medical identity theft map

CLICK THIS GRAPHIC TO VIEW INTeractive map

View 20 years of Medical Identity Theft

The World Privacy Forum has mapped the location of incidents of medical identity theft in the United States Using Data from the ....

Consumer Privacy Tip of the Week

Apps to get free credit reports?

Are you thinking about getting a free credit report? Terrific, because Congress mandated that US consumers can receive one free credit report per year from the major credit bureaus. You can get your official free report from www.annualcreditreport.com or by calling 877-322-8228. What about apps that will help you do the same thing? Currently, we have not found an app that delivers the same official free annual credit report. Looking on the Apple App Store and at the Amazon Apps for Android, WPF searched for the term free credit report and found an app called freecreditscore.com. WPF discovered that the freecreditscore.com app will deliver an Experian credit report and PLUS score. It is not the same thing as the Congressionally-mandated annual free credit report. Right now, the official free annual credit report is only available on the annualcreditreport.com website and via phone. For more on the official free annual credit report, see the US Federal Trade Commission's page on this. http://www.ftc.gov/bcp/edu/microsites/freereports/index.shtml. Also check out our consumer tips on how to get your annual credit report here.

Health Information Exchanges in California

WPF's new interactive map identifies Health Information Exchanges in California. A Health Information Exchange, or HIE, is technology that enables the electronic movement of health-related information among health care providers and others. HIEs are an increasingly popular way for hospitals, pharmacies, labs, and emergency room physicians to share patient information. HIEs can exchange records across one hospital, across multiple hospitals in a region, or across a whole state. If your health information is being shared through an HIE, your lab test results, medications, medical history, or other clinical information related to your health care may be included in the sharing. See more about HIEs and our California HIE Map here.

05/09/2013 ID Ecosystem

WPF participating in ID Ecosystem Plenary

WPF Senior Projects Manager Marianne Fitzpatrick will be participating at the ID Ecosystem's Plenary meeting this week. Of top concern at the plenary will be a new ID theft use case that requires substantive discussion regarding privacy checks and balances. For more information, see NSTIC's page on the National Strategy for Trusted Identities in Cyberspace. Also see the ID Ecosystem Steering Group page for documents and meeting dates.

05/07/2013 Senior Identity Theft - FTC

WPF discussing new research in FTC Senior ID Theft Workshop

WPF Executive Director Pam Dixon will be speaking at the Federal Trade Commission Tuesday on the issue of Senior ID theft, and specifically, about medical forms of the crime. Dixon, who wrote the first report on medical ID theft and coined the term for the crime, will be presenting new research at the panel.

04/29/2013 India's national biometric ID card

Pam Dixon writes in May/June issue of Foreign Policy Magazine

In the May/June, 2013 issue of Foreign Policy Magazine, Pam Dixon writes about the privacy issues related to India's national biometric ID card. In the piece, Mission Creep, Dixon discusses how government-issued biometric ID cards that serve as national ID cards and as the basis for employment and financial transactions create profound civil liberties and privacy challenges that are neither easily or well-constrained by government policy.

04/23/2013 Commercial drone privacy

WPF: FAA must clarify and enhance drone privacy practices

In comments filed with the FAA, the World Privacy Forum urged the agency to establish a robust privacy committee to focus on drone privacy and to clarify the applicability of the Privacy Act of 1974 to UAS test site operators. WPF also requested the FAA conduct mandatory Privacy Impact Assessments and provide a FIPS-compliant privacy notice. "We have offered our comments to the FAA with the acknowledgement that everyone has much to learn in the area of commercial drone privacy. Our suggestions to the FAA seek to increase general knowledge about drones and their effect on privacy," said Pam Dixon.

04/12/2013 WPF on privacy and trust

WPF on panel of MSI

Pam Dixon is speaking on a panel on privacy and trust at Marketing Science Institute in Boston. The panel, led by John Deighton of the Harvard Business School, includes experts from EPIC, the DAA, and CBS.

