|
We'd like to hear from you! Please report broken links OR submit comments, suggestions and questions.
|
|
Information Policy
compiled by education new york online
|
Scroll down to read entries organized by topic alphabetically OR use the topic links at the right to jump to categories of interest.
|
Updated Thursday March 11, 2010 09:24 PM
ACLUBill Introduced To Repeal Failed Real ID Act (7/31/2009) Bill Would Protect Civil Liberties And Drivers' License Security| Date Captured | Sunday August 09, 2009 05:13 PM | | WASHINGTON – In a welcome move today, legislation was introduced in the House of Representatives to repeal the discredited Real ID Act of 2005. The REAL ID Repeal and Identification Security Enhancement Act of 2009, introduced by Representative Steve Cohen (D-TN), would repeal Real ID and replace it with the original negotiated rulemaking process passed by Congress as part of the 9/11 Commission recommendations. Twenty-five states have already rejected Real ID, citing its high cost, invasiveness and the bureaucratic hassles it creates for citizens.
The Real ID Act of 2005 directs states to issue a federally-approved driver's license or other form of ID that would be necessary for airline travel and become part of a national database. Like state governments from coast to coast, the American Civil Liberties Union has long opposed the Act as too invasive, too much red tape and too expensive. |
| Federal departments fall short on civil liberties| Date Captured | Tuesday January 27, 2009 10:14 AM | | By Peter Eisler, USA TODAY - [WASHINGTON — The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records.
All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows.] |
| AgenciesOhio House Bill Number 648| Date Captured | Thursday December 25, 2008 02:23 PM | | (127th General Assembly)
(Substitute House Bill Number 648)
AN ACT -- To amend section 1347.99 and to enact sections 1347.15 and 5703.211 of the Revised Code to require state agencies to adopt rules governing access to the confidential personal information that they keep, to create a civil action for harm resulting from an intentional violation of these rules, to impose a criminal penalty for such an intentional violation, and to require the Department of Taxation to adopt rules to generally require the tracking of searches of any of the Department's databases.
|
| Authentication Happy Birthday, Internet| Date Captured | Friday October 30, 2009 08:22 PM | | NPR interview -- authentication and privacy concerns mentioned.
October 30, 2009
[On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.]
IMPORTANT EXCERPT:
[Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive.
We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]
|
| BiometricsSecretary Napolitano Outlines Five Recommendations To Enhance Aviation Security| Date Captured | Thursday January 07, 2010 07:53 PM | | Secretary Napolitano outlined the following five recommendations:
Re-evaluate and modify the criteria and process used to create terrorist watch lists—including adjusting the process by which names are added to the “No-Fly” and “Selectee” lists.
Establish a partnership on aviation security between DHS and the Department of Energy and its National Laboratories in order to develop new and more effective technologies to deter and disrupt known threats and proactively anticipate and protect against new ways by which terrorists could seek to board an aircraft.
Accelerate deployment of advanced imaging technology to provide greater explosives detection capabilities—and encourage foreign aviation security authorities to do the same—in order to identify materials such as those used in the attempted Dec. 25 attack. The Transportation Security Administration currently has 40 machines deployed throughout the United States, and plans to deploy at least 300 additional units in 2010.
Strengthen the presence and capacity of aviation law enforcement—by deploying law enforcement officers from across DHS to serve as Federal Air Marshals to increase security aboard U.S.-bound flights.
Work with international partners to strengthen international security measures and standards for aviation security.
|
| Today's Living on 'Today's THV at 5': Real ID Program| Date Captured | Tuesday December 01, 2009 03:27 PM | | Rebecca Buerkle writes - [Twenty-four states have passed laws or resolutions saying they will not comply. Other states that want an extension on the Dec. 31 deadline had until Tuesday to demonstrate they are making progress. But as many as 12 states may not be able to do so, making 36 states non-compliant.] |
| F.B.I. and States Vastly Expand DNA Databases| Date Captured | Sunday April 19, 2009 05:40 PM | | NY Times By SOLOMON MOORE -- Published: April 18, 2009 -- [Minors are required to provide DNA samples in 35 states upon conviction, and in some states upon arrest. Three juvenile suspects in November filed the only current constitutional challenge against taking DNA at the time of arrest. The judge temporarily stopped DNA collection from the three youths, and the case is continuing.
Sixteen states now take DNA from some who have been found guilty of misdemeanors. As more police agencies take DNA for a greater variety of lesser and suspected crimes, civil rights advocates say the government’s power is becoming too broadly applied. “What we object to — and what the Constitution prohibits — is the indiscriminate taking of DNA for things like writing an insufficient funds check, shoplifting, drug convictions,” said Michael Risher, a lawyer for the American Civil Liberties Union.] |
| Upgraded Biometric Technology Facilitates Visitors' Entry to the United States| Date Captured | Thursday January 15, 2009 07:41 PM | | For nearly five years, U.S. Department of State (State) consular officers and U.S. Customs and Border Protection (CBP) officers have collected biometric information—digital fingerprints and a photograph—from all non-U.S. citizens between the ages of 14 and 79, with some exceptions, when they apply for visas or arrive at major U.S. ports of entry. State consular officers began collecting 10 fingerprints from visa applicants in 2007.
Collecting 10 fingerprints increases fingerprint matching accuracy and reduces the possibility that the system will misidentify an international visitor. It also strengthens DHS's capability to check visitors' fingerprints against the Federal Bureau of Investigation's (FBI) criminal data and enables DHS to check visitors' fingerprints against latent fingerprints collected by Department of Defense (DOD) and the FBI from known and unknown terrorists around the world.
|
| Biometric Center of Excellence (BCOE)| Date Captured | Wednesday January 14, 2009 07:54 PM | | BCOE will enable the FBI to provide enhanced U.S. government services in the global quest to fight crime and terrorism with state of the art biometrics technology. Headquartered in Clarksburg, West Virginia, the BCOE is the FBI’s focal point to foster collaboration, improve information sharing, and advance the adoption of optimal biometric and identity management solutions across the law enforcement and national security communities.
|
| PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information| Date Captured | Wednesday June 18, 2008 05:09 PM | | In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes. |
| Report: Feds need better privacy protection for data| Date Captured | Wednesday June 18, 2008 05:04 PM | | USA reports, "Much of the way personal information is handled today, including being sifted through data-mining systems that search for patterns, is not covered by the Privacy Act of 1974, she says.
As states begin collecting information in coming years to produce new secure drivers' licenses, government databases will get even larger. 'The government has no business collecting our personal information if it cannot ensure the American public it will be protected from identity thieves and other prying eyes,' says Caroline Fredrickson of the American Civil Liberties Union."
|
| DHS wants biometric helping hand| Date Captured | Tuesday June 17, 2008 01:10 PM | | Five years after Congress ordered biometric tracking of foreign visitors leaving the United States by land and after spending millions of dollars on planning and testing that yielded limited results, the Homeland Security Department is now seeking the private sector’s help to address the challenge. |
| Registry of USG Recommended Biometric Standards| Date Captured | Tuesday June 03, 2008 09:55 PM | | This Registry of USG Recommended Biometric Standards (Registry) supplements the NSTC Policy for
Enabling the Development, Adoption and Use of Biometric Standards, which was developed through a
collaborative, interagency process within the Subcommittee on Biometrics and Identity Management
and approved by the NSTC Committee on Technology. This Registry is based upon interagency
consensus on biometric standards required to enable the interoperability of various Federal biometric
applications, and to guide Federal agencies as they develop and implement related biometric
programs. |
| Links to Biometric Technology Websites| Date Captured | Tuesday June 03, 2008 09:41 PM | |
| | BlogsBloggers Now Eligible For Press Passes In NYC| Date Captured | Tuesday March 02, 2010 08:02 PM | | Wendy David writes [Under the new proposed policy, the New York Police Department would be able to issue press passes good for two years to any journalist who has personally attended and reported on at least six qualified events in the city in the preceding two years, regardless of whether the reports were published online, in print newspapers, magazines, books or other media. Events that will qualify include city-sponsored activity -- like a press conference or parade -- as well as emergencies where the city has set up do-not-cross lines. The proposal also allows inexperienced journalists to obtain single-use press passes.] |
| The Smart Grid and Privacy| Date Captured | Sunday February 21, 2010 07:14 PM | | Concerning Privacy and Smart Grid Technology |
| Personal Health Information Privacy| Date Captured | Sunday January 10, 2010 04:42 PM | | News about medical and electronic health privacy risk. |
| Electronic Privacy Information Center (EPIC)| Date Captured | Wednesday February 25, 2009 03:27 PM | | EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values.
EPIC publishes an award-winning e-mail and online newsletter on civil liberties in the information age – the EPIC Alert. EPIC also publishes reports and even books about privacy, open government, free speech, and other important topics related to civil liberties.
|
| Bloggers' Rights| Date Captured | Saturday February 14, 2009 01:58 AM | | Electronic Frontier Foundation (EFF) |
| Legal Guide for Bloggers - Electronic Frontier Foundation - EFF| Date Captured | Saturday February 14, 2009 01:51 AM | | EFF- [Like all journalists and publishers, bloggers sometimes publish information that other people don't want published. You might, for example, publish something that someone considers defamatory, republish an AP news story that's under copyright, or write a lengthy piece detailing the alleged crimes of a candidate for public office.
