Uncategorized

WPF votes on key California medical privacy guidelines

California health privacy -- The World Privacy Forum, as co-chair of the California Privacy and Security Advisory Board, was pleased to vote on an opt-in privacy standard for Californians in the June CalPSAB board meeting. The standard will be part of a set of guidelines the state of California uses in its development of electronic health care records. This set of guidelines was the culmination of two years of policy work with the CalPSAB board.

Public Comments: May 2010 - WPF comments on possible changes to HIPAA privacy rule; requests more patient access to audit logs

The World Privacy Forum filed comments with the US Department of Health and Human Services today in response to its Request for Information about possible changes to the HIPAA health privacy rule. WPF strongly supported patients' current right to request a history of disclosures of their medical files, and requested an expansion of this right. WPF noted in its comments to HHS that "An individual cannot fully protect his/her privacy interest in a health record (and most other records) unless he/she has a right of access to the record, the right to propose a correction, and the right to see who has used the record and to whom it has been disclosed. Each of these elements is essential."

WPF comments on proposed changes to HIPAA

Health privacy and HIPAA -- The World Privacy Forum filed comments with the US Department of Health and Human Services today in response to its Request for Information about possible changes to the HIPAA health privacy rule. WPF strongly supported patients' current right to request a history of disclosures of their medical files, and requested an expansion of this right. WPF noted in its comments to HHS that "An individual cannot fully protect his/her privacy interest in a health record (and most other records) unless he/she has a right of access to the record, the right to propose a correction, and the right to see who has used the record and to whom it has been disclosed. Each of these elements is essential."

Digital Signage Privacy Principles: Critical policies and practices for digital signage networks

Download Digital Signage Privacy Principles (PDF) or Read the Principle below ----- February 25, 2010 New forms of sophisticated digital signage networks are being deployed widely by retailers and others in both public and private spaces. Capabilities range from simple people-counting sensors mounted on doorways to sophisticated, largely invisible facial ...

WPF to speak at FTC Privacy Roundtable

FTC Privacy Roundtable -- Thursday, January 28, WPF Executive Director Pam Dixon will be speaking at the FTC's Privacy Roundtable about the privacy implications of digital signage networks and will be specifically discussing the new report: The One-Way Mirror Society: Privacy Implications of the New Digital Signage Networks. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate.

One-Way-Mirror Society: Introduction - What is digital signage and why care about its privacy implications?

The digital signage networks this report addresses are bi-directional. These networks give information to viewers while they capture information from viewers and send it back to a home base. In the digital signage industry, the new technologies are often compared to the interactive signs from the movie Minority Report. [1] In the movie, large-screen video billboards recognized individual consumers and delivered personalized advertisements to each person. The movie version of the digital signs and billboards relied on an iris scan to customize the ads. Today’s modern digital signs rely on advanced video analytics and sophisticated cameras and sensors.

One-Way-Mirror Society: Overview of key digital signage capabilities in place today

The best way to understand the capabilities of digital signage today and how it is being used is to see the digital signage industry’s newly minted Recommended Code of Conduct for Consumer Tracking Methods (See Appendix A for complete document). This document on consumer tracking methods in digital signage was written and agreed upon entirely by industry members, without any participation by consumer representatives. The document reflects the advances in technology in this area and where the possibilities for abuse lay. The opening of the document reads:

One-Way-Mirror Society: Lower and Medium Privacy Risk Consumer Tracking Technologies

Heat maps and path tracking technologies essentially generate maps of where consumers spend the most time standing and walking in stores. (Figure 2). One product, PathTracker, uses RFID chips for large store tracking, and video tracking technology for smaller stores or sub-areas within stores.

One-Way-Mirror Society: High Privacy Risk Consumer Tracking Technologies

Facial recognition technology was initially developed for security purposes, but it has found a new use in digital signage for marketing and ad targeting purposes. Essentially, the process is that a camera captures an individual’s image, then checks it against algorithms that analyze at least 80 facial characteristics, such as distance between eyes, length of the face, width of the face, depth of eye sockets, and so forth. [48] Layers of algorithms are used to crunch the facial information into determinations about a person’s age bracket, gender, and ethnicity. The next efforts are going toward coding the facial expressions of shoppers to “capture their emotional reactions to in-store environments.” [49]

One-Way-Mirror Society: Consumer Responses to Digital Signage and Privacy Issues

Few consumers are aware that watching a video screen or interacting with a kiosk may mean they are being recorded and having their behavior, gender, age, and ethnicity analyzed. As a result, there has not been a robust public discussion of how consumers feel about these technologies.

