Latest

Online Job Scam: Introduction

Job scams are as old as jobs themselves. In past years, con artists would put a bad job ad up, fool a job seeker into giving up their money, and then physically move on to a new city. Now bad job ads have moved onto the Internet, with devastating consequences. The very things that make the Internet so effective for job seekers -- speed, convenience, and a nationwide job search from a computer screen -- are the same things that make it effective for fraudulent activity. Job seekers and job sites have unfortunately been targeted with sophisticated triangulation scams that move rapidly and seamlessly through a selection of job sites from coast to coast in a matter of days.

Online Job Scam: Payment Transfer Scams and How They Operate

Payment transfer scams begin with a con artist that pretends to be an employer. The con artist uses a job ad to lure in an unsuspecting job seeker, or they may use information from a resume they have found. The con artists can be quite convincing, and may even steal company names and corporate logos to convince victims that they are legitimate. After the con artist has won the job seeker's trust, the con artist tricks the job seeker into giving up bank account numbers. The reasons given for this can be clever. One common reason the con artists give out is to say they only deliver paychecks by "direct deposit."

Online Job Scam: Timeline - The Evolution of a Job Scam

This timeline tracks one job scam as it systematically wove its way through dozens of job sites over the course of a year and left multiple victims in its wake. Like a computer virus, the scam has evolved over time. It is an ugly evolution that has substantially harmed job seekers who have fallen victim to it. The scam began sometime in August of 2003, and as of July 7 2004, is still active. Known names this scam goes under are Unk Electronics, Macrocommerce Intersales, Nanjing Panada*, Antares Electronics, Inc.*, BestElectrics, and Omega Inc. Although the names are different, the likelihood is a very strong that it is all the same job scam.

Online Job Scam: Critical Tips For Job Seekers to Help Avoid Job Scams

The following four tips can help jobseekers protect themselves from falling prey to payment forwarding scams. 1. Never give personal bank account, PayPal, or credit card numbers to an employer. 2. Never agree to have funds or paychecks direct deposited to any of your accounts by a new employer. 3. Never forward, transfer, or "wire" money to an employer. 4. Do not transfer money and retain a portion for payment.

Online Job Scam: RSS Job Feeds and Job Fraud

RSS, a technology that collects information from Web sites, bundles it together and then sends it to individuals to read offline is gaining popularity. RSS stands for Really Simple Syndicationor rich site summary. Right now, it looks like RSS may become an important part of how people use the Internet. For collecting and aggregating news headlines and tidbits from newspapers and blogs, RSS is convenient and helpful. RSS does have the potential for some real drawbacks for job seekers unless it is thoughtfully deployed by job search sites. However, the drawbacks are a fairly simple matter to correct.

Online Job Scam: Methodology

The World Privacy Forum began study of online job scams in February2003. 1. Researchers did a background material search for information and collected and read background material on how job scams operated from sources such as newspapers, online news sites, law reviews, consumer protection agencies, the BBB, the FTC, and the U.S. Postal Inspector General. 2. A search for open fraud cases was conducted nationwide. 3. Twenty job sites that varied in size and focus were selected as a first study group.

World Privacy Forum, Privacy Rights Clearinghouse, EPIC, and other consumer groups urge Google to post a link to its privacy policy from its home page

Internet privacy -- The World Privacy Forum, Privacy Rights Clearinghouse and EPIC were joined by California-based EFF, the ACLU of Northern California, Consumer Action, Consumer Federation of California and other national groups in asking Google's CEO Eric Schmidt to provide a prominent link to the Google privacy policy directly from its home page. Google has recently been criticized for not providing a link to its privacy policy from its home page, as the California Online Privacy Protection Act requires. The groups noted that linking to a privacy policy on a home page is considered a widespread best practice.