The difference between you and the reporter at your local newspaper is that in many cases, you may not have the benefit of training or resources to help you determine whether what you're doing is legal. And on top of that, sometimes knowing the law doesn't help - in many cases it was written for traditional journalists, and the courts haven't yet decided how it applies to bloggers.]
|
| Pogowasright.org| Date Captured | Wednesday December 03, 2008 04:37 PM | | Privacy news, data breaches, and privacy-related events and resources from around the world.
|
| BreachesPersonal Health Information Privacy| Date Captured | Sunday January 10, 2010 04:42 PM | | News about medical and electronic health privacy risk. |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| A Facebook ‘Bug’ Revealed Personal E-mail Addresses| Date Captured | Thursday May 07, 2009 07:12 PM | | NY Times -- Gadget -- Riva Richmond [“In the course of one day I had Facebook go through over 10,000 e-mail addresses; ranging from reporters of prominent newspapers and CNN, to board of directors of Microsoft, Google, and Gates Foundation, and even the entire staff directories of government organizations and the World Bank,” Mr. Sheppard said in an e-mail message to a New York Times editor. “Of those it did find on Facebook, over 30% had their personal email addresses listed, which Facebook gladly gave me, without any of [the Facebook users] knowing.”] |
| Facebook Bug Reveals Private Photos, Wall Posts| Date Captured | Saturday March 21, 2009 12:52 PM | | Washington Post Jason Kincaid (with HT to Anjool) writes [This isn't the first privacy bug to affect Facebook - users have previously been able to access private photos and view private profile information in search results.
The error also serves as yet another blemish on the privacy controls of web-based services. Only two weeks ago, Google Docs revealed that it had inadvertently shared thousands of documents with users who should not have had access to them.] |
| One in four data breaches involves schools| Date Captured | Thursday March 12, 2009 03:02 PM | | Wednesday, May 14, 2008 --Meris Stansbury, Assistant Editor, eSchool News writes -
[One in four data breaches involves schools
'You're losing the cyber security battle,' experts warn during a higher-education computer-security conference near Washington, D.C.]
|
| Privacy Rights Clearinghouse| Date Captured | Thursday March 12, 2009 02:45 PM | | Chronology of Data Breaches and lots more. Nice upgrade to website.
|
| NYPD CIVILIAN WORKER BUSTED IN MASS COP-ID THEFT| Date Captured | Friday March 06, 2009 04:15 PM | | REUVEN BLAU writes [A civilian official of the NYPD's pension fund has been charged with taking computer data that could be used to steal the identities of 80,000 current and retired cops, sources said.
Anthony Bonelli allegedly got into a secret backup-data warehouse on Staten Island last month and walked out with eight tapes packed with Social Security numbers, direct-deposit information for bank accounts, and other sensitive material.]
] |
| Data Breaches: Ignorance Is Dangerous| Date Captured | Monday December 15, 2008 06:41 PM | | Pam Greenberg State Legislatures writes [As states continue to work on improving data breach laws, Congress also has been considering legislation. Some bills have made it out of committee, but none have had a floor vote.
Federal legislation is a mixed blessing," says Simitian. "If we end up with a weaker set of provisions that also preempts the more rigorous state laws, that's not going to benefit consumers."
Cate thinks Congress will act, and he's surprised it hasn't already. "It's probably because they found it a lot more complicated than they thought."
The way data are collected, used and transferred across states, it's likely many companies will opt to comply with the most stringent provisions in state laws, Cate says.
"One way or another, we'll have national preemption -- either from the state that adopts the toughest law or from Congress. But it's a classic case of states leading the way." ]
|
| CDTRefocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| Browser Privacy Features: A Work In Progress | Date Captured | Sunday August 09, 2009 03:39 PM | | CDT Releases Updated Report on Privacy Controls for Web Browsers. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online. August 05, 2009 |
| Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising| Date Captured | Thursday February 12, 2009 06:43 PM | | [CDT believes the 2008 NAI Principles, while late in addressing new trends in the
industry, demonstrate clear progress over the original code of conduct adopted in 2000.
The transparency of the NAI’s revision and compliance process, the approach to sensitive
information, and the coverage of advertising practices beyond behavioral advertising all
represent important steps forward. While robust self-regulation in the behavioral
advertising space does not obviate the need for a baseline federal privacy law covering
data collection and usage of all kinds, the NAI has made advances in several areas,
yielding what we hope will be better protections for consumer privacy.
However, the 2008 NAI Principles still come up short in crucial respects including the
opt-out choice requirement, the notice standard, the NAI member accountability model,
the failure to address ISP behavioral advertising, the lack of a choice requirement for
multi-site advertising, and the data retention principle. Some of these are outstanding
issues that have existed within the NAI framework since its inception, while others are
new concerns raised by the updates to the principles.] |
| Rethinking the Role of Consent in Protecting Health Information Privacy| Date Captured | Tuesday January 27, 2009 09:52 AM | | CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009.
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
|
| Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill| Date Captured | Sunday January 18, 2009 05:59 PM | | [The bill's privacy provisions include the following:
Stronger protections against the use of personal heath information for marketing purposes;
Accountability for all entities that handle personal health information;
A federal, individual right to be notified in the event of a breach of identifiable health information;
Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
Development and implementation of federal privacy and security protections for personal health records;
Easy access by patients to electronic copies of their records; and
Strengthened enforcement of health privacy rules.
The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]
|
| Court: Constitution Protects Stored Cell Phone Location Information (CDT Amicus Brief in the Case [PDF], July 31, 2008)| Date Captured | Monday September 29, 2008 10:15 PM | | The Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, had argued for the warrant requirement that the court adopted in an amicus curiae brief filed in July. September 11, 2008.
|
| CensorshipFacebook Makes Another Privacy Blooper| Date Captured | Thursday May 07, 2009 06:58 PM | | Daily Examiner -- Wendy Davis - [Regardless of whether Facebook broke the law, users likely aren't going to be thrilled to learn that the site believes it can censor messages.
If the company wants to be taken seriously as a communications platform, executives are going to have to start giving more consideration to users' privacy rights. ] |
| E P I C A l e r t -- Volume 15.15 -- July 25, 2008| Date Captured | Friday July 25, 2008 10:12 AM | | Table of Contents -- [1] Court Rules that Data Breach Violates Fundamental Human Rights
[2] Federal Court Strikes Down Internet Censorship Law, Again
[3] Google Complies with California Privacy Policy Law After 30 Days
[4] First European Privacy Seal Awarded to Search Engine Ixquick
[5] DNS Security Standard Implemented into .org Domain
[6] News in Brief
|
| Communications Decency Act Tipping Under Cuomo Kid-Porn Accord| Date Captured | Wednesday June 11, 2008 01:53 PM | | Wired writes, "It's possible that Sprint's, Verizon's and Time Warner's move against kiddie porn is a salvo to head off congressional action that might lead to even broader censorship. We all know that bad facts make bad law, and there's nothing worse than producing and distributing child porn. But the Cuomo deal is an indication that the dynamic that's kept the internet largely free of government intrusion is beginning to crack." |
| Civil LibertiesSmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation| Date Captured | Friday February 19, 2010 03:47 PM | | Authors Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario, Canada, Jules Polonetsky and Christopher Wolf -- Co-Chair, Future of Privacy Forum conclude - [The information collected on a Smart Grid will form a library of personal information, the
mishandling of which could be highly invasive of consumer privacy. There will be major concerns
if consumer-focused principles of transparency and control are not treated as essential design
principles from beginning to end. Once energy consumption information flows outside of the
home, the following questions may come to the minds of consumers: Who will have access to this
intimate data, and for what purposes? Will I be notified? What are the obligations of companies
making smart appliances and Smart Grid systems to build in privacy? How will I be able to control
the details of my daily life in the future? Organizations involved with the Smart Grid, responsible
for the processing of customers’ personal information, must be able to respond to these questions,
and the best response is to ensure that privacy is embedded into the design of the Smart Grid, from
start to finish —end-to-end.] |
| Secretary Napolitano Outlines Five Recommendations To Enhance Aviation Security| Date Captured | Thursday January 07, 2010 07:53 PM | | Secretary Napolitano outlined the following five recommendations:
Re-evaluate and modify the criteria and process used to create terrorist watch lists—including adjusting the process by which names are added to the “No-Fly” and “Selectee” lists.
Establish a partnership on aviation security between DHS and the Department of Energy and its National Laboratories in order to develop new and more effective technologies to deter and disrupt known threats and proactively anticipate and protect against new ways by which terrorists could seek to board an aircraft.
Accelerate deployment of advanced imaging technology to provide greater explosives detection capabilities—and encourage foreign aviation security authorities to do the same—in order to identify materials such as those used in the attempted Dec. 25 attack. The Transportation Security Administration currently has 40 machines deployed throughout the United States, and plans to deploy at least 300 additional units in 2010.
Strengthen the presence and capacity of aviation law enforcement—by deploying law enforcement officers from across DHS to serve as Federal Air Marshals to increase security aboard U.S.-bound flights.
