Latest

Public Comments: October 2011 - WPF urges HHS to do more to protect the privacy of medical research subjects

The World Privacy Forum filed extensive comments with the US Department of Health and Human Services about its proposed changes regarding the rules governing human subject medical research. In the comments, WPF noted that the HHS approach to privacy for research subjects was incomplete and did not use all Fair Information Practices. WPF strongly urged HHS to revise its proposal on a number of issues, including consent and the use of biospecimens in research. The World Privacy Forum is urging HHS to acknowledge that the realm of health data that is truly non-identifiable has shrunken remarkably, for example, biospecimens with DNA cannot be considered non-identifiable anymore. "In our comments, we are requesting that HHS give individuals the opportunity to make choices about the use of their own health data and specimens," said Executive director Pam Dixon. WPF also stated in its comments that "A central database with identifiable information about participants in human subjects research is a terrible idea." (See p. 21 of WPF comments.)

Report: Many Failures: A Brief History of Privacy Self Regulation | Section: Introduction and Summary

Current online privacy debates focus on respecting the privacy interests of Internet users while accommodating business needs. Formal and informal proposals for improving consumer privacy offer different ideas for privacy regulation and privacy self-regulation, sometimes called codes of conduct. [1] Some in the Internet industry continue to advance or support ideas for privacy self- regulation. Many of these same players proposed and implemented privacy self-regulatory schemes that started in the late 1990s.

Report: Many Failures: A Brief History of Privacy Self-Regulation | Section: Industry-Supported Self-Regulatory Programs for Privacy

This section offers a historical review of privacy self-regulation that occurred in the years just before and just after 2000. For a variety of reasons, it is not necessarily fully comprehensive. Some self-regulatory efforts may have disappeared without a trace. Activities within existing trade associations are difficult or impossible to assess from evidence available to those outside the associations. However, this discussion captures the leading organizations of the time. [13]

Report: Many Failures: A Brief History of Privacy Self-Regulation | Section: Government Privacy Self-Regulatory Activities

This section reviews several other privacy self-regulatory activities that share some characteristics with the industry self-regulatory programs discussed above, but these activities differ in various ways. The most noticeable differences are the role of the government in the programs. The Department of Commerce is involved in the Safe Harbor Framework, and the Federal Trade Commission is involved in the Children’s Online Privacy Protection Act.

Many Failures: WPF report on history of privacy self-regulation

Self-regulation -- The World Privacy Forum has published a report on past self-regulatory efforts in the area of privacy, Many Failures: A brief history of privacy self-regulation. "Privacy self-regulation has been a Potemkin Village of consumer protection," says executive director Pam Dixon. "History shows a pattern of past self-regulatory efforts that have been erected quickly and have faded after regulatory threats fade." The report is authored by Robert Gellman and Pam Dixon. It includes details about programs such as the IRSG, the Privacy Leadership Initiative, the Privacy Alliance, and other programs. A key finding of this report is that the majority of the industry self-regulatory programs that were initiated failed in one or more substantive ways, and many disappeared entirely.

Report: Many Failures: A Brief History of Privacy Self-Regulation | Section: Conclusion

Is there any reason to think that privacy self-regulation will work today when it did not work in the past? Privacy self-regulation done in the same way that it has been done in the past, without sufficient consumer participation, and with the same goals of simply evading real regulation and effective privacy controls will continue to fail.

Congressional Testimony: What’s a Consumer to Do? Consumer Perceptions and Expectations of Privacy Online

WPF executive director Pam Dixon testified at a joint subcommittee hearing focused on privacy and the collection and use of online and offline consumer information. Dixon's testimony focused on the new "modern permanent record" and how it is used and created. Dixon said "The merging of offline and online data is creating highly personalized, granular profiles of consumers that affect consumers’ opportunities in the marketplace and in their lives. Consumers are largely unaware of these profiles and their consequences, and they have insufficient legal rights to change things even if they did know." The testimony explored concrete examples of problematic consumer profiling activities.

TACD letter to Congress on European privacy

TACD -- The Trans Atlantic Consumer Dialogue (TACD), which WPF is a member of, has sent a letter regarding Internet privacy to a Congressional subcommittee explaining that European privacy controls are not burdensome, but rather of key importance. The TACD is a forum of more than 80 US and European consumer groups and represents several hundred million consumers in North America and the United States.

Interview: Pam Dixon on air

Pam Dixon maintained a long-standing weekly tech segment on ClearChannel for many years. (Monterey Bay, Salinas, Santa Cruz). Many of the discussions revolved around privacy. If you would like links, headlines, and information related to the weekly broadcasts, check or follow Pam Dixon's Facebook page, where updates are posted.

