Latest

World Privacy Forum and Electronic Frontier Foundation File Public Comments on REAL ID

REAL ID | National ID -- The World Privacy Forum and the Electronic Frontier Foundation (EFF) filed joint comments with the Department of Homeland Security about the proposed national ID system, REAL ID. The comments discuss the substantial flaws in the proposed REAL ID system including concerns about the overall structure of the program, the cards, the databases attached to the cards, the lack of controls on "function creep," the possibilities for discrimination, the potential for increased risk of identity theft, issues related to potential gaps in coverage for recipients on Federal programs, among other issues.

Public Comments: May 2007 - REAL ID .... Joint Comments .... World Privacy Forum and Electronic Frontier Foundation File Public Comments on REAL ID

The World Privacy Forum and the Electronic Frontier Foundation (EFF) filed joint comments with the Department of Homeland Security about the proposed national ID system, REAL ID. The comments discuss the substantial flaws in the proposed REAL ID system including concerns about the overall structure of the program, the cards, the databases attached to the cards, the lack of controls on "function creep," the possibilities for discrimination, the potential for increased risk of identity theft, issues related to potential gaps in coverage for recipients on Federal programs, among other issues. Read the comments (PDF). See the EFF REAL ID pages for background about REAL ID.

Stop REAL ID

REAL ID -- REAL ID is a national ID card program. Currently, the Department of Homeland Security is accepting public comments on the REAL ID plan. Comments will be accepted until Tuesday, May 8. The World Privacy Forum has joined with a large coalition of groups to solicit public comments on REAL ID; to file comments, please visit the Speak Out Against REAL ID coalition page for more information. http://www.privacycoalition.org/stoprealid/

Launch of the WPF Discussion Forum: The Paradox of Consent, analysis by Bob Gellman

Discussion Forum: Consent and Privacy -- World Privacy Forum launches its Discussion Forum with an inaugural paper by Robert Gellman on the complexities of consent in the privacy sphere. Gellman's analysis focuses on the core privacy issues underlying "The Maine Incident," that is, Maine's historic 1998 passage of medical privacy legislation, and the subsequent repealing of key aspects of that legislation two weeks after it was enacted. Issues related to consent were key factors in the Maine events.

Update: World Privacy Forum's National Health Information Network Timeline

National Health Information Network -- Recently, the first live prototypes of the NHIN were demonstrated in Washington, D.C. This was a milestone event in the development of the planned network. The National Health Information Network is an ambitious project the U.S. government undertook in 2004 to digitize and network patient health records across the nation. This project raises challenging confidentiality, privacy, and security issues.

Genetic Privacy Page

Genetic privacy | medical privacy -- The World Privacy Forum has published a new page on genetic privacy outlining basic policy issues and collecting World Privacy Forum work in the area. The page also links to key external research being done in privacy and genetics, and also links to key organizations doing work in this area in the U.S. and the U.K.

Commercial drivers' license applicants requesting exemption from the diabetes standard have their personal medical information, name, age, and more published in the Federal Register; World Privacy Forum urges changes to the practice

Medical privacy | Department of Transportation -- The World Privacy Forum filed comments with the Department of Transportation today regarding the department's publicationof the detailed personal medical information of individuals subject to DOT regulations in the Federal Register along with their names, ages, and other identifying information. The WPF comments argue that personal medical information combined with name, age, etc. does not belong in the Federal Register, where it can have potentially far-reaching consequences for those individuals who are named as well as their family members. The comment period closes April 2.

Public Comments: March 2007 Commercial drivers’ license applicants requesting exemption from the diabetes standard have their personal medical information, name, age, and more published in the Federal Register

The World Privacy Forum filed comments with the Department of Transportation today regarding the department's publication of the detailed personal medical information of individuals subject to DOT regulations in the Federal Register along with their names, ages, and other identifying information. The WPF comments argue that personal medical information combined with name, age, etc. does not belong in the Federal Register, where it can have potentially far-reaching consequences for those individuals who are named as well as their family members.

World Privacy Forum testifies on genetic privacy and consumer data marketing issues

Genetic privacy | SACGHS -- The World Privacy Forum gave testimony to the Secretary's Advisory Committee on Genetics Health and Society regarding privacy issues stemming from direct-to-consumer advertising and consumer-initiated genetic testing. The World Privacy Forum noted that a great deal of consumer health data circulates outside the protections of HIPAA, and a substantial market for this kind of consumer health data already exists. Genetic data about consumers that is acquired outside the clinical context and is not subject to the protections of HIPAA (for example, through consumer-initiated genetic testing) will likely not be any more protected than other forms of consumers' health-related information from the current demands of the market. However, the consequences of leakage of genetic information about consumers into the marketing stream could have potentially negative consequences for both those consumers and their blood relatives. The World Privacy Forum urged the committee to include specific recommendations about privacy in its upcoming report to the Secretary, and also urged the committee to work with other federal agencies to set up a pre-market oversight structure that includes significant and meaningful privacy protections for genetic testing occurring outside of the protections of HIPAA.

World Privacy Forum comments about the ethical, legal, and social implications of using genetic health care data in electronic health records

Genetic Privacy -- The World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests.

Public Comments: February 2007 - WPF comments about the ethical, legal, and social implications of using genetic health care data in electronic health records

The World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests.

President's Identity Theft Task Force: World Privacy Forum requests that medical identity theft be added to task force agenda

Identity Theft -- The World Privacy Forum filed comments and recommendations with the President's Identity Theft Task Force. The task force's draft report and recommendations did not include or contemplate medical identity theft solutions for victims; the WPF has requested and recommended that this be corrected. Medical identity theft victims need more help, more recourse, and agency attention.