Key genetic oversight report released; includes changes based on World Privacy Forum comments

SACGHS | Oversight of genetic testing -- The Secretary's Advisory Committee on Genetics, Health and Society (SACGHS) released its final report on Oversight of Genetic Testing (U.S. System of Oversight of Genetic Testing: A Response to the Charge of the Secretary of Health and Human Services, April 2008, PDF, 276 pages). This is a substantial, thoughtful report that is likely to have a long-term impact on the field. The World Privacy Forum submitted formal written comments regarding this report when it was in draft form, and also appeared before the Committee in person in February of 2008 to discuss additional information relevant to the report. The final report reflects the World Privacy Forum comments and testimony. The report now includes a discussion about Direct to Consumer advertising and marketing as well as related privacy issues. The discussion in the final report also now acknowledges the implications of Direct to Consumer marketing of genetic tests regarding online privacy. The final report also reflects generally increased attention to privacy issues.

World Privacy Forum files comments on proposed changes to FERPA; requests changes to protect student and parent privacy

FERPA -- The U.S. Department of Education has published proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information. FERPA comments may be filed until close of business Eastern time May 8, 2008.

Public Comments: May 2008 - Proposed changes to FERPA don't protect student and parent privacy

FERPA comments: WPF is concerned about the U.S. Department of Education's proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students' school records and "directory" information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students' and parents' privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students' eligibility. The Forum also requested that students' electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information..

World Privacy Forum to speak at Federal Trade Commission health workshop

Health Care Innovations workshop -- The World Privacy Forum will be speaking at an upcoming FTC workshop on the topics of medical identity theft, personal health records, and direct-to-consumer genetic tests and marketing. The workshop is April 24, 2008. Workshop information is available at the FTC web site.

World Privacy Forum files comments on behaviorally targeted ads online; requests separate rulemaking for sensitive medical information

Behaviorally targeted advertising | FTC proposed rules -- The World Privacy Forum filed comments in response to the Federal Trade Commission's proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly.

Public Comments: April 2008 - WPF files comments on behaviorally targeted ads online; requests separate rulemaking for sensitive medical information

The World Privacy Forum filed comments in response to the Federal Trade Commission's proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly.

World Privacy Forum files comments on proposed rules regarding Patient Safety Organizations

Patient Safety Organizations | Proposed rulemaking -- The World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Heathcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations.

Public Comments: April 2008 WPF files comments on proposed rules regarding Patient Safety Organizations

The World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Healthcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations.

Public Comments: April 2008 - Freedom of Information Act Request; NHIN Cooperative Workgroups

Disclosure of the requested information to our organization is in the public interest because it will contribute significantly to public understanding of the NHIN Cooperative and its workgroups. The subject of the requested information will directly illuminate government activities for which information is unavailable otherwise. As far as we can tell, information regarding the NHIN Cooperative Workgroups, a topic of vital public interest, have not been made generally available to the public.

Updated Consumer Tips for Medical ID Theft

Medical ID theft -- Based on interviews with numerous victims and others involved in the crime of medical identity theft, and based on our own work with victims, the World Privacy Forum has added some new information to its 2006 consumer tips for medical identity theft. We have also slightly updated some of the older tips based on new information. The Forum has also updated its medical identity theft landing page to reflect our new and ongoing work in this area.

WPF Resource Page: Personal Health Records

PHRs have been promoted in recent years as being an empowering panacea of benefits for consumers, but there has been little meaningful discussion of the complex and serious privacy issues PHRs can raise. For example, very few consumers know that not all PHRs are protected by HIPAA, the federal privacy rule that applies to medical files held at, for example, hospitals.

Consumer Tips: The Potential Privacy Risks in Personal Health Records

In PHRs, important information about privacy procedures and policies is contained in the fine print, and the fine print really matters. That’s because some PHRs are covered under HIPAA privacy protections, but many PHRs are not covered under HIPAA privacy protections. Few consumers understand that their health care files are not always protected under HIPAA when their files are in a PHR.

Legal and Policy Analysis: Personal Health Records: Why Many PHRs Threaten Privacy

New publication | PHRs and privacy -- The World Privacy Forum has published a new legal and policy analysis examining Personal Health Records -- or PHRs -- and the privacy issues associated with them. This analysis, Personal Health Records: Why Many PHRs Threaten Privacy, was prepared by Robert Gellman for the World Privacy Forum. The analysis finds that significant, serious threats to privacy exist in some PHRs.