New Medical Identity Theft map

Medical ID theft -- The World Privacy Forum has released a new map that reveals the geography of medical identity theft. This is the first map of its kind, and is based on the Federal Trade Commission Consumer Sentinel data. The map is interactive, and gives details on the cities where medical identity theft occurred over the course of a year. The World Privacy Forum published the first report on medical identity theft in 2006, coining the term in the report and bringing the crime to public attention. WPF continues to actively research this important privacy issue.

WPF files substantive comments on HIPAA

Medical privacy and HIPAA -- The World Privacy Forum today filed its comments on the proposed changes to the HIPAA privacy rule, supporting some proposed changes and suggesting additional changes to enhance patient choice. In particular, the WPF supports the new patient right to an access report that has been added (p. 4), and has requested that Health Information Exchanges also be required to provide accountings of disclosures to patients (p. 18). The WPF generally argued that HHS needs to look forward and allow changes in information technology to fully benefit patients by providing the facility for more accounting rather than less (pp. 2-3) . If the HIPAA rule gives patients a greater ability to monitor how their information is used and disclosed, patients will pay attention and requests for accounting of disclosures will become more common.

Public Comments: August 2011 - Proposed changes to the HIPAA Privacy Rule regarding Accounting of Disclosures under the Health Information Technology for Economic and Clinical Health Act

The World Privacy Forum today filed its comments on the proposed changes to the HIPAA privacy rule, supporting some proposed changes and suggesting additional changes to enhance patient choice. In particular, the WPF supports the new patient right to an access report that has been added (p. 4), and has requested that Health Information Exchanges also be required to provide accountings of disclosures to patients (p. 18). The WPF generally argued that HHS needs to look forward and allow changes in information technology to fully benefit patients by providing the facility for more accounting rather than less (pp. 2-3). If the HIPAA rule gives patients a greater ability to monitor how their information is used and disclosed, patients will pay attention and requests for accounting of disclosures will become more common.

HIPAA Countdown

HIPAA opened for comment -- The US Department of Health and Human Services has opened sections of the HIPAA rule for comments. All members of the public may comment on the proposed changes to the rule. Comments are due by August 1.

Consumer Tip: Opt out of automatic Facebook facial recognition

Privacy tip -- If you have a Facebook account and if you have ever been tagged in a photo of yourself on Facebook, we want to alert you to an important Facebook setting. Unless you have proactively changed your privacy settings, Facebook will use facial recognition tools to compare photos and make tag suggestions. When new photos that look like you have been uploaded, Facebook will suggest tags with your name. To opt out of this, in Facebook go to Account, then choose Privacy Settings from the drop down menu. Click the Customize Settings link, and then scroll down and look for the Suggest Photos of Me to Friends line. To opt out, click Edit Settings, then choose Disable on the drop down menu.

US Department of Commerce requests feedback on its new cybersecurity report

US Department of Commerce | Cybersecurity -- The US Department of Commerce released a green paper on cybersecurity with recommendations for improving cybersecurity via self regulation, or voluntary codes of conduct. The report, Cybersecurity, Innovation, and the Internet Economy also contains a discussion of some privacy issues, such as the impact of data breach notification laws. Comments are due in 45 days.

WPF requests more information about Ceridian data breach and the FTC complaint process

Data breach -- The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.

Public Comments: May 2011 - WPF requests more information about Ceridian data breach and the FTC complaint process

The World Privacy Forum filed comments with the Federal Trade Commission regarding its consent decree against Ceridian regarding a substantial data breach. WPF has requested that the Commission present more facts in the case to the public, and has also requested more clarity about the FTC complaint process, noting that it is not a transparent process for the public.

WPF Files Comments on Deeply Flawed FERPA Proposal

Educational Privacy and FERPA -- The WPF filed detailed comments on the U.S. Department of Education\'s notice of proposed changes to the Family Educational Rights and Privacy Act. WPF has concerns that the increased sharing of student information that the proposed rule will allow will diminish student privacy in a significant and permanent way. WPF is urging the DOE to amend its proposed rule to establish increased privacy protections for sensitive student information held in databases and elsewhere.

Public Comments: May 2011 - Notice of Proposed Rulemaking for the Family Educational Rights and Privacy Act FERPA

The WPF filed detailed comments on the U.S. Department of Education's notice of proposed changes to the Family Educational Rights and Privacy Act. WPF has concerns that the increased sharing of student information that the proposed rule will allow will diminish student privacy in a significant and permanent way. WPF is urging the DOE to amend its proposed rule to establish increased privacy protections for sensitive student information held in databases and elsewhere.