04/01/2013 Visiting Scholar Lecture Pacific Northwest College of Art

Visiting Scholar: Privacy in a Modern Era

Pam Dixon is a visiting scholar at Portland's PNCA. She is scheduled to speak with students in a round of interdisciplinary classes, and she will also be giving a public keynote at 7 pm in Swigert Commons. Her public lecture is on Modern Privacy.

03/27/2013 Senior ID theft

Senior ID theft: Issues, Causes, and Cures

Pam Dixon speaks to Los Angeles County social workers and financial abuse support teams today to share WPF's wealth of information about medical identity theft and how this crime impacts seniors. WISE and Healthy Aging is hosting this important meeting.

03/05/2013 Privacy in India and Developing Economies

WPF to Speak on a Global Perspective on Consumer Privacy at FTC- IAPP Privacy Conference Workshop

World Privacy Forum Executive Director Pam Dixon will present WPF's research and India privacy videos at the FTC - IAPP Global Privacy Conference workshop Wednesday, March 7. The session, Global Perspectives on Consumer Privacy, is the first session of its kind at IAPP or the FTC focused on privacy in developing economies. WPF has researched privacy extensively in India, and has documented a number of key privacy issues in a video series. So far, 5 videos in the series have been released. All of the videos were shot on location in India and feature Pam Dixon, with videographer Blake Hamilton. These videos offer a rare and early glimpse into privacy interactions and issues in India. WPF will be releasing one more video on biometric ID cards in India.

03/05/2013 ID Ecosystem

ID Ecosystem Meetings Ongoing

WPF is participating in the ID Ecosystem meetings as a consumer privacy representative. Senior Projects Manager Marianne Fitzpatrick is taking the lead on this project, and is working on general privacy and financial privacy areas. The next meeting of the ID Ecosystem is Tuesday March 5. The ID Ecosystem meetings are open to the public. The meetings are important, as this process will set the stage regarding how online identities are managed. For more information, see NSTIC's page on the National Strategy for Trusted Identities in Cyberspace. Also see the ID Ecosystem Steering Group page for documents and meeting dates.

02/26/2013 Online privacy

Online privacy debate at leadership summit

Pam Dixon will participate in the IAB's formal privacy policy debate as a privacy and consumer representative on Tuesday, Feb. 26. This marks the first time the IAB annual leadership summit has hosted a formal policy debate. The debate will be moderated by Katy Kay of Advertising Age. Event information: http://www.iab.net/events_training/2013/alm/overview.

02/22/2013 Reputation and privacy

Consumer experiences of job searching and online reputation

Pam Dixon spoke at the Southwestern Law School Privacy Conference on the topic of reputational privacy Friday the 22cnd along with Neville Johnson and Paul Tweed. Dixon highlighted three key consumer situations WPF assisted with recently, discussing the employment challenges consumers faced when harmful material was available online during the job search process.

02/17/2013 Mobile Privacy

NTIA drafting process ongoing

The World Privacy Forum attended the NTIA Multistakeholder meeting as one of the drafters of the code of conduct being considered by the NTIA Multistakeholder process. WPF and the other drafters are accepting comments from all stakeholders in preparation of the next iteration of the draft. Current drafts, including redline drafts, are available on the NTIA website.

02/01/2013 The future of privacy

Debating the future of privacy

Pam Dixon participated as a discussant and contributor to the Arizona School of Law's private workshop on the topic of the future of privacy. Key areas of discussion included the European Union's Right to be Forgotten proposal, consent and health privacy, and Do Not Track.

01/24/2013

WPF to Present Consumer Privacy Perspective at DMA Webinar

This Thursday, Pam Dixon will be presenting the consumer privacy perspective for a DMA Webinar on data innovation. While marketers are interested in innovating to use consumer data, consumers have real privacy concerns that need to be addressed. Dixon will present some of the key implications. More information about the event is here.

01/23/2013 The Privacy Gap

Pam Dixon to Speak at Churchill Club

WPF's Pam Dixon will speak on privacy gaps at Silicon Valley's Churchill Club Wednesday, January 23 in San Francisco. The panel is part of International Privacy Day activities and will be moderated by Chris Kelley, Former Chief Privacy Officer of Facebook. More event information is available at http://www.churchillclub.org/LandingPage.aspx.