Work with international partners to strengthen international security measures and standards for aviation security.
|
| Undercover and Sensitive Operations Unit Attorney General's Guidelines on FBI Undercover Operations Revised 11/13/92| Date Captured | Saturday December 26, 2009 09:04 PM | | [The following Guidelines on the use of undercover activities and operations by the Federal Bureau of Investigation (FBI) are issued under the authority of the Attorney General provided in Title 28, United States Code, Sections 509, 510, and 533. They apply to all investigations conducted by the FBI, except those conducted pursuant to its foreign counterintelligence and foreign intelligence responsibilities.] |
| The Smart Grid and Privacy | Date Captured | Wednesday December 16, 2009 09:01 PM | | EPIC Concerning Privacy and Smart Grid Technology - [A list of potential privacy consequences of Smart Grid systems include:
Identity Theft;
Determine Personal Behavior Patterns;
Determine Specific Appliances Used;
Perform Real-Time Surveillance;
Reveal Activities Through Residual Data;
Targeted Home Invasions (latch key children, elderly, etc.);
Provide Accidental Invasions;
Activity Censorship;
Decisions and Actions Based Upon Inaccurate Data;
Profiling;
Unwanted Publicity and Embarrassment;
Tracking Behavior Of Renters/Leasers;
Behavior Tracking (possible combination with Personal Behavior Patterns);
Public Aggregated Searches Revealing Individual Behavior.
Plans are underway to support smart grid system applications that will monitor any device transmitting a signal, which may include non-energy-consuming end use items that are only fitted with small radio frequency identification devices (RFID) tags may be possible. RFID tags are included in most retail purchases for clothing, household items, packaging for food, and retail items.
|
| Bill Introduced To Repeal Failed Real ID Act (7/31/2009) Bill Would Protect Civil Liberties And Drivers' License Security| Date Captured | Sunday August 09, 2009 05:13 PM | | WASHINGTON – In a welcome move today, legislation was introduced in the House of Representatives to repeal the discredited Real ID Act of 2005. The REAL ID Repeal and Identification Security Enhancement Act of 2009, introduced by Representative Steve Cohen (D-TN), would repeal Real ID and replace it with the original negotiated rulemaking process passed by Congress as part of the 9/11 Commission recommendations. Twenty-five states have already rejected Real ID, citing its high cost, invasiveness and the bureaucratic hassles it creates for citizens.
The Real ID Act of 2005 directs states to issue a federally-approved driver's license or other form of ID that would be necessary for airline travel and become part of a national database. Like state governments from coast to coast, the American Civil Liberties Union has long opposed the Act as too invasive, too much red tape and too expensive. |
| Browser Privacy Features: A Work In Progress | Date Captured | Sunday August 09, 2009 03:39 PM | | CDT Releases Updated Report on Privacy Controls for Web Browsers. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online. August 05, 2009 |
| Facebook Makes Another Privacy Blooper| Date Captured | Thursday May 07, 2009 06:58 PM | | Daily Examiner -- Wendy Davis - [Regardless of whether Facebook broke the law, users likely aren't going to be thrilled to learn that the site believes it can censor messages.
If the company wants to be taken seriously as a communications platform, executives are going to have to start giving more consideration to users' privacy rights. ] |
| Federal departments fall short on civil liberties| Date Captured | Tuesday January 27, 2009 10:14 AM | | By Peter Eisler, USA TODAY - [WASHINGTON — The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records.
All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows.] |
| HB 38 - Microchip Consent Act of 2009| Date Captured | Monday January 12, 2009 07:29 PM | | To amend Chapter 1 of Title 51 of the Official Code of Georgia Annotated, relating to general provisions regarding torts, so as to prohibit requiring a person to be implanted with a microchip; to provide for a short title; to provide for definitions; to provide for penalties; to provide for regulation by the Composite State Board of Medical Examiners; to provide for related matters; to provide for an effective date; to repeal conflicting laws; and for other purposes.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA:
|
| Electronic Frontier Foundation (EFF) | Date Captured | Tuesday December 16, 2008 06:16 PM | | EFF is a leading civil liberties group defending rights in the digital world. |
| Minnesota Department of Health Continues to Violate State Law and Individual Privacy | Date Captured | Saturday December 13, 2008 04:29 PM | | St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.
|
| Privacy Lives| Date Captured | Friday December 12, 2008 06:15 PM | | Melissa Ngo -- more than a blog -- lots of policy and topic specific archives. |
| Privacy International| Date Captured | Saturday December 06, 2008 05:23 PM | | Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations. PI is based in London, England, and has an office in Washington, D.C. We have campaigned across the world to protect people against intrusion by governments and corporations that seek to erode this fragile right. We believe that privacy forms part of the bedrock of freedoms, and our goal has always been to use every means to preserve it. |
| Eric Holder and Privacy: A Preliminary Analysis | Date Captured | Friday December 05, 2008 08:51 PM | |
| Cloud ComputingTHE BROOKINGS INSTITUTION FALK AUDITORIUM - CLOUD COMPUTING FOR BUSINESS AND SOCIETY| Date Captured | Saturday February 20, 2010 07:05 PM | | Washington, D.C. - Wednesday, January 20, 2010
Keynote Speaker:
BRAD SMITH -
Senior Vice President and General Counsel;
Moderator:
DARRELL WEST -
The Brookings Institution
Panelists:
MICHAEL NELSON;
ROB ATKINSON;
JONATHAN ROCHELLE;
|
| Sunguard| Date Captured | Saturday November 21, 2009 01:02 PM | | [Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.] |
| Cloud Standards Effort Could Turn into a Dustup| Date Captured | Monday May 04, 2009 04:32 PM | | Digits - Technology News and Insights -- By Ben Worthen - [The Open Cloud Standards Incubator is part of an organization called Distributed Management Task Force. The DMTF was founded in 1992 and has developed standards for managing computers and sharing information on the Web in the past. Its members are a who’s who of the tech industry’s old guard—in addition to IBM and Microsoft they include EMC, H-P, Intel and many others.
It’s too early to call the absence of Internet companies a rift, but it’s a split reminiscent of the one that occurred when IBM tried to get companies to sign up for its “Open Cloud Manifesto” a few weeks ago. At the time companies that didn’t participate in IBM’s effort were quick to dismiss the manifesto as meaningless marketing.]
|
| Google Gives Advice on Cloud Computing| Date Captured | Saturday March 21, 2009 06:17 PM | | PC Chloe Albanesius writes[Google has commissioned a report that unsurprisingly touts the benefits of cloud computing, and offers recommendations for policy makers looking at the technology.
Google called on lawmakers to embrace full connectivity, open access, security, and privacy when considering cloud-based computing.] REPORT LINKED. |
| Facebook Bug Reveals Private Photos, Wall Posts| Date Captured | Saturday March 21, 2009 12:52 PM | | Washington Post Jason Kincaid (with HT to Anjool) writes [This isn't the first privacy bug to affect Facebook - users have previously been able to access private photos and view private profile information in search results.
The error also serves as yet another blemish on the privacy controls of web-based services. Only two weeks ago, Google Docs revealed that it had inadvertently shared thousands of documents with users who should not have had access to them.] |
| Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services | Date Captured | Tuesday March 17, 2009 06:48 PM | | EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud] |
| RE: USE OF CLOUD COMPUTING APPLICATIONS AND SERVICES| Date Captured | Thursday February 26, 2009 06:07 PM | | Associate Director John B. Horrigan (202-419-4500) -
September 2008 -
Pew/Internet - [Convenience and flexibility are the watchwords for those who engage in cloud computing
activities:
51% of internet users who have done a cloud computing activity say a major reason
they do this is that it is easy and convenient.
41% of cloud users say a major reason they use these applications is that they like
being able to access their data from whatever computer they are using.
39% cite the ease of sharing information as a major reason they use applications in
cyberspace or store data there.
At the same time, users report high levels of concern when presented with scenarios in which
companies may put their data to uses of which they may not be aware.
90% of cloud application users say they would be very concerned if the company at
which their data were stored sold it to another party.
80% say they would be very concerned if companies used their photos or other data
in marketing campaigns.
68% of users of at least one of the six cloud applications say they would be very
concerned if companies who provided these services analyzed their information and
then displayed ads to them based on their actions.] |
| Cloud computing takes hold despite privacy fears| Date Captured | Thursday February 26, 2009 06:03 PM | | Computer Worlds -- Heather Havenstein [Users of online e-mail, storage systems fear the sale of personal data without permission] |
| Cloud Computing Privacy Tips | Date Captured | Wednesday February 25, 2009 04:11 PM | | World Privacy Forum -- February 23, 2009 -- By Robert Gellman and Pam Dixon [Cloud Computing Tips for Consumers:
Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider.
Don’t put anything in the cloud you would not want the government or a private litigant to see.
Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information.
Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider.
When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you.
Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy? ]
|
| REPORT: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing| Date Captured | Wednesday February 25, 2009 03:59 PM | |
Released February 23, 2009 -
Author: Robert Gellman:
[This report discusses the issue of cloud computing and outlines its implications for the privacy of
personal information as well as its implications for the confidentiality of business and
governmental information. The report finds that for some information and for some business
users, sharing may be illegal, may be limited in some ways, or may affect the status or
protections of the information shared. The report discusses how even when no laws or
obligations block the ability of a user to disclose information to a cloud provider, disclosure may
still not be free of consequences. The report finds that information stored by a business or an
individual with a third party may have fewer or weaker privacy or other protections than
information in the possession of the creator of the information. The report, in its analysis and
discussion of relevant laws, finds that both government agencies and private litigants may be
able to obtain information from a third party more easily than from the creator of the
information. A cloud provider’s terms of service, privacy policy, and location may significantly
affect a user’s privacy and confidentiality interests.] see policy recommendations in full report. |
| Does Cloud Computing Mean More Risks to Privacy?| Date Captured | Wednesday February 25, 2009 03:44 PM | | NY Times -- Saul Hansell -- [In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.]
|
| Consumer PrivacyTHE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’ | Date Captured | Sunday January 31, 2010 10:03 PM | | Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy,
and away from notice and consent; leveling the playing field between information processors and
data subjects; and created sufficient, but limited, liability so that data processors will have
meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and
that individuals will be compensated when processing results in serious harm. This is only a first
step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and
imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation
of privacy and the value of information flows in the face of explosive growth in technological
capabilities in an increasingly global society.]
|
| Subject: EU-US Safe Harbor| Date Captured | Saturday January 23, 2010 09:34 PM | | Chris Wolf - [There are three principal methods to legally export data from the EU to the US and overcome the prohibition against export to a country deemed to lack adequate protections. The first two are through so-called "model contracts" and "Binding Corporate Rules". The third is pursuant to a "Safe Harbor" framework that that EU and US agreed upon in 2001. To participate in the Safe Harbor, a U.S. company self-certifies to the U.S. Department of Commerce that it will follow the Safe Harbor Privacy Principles, which contain the core requirements of the EU Data Protection Directive (notice, choice, access, security, protection in onward transfers, data integrity, and enforcement). The company also is to publicize its adherence to the Safe Harbor Principles on its website. The Federal Trade Commission (FTC) is charged with enforcement of the Safe Harbor undertakings under Section 5 of the Federal Trade Commission Act, which governs deceptive and unfair business practices. In other words, a company that commits publicly to adhering to the Safe Harbor principles (and that it has so certified to the Department of Commerce) is subject to enforcement by the FTC if it does not do so. Companies must do what they promise to do.] |
| FTC.: Has Internet Gone Beyond Privacy Policies?| Date Captured | Thursday January 21, 2010 08:55 AM | | NY Times STEPHANIE CLIFFORD writes [Previous commissions looked at privacy under the framework of whether consumers were harmed, and with the basis that companies must advise consumers about what they’re doing and obtain their consent, Mr. Leibowitz said. But companies “haven’t given consumers effective notice, so they can make effective choices,” he said.
Advise-and-consent “depended on the fiction that people were meaningfully giving consent,” Mr. Vladeck said. “The literature is clear” that few people read privacy policies, he said.] |
| FTC Probes Facebook's EPIC Privacy Fail| Date Captured | Thursday January 21, 2010 08:44 AM | | Media Post -- Wendy Davis writes - [In addition, a Facebook employee allegedly said recently that users' messages are stored in a database regardless of whether users attempt to delete them. "We track everything. Every photo you view, every person you're tagged with, every wall-post you make, and so forth," the employee allegedly added. EPIC alleges that these public statements demonstrate that Facebook engages in unfair and deceptive trade practices.
The new filing also questions a new iPhone synching feature that transfers users' iPhone contacts to Facebook, even when the phone contacts are not Facebook friends with the users.] |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH| Date Captured | Saturday November 07, 2009 04:49 PM | | (1) Purpose
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met
by persons who own or license personal information about a resident of the Commonwealth of
Massachusetts. This regulation establishes minimum standards to be met in connection with
the safeguarding of personal information contained in both paper and electronic records. The
objectives of this regulation are to insure the security and confidentiality of customer
information in a manner fully consistent with industry standards; protect against anticipated
threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or
inconvenience to any consumer. |
| Predatory Marketing Law Opposed By AOL, News Corp., Yahoo, Others| Date Captured | Sunday August 30, 2009 08:59 PM | |
A new privacy law in Maine is facing a court challenge from media organizations as well as a coalition of online companies including AOL, News Corp. and Yahoo.
[The new law, officially titled "An Act To Prevent Predatory Marketing Practices against Minors," prohibits companies from knowingly collecting personal information or health-related information from minors under 18 without their parents' consent. The measure also bans companies from selling or transferring health information about minors that identifies them, regardless of how the data was collected. ]
[Privacy advocate Jeff Chester said the law's basic premise is valid, but that it "likely needs to be revised to accommodate concerns about its impact on educational and other non-profit uses." ] |
| FTC Online Privacy Guidelines Faulted| Date Captured | Friday February 13, 2009 01:11 PM | | Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.
The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.] |
| Student Information Not For Sale At UW- Marathon County| Date Captured | Wednesday February 11, 2009 07:06 PM | | Wsaw.com reporter: Margo Spann --
[Private companies looking to sell or market products to college students are buying information about them directly from their schools.
The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students.
She says companies are often looking to buy students names, birth-dates, and email addresses.]
|
| Bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| Washington state bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| New York State Consumer Protection Board (CPB)| Date Captured | Friday December 26, 2008 05:07 PM | | The Consumer Protection Board, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and "think tank." The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the "Do Not Call Law"; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission (PSC) and other State and federal agencies.
|
| COPPA DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Children's Privacy (FTC and many additional federal agencies).| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| Children's Online Privacy Protection Act of 1998 | Date Captured | Tuesday March 03, 2009 03:14 PM | | TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION
***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA
COPPA DEFINITION (LINK HAS FULL COPPA TEXT)
(8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including—
(A) a first and last name;
(B) a home or other physical address including street name and name of a city or town;
(C) an e-mail address;
(D) a telephone number;
(E) a Social Security number;
(F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or
(G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
(9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
|
| Protect Your Kids’ Privacy Online| Date Captured | Tuesday March 03, 2009 03:06 PM | | The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law. |
| How to Protect Kids' Privacy Online: A Guide for Teachers | Date Captured | Wednesday May 23, 2007 09:21 AM | | Whether playing, shopping, studying or just surfing, today's kids are taking advantage of all that the web has to offer. But when it comes to their personal information, who's in charge? The Children's Online Privacy Protection Act, enforced by the Federal Trade Commission, requires commercial website operators to get parental consent before collecting any personal information from kids under 13. COPPA allows teachers to act on behalf of a parent during school activities online, but does not require them to do so. That is, the law does not require teachers to make decisions about the collection of their students' personal information. Check to see whether your school district has a policy about disclosing student information.
Here's a look at the basic provisions of the law and what they mean for you and your students.
|
| Cyber BullyingLegal Guide for Bloggers - Electronic Frontier Foundation - EFF| Date Captured | Saturday February 14, 2009 01:51 AM | | EFF- [Like all journalists and publishers, bloggers sometimes publish information that other people don't want published. You might, for example, publish something that someone considers defamatory, republish an AP news story that's under copyright, or write a lengthy piece detailing the alleged crimes of a candidate for public office.
The difference between you and the reporter at your local newspaper is that in many cases, you may not have the benefit of training or resources to help you determine whether what you're doing is legal. And on top of that, sometimes knowing the law doesn't help - in many cases it was written for traditional journalists, and the courts haven't yet decided how it applies to bloggers.]
|
| Wired Safety's Cyberbullying Video part 1 and 2| Date Captured | Thursday January 29, 2009 11:10 AM | |
| Enhancing Child Safety and Online Technologies| Date Captured | Tuesday January 27, 2009 05:45 PM | | The Internet Safety Technical Task Force was created in February 2008 in accordance with the Joint Statement on Key Principles of Social Networking Safety announced in January 2008 by the Attorneys General Multi-State Working Group on Social Networking and MySpace. The scope of the Task Force's inquiry was to consider those technologies that industry and end users - including parents - can use to help keep minors safer on the Internet.
|
| Bullies Worse than Predators On Social Networks| Date Captured | Sunday January 18, 2009 07:26 PM | | Wired -- Kim Zetter - [encounters online often engage in risky behaviors or come from environments that make them more susceptible to risks, such as environments where there is little adult supervision or where there is drug abuse or physical and mental abuse.
"Those who are most at risk often engage in risky behaviors and have difficulties in other parts of their lives. The psychosocial makeup of and family dynamics surrounding particular minors are better predictors of risk than the use of specific media or technologies," the report says.
The report also says that although cyberbullying is a greater problem than predators, there is no evidence that bullying has increased because of social networking sites and that bullying still occurs more often offline than online, although social networking sites have created another avenue for expressing it.
The report, titled "Enhancing Child Safety & Online Technologies," was commissioned by the National Association of Attorneys General, which is trying to determine the best way to combat cyberthreats against minors. It was produced by a task force headed by the Berkman Center for Internet and Society at Harvard University and is based on reviews of existing research in the area, of which the task force says there's a paucity, as well as an examination of existing tools that offer online safety features.]
|
| Cyber CrimeEnhancing Child Safety and Online Technologies| Date Captured | Tuesday January 27, 2009 05:45 PM | | The Internet Safety Technical Task Force was created in February 2008 in accordance with the Joint Statement on Key Principles of Social Networking Safety announced in January 2008 by the Attorneys General Multi-State Working Group on Social Networking and MySpace. The scope of the Task Force's inquiry was to consider those technologies that industry and end users - including parents - can use to help keep minors safer on the Internet.
|
| Child Porn Laws Used Against Kids Who Photograph Themselves| Date Captured | Thursday January 15, 2009 08:09 PM | | Wired -- Kim Zetter -- [In the Pennsylvania case, a school official seized the phone of one of the boys after he was caught using it during school hours in violation of a school rule, according to local police Capt. George Seranko. The official found the picture on the phone, and after some interrogation, discovered that two other girls had also e-mailed photos of themselves in the nude to friends. That's when the school called police, who obtained search warrants to seize the phones and examine them. Police showed the images to the local district attorney, who recommended they bring charges.]
|
| Cyber SecurityCisco 2008 Annual Security Report -- Highlighting Global Security Threats and Trends| Date Captured | Monday December 15, 2008 04:21 PM | | [This year's report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect.
