Uncategorized

Public Comments: April 2009 Proposed Rule to Implement Title II of the Genetic Information Nondiscrimination Act of 2008

The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loophole in consumer protection in the regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way as to prevent information leakage through billing and other activities.

Privacy in the Clouds: Introduction and Summary of Findings

Cloud computing has significant implications for the privacy of personal information as well as for the confidentiality of business and governmental information. A principal goal of this analysis is to identify privacy and confidentiality issues that may be of interest or concern to cloud computing participants. While the storage of user data on remote servers is not new, current emphasis on and expansion of cloud computing warrants a more careful look at its actual and potential privacy and confidentiality consequences.

Privacy in the Clouds: When Can a Business Share Information with a Cloud Provider?

The United States has several privacy laws applicable to particular types of records or businesses. Some of these laws establish privacy standards that have bearing on a decision by a business to use a cloud provider. Others laws do not. Some laws specifically allow a business to share personal information with another company that provides support services to the business. Specific statutory references to the use of a service provider have no apparent pattern in privacy laws. Some privacy laws have them; some do not.

World Privacy Forum urges more clarification and privacy protection regarding "incidental collection" of genetic information in GINA

GINA - Genetic Information Nondiscrimination Act -- In comments regarding the recently passed GINA (Genetic Information Nondiscrimination Act), the World Privacy Forum said that some aspects of GINA need clarification to enhance privacy. The comments focus on a number of privacy issues the RFI raised, including model privacy notices and the issue of what the GINA statute calls "incidental collection" of genetic information. Currently, GINA states that some kinds of information are exempted from being considered as regulated for medical underwriting purposes. For example, medical information gleaned about patients for underwriting purposes from medical databases is regulated. But medical information gleaned about patients for underwriting purposes from, for example, marketing lists containing robust patient information may be unregulated if the law is not clarified in the regulatory process. The World Privacy Forum urged HHS and the Department of Labor to substantially clarify what constitutes "incidental collection," and urged the agencies to consider lists containing identifiable patient information to be considered in the same category as a "medical database."

Keep my genes private: World Congress panel presentation

Genetic privacy -- The World Privacy Forum presented a talk at the World Congress in Washington D.C. today on the intersection between genetic privacy and marketing, and on genetic issues and medical identity theft. The presentation exposed the list marketing activities surrounding health care data, and examined how the current loopholes in the recently passed Genetic Information Nondiscrimination Act (GINA) would not necessarily ease issues with incidental collection and use of genetic information.

FTC reports more than 145 million telephone numbers are in the National Do Not Call Registry

Do Not Call Registry -- In its fourth annual report to Congress on the Do Not Call Registry, the Federal Trade Commission released some interesting new statistics. As of September 2007, there were 145,498,656 telephone numbers in the Do Not Call Registry. The FTC also reported that 6,242 entities paid over $21 million for access to the DNC Registry in 2007. The report also details the FTC's enforcement actions against businesses violating the DNC Registry rules. As of September 30, 2007, the FTC had filed 25 cases regarding DNC Registry violations and had settled 22 of the cases.

World Privacy Forum receives 2008 Consumer Excellence Award

Consumer Excellence Award -- World Privacy Forum executive director Pam Dixon has received a 2008 Consumer Excellence Award for her leadership and work in the area of medical identity theft and consumer privacy from Consumer Action. Also honored was Herb Weisbaum, a 5-time Emmy-winner who is a consumer contributor to NBC's Today Show. Consumer Action was founded in 1971 and is a national non-profit organization focused on consumer education and advocacy. The awards ceremony was held in San Francisco on June 26th. The World Privacy Forum is honored to accept this award.

OECD reaffirms its support for the 1980 OECD principles on privacy, or "Fair Information Practices"

OECD | Fair Information Practices -- At a key meeting of the OECD on the future of the Internet economy, the OECD Secretary General Angel Gurria reaffirmed support of the 1980 OECD Privacy Principles. Also, Secretary General Angel Gurria expressed support for formalizing the participation of civil society in OECD going forward and for paying more attention to information security and identity theft problems. Secretary General Gurria noted that "A more decentralised, networked approach to policy formulation for the Internet Economy that includes the active participation of stakeholders needs to be the norm." Many parts of the recent OECD meeting may be viewed online.