One-Way-Mirror Society: What are the specific privacy issues posed by digital signage networks / what risks exist?

Security Camera Footage: Repurposing footage for marketing and profit Perhaps the most egregious repurposing of data is the use of security camera footage for store marketing purposes. From the industry literature, this appears to be an established business practice at this point. It is one that needs to be examined closely.

One-Way-Mirror Society: Recommendations

There is no public awareness of the capabilities of digital signage, and that has to change before for any debate over regulation or legislation can start. Nevertheless, it is possible to identify from other privacy arenas the types of standards that should be considered for users of digital signage. Full recommendations will only be possible at a later stage. Here are some preliminary ideas.

One-Way-Mirror Society: Conclusion

New forms of sophisticated digital sign networks are being deployed widely by retailers and others in both public and private spaces. Few consumers, legislators, regulators, or policy makers are aware of the capabilities of digital signs or of the extent of their use. The technology presents new problems and highlights old conflicts about privacy, public spaces, and the need for a meaningful debate. The privacy problems inherent in digital networks are profound, and to date these issues have not been adequately addressed by anyone.

One-Way-Mirror Society: Appendix A - POPAI Recommended Code of Conduct for Consumer Tracking Methods

The following document is the recommended code of conduct for businesses engaging in consumer tracking. The document is entirely non-binding, and was created entirely by industry participants. The document is reproduced here in full with no changes. Best Practices: Recommended Code of Conduct for Consumer Tracking Methods

Red Flag Rule: Executive Summary

Under recently issued regulations, the Federal Trade Commission requires financial institutions and creditors to develop and implement written identity theft prevention programs. The broad purpose of these Red Flag and Address Discrepancy Rules [1] is to require financial institutions and creditors to formally address the risks of identity theft and develop a mitigation plan. Health care providers can be creditors and, therefore, subject to the new rules, which were originally were scheduled to take effect on November 1, 2008. The FTC suspended enforcement until November 1, 2009. [2]

Red Flag Rule: Background

The Fair Credit Reporting Act (FCRA) as amended in 2003 requires the Federal Trade Commission and bank regulatory agencies to issue joint regulations and guidelines regarding the detection, prevention, and mitigation of identity theft. The requirement includes special regulations directing debit and credit card issuers to validate notifications of changes of address under certain circumstances. 15 U.S.C. § 1681m(e). Another FCRA amendment calls for additional joint regulations offering guidance regarding reasonable policies and procedures that a user of a consumer report (e.g., a credit grantor) should employ when the user receives a Notice of Address Discrepancy. 15 U.S.C. § 1681c(h).

Red Flag Rule: How the Red Flag Rule Affects Health Care Providers

The Red Flag Rule applies broadly to financial institutions, credit grantors, and some others, including some health care providers. A health care provider comes under the Red Flag rule if the provider: 1) meets the definition of creditor under the Fair Credit Reporting Act (15 U.S.C. 1681a(r)(5)). A health care provider comes under the Address Discrepancy Rule if they: 1) use consumer credit reports.

Red Flag Rule: What are the Obligations for a Health Care Provider Covered by the Red Flag Rule as a Creditor?

A health care provider that qualifies as a creditor that offers or maintains covered accounts must develop and implement a written Identity Theft Prevention Program. The purpose of the program is to detect, prevent, and mitigate identity theft in connection with new or existing covered accounts. The Program must be appropriate to the size and complexity of the creditor and the nature and scope of its activities. A large hospital will need a more robust program than a two-doctor office.

Red Flag Rule: What are the Address Discrepancy Obligations for a Health Care Provider That Uses Credit Reports?

The Address Discrepancy rule requires a user of a consumer report (credit report) to develop and implement reasonable policies and procedures to enable the user to deal with an address discrepancy. These requirements are narrower than the Red Flag rule for creditors. However, applicability of the address discrepancy requirement may affect a broader class of health care provider (and health insurers) than the Red Flag rule.

Red Flag Rule: Appendix 1 - Reproduction of the Red Flag and Address Discrepancy Guidelines and Supplement

Following is a reproduction of the Guidelines and Supplement to the Red Flag and Address Discrepancy Rules. The rulemakings may be found at Federal Trade Commission et al., Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003, 72 Fed. Reg. (Nov. 9, 2007), <http://www.ftc.gov/os/fedreg/2007/november/071109redflags.pdf>.

Consumer Tips: Job Searcher's Guide to Online Job Sites

This guide to online job sites is a list of the top job searching sites online. This list gives information about the privacy practices at each site. Because resumes contain such detailed personal and professional information, it is well worth caring about how job search sites handle privacy issues. This guide is updated monthly, and we add new information to the guide monthly.