01/17/2013 NTIA Mobile privacy

Mobile app privacy discussions continue

WPF participated in the January 17th meeting of the NTIA Multistakeholder Process. The jointly crafted code WPF, ACLU, Mobile App Alliance, and Consumer Action created was again discussed and edited. A growing consensus is moving toward the joint code. The next meeting is January 31, 2013.

01/09/2013 CES Facial Recognition

CES Panel on Facial Recognition

Pam Dixon spoke at a CES panel on privacy issues in facial recognition technologies as part of the Leaders in Technology program at CES. The panel was moderated by Tony Romm of Politico and included FTC Commissioner Maureen Ohlhausen and Harley Geiger, legislative counsel for Representative Zoe Lofgren. Dixon spoke on the need for increased work on consumer options in a "sensor rich environment where there is no option to opt out by walking out." Referenced in the panel was WPF's report on digital signage and facial recognition, The One-Way Mirror Society.

12/04/2012 VIDEO: Reimaging privacy in a digital era, Children's Privacy

WPF video from India, children's privacy (Video #2 in our India Privacy series)

During our research in India, we captured our experiences in video along the way. This video focuses on children's privacy from a global perspective. We were in south India conducting interviews on privacy, and had the opportunity to talk with these children about privacy. We came away with some surprising results. Our first video, Reimaging Privacy in a Digital Era, and the second video on children's privacy are viewable on computers and mobile devices. Watch the video here:

11/30/2012 Mobile privacy

WPF co-presents joint mobile privacy plan to NTIA Multistakeholder process

The WPF co-presented a jointly conceived and written consumer mobile transparency proposal with the Application Developers Alliance, the ACLU, and Consumer Action on Friday, Nov. 30. All four groups were on hand to present the idea of moving forward with simple, clear, direct transparency guidelines for consumers in the mobile app space. "This document and the accompanying screenshots are just a beginning, but it is a beginning I can get behind," said Pam Dixon, who was in Washington to make the presentation to the stakeholders and the NTIA. "Mobile transparency is crucial to consumers, especially as we continue to shift more and more toward smartphone and app use." This is one of the first instances of a co-self-regulatory process that has been successful in generating a document both privacy, civil liberties, industry, and consumer groups have jointly created and agreed on.

11/26/2012 VIDEO: Re-imagining privacy in a digital era

Re-imagining privacy in a digital era; WPF video from India

The World Privacy Forum has spent time in India studying several key privacy issues of profound importance. We have done on-the-ground research regarding the national biometric identification card system being deployed in India, it is called the AADAAHR Card, or the Total ID. This biometric project is the largest known biometric deployment in the world to date. We have also been researching additional core WPF issues, such as electronic health record privacy. In a series of five videos, we outline and share the key privacy issues we have been looking at in India, and offer a first-seen peek into a world that is not often seen or experienced in Western policy circles.

This video is the first in the series, and it outlines how privacy today must be reimagined, in India, and in the US.

11/19/2012 CES | facial recognition and privacy

WPF tapped for Leaders in Technology talk at 2013 CES

WPF's Pam Dixon will be speaking at the 2013 International CES as part of the Leaders in Technology program. "I am honored to be part of CES' Leaders in Technology Program," said Dixon, who will be speaking on January 9, 2013 about the policy issues of facial recognition technology, particularly those relating to consumer privacy.

11/10/2012 Medical ID Theft

WPF on hospital patient ID procedures: Consent required

WPF was quoted in a NYT article on patient biometric identification systems, notably, palm vein readers. The idea is that patients will be uniquely identified to prevent fraud and other misidentifications. However, in cases of medical ID theft, biometric identification can go terribly awry, and can actually create a lot of problems for victims. WPF has written about palm vein scanners and other uses of ID technology in our Red Flag and best practices documents.