Council for Responsible Genetics convenes experts and the public for database and genetics conference

Genetic privacy -- The World Privacy Forum participated in a Council for Responsible Genetics (CRG) conference on genetic databases at New York University. The groundbreaking conference focused on key issues of race and genetic databases, fairness, accuracy, and privacy. The World Privacy Forum discussed a paper by Dr. Harry G. Levine, Drug Arrests and DNA, noting that innocent victims of medical identity theft may be arrested for the "drug seeking behavior" of the criminals impersonating them.

World Privacy Forum files comments with FTC regarding credit -based insurance scoring

Financial privacy -- The World Privacy Forum filed comments with the Federal Trade Commission today about its proposed study of credit -based pricing practices for homeowners insurance. The World Privacy Forum requested that the FTC ask insurers if there are specific procedures in place for detecting, mitigating, and responding to consumers who have been victims of identity theft. The WPF noted its support for the FTC's use of the FTC Act Section 6(b) authority to acquire robust information from the insurance companies.

Online Job Scam: Introduction

Job scams are as old as jobs themselves. In past years, con artists would put a bad job ad up, fool a job seeker into giving up their money, and then physically move on to a new city. Now bad job ads have moved onto the Internet, with devastating consequences. The very things that make the Internet so effective for job seekers -- speed, convenience, and a nationwide job search from a computer screen -- are the same things that make it effective for fraudulent activity. Job seekers and job sites have unfortunately been targeted with sophisticated triangulation scams that move rapidly and seamlessly through a selection of job sites from coast to coast in a matter of days.

Online Job Scam: Payment Transfer Scams and How They Operate

Payment transfer scams begin with a con artist that pretends to be an employer. The con artist uses a job ad to lure in an unsuspecting job seeker, or they may use information from a resume they have found. The con artists can be quite convincing, and may even steal company names and corporate logos to convince victims that they are legitimate. After the con artist has won the job seeker's trust, the con artist tricks the job seeker into giving up bank account numbers. The reasons given for this can be clever. One common reason the con artists give out is to say they only deliver paychecks by "direct deposit."

Online Job Scam: Timeline - The Evolution of a Job Scam

This timeline tracks one job scam as it systematically wove its way through dozens of job sites over the course of a year and left multiple victims in its wake. Like a computer virus, the scam has evolved over time. It is an ugly evolution that has substantially harmed job seekers who have fallen victim to it. The scam began sometime in August of 2003, and as of July 7 2004, is still active. Known names this scam goes under are Unk Electronics, Macrocommerce Intersales, Nanjing Panada*, Antares Electronics, Inc.*, BestElectrics, and Omega Inc. Although the names are different, the likelihood is a very strong that it is all the same job scam.

Online Job Scam: Critical Tips For Job Seekers to Help Avoid Job Scams

The following four tips can help jobseekers protect themselves from falling prey to payment forwarding scams. 1. Never give personal bank account, PayPal, or credit card numbers to an employer. 2. Never agree to have funds or paychecks direct deposited to any of your accounts by a new employer. 3. Never forward, transfer, or "wire" money to an employer. 4. Do not transfer money and retain a portion for payment.

Online Job Scam: RSS Job Feeds and Job Fraud

RSS, a technology that collects information from Web sites, bundles it together and then sends it to individuals to read offline is gaining popularity. RSS stands for Really Simple Syndicationor rich site summary. Right now, it looks like RSS may become an important part of how people use the Internet. For collecting and aggregating news headlines and tidbits from newspapers and blogs, RSS is convenient and helpful. RSS does have the potential for some real drawbacks for job seekers unless it is thoughtfully deployed by job search sites. However, the drawbacks are a fairly simple matter to correct.

Online Job Scam: Methodology

The World Privacy Forum began study of online job scams in February2003. 1. Researchers did a background material search for information and collected and read background material on how job scams operated from sources such as newspapers, online news sites, law reviews, consumer protection agencies, the BBB, the FTC, and the U.S. Postal Inspector General. 2. A search for open fraud cases was conducted nationwide. 3. Twenty job sites that varied in size and focus were selected as a first study group.

World Privacy Forum, Privacy Rights Clearinghouse, EPIC, and other consumer groups urge Google to post a link to its privacy policy from its home page

Internet privacy -- The World Privacy Forum, Privacy Rights Clearinghouse and EPIC were joined by California-based EFF, the ACLU of Northern California, Consumer Action, Consumer Federation of California and other national groups in asking Google's CEO Eric Schmidt to provide a prominent link to the Google privacy policy directly from its home page. Google has recently been criticized for not providing a link to its privacy policy from its home page, as the California Online Privacy Protection Act requires. The groups noted that linking to a privacy policy on a home page is considered a widespread best practice.