Latest

World Privacy Forum Publishes Red Flag Rule Suggestions for Hospitals and Providers; new FTC-enforced rules go into effect Nov. 1, can apply to health care providers

SAN DIEGO, Ca., Sept. 24 -- The World Privacy Forum’s latest report, Red Flag and Address Discrepancy Requirements: Suggestions for Health Care Providers, discusses the applicability of the new FTC regulations to the health care sector along with suggestions for providers. The report addresses newly issued regulations by the Federal Trade Commission that require financial institutions and creditors to develop and implement written identity theft prevention programs. Health care providers – whether they are for-profit, non-profit, or governmental entities – may have obligations under the new rules.

World Privacy Forum urges more attention to the protection of research study participants

Human Subjects Research Protection (OHRP) -- The World Privacy Forum filed comments today with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that"nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study." OHRP will be accepting comments until Sept. 29.

Public Comments: September 2008 - World Privacy Forum urges more attention to the protection of research study participants

Human Subjects Research Protection (OHRP) -- The World Privacy Forum filed comments with the Office of Human Research Protection urging the office to do more to protect the privacy of people who are subjects of research. The comments urge the OHRP to focus more attention on providing privacy-specific training for boards overseeing research, which are often weak in knowledge about the breadth of privacy issues in research. The WPF also voiced its strong support for certificates of confidentiality for research involving human subjects, stating that "nearly all research that involves identifiable health data or other personal data about individuals should have a certificate of confidentiality unless a researcher can state a substantive reason why a certificate is not appropriate for the study."

Updates to NHIN timeline

National Health Information Network (NHIN) -- The National Health Information Network timeline and chronology that the World Privacy Forum maintains has been updated. Materials from the April/May public forum in Dallas are now online and linked, as are key upcoming events regarding the NHIN. Notably, in September the nine existing NHIN trial implementation projects that have been running and exchanging health data in California, North Carolina, New York, and other states are set to be demonstrated in Washington DC. These demonstrations are pivotal for the NHIN and how it takes shape going forward.

Press Announcement: World Privacy Forum files comments to DHS regarding the Border Crossing Information System; Some proposed routine uses of the system directly contravene the Privacy Act of 1974

Border Crossing Information System, DHS -- The World Privacy Forum submitted public comments today to the Department of Homeland Security regarding its proposed Border Crossing Information System. The BCI system would set up a database of all border crossings via car, rail, air and other means, including collecting identifiable data on the activities of American citizens. Information collected includes biographical and other information such as name, date of birth, gender, a photograph, itinerary information, and the time and location of the border crossing. The WPF comments focus entirely on the proposed Routine Uses of the system. As currently written, the DHS proposal contains some Routine Uses that directly contravene the Privacy Act of 1974 and are illegal. Other Routine Uses are overbroad and vague, and still others contravene guidance from the Office of Management and Budget (OMB). One example of an overbroad Routine Use is Routine Use J, which will allow DHS to release data collected for the Border Crossing Information System for hiring decisions or contract awards. This information may be requested by Federal, state, local, tribal, foreign, or international agencies. Another Routine Use, G, impermissibly duplicates and weakens the Privacy Act's condition of requirement for notice when information is disclosed in certain circumstances.

Public Comments: August 2008 - Border Crossing Information, System of Records Notice, DHS-2007-0040

The World Privacy Forum filed comments regarding DHS's proposed Border Crossing Information system of records, finding that many of the Routine Uses proposed for the system were impermissible and illegal under the Privacy Act of 1974. The comments focus on the Routine Uses, rather than the system itself.

Perceptions of privacy by the class of 2012

Privacy and the class of 2012 -- Each year Beloit College publishes a "Mindset List" to share incoming college students' rapidly changing cultural frames of reference with the faculty. For the class of 2012, several privacy-related items made the Mindset List for the first time. The list notes that these students' frames of privacy references are that "Personal privacy has always been threatened" (#43) and "Employers have always been able to do credit checks on employees" (# 39).

World Privacy Forum Files FTC Complaint About AOL Data Releases

Internet privacy -- The World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL's multiple releases of portions of its users' search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines.

World Privacy Forum Announces IPSC2008 Conference in Tokyo, Japan

IPSC2008 Conference -- The World Privacy Forum is co-hosting the first International Privacy and Security Conference 2008 (IPSC2008), to be held in Tokyo, Japan on November 11-12, 2008. Also co-hosting the conference are the Japan-based Institute of Electronics, Information and Communication Engineers (IEICE), Social Implications of Technology and Information Ethics, and the Japan Society of Security Management. This conference brings together Japan's leading privacy and security experts and scholars as well as experts from the US and the EU.