Public Comments: January 2006 - President's Identity Theft Task Force: World Privacy Forum requests that medical identity theft be added to task force agenda

The World Privacy Forum filed comments and recommendations with the President's Identity Theft Task Force. The task force's draft report and recommendations did not include or contemplate medical identity theft solutions for victims; the WPF has requested and recommended that this be corrected. Medical identity theft victims need more help, more recourse, and agency attention.

WPF comments on proposed guidance on Confidential Information Protection and Efficiency Act of 2002 (CIPSEA)

e-Government /CIPSEA -- The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.

Public Comments: December 2006 - Confidential Information Protection and Efficiency Act of 2002 (CIPSEA)

The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law.

World Privacy Forum Requests That CMS Bring Its Medicare Part D Data Activities Under HIPAA and Require Certificates of Confidentiality to Protect Patient Privacy

Medical privacy | Medicare Part D -- In comments filed with the Centers for Medicare and Medicaid Services, the World Privacy Forum requested that CMS give effect to data restrictions that Congress has expressly included in the law. WPF also requested that CMS include in its standard agreements for use of CMS data a requirement that the recipient obtain a certification of confidentiality for all identifiable CMS data. WPF also requested that CMS perform a regulatory impact analysis and publish a system of records notice.

Public Comments: December 2006 - Medical privacy / Medicare Part D World Privacy Forum Requests That CMS Bring Its Medicare Part D Data Activities Under HIPAA and Require Certificates of Confidentiality to Protect Patient Privacy

In comments filed with the Centers for Medicare and Medicaid Services, the World Privacy Forum requested that CMS give effect to data restrictions that Congress has expressly included in the law. WPF also requested that CMS include in its standard agreements for use of CMS data a requirement that the recipient obtain a certification of confidentiality for all identifiable CMS data. WPF also requested that CMS perform a regulatory impact analysis and publish a system of records notice.

Identity Theft Victims of Choicepoint Data Breach May Now File Reimbursement Claims

Identity theft | Consumer Alert -- The Federal Trade Commission has set up a new web site and phone number for identity theft victims of the Choicepoint data breach. The new site and phone number gives victims information on how to file claims for monetary reimbursement if out- of- pocket losses accrued as a result of the ID theft. A fund of $5 million is available to victims, the deadline for filing is February 4, 2007.

Department of Justice Proposes Making Changes to Routine Uses of its Systems and Databases; World Privacy Forum Files Comments on Problematic Privacy Act Issues with the Proposed Changes

Privacy Act of 1974 -- The Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter.

Public Comments: November 2006 - Privacy Act of 1974 Department of Justice Proposes Making Changes to Routine Uses of its Systems and Databases; World Privacy Forum Files Comments on Problematic Privacy Act Issues with the Proposed Changes

The Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter. Read the comments (PDF).

World Privacy Forum Comments on Proposed Policy for Genetic Database

Genetic privacy -- Genome-wide association studies present complex and challenging privacy issues. The National Institutes of Health, in a published request for information, asked for public comment on its proposed policy regarding its support and management of a central genomic repository for genome-wide association studies. In comments filed with the National Institutes of Health, the World Privacy Forum raised concerns about the proposed NIH policy in the specific areas of genetic identifiability, secondary uses of the genetic data, oversight, legal protections, and informed consent.

Public Comments: October 2006 Comments to National Institutes of Health regarding its Request for Information for Genome Wide Association Studies repository policy.

Genome-wide association studies present complex and challenging privacy issues. The National Institutes of Health, in a published request for information, asked for public comment on its proposed policy regarding its support and management of a central genomic repository for genome-wide association studies. In comments filed with the National Institutes of Health, the World Privacy Forum raised concerns about the proposed NIH policy in the specific areas of genetic identifiability, secondary uses of the genetic data, oversight, legal protections, and informed consent.

World Privacy Forum Files Comments on a Proposed DHS rulemaking; asks the Department to make a Commitment to Transparency and Accountability

Privacy Act of 1974 -- In response to a proposed Department of Homeland Security rulemaking regarding a system of records, the World Privacy Forum filed comments requesting changes. The primary objections are that the proposed system of records commingles records and functions, the proposed exemption is inconsistent with the system notice, and DHS's proposed exemption from civil remedies was not correct, among other issues. The World Privacy Forum stated in its comments that the Department of Homeland Security should demonstrate its commitment to accountability and transparency in the rulemaking.

Comments: September 2006 - WPF Files Comments on a Proposed DHS rulemaking; asks the Department to make a Commitment to Transparency and Accountability

Privacy Act of 1974 In response to a proposed Department of Homeland Security rulemaking regarding a system of records, the World Privacy Forum filed comments requesting changes. The primary objections are that the proposed system of records commingles records and functions, the proposed exemption is inconsistent with the system notice, and DHS's proposed exemption from civil remedies was not correct, among other issues. The World Privacy Forum stated in its comments that the Department of Homeland Security should demonstrate its commitment to accountability and transparency in the rulemaking.

Public Comments: September 2006 Proposed Regulations on Identity Theft Red Flags and Address Discrepancies Under the Fair and Accurate Credit Transactions Act of 2003

Medical identity theft is both an information crime and a health crime. In this crime, a victim’s medical identity is stolen or appropriated in some way. Victims’ financial life may be impacted, and there may be other complicating factors. Medical identity theft occurs when someone uses a person’s name and sometimes other parts of their identity – such as a Social Security Number-- without the victim’s knowledge or consent to obtain medical services or goods, or when someone uses an individual’s identity to obtain money by falsifying claims for medical services and falsifying medical records to support those claims.