Job scams are as old as jobs themselves. In past years, con artists would put a bad job ad up, fool a job seeker into giving up their money, and then physically move on to a new city. Now bad job ads have moved onto the Internet, with devastating consequences. The very things that make the Internet so effective for job seekers — speed, convenience, and a nationwide job search from a computer screen — are the same things that make it effective for fraudulent activity. Job seekers and job sites have unfortunately been targeted with sophisticated triangulation scams that move rapidly and seamlessly through a selection of job sites from coast to coast in a matter of days.

The following four tips can help jobseekers protect themselves from falling prey to payment forwarding scams.

1. Never give personal bank account, PayPal, or credit card numbers to an employer.
2. Never agree to have funds or paychecks direct deposited to any of your accounts by a new employer.
3. Never forward, transfer, or “wire” money to an employer.
4. Do not transfer money and retain a portion for payment.

FERPA — The U.S. Department of Education has published proposed changes to its FERPA regulations, FERPA standing for the Family Educational Rights and Privacy Act. FERPA is a significant regulation that controls how students’ school records and “directory” information may be shared. The proposed regulations have one item the WPF is supporting, which is that SSNs are not considered part of the directory information. However, other aspects of the proposed regulation still need work to adequately protect students’ and parents’ privacy interests. The WPF commented in particular that schools should not be allowed to request and then store a full tax refund from parents in order to prove students’ eligibility. The Forum also requested that students’ electronic identifiers are not included in the definition of directory information. One area of substantial concern is that the Department of Education has not expressly provided that students who opt-out of having their directory information shared should not be penalized for opting out. Currently, the proposed regulations may be read to suggest that schools may be able to deny benefits, services, or even required activities to students who have exercised the right to opt-out of the publication of directory information. FERPA comments may be filed until close of business Eastern time May 8, 2008.

The World Privacy Forum filed comments in response to the Federal Trade Commission’s proposed self-regulatory guidelines for companies targeting online advertising to consumers based on consumer behaviors. The WPF requested a separate, formal rulemaking process for determining how sensitive medical information should be handled online regarding behaviorally targeted advertisements. The WPF also discussed genetic data and requests for genetic tests, and noted that genetic information should be included in any definition of sensitive medical information. The WPF reiterated that the definition of personally identifiable information should include IP address, and encouraged the FTC to work from a rights-based approach regarding online advertising. The WPF also urged the FTC to include all fair information practices in any self-regulatory regime, and to enforce the regime directly.

The World Privacy Forum filed extensive comments today regarding privacy protections for patients whose health care information will be shared with patient safety safety organizations under newly proposed Department of Health and Human Services regulations. After a landmark Institute of Medicine report on the prevalence of medical errors and their harmful impact on patients (To Err is Human), the U.S. Congress eventually passed the Patient Safety Act (2005). The Patient Safety Act allows extensive health care data of patients to go to patient safety organizations. The idea is to provide a form of quality control. The Agency for Healthcare Research and Quality (AHRQ), part of HHS, has published its proposed regulations implementing the Act. The World Privacy Forum has made 14 recommendations for substantive changes in the proposed rules to protect patient privacy. The World Privacy Forum asked the Agency to expressly mandate that all patient data be de-identified or anonymized to the greatest extent possible, that the proposed rule should expressly require data use agreements for any data sharing, that the patient information be labeled as subject to the Patient Safety Act, and strongly urged that patient safety organizations be required to maintain an accounting of disclosures at least equal to HIPAA, among other recommendations.