11/09/2012 Data brokers

WPF concerned about sales of consumer late mortgage payment information

The World Privacy Forum has filed comments with the US Federal Trade Commission, sending the FTC documentation that a credit bureau was selling information about consumers who had paid their mortgages 30, 60, or 90 days late. WPF made the filing in response to FTC's request for comments regarding its recent enforcement action against Equifax. The FTC's complaint against Equifax showed that for a period of two years, Equifax sold the names of consumers who were late on their mortgages to businesses that used that information to market financially damaging and in some cases fraudulent products and services to these consumers. WPF is concerned that lists of consumers who are late on their mortgages are still being sold, and has requested additional information from the FTC regarding this matter.

10/29/2012 Consumer privacy trends

WPF speaks at California Consumer Affairs Association

Today Pam Dixon spoke at the California Consumer Affairs conference on a panel led by California Department of Justice's JoAnne McNabb, outlining key trends in consumer privacy. Focusing on mobile privacy, Dixon noted that privacy trends were moving very quickly in the mobile environment. "Privacy on mobile apps has become a major focus for consumers," noted Dixon. "We need to ensure that consumers can use their smartphones with full confidence and no privacy surprises."

10/09/2012 Medical ID Theft

Tips for preventing medical identity theft for patients and caregivers

The American Academy of Neurology has published an excellent article distilling Executive Director Pam Dixon's newest tips on medical identity theft. Pam Dixon discovered medical identity theft as a crime in 2006. Her subsequent research and well-known 2006 report was the first published research on the issue. The AAN article is available in full online for the next few weeks, and is free.

09/26/2012 Health privacy

WPF requests copy of annual health privacy report from US Department of Justice

Each year, the US Department of Justice is required to submit a report to the US President disclosing how individual patient health information has been used for certain law enforcement investigations. This requirement comes from an Executive Order signed in 2000, To Protect the Privacy of Protected Health Information in Oversight Investigations. The Order states:

"On an annual basis, the Department of Justice, in consultation with the Department of Health and Human Services, shall provide to the President of the United States a report that includes the following information:
(i) the number of requests made to the Deputy Attorney General for authorization to use protected health information discovered during health oversight activities in a non-health oversight, unrelated investigation;
(ii) the number of requests that were granted as applied for, granted as modified, or denied;
(iii) the agencies that made the applications, and the number of requests made by each agency;
(iv) the uses for which the protected health information was authorized."

The World Privacy Forum has requested a copy of this report. This is our second request for the information. A copy of our full request is here, and gives additional background information about why this report is important for patient privacy.

09/14/2012 slide deck, mobile privacy webinar

Mobile App EcoSystem Webinar Slides

The slide deck from the Future of Privacy Forum and World Privacy Forum's Mobile App Ecosystem webinar is available for download. As soon as the audio is available, we will be posting the full presentation. Our thanks to FPF and all of the presenters for a terrific webinar.

09/10/2012 NTIA Mobile app webinar

Future of Privacy Forum & World Privacy Forum: Mobile App Ecosystem Webinar

Participants in the NTIA Multistakeholder Process working to create a code of conduct for App Transparency have expressed strong interest in holding technical briefings that would provide information about app data flows and business models.
To help provide a better understanding and transparency of the workings of the app ecosystem, the Future of Privacy Forum and World Privacy Forum have arranged a briefing to provide the consumer advocacy, business and policy stakeholders with an overview of how and why apps access consumer data and how data may be used for both functional and commercial purposes.

Speakers:
Pam Dixon, Executive Director, World Privacy Forum
Jules Polonetsky, Director and Co-Chair, Future of Privacy Forum
Nathan Good, PhD, Chief Scientist at Good Research
Ron Soffer, Independent App Developer, former app developer for WebMD
Adam Towvim & Matt Tengler, VP of Business Development & Product Director at Jumptap
Lia Sheena, Legal & Policy Fellow at the Future of Privacy Forum
Title: Future of Privacy Forum & World Privacy Forum: Mobile App Ecosystem Webinar
Date: Thursday, September 13, 2012
Time: 4:00 PM - 5:45 PM EDT

After registering you will receive a confirmation email containing information about joining the Webinar.