Key report findings include:
Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide.
The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007.
Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity
Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007.
Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers' mail.
Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.]
|
| When Hackers Attack: Practicing Cybersecurity at Home| Date Captured | Friday December 12, 2008 02:01 PM | | Brian Krebs writes [While Barack Obama has selected key members of his national security team—Defense Secretary, National Security Adviser and Secretary of State—there are calls for the president-elect to make another security appointment. The bipartisan Commission on Cybersecurity for the 44th Presidency suggests that there is a dire need to create a National Office for Cyberspace to protect our nation’s most sensitive computer networks. The need for national cyberspace security is a no-brainer, but who is going to protect us from the digital devices that organize our lives and leaves personal information vulnerable to theft? Here, a behind-the-scenes look at how hackers are unearthing the private details of our lives by attacking our web browsers, cell phones, and personal electronics.]
|
| Securing Cyberspace for the 44th Presidency| Date Captured | Monday December 08, 2008 07:24 PM | | The report of the CSIS Commission on Cybersecurity for the 44th Presidency -- Cochairs:
Representative James R. Langevin,
Representative Michael T. McCaul,
Scott Charney,
Lt. General Harry Raduege, USAF (Ret).
Project Director:
James A. Lewis,
Center for Strategic and International Studies,
Washington, DC.
December - 2008. |
| Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment| Date Captured | Wednesday December 03, 2008 04:02 PM | | National Academies Press - [All U.S. agencies with counterterrorism programs that collect or "mine" personal data -- such as phone records or Web sites visited -- should be required to evaluate the programs' effectiveness, lawfulness, and impacts on privacy. A framework is offered that agencies can use to evaluate such information-based programs, both classified and unclassified. The book urges Congress to re-examine existing privacy law to assess how privacy can be protected in current and future programs and recommends that any individuals harmed by violations of privacy be given a meaningful form of redress.] |
| CYBER ANALYSIS AND WARNING - DHS Faces Challenges in Establishing a Comprehensive National Capability| Date Captured | Tuesday September 23, 2008 10:15 AM | | GAO 08-588: We recommend that the Secretary of Homeland Security take four actions to fully establish a national cyber analysis and warning capability. Specifically, the Secretary should address deficiencies in each of the attributes identified for
Recommendations for Executive Action
• monitoring, including establish a comprehensive baseline understanding of the nation’s critical information infrastructure and engage appropriate nonfederal stakeholders to support a national-level cyber monitoring capability;
• analysis, including expanding its capabilities to investigate incidents;
• warning, including ensuring consistent notifications that are targeted, actionable, and timely; and
• response, including ensuring that US-CERT provides assistance in the mitigation of and recovery from simultaneous severe incidents, including incidents of national significance.
We also recommend that the Secretary address the challenges that impede DHS from fully implementing the key attributes, including the following 6 items:
• engaging appropriate stakeholders in federal and nonfederal entities to determine ways to develop closer working and more trusted relationships;
• expeditiously hiring sufficiently trained cyber analysts and developing strategies for hiring and retaining highly qualified cyber analysts;
• identifying and acquiring technological tools to strengthen cyber analytical capabilities and handling the steadily increasing workload; developing predictive analysis capabilities by defining terminology, methodologies, and indicators, and engaging appropriate stakeholders in other federal and nonfederal entities;
• filling key management positions and developing strategies for hiring and retaining those officials; and
• ensuring that there are distinct and transparent lines of authority and responsibility assigned to DHS organizations with cybersecurity roles and responsibilities, including the Office of Cybersecurity and Communications and the National Cybersecurity Center. |
| "Cybersecurity Recommendations for the Next Administration” | Date Captured | Tuesday September 23, 2008 10:05 AM | | Hearing on “Cybersecurity Recommendations for the Next Administration”
|
| One in four data breaches involves schools| Date Captured | Tuesday June 03, 2008 08:34 PM | | By Meris Stansbury, Assistant Editor, eSchool News, "Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches." |
| Understanding Denial-of-Service Attacks| Date Captured | Thursday August 02, 2007 12:26 PM | | Cyber Security Tip ST04-015 -- In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. |
| Data BrokerPrivacy flags raise concern for graduate students| Date Captured | Thursday March 11, 2010 09:24 PM | | by Katie Perkowski -[Undergraduate students are not the only ones concerned with personal information available through UK’s online people search — now, graduate students are voicing their concern, too.
Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.] |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| GOOD STUDENT LIST FOR SALE| Date Captured | Saturday November 21, 2009 01:57 PM | | See lists for sale. |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| Data Accountability and Trust Act -- H. R. 2221 | Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 2221 -- To protect consumers by requiring reasonable security policies and procedures
to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Target-Marketing Becomes More Communal| Date Captured | Thursday November 05, 2009 10:45 AM | | WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai.
Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.] |
| ‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490| Date Captured | Wednesday November 04, 2009 02:19 PM | | 11TH CONGRESS - 1ST SESSION -- S. 1490:
To prevent and mitigate identity theft, to ensure privacy, to provide notice
of security breaches, and to enhance criminal penalties, law enforcement
assistance, and other protections against security breaches, fraudulent
access, and misuse of personally identifiable information.
|
| State says Cambridge Public Schools can't charge $14K for public records| Date Captured | Friday February 13, 2009 03:12 PM | | David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88.
The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.] |
| Data MiningSebelius, Solis Announce Nearly $1 Billion Recovery Act Investment in Advancing Use of Health IT, Training Workers for Health Jobs of the Future| Date Captured | Monday February 15, 2010 06:21 PM | | WASHINGTON, DC - Health and Human Services Secretary Kathleen Sebelius and Labor Secretary Hilda Solis today announced a total of nearly $1 billion in Recovery Act awards to help health care providers advance the adoption and meaningful use of health information technology (IT) and train workers for the health care jobs of the future. The awards will help make health IT available to over 100,000 hospitals and primary care physicians by 2014 and train thousands of people for careers in health care and information technology. This Recovery Act investment will help grow the emerging health IT industry which is expected to support tens of thousands of jobs ranging from nurses and pharmacy techs to IT technicians and trainers.
The over $750 million in HHS grant awards Secretary Sebelius announced today are part of a federal initiative to build capacity to enable widespread meaningful use of health IT. This assistance at the state and regional level will facilitate health care providers' efforts to adopt and use electronic health records (EHRs) in a meaningful manner that has the potential to improve the quality and efficiency of health care for all Americans. Of the over $750 million investment, $386 million will go to 40 states and qualified State Designated Entities (SDEs) to facilitate health information exchange (HIE) at the state level, while $375 million will go to an initial 32 non-profit organizations to support the development of regional extension centers (RECs) that will aid health professionals as they work to implement and use health information technology - with additional HIE and REC awards to be announced in the near future. RECs are expected to provide outreach and support services to at least 100,000 primary care providers and hospitals within two years. |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| GOOD STUDENT LIST FOR SALE| Date Captured | Saturday November 21, 2009 01:57 PM | | See lists for sale. |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| Data Accountability and Trust Act -- H. R. 2221 | Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 2221 -- To protect consumers by requiring reasonable security policies and procedures
to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Target-Marketing Becomes More Communal| Date Captured | Thursday November 05, 2009 10:45 AM | | WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai.
Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.] |
| Google Becomes Default Location Provider For Firefox| Date Captured | Thursday April 30, 2009 06:47 PM | | TechCrunch.com -- Jason Kincaid -- [Google says that the data isn't currently being used for advertising purposes (at least for now), and that this is really about getting location-based functionality deployed to the web. But even without the advertising dollars, there is one very major upside: Google is going to be able to perfect its location database, with millions of users tapping into it on a daily basis. And that database is going to be extremely valuable going forward. ] |
| F.B.I. and States Vastly Expand DNA Databases| Date Captured | Sunday April 19, 2009 05:40 PM | | NY Times By SOLOMON MOORE -- Published: April 18, 2009 -- [Minors are required to provide DNA samples in 35 states upon conviction, and in some states upon arrest. Three juvenile suspects in November filed the only current constitutional challenge against taking DNA at the time of arrest. The judge temporarily stopped DNA collection from the three youths, and the case is continuing.
Sixteen states now take DNA from some who have been found guilty of misdemeanors. As more police agencies take DNA for a greater variety of lesser and suspected crimes, civil rights advocates say the government’s power is becoming too broadly applied. “What we object to — and what the Constitution prohibits — is the indiscriminate taking of DNA for things like writing an insufficient funds check, shoplifting, drug convictions,” said Michael Risher, a lawyer for the American Civil Liberties Union.] |
| An Icon That Says They’re Watching You| Date Captured | Thursday March 19, 2009 06:20 PM | | NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all.
“I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ] |
| Behavioral Advertising and Privacy| Date Captured | Friday February 13, 2009 01:31 PM | | World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources. |
| Upgraded Biometric Technology Facilitates Visitors' Entry to the United States| Date Captured | Thursday January 15, 2009 07:41 PM | | For nearly five years, U.S. Department of State (State) consular officers and U.S. Customs and Border Protection (CBP) officers have collected biometric information—digital fingerprints and a photograph—from all non-U.S. citizens between the ages of 14 and 79, with some exceptions, when they apply for visas or arrive at major U.S. ports of entry. State consular officers began collecting 10 fingerprints from visa applicants in 2007.
