in Harvard-based Journal of Technology Science. The research found that systemic challenges to data protection and privacy exist in the Aadhaar system, challenges which do have potential remedies. Key lessons can be learned for both the US and the EU as biometric systems grow in popularity.
Medical treatments tailored to each individual’s physiology and genetic history have long been a dream, but this dream is data-intensive. The most current effort to turn personalized medicine into a reality is the Precision Medicine Initiative (PMI), which will collect and share biospecimens and health data from over a million volunteers for research -- this report analyzes the privacy protections for this initiative.
This analysis is an in-depth look at the January 2017 Executive Order 13768, Enhancing Public Safety in the Interior of the United States, and its interaction with two laws, the Privacy Act of 1974 and the Judicial Redress Act of 2015. Regardless of the reasons underlying why the order was written, a key question this analysis considers is if the order damages the EU-US Privacy Shield agreement, and what that means.
This substance of this analysis is about the new EU-US Privacy Shield, with contextual background and an analysis of how this new proposal compares to the old EU-US Safe Harbor agreement. The analysis includes a discussion of winners and losers in Privacy Shield, and discusses its potential future.
To score is human. Ranking individuals by grades and other performance numbers is as old as human society. Consumer scores — numbers given to individuals to describe or predict their characteristics, habits, or predilections — are a modern day numeric shorthand that ranks, separates, sifts, and otherwise categorizes individuals and also predicts their potential future actions. This new report by Pam Dixon and Robert Gellman explores this issue of predictive scores and privacy.
This Jan. 30, 2014 report discusses a new right to restrict disclosure of health information under the updated HIPAA health privacy rule. The new provision called “Pay Out of Pocket,” also called the “Right to Restrict Disclosure” gives patients the right to request that their health care provider not report or disclose their information to their health plans when they pay for medical services in full. Navigating the new right will take effort and planning for patients to utilize effectively. This substance of this report is about the new patient right to restrict disclosure, and how patients can use it to protect health privacy.
This report focuses on government use of commercial data brokers, the implications for that usage, and what needs to be done to address privacy problems. The government must bring itself fully to heel in the area of privacy. If it is going to outsource its data needs to commercial data brokers, it needs to attach the privacy standards it would have been held to if it had collected the data itself. Outsourcing is not an excuse for evading privacy obligations. Report authors: Bob Gellman and Pam Dixon.
Consumers can learn about Medical Identity Theft, what how to avoid it, and what actions to take if you are a victim.
This report is a landmark analysis and history of self-regulatory efforts in the area of privacy. The report is authored by Robert Gellman and Pam Dixon. It includes details about programs such as the IRSG, the Privacy Leadership Initiative, the Privacy Alliance, and other privacy self-regulatory programs.
This report evaluates the US Department of Commerce’s international privacy programs, their efficacy, and their value to business and to consumers. The role of the Commerce Department has become more important in light of the Obama Administration's establishment of a Subcommittee on Privacy and Internet Policy in October 2010. The Subcommittee is chaired jointly by the Department of Commerce and the Department of Justice, and it is intended to promote “individual privacy,” among other things. [1] This report reviews, analyzes, and summarizes major international privacy activities of the Department of Commerce, with a focus on the Safe Harbor Framework established in 2000 with the European Union in response to the requirements of the EU Data Protection Directive. The report also considers briefly the Department’s work on the Asia Pacific Economic Cooperation (APEC) Privacy Framework.
This 2010 WPF report, The One Way Mirror Society, explores new forms of sophisticated digital signage networks and their privacy implications in the US and other countries. Digital signage networks are being deployed widely by retailers and others in both public and private spaces. From simple people-counting sensors mounted on doorways to sophisticated facial recognition cameras mounted in flat video screens and end-cap displays, digital signage technologies are gathering increasing amounts of detailed information about consumers, their behaviors, and their characteristics.
This 2009 report discusses the applicability of the Federal Trade Commission’s Red Flag and Address Discrepancy Rule to health care providers. Commonly called the “Red Flag Rule,” the regulations provide health care providers with direction and guidance regarding identity theft detection, prevention, and mitigation programs.
This guide to online job sites is a list of the top job searching sites online. This list gives information about the privacy practices at each site. Because resumes contain such detailed personal and professional information, it is well worth caring about how job search sites handle privacy issues. This guide is updated monthly, and we add new information to the guide monthly.
Risks to Privacy and Confidentiality from Cloud Computing
Employment kiosks – small, mobile ATM-like booths – are increasingly being used for screening job applicants. All too frequently, the kiosks do not come equipped with the most important thing of all: a privacy policy.
Landing page for Call Don't Click: Why it's smarter to order your federally mandated free credit reports via telephone, not the Interent. A report on www.annualcreditreport.com by the World Privacy Forum.