System Requirements:
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Macintosh®-based attendees
Required: Mac OS® X 10.5 or newer
Mobile attendees
Required: iPhone®/iPad®/Android™ smartphone or tablet

08/23/2012 NTIA Mobile apps

It's time to talk substance

The World Privacy Forum attended the NTIA meeting yesterday in Washington, DC to discuss mobile app privacy. We remain optimistic about working with all stakeholders to arrive at positive solutions for consumer privacy concerns. We reiterate that the NTIA process offers a real -- and unique -- opportunity to dialogue with multiple stakeholders from industry, privacy, consumer, and civil liberties perspectives. WPF supports this open public dialogue.

Our focus for the next NTIA meeting is to provide a draft with concrete suggestions that will allow a more detailed conversation about substantive mobile app transparency and privacy issues. We are working with an array of stakeholders on this draft and will present it next week with the hope that a meaningful conversation about substantive ideas will take place. WPF believes that a robust discussion of ideas is positive; in our experience, in a competition of ideas, the good ideas tend to win over the bad ones. But that can only happen when stakeholders are actively engaged in exchanging ideas about specifics.

In our first blog post about the NTIA process, we wrote that it is time for the dialogue between privacy stakeholders and industry stakeholders to mature and move away from a win/lose dynamic and move toward a more effective and mature challenge/response dynamic. We reiterate the importance of this. WPF remains optimistic about this process, and we are ready to discuss substantive matters relating to mobile app consumer privacy. The next meeting is August 29, meeting details are available here.

08/22/2012 Social media privacy | Student privacy

California Senate approves Social Media privacy law for students

The California State Senate unanimously approved a law that, if signed by the Governor, will provide greater privacy for students. If the measure is signed into law, educational providers may not force students to disclose their social media passwords and logon information. This law also prohibits the practice of "shoulder surfing," educational providers would not be able to force students to log on to social media profiles so the provider could view the profile. Governor Brown has vetoed privacy laws in the past; September 30 is the deadline for his signature on this law. The text of the law is available here (SB 1349).

07/21/2012 Medical privacy - California

WPF Concerned about California State's Direction in Health Privacy

WPF filed comments today on an initiative being undertaken by the state of California to "harmonize" California's stronger state privacy laws with the national US health privacy regulations, HIPAA. Our analysis of California's proposal is that it is deeply flawed and is designed to weaken state level privacy protections for California patients. WPF also has procedural concerns about the proposal; it was crafted without a participatory public process, and the presence of consumer and patient representatives in this process was below de minimus standards. CalOHII, the office that released the harmonization proposal, plans to turn its proposal into legislation for the state. WPF opposes this plan unless the proposal is substantially improved. Our comments, jointly filed with EFF and others, are available here.

07/20/2012 New California privacy enforcement office

California AG creates new privacy protection and enforcement unit

California Attorney General Kamala Harris has created a new privacy protection and enforcement unit. The unit will be housed in the Department of Justice and will focus on protecting consumer and individual privacy through civil prosecution of state and federal privacy laws, a news release said. "The Privacy Unit’s mission to enforce and protect privacy is broad. It will enforce laws regulating the collection, retention, disclosure, and destruction of private or sensitive information by individuals, organizations, and the government. This includes laws relating to cyber privacy, health privacy, financial privacy, identity theft, government records and data breaches. By combining the various privacy functions of the Department of Justice into a single enforcement and education unit with privacy expertise, California will be better equipped to enforce state privacy laws and protect citizens’ privacy rights. " Joanne McNabb, who ran the now de-funded California Office of Privacy Protection, will serve as director of privacy education and policy for the unit. See the full press release.

07/11/2012 Essay: online privacy, multistakeholder process

What is Important in the Privacy Dialogue

For decades, privacy advocates have been loathe to engage in the self-regulatory process, and with good reason. Self-regulation in the privacy sector has a grimy history, replete with spectacular failures. Also, most past privacy self-regulatory processes have been controlled by industry participants with the largest stake in the outcome, with advocates either left entirely out of the process, or brought in after the fact. To date this process has been a fairly polite public policy version of the Hatfields and the McCoys, where not much gets done in the public interest, and the dialogue is polarized to the point where there are only winners or losers.