Collecting 10 fingerprints increases fingerprint matching accuracy and reduces the possibility that the system will misidentify an international visitor. It also strengthens DHS's capability to check visitors' fingerprints against the Federal Bureau of Investigation's (FBI) criminal data and enables DHS to check visitors' fingerprints against latent fingerprints collected by Department of Defense (DOD) and the FBI from known and unknown terrorists around the world.
|
| Careful what you search for| Date Captured | Thursday January 01, 2009 05:15 PM | | Fortune Jia Lynn Yang [So if you're a 33-year-old working female who lives in New York City and who likes to search for Jimmy Choo pumps, you might see ads for a local shoe store - thanks to the personal information the search engines have about you.
"There are many free online tools, but they're not really free," explained Greg Conti, a professor of computer science at West Point and the author of Googling Security: How Much Does Google Know About You? "We end up paying for them with micro-payments of personal information which, in turn, are captured and used for data mining and targeted advertising."]
|
| Minnesota Department of Health Continues to Violate State Law and Individual Privacy | Date Captured | Saturday December 13, 2008 04:29 PM | | St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.
|
| 2008 Data Mining Report | Date Captured | Monday December 08, 2008 06:18 PM | | This report describes DHS programs that meet the definition of data mining required by the Congress in Section 804 of the 9/11 Commission Act, entitled the Federal Agency Data Mining Reporting Act, and summarizes the Privacy Office’s public workshop, Implementing Privacy Protections in Government Data Mining, which was held on July 24-25, 2008. The Report also presents principles for implementing privacy protections in research projects conducted by the DHS Science and Technology Directorate (S&T), the Department’s primary research and development arm. The Principles, which were developed jointly by the Privacy Office and S&T, provide guidance for incorporating privacy protections into privacy-sensitive S&T research and development projects in a manner that supports the DHS mission.
[As the Privacy Office’s Data Mining Workshop demonstrated, the term “data mining” can mean different things to different people. One thing is clear, however: regardless of how data mining is defined, data mining research that uses PII can have significant impacts on individual privacy, and those impacts must be addressed. The Department has taken a major step toward this goal by developing its Principles for Implementing Privacy Protections for Research Projects, which will be embedded in new research projects carried out by S&T, whether they involve data mining or not. The Privacy Office looks forward to collaborating with S&T to implement these Principles, so that research critical to the Department’s mission is carried out in a manner that sustains individual privacy.]
|
| Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment| Date Captured | Wednesday December 03, 2008 04:02 PM | | National Academies Press - [All U.S. agencies with counterterrorism programs that collect or "mine" personal data -- such as phone records or Web sites visited -- should be required to evaluate the programs' effectiveness, lawfulness, and impacts on privacy. A framework is offered that agencies can use to evaluate such information-based programs, both classified and unclassified. The book urges Congress to re-examine existing privacy law to assess how privacy can be protected in current and future programs and recommends that any individuals harmed by violations of privacy be given a meaningful form of redress.] |
| In Pictures: Companies That Profit From Your Data| Date Captured | Monday June 23, 2008 03:13 PM | | It may be your name, address and phone number. But it's their cash cow. By Andy Greenberg (there are a series of pictures/text with this link |
| PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information| Date Captured | Wednesday June 18, 2008 05:09 PM | | In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes. |
| Report: Feds need better privacy protection for data| Date Captured | Wednesday June 18, 2008 05:04 PM | | USA reports, "Much of the way personal information is handled today, including being sifted through data-mining systems that search for patterns, is not covered by the Privacy Act of 1974, she says.
As states begin collecting information in coming years to produce new secure drivers' licenses, government databases will get even larger. 'The government has no business collecting our personal information if it cannot ensure the American public it will be protected from identity thieves and other prying eyes,' says Caroline Fredrickson of the American Civil Liberties Union."
|
| Huge Databases Offer a Research Gold Mine — and Privacy Worries| Date Captured | Tuesday June 03, 2008 08:14 PM | | By DAVID GLENN from the issue dated May 9, 2008 Chronicle of Higher Education, "Researchers have used the new databases to study many issues, including which high-school math courses are most important for college success and how exposure to adjunct instructors affects student retention.
But the new education databases create obvious challenges for protecting student privacy — which is one reason most states have been slow to build them. Florida's education department takes elaborate steps to 'de-identify' its information before handing it to outside researchers.
Despite those efforts, nervous officials in other states look at a system like Florida's and worry about potential violations of the Family Educational Rights and Privacy Act, or Ferpa. In March the U.S. Department of Education proposed new Ferpa regulations that might clarify the ground rules for the use of such databases, but it is far from certain that the new rules will make states more comfortable with the projects." http://chronicle.com -- Section: The Faculty -- Volume 54, Issue 35, Page A10
|
| Data Mining and the Security-Liberty Debate | Date Captured | Monday June 02, 2008 04:57 PM | | By Daniel Solove. "Countless discussions about the trade-offs between security and liberty begin by taking a security proposal and then weighing it against what it would cost our civil liberties. Often, the liberty interests are cast as individual rights and balanced against the security interests, which are cast in terms of the safety of society as a whole. Courts and commentators defer to the government's assertions about the effectiveness of the security interest. In the context of data mining, the liberty interest is limited by narrow understandings of privacy that neglect to account for many privacy problems. As a result, the balancing concludes with a victory in favor of the security interest. But as I argue, important dimensions of data mining's security benefits require more scrutiny, and the privacy concerns are significantly greater than currently acknowledged. These problems have undermined the balancing process and skewed the results toward the security side of the scale."
|
| DHSSecretary Napolitano Outlines Five Recommendations To Enhance Aviation Security| Date Captured | Thursday January 07, 2010 07:53 PM | | Secretary Napolitano outlined the following five recommendations:
Re-evaluate and modify the criteria and process used to create terrorist watch lists—including adjusting the process by which names are added to the “No-Fly” and “Selectee” lists.
Establish a partnership on aviation security between DHS and the Department of Energy and its National Laboratories in order to develop new and more effective technologies to deter and disrupt known threats and proactively anticipate and protect against new ways by which terrorists could seek to board an aircraft.
Accelerate deployment of advanced imaging technology to provide greater explosives detection capabilities—and encourage foreign aviation security authorities to do the same—in order to identify materials such as those used in the attempted Dec. 25 attack. The Transportation Security Administration currently has 40 machines deployed throughout the United States, and plans to deploy at least 300 additional units in 2010.
Strengthen the presence and capacity of aviation law enforcement—by deploying law enforcement officers from across DHS to serve as Federal Air Marshals to increase security aboard U.S.-bound flights.
Work with international partners to strengthen international security measures and standards for aviation security.
|
| Today's Living on 'Today's THV at 5': Real ID Program| Date Captured | Tuesday December 01, 2009 03:27 PM | | Rebecca Buerkle writes - [Twenty-four states have passed laws or resolutions saying they will not comply. Other states that want an extension on the Dec. 31 deadline had until Tuesday to demonstrate they are making progress. But as many as 12 states may not be able to do so, making 36 states non-compliant.] |
| Testimony of Secretary Janet Napolitano before the House Committee on Homeland Security on DHS, The Path Forward| Date Captured | Wednesday February 25, 2009 03:13 PM | | Release Date: February 25, 2009 -
The Committee’s platform items:
[Improving the governance, functionality, and accountability of the Department of Homeland Security;
enhancing security for all modes of transportation;
strengthening our Nation: response, resilience, and recovery;
shielding the Nation’s critical infrastructure from attacks;
securing the homeland and preserving privacy, civil rights, and civil liberties;
connecting the dots: intelligence, information sharing, and interoperability;
implementing common-sense border and port security; and
inspiring minds and developing technology – the future of homeland security. ] |
| Data Privacy & Integrity Advisory Committee| Date Captured | Tuesday February 03, 2009 05:45 PM | | This letter (to Janet Napolitano and John W. Kropf) reflects the consensus recommendations provided by the Data Privacy and Integrity Advisory Committee to the Secretary and Acting Chief Privacy Officer of the Department of Homeland Security (DHS). The Committee’s charter under the Federal Advisory Committee Act is to provide advice on programmatic, policy, operational, administrative, and technological issues relevant to DHS that affect individual privacy, data integrity and other privacy-related issues. The Committee deliberated on and adopted the recommendations set forth below during a public meeting held by teleconference on February 3, 2009.
This letter outlines certain key privacy issues currently facing the Department of Homeland Security that the Committee believes the new Administration should review. We recognize that efforts are underway on many of these issues and our intention is to highlight their importance. The letter reflects the consensus view of the members of the Committee. |
| Upgraded Biometric Technology Facilitates Visitors' Entry to the United States| Date Captured | Thursday January 15, 2009 07:41 PM | | For nearly five years, U.S. Department of State (State) consular officers and U.S. Customs and Border Protection (CBP) officers have collected biometric information—digital fingerprints and a photograph—from all non-U.S. citizens between the ages of 14 and 79, with some exceptions, when they apply for visas or arrive at major U.S. ports of entry. State consular officers began collecting 10 fingerprints from visa applicants in 2007.