News Release and Event Announcement: International Privacy and Security Conference 2008

This conference is convened for the purpose of gaining a deepened mutual understanding of privacy and security approaches cross-culturally, with the conference providing an international forum for discussing and understanding the different concepts of privacy and security in the US, Asia, and the EU. Through sharing of current practices and ideas, the participants will explore possible bridges between what these concepts mean in different countries both now and looking to the future as well.

Comments of the World Privacy Forum to the FTC re: Ingenix and Milliman FCRA enforcement action

Medical privacy -- Some recent articles about the sale of patients' prescription histories to insurance companies have raised many consumer questions about this practice. Ingenix and Milliman -- two companies engaged in this practice -- were the subject of a Federal Trade Commission enforcement action which was published for comment in September 2007. The World Privacy Forum provided formal comments to the Federal Trade Commission last year about this enforcement action; the WPF sought to have all affected consumers notified of adverse actions taken based on the information, and asked the FTC to modify its enforcement action to include an appropriate monetary penalty against the two companies.

FTC reports more than 145 million telephone numbers are in the National Do Not Call Registry

Do Not Call Registry -- In its fourth annual report to Congress on the Do Not Call Registry, the Federal Trade Commission released some interesting new statistics. As of September 2007, there were 145,498,656 telephone numbers in the Do Not Call Registry. The FTC also reported that 6,242 entities paid over $21 million for access to the DNC Registry in 2007. The report also details the FTC's enforcement actions against businesses violating the DNC Registry rules. As of September 30, 2007, the FTC had filed 25 cases regarding DNC Registry violations and had settled 22 of the cases.

Consumer Tips: How you can retrieve your federally mandated free credit report

The simplest way of accessing your free credit report is to either call or to mail for the report. Please see the tips below for more information about these ways of accessing your credit report. However, if you do decide to retrieve your free credit report via the Internet at the official www.annualcreditreport.com site, please make sure you go to the correct site. You do not have to pay to receive your free annual credit report. If you are on a site that is asking you to pay for your credit report, double check the spelling of the site, or use the call-in and mail-in methods.

WPF Resource Page: AnnualCreditReport.com

Landing page for Call Don't Click: Why it's smarter to order your federally mandated free credit reports via telephone, not the Interent. A report on www.annualcreditreport.com by the World Privacy Forum.

Resume posting guide updated

Job search privacy -- The World Privacy Forum's popular resume posting guide, 12 Resume Posting Truths, has been updated. This update is part of an ongoing project on job search privacy. The World Privacy Forum has extensive materials on job search privacy and job scams.

World Privacy Forum receives 2008 Consumer Excellence Award

Consumer Excellence Award -- World Privacy Forum executive director Pam Dixon has received a 2008 Consumer Excellence Award for her leadership and work in the area of medical identity theft and consumer privacy from Consumer Action. Also honored was Herb Weisbaum, a 5-time Emmy-winner who is a consumer contributor to NBC's Today Show. Consumer Action was founded in 1971 and is a national non-profit organization focused on consumer education and advocacy. The awards ceremony was held in San Francisco on June 26th. The World Privacy Forum is honored to accept this award.

OECD reaffirms its support for the 1980 OECD principles on privacy, or "Fair Information Practices"

OECD | Fair Information Practices -- At a key meeting of the OECD on the future of the Internet economy, the OECD Secretary General Angel Gurria reaffirmed support of the 1980 OECD Privacy Principles. Also, Secretary General Angel Gurria expressed support for formalizing the participation of civil society in OECD going forward and for paying more attention to information security and identity theft problems. Secretary General Gurria noted that "A more decentralised, networked approach to policy formulation for the Internet Economy that includes the active participation of stakeholders needs to be the norm." Many parts of the recent OECD meeting may be viewed online.

Council for Responsible Genetics convenes experts and the public for database and genetics conference

Genetic privacy -- The World Privacy Forum participated in a Council for Responsible Genetics (CRG) conference on genetic databases at New York University. The groundbreaking conference focused on key issues of race and genetic databases, fairness, accuracy, and privacy. The World Privacy Forum discussed a paper by Dr. Harry G. Levine, Drug Arrests and DNA, noting that innocent victims of medical identity theft may be arrested for the "drug seeking behavior" of the criminals impersonating them.

World Privacy Forum files comments with FTC regarding credit -based insurance scoring

Financial privacy -- The World Privacy Forum filed comments with the Federal Trade Commission today about its proposed study of credit -based pricing practices for homeowners insurance. The World Privacy Forum requested that the FTC ask insurers if there are specific procedures in place for detecting, mitigating, and responding to consumers who have been victims of identity theft. The WPF noted its support for the FTC's use of the FTC Act Section 6(b) authority to acquire robust information from the insurance companies.