It's time for this debate to mature into something better. From industry participants to privacy advocates to consumers, we need to find a better outcome. I believe that in order to do this, we must do three things. We must put the consumer first, focus on what is important, and assign appropriate responsibilities across the hierarchy of privacy chokepoints. For mobile app privacy, the topic that has been chosen for the multistakeholder process, that means starting with the wireless carriers, and moving on through the chain to publishers, app portals, and developers.

A fourth item would also be helpful -- and that is to reform the self-regulatory process itself. Because previous efforts have lacked any meaningful tension or dialogue between industry interests and consumer and privacy interests, the resulting policies have typically been imbalanced. To cure this, bringing in the right amounts of tension and robust dialogue will go far. With the Department of Commerce convening the multistakeholder process, there is at least an outside chance that there will be some form of dialogue between industry and privacy stakeholders. That's a start. The next step will be to bring a meaningful tension to the proceedings. That means that instead of the Hatfield-McCoy model where everyone withdraws to their well-worn positions, something more along the lines of a challenge-response, challenge-response, and repeat until the parties have all given up some ground model takes its place.

In the environmental sector, industry interests realized after several decades that the environmental activists were not going to go away. Industry wisely began to shift its approach in that sector, and now, a significant green transformation has occurred. While there are some notable irresponsible actors and terrible incidents such as the BP oil spill, many more companies are environmentally responsible now, with some even leading the charge. The dialogue changed, and it changed for the better. It is possible. Whether or not the multistakeholder process will achieve something more mature than has been realized in the past is an unknown. I am viewing it as a possible first step in moving to a more mature approach to the very real consumer privacy concerns today, but to achieve that all stakeholders will need to at least agree to one thing, and that is, to put the consumer first. There will be many points of disagreement among stakeholders, but perhaps, just perhaps, we can find this one point of agreement of putting the consumer first, and then moving millimeter by millimeter from there.

07/10/2012 Drones

Drones can be hacked, say security researchers

A recent item about drones in the GWU CyberSecurity Policy Newsletter revealed that drones can be hacked via spoofing the drone GPS systems. Government drones in US airspace are poised to become a privacy issue of increasing concern. Here is an excerpt from the newsletter, which is available here.

........."A group of researchers at the University of Texas at Austin Radionavigation Laboratory recently succeeded in hijacking a drone by spoofing the global positioning system (GPS) on board the aircraft. With just around $1,000 in parts, the team took control of an unmanned aerial vehicle owned by the college, all in front of the US Department of Homeland Security. Domestic drones are already being used by the DHS and other governmental agencies, and several small- time law enforcement groups have accumulated UAVs of their own as they await clearance from the Federal Aviation Administration, Reuters reports. Indeed, by 2020 there may be tens of thousands of drones diving and dipping through US airspace. With that futuristic reality only a few years away, this action suggests that the FAA may have their work cut out for them if they think it’s as easy as just approving domestic use anytime soon." CyberSecurity Policy News, July 2, 2012.

07/09/2012 Mobile privacy

WPF urges stakeholders to put the consumer first, focus on what is important

Mobile app privacy is the topic of the multistakeholder process to be undertaken this week under the direction of the US Department of Commerce. Over the weekend, a NYT article revealed that mobile carriers received more than 1.3 million requests by law enforcement for mobile data, including requests for text messages. This article is a focusing event. It is a reminder that in mobile privacy we need to put the consumer first, focus on what is important, and apply responsibility for privacy and transparency throughout the hierarchy of mobile players, from carriers to platforms to app stores to publishers to developers. It is unclear yet what segments of the hierarchy require what amounts of the burden, but what is clear is that carriers will certainly need to do a lot. It is also clear that the idea of just an icon on a screen to communicate the idea of mobile privacy to consumers is a band-aid approach at best when faced with the truth of where some of the real risks are for consumers.

.	WHAT'S NEW \| RESEARCH & TOPICS \| WORKPLACE\| MEDICAL \| ABOUT US \| RESOURCES \| PRIVACY POLICY