Collecting 10 fingerprints increases fingerprint matching accuracy and reduces the possibility that the system will misidentify an international visitor. It also strengthens DHS's capability to check visitors' fingerprints against the Federal Bureau of Investigation's (FBI) criminal data and enables DHS to check visitors' fingerprints against latent fingerprints collected by Department of Defense (DOD) and the FBI from known and unknown terrorists around the world.
|
| DHS office describes how it assesses privacy| Date Captured | Tuesday January 06, 2009 01:48 PM | | The FIPPS said in the memo that DHS should:
• Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII).
• When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII.
• Explain the authority that permits DHS to collect PII and the ways it will be used.
• Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary.
• Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected.
• Ensure, as much as possible, that data is accurate, relevant, timely and complete.
• Protect PII with appropriate security.
• Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.
|
| DHS Announces $48.6 Million in Driver’s License Security Grants | Date Captured | Tuesday December 16, 2008 08:35 PM | | The U.S. Department of Homeland Security (DHS) today opened the application period for approximately $48.6 million under the Fiscal Year (FY) 2009 Driver’s License Security Grant Program. These grants support state efforts to prevent terrorism and reduce fraud by improving the reliability and accuracy of identification documents that state governments issue.
The FY 2009 Driver’s License Security Grant Program will accept proposals that improve state capabilities consistent with the requirements of the REAL ID final rule. This year’s program also will contain pre-determined target allocation funds to all 56 states and territories instead of the competitively awarded funds issued to states and territories under the FY 2008 REAL ID program funds
|
| 2008 Data Mining Report | Date Captured | Monday December 08, 2008 06:18 PM | | This report describes DHS programs that meet the definition of data mining required by the Congress in Section 804 of the 9/11 Commission Act, entitled the Federal Agency Data Mining Reporting Act, and summarizes the Privacy Office’s public workshop, Implementing Privacy Protections in Government Data Mining, which was held on July 24-25, 2008. The Report also presents principles for implementing privacy protections in research projects conducted by the DHS Science and Technology Directorate (S&T), the Department’s primary research and development arm. The Principles, which were developed jointly by the Privacy Office and S&T, provide guidance for incorporating privacy protections into privacy-sensitive S&T research and development projects in a manner that supports the DHS mission.
[As the Privacy Office’s Data Mining Workshop demonstrated, the term “data mining” can mean different things to different people. One thing is clear, however: regardless of how data mining is defined, data mining research that uses PII can have significant impacts on individual privacy, and those impacts must be addressed. The Department has taken a major step toward this goal by developing its Principles for Implementing Privacy Protections for Research Projects, which will be embedded in new research projects carried out by S&T, whether they involve data mining or not. The Privacy Office looks forward to collaborating with S&T to implement these Principles, so that research critical to the Department’s mission is carried out in a manner that sustains individual privacy.]
|
| CYBER ANALYSIS AND WARNING - DHS Faces Challenges in Establishing a Comprehensive National Capability| Date Captured | Tuesday September 23, 2008 10:15 AM | | GAO 08-588: We recommend that the Secretary of Homeland Security take four actions to fully establish a national cyber analysis and warning capability. Specifically, the Secretary should address deficiencies in each of the attributes identified for
Recommendations for Executive Action
• monitoring, including establish a comprehensive baseline understanding of the nation’s critical information infrastructure and engage appropriate nonfederal stakeholders to support a national-level cyber monitoring capability;
• analysis, including expanding its capabilities to investigate incidents;
• warning, including ensuring consistent notifications that are targeted, actionable, and timely; and
• response, including ensuring that US-CERT provides assistance in the mitigation of and recovery from simultaneous severe incidents, including incidents of national significance.
We also recommend that the Secretary address the challenges that impede DHS from fully implementing the key attributes, including the following 6 items:
• engaging appropriate stakeholders in federal and nonfederal entities to determine ways to develop closer working and more trusted relationships;
• expeditiously hiring sufficiently trained cyber analysts and developing strategies for hiring and retaining highly qualified cyber analysts;
• identifying and acquiring technological tools to strengthen cyber analytical capabilities and handling the steadily increasing workload; developing predictive analysis capabilities by defining terminology, methodologies, and indicators, and engaging appropriate stakeholders in other federal and nonfederal entities;
• filling key management positions and developing strategies for hiring and retaining those officials; and
• ensuring that there are distinct and transparent lines of authority and responsibility assigned to DHS organizations with cybersecurity roles and responsibilities, including the Office of Cybersecurity and Communications and the National Cybersecurity Center. |
| "Cybersecurity Recommendations for the Next Administration” | Date Captured | Tuesday September 23, 2008 10:05 AM | | Hearing on “Cybersecurity Recommendations for the Next Administration”
|
| How RFID Tags Could Be Used to Track Unsuspecting People | Date Captured | Thursday September 11, 2008 08:41 PM | | Scientific America -- "The new licenses come equipped with radio-frequency identification (RFID) tags that can be read right through a wallet, pocket or purse from as far away as 30 feet. Each tag incorporates a tiny microchip encoded with a unique identification number. As the bearer approaches a border station, radio energy broadcast by a reader device is picked up by an antenna connected to the chip, causing it to emit the ID number. By the time the license holder reaches the border agent, the number has already been fed into a Homeland Security database, and the traveler’s photograph and other details are displayed on the agent’s screen." |
| Analysis tool exempt from some privacy laws| Date Captured | Wednesday August 20, 2008 12:51 PM | | fcw.com reports, "People whose biographic or biometric data is being analyzed by a new Immigration and Customs Enforcement (ICE) data system will not automatically be granted access to their records or be able to review them for accuracy as usually permitted by federal privacy protection laws."
|
| Fliers without ID placed on TSA list| Date Captured | Wednesday August 13, 2008 09:30 PM | | USA Today reports, "The Transportation Security Administration has collected records on thousands of passengers who went to airport checkpoints without identification, adding them to a database of people who violated security laws or were questioned for suspicious behavior.
The TSA began storing the information in late June, tracking many people who said they had forgotten their driver's license or passport at home. The database has 16,500 records of such people and is open to law enforcement agencies, according to the TSA."
|
| realnightmare.org| Date Captured | Sunday July 20, 2008 06:48 PM | | Anti-Real ID website |
| Jindal Vetoes His Vote| Date Captured | Sunday July 20, 2008 06:12 PM | | New Orleans blog, "As a new Republican governor, Jindal signed legislation into law earlier this month that prohibits Louisiana from participating in the very same Real ID Act he voted for as a congressman." |
| GOVERNOR PATERSON ANNOUNCES AVAILABILITY OF NEW ENHANCED DRIVER LICENSE| Date Captured | Saturday July 19, 2008 11:22 AM | | July 9, 2008 PRESS RELEASE excerpts: The EDL can be readily obtained by applying at local DMV offices. Since it is a driver license, it will be easier to carry than a passport, making it especially convenient for those who make frequent or unplanned crossings. The EDL will be valid for up to eight years, the same period as a current drivers license. The new licenses will be clearly distinguishable as a limited use international travel document by the added features of a U.S. flag on the front and the machine readable text on the reverse, both identifying it is an “enhanced” driver license.
Each EDL will have various new security features within the document that will help to deter counterfeiting. |
| Borderline searches and seizures| Date Captured | Friday June 27, 2008 07:34 PM | | The Gripe Line | Ed Foster -- blog response is interesting. |
| Laptop Searches in Airports Draw Fire at Senate Hearing | Date Captured | Friday June 27, 2008 06:29 PM | | NY Times reports, "'If you asked most Americans whether the government has the right to look through their luggage for contraband when they are returning from an overseas trip, they would tell you "yes, the government has that right," ' Senator Russ Feingold, Democrat of Wisconsin, said Wednesday at the hearing of a Senate Judiciary subcommittee.'
'But,' Mr. Feingold continued, 'if you asked them whether the government has a right to open their laptops, read their documents and e-mails, look at their photographs and examine the Web sites they have visited, all without any suspicion of wrongdoing, I think those same Americans would say that the government absolutely has no right to do that.'”
|
| Plan to Fingerprint Foreigners Exiting U.S. Is Opposed| Date Captured | Monday June 23, 2008 03:01 PM | | Washington Post reports, "The airline industry and embassies of 34 countries, including the members of the European Union, are urging the U.S. government to withdraw a plan that would require airlines and cruise lines to collect digital fingerprints of all foreigners before they depart the United States, starting in August 2009.
Their opposition could trigger a battle with Congress and the Bush administration, which want the new plan established quickly."
|
| Protecting Personal Information: Is the Federal Government Doing Enough?| Date Captured | Wednesday June 18, 2008 06:20 PM | | Statement of Ari Schwartz, Vice President Center for Democracy & Technology before the Committee on Homeland Security and Governmental Affairs -- "Current federal laws and policies provide to those agency officials who care about
privacy valuable tools to protect personal information in the hands of the federal
government. Unfortunately, these laws and policies clearly have not been
implemented consistently in a way that prevents indifference or wanton neglect of
personal information. Moreover, even diligent officials find gaps in existing laws,
especially because those laws, especially the Privacy Act of 1974, have failed to keep
pace with technological change.
To adequately protect privacy in this digital age, when more information is collected
and shared than ever before, both Congress and the Executive Branch will need to
work together to close the long-recognized gaps in existing laws and policies. At the
same time, both branches must foster the leadership and insist upon the
measurement capabilities needed to ensure that existing and new laws and policies
are implemented uniformly and diligently." |
| PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information| Date Captured | Wednesday June 18, 2008 05:09 PM | | In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes. |
| Report: Feds need better privacy protection for data| Date Captured | Wednesday June 18, 2008 05:04 PM | | USA reports, "Much of the way personal information is handled today, including being sifted through data-mining systems that search for patterns, is not covered by the Privacy Act of 1974, she says.
As states begin collecting information in coming years to produce new secure drivers' licenses, government databases will get even larger. 'The government has no business collecting our personal information if it cannot ensure the American public it will be protected from identity thieves and other prying eyes,' says Caroline Fredrickson of the American Civil Liberties Union."
|
| Bills would give more access to DHS data| Date Captured | Tuesday June 17, 2008 01:17 PM | | The Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee sent the full committee a bill designed to enhance public access to government documents and a measure that would reduce the extent to which DHS classifies documents.
The subcommittee also sent the full committee legislation that would require DHS to make greater use of open-source data for intelligence products. In addition, it agreed to a bill that would give state and local authorities greater flexibility in how they use DHS grants to pay analysts at state and local intelligence fusion centers.
|
| DHS wants biometric helping hand| Date Captured | Tuesday June 17, 2008 01:10 PM | | Five years after Congress ordered biometric tracking of foreign visitors leaving the United States by land and after spending millions of dollars on planning and testing that yielded limited results, the Homeland Security Department is now seeking the private sector’s help to address the challenge. |
| Privacy Impact Assessment for the Use of Radio Frequency Identification (RFID) Technology for Border Crossings| Date Captured | Thursday June 05, 2008 10:39 PM | | U.S. Customs and Border Protection (CBP) employs Radio Frequency Identification (RFID) Technology that is to be used in cross border travel documents to facilitate the land border primary inspection process. A unique number is embedded in an RFID tag which, in turn, is embedded in each cross border travel document. At the border, the unique number is read wirelessly by CBP and then forwarded through a secured data circuit to back-end computer systems. The back-end systems use the unique number to retrieve personally identifiable information about the traveler. This information is sent to the CBP Officer to assist in the authentication of the identity of the traveler and to facilitate the land border primary inspection process. Multiple border crossing programs use or plan to take advantage of CBP’s vicinity RFID-reader enabled border crossing functionality including CBP’s own trusted traveler programs, the pending Department of State’s (DoS) Passport Card, the Mexican Border Crossing Card, the proposed Enhanced Driver’s License (EDL) offered by various states, tribal enrollment cards that could be developed by various Native American Tribes, and the proposed Enhanced Driver’s Licenses being developed within the various provincial authorities in Canada.
DHS, DoS, and States and other entities collect PII from travelers during the enrollment/application process for current or anticipated RFID enabled travel documents. This PII is stored in secured computer systems and is associated with a unique RFID identifier stored in a card the traveler presents during the border crossing process. In order to expedite processing, this unique RFID identifier is transmitted wirelessly from the individual’s RFID enabled card to an RFID reader which triggers the CBP computer systems to retrieve the PII stored in secured back-end systems and pre-position the PII associated with that traveler corresponding to the unique RFID identifier. This automated process enables the CBP Officer to quickly compare the information presented on the computer screen with the information on the travel card and the traveler, and thus enhance security and complete the clearance process faster than if the enrollment information were not available. No personally identifiable information is transmitted via RFID, and the traveler is fully informed of the methods for transmitting and using this information as part of the enrollment process for RFID enabled travel documents. |
| "REAL ID Implementation Review: Few Benefits, Staggering Costs"| Date Captured | Tuesday June 03, 2008 02:35 PM | | EPIC: The final rule includes few protections for individual privacy and security
in its massive national identification database. It harms national security by
creating yet another “trusted” credential for criminals to exploit. The Department
of Homeland Security has faced so many obstacles with the REAL ID system that
the agency now plans an implementation deadline of 2017 – nine years later than
the 2008 statutory deadline.181 It is an unfunded mandate that would cost
billions, with the burden ultimately being placed on the individual taxpayer.
Technical experts familiar with the challenges of privacy protection and
identification presented the Department of Homeland Security with a variety of
recommendations that would have minimized the risks of the REAL ID system.
The DHS made some modifications, but left the essential system in place. As
REAL ID currently stands, the costs are many and the benefits are few. Public
opposition to implementation is understandable. |
| N.Y. opts for hybrid driver’s licenses| Date Captured | Tuesday June 03, 2008 02:03 PM | | Washington Technology reports, "Some of the enhanced licenses have been controversial because of privacy concerns. Washington, which was the first state to begin producing the new licenses, includes a radio frequency identification microchip on the licenses. The RFID chips, which can be read wirelessly from 20 feet to 30 feet away, have been criticized for their potential to be scanned without authorization, risking identity theft and loss of privacy.
It is not clear whether New York’s licenses will include the RFID chip. Information was not immediately available from a spokesman for the state Department of Motor Vehicles."
|
| FEMA to manage cellular alert system| Date Captured | Tuesday June 03, 2008 01:58 PM | | The alert system, mandated by Congress in the Warning Alert Response Network Act, will allow federal, state and local emergency alerts to be sent by authorized senders. FEMA, as the aggregator, will verify the authenticity of the alerts and pass them to commercial mobile phone providers, who will pass them on to their subscribers. |
| General Information Technology Access Account Records System (GITAARS) DHS/ALL-004, May 15, 2008, 73 FR 28139 | Date Captured | Tuesday June 03, 2008 12:51 PM | | In accordance with the Privacy Act of 1974, the Department of
Homeland Security is giving notice that it proposes to update a system
of records in its inventory. The Department of Homeland Security is
updating the General Information Technology Access Account Records
System system of records notice to include four new routine uses and to
add to the categories of records covered by the system. The first new
routine use will allow for information sharing with federal agencies such as the Office of Personnel Management, the Merit Systems Protection Board,
Office of Management and Budget, Federal Labor Relations Authority,
Government Accountability Office, or the Equal Employment Opportunity
Commission when information is requested in the performance of those
agencies' official duties. The second routine use will allow for the
routine sharing of business information outside of the Department for
official purposes. This includes the sharing of business contact
information to contacts outside of the Department. The third routine
use allows for sharing for the purpose of investigating an alleged or
proven act of identity fraud or theft. The fourth routine use allows
sharing of information to regulatory and oversight bodies, including
auditors, who are responsible for ensuring appropriate use of
government resources.
|
| DHS Announces Pre-Travel Authorization Program for U.S.-Bound Travelers from Visa Waiver Countries| Date Captured | Tuesday June 03, 2008 12:47 PM | | PRESS RELEASE: “Rather than relying on paper-based procedures, this system will leverage 21st century electronic means to obtain basic information about who is traveling to the U.S.without a visa,” said Homeland Security Secretary Michael Chertoff. “Getting this information in advance enables our frontline personnel to determine whether a visa-free traveler presents a threat, before boarding an aircraft or arriving on our shores. It is a relatively simple and effective way to strengthen our security, and that of international travelers, while helping to preserve an important program for key allies.” |
| Fact Sheet: Electronic System for Travel Authorization (ESTA)| Date Captured | Tuesday June 03, 2008 12:44 PM | | The Department of Homeland Security (DHS) has announced the ESTA Interim Final Rule (IFR), which establishes a new online system that is part of the Visa Waiver Program (VWP) and is required by the Implementing Recommendations of the 9/11 Commission Act of 2007. Once ESTA is mandatory, all nationals or citizens of Visa Waiver Program (VWP) countries who plan to travel to the United States for temporary business or pleasure will require an approved ESTA prior to boarding a carrier to travel by air or sea to the United States under the VWP. The rule does not apply to U.S. citizens traveling overseas. |
| Privacy Impact Assessment for the Western Hemisphere Travel Initiative Land and Sea Final | Date Captured | Tuesday June 03, 2008 12:32 PM | | The Department of Homeland Security (DHS) and U.S. Customs and Border Protection (CBP), in conjunction with the Bureau of Consular Affairs at the Department of State (DOS), published in the Federal Register a final rule to notify the public of how they will implement the Western Hemisphere Travel Initiative (WHTI) for sea and land ports-of entry. The final rule removes the current regulatory exceptions to the passport requirement provided under sections 212(d)(4)(B) and 215(b) of the Immigration and Nationality Act (INA). On August 9, 2007, the DHS Privacy Office issued a Privacy Impact Assessment (PIA) for the proposed rule, which was published in the Federal Register on June 26, 2007, at 72 FR 35088. This PIA updates the earlier PIA for the proposed rule to reflect changes in the WHTI final rule for land and sea ports-of-entry.
|
| Documents Required for Travelers Departing From or Arriving in the United States| Date Captured | Monday June 02, 2008 06:49 PM | | The WHTI final rule requires travelers to present a passport or other approved secure document denoting citizenship and identity for all land and sea travel into the United States. WHTI establishes document requirements for travelers entering the United States who were previously exempt, including citizens of the U.S., Canada and Bermuda. These document requirements will be effective June 1, 2009.
|
| Understanding Denial-of-Service Attacks| Date Captured | Thursday August 02, 2007 12:26 PM | | Cyber Security Tip ST04-015 -- In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer. |
| DNAELSI Panel Addresses Genomics Consent and Privacy at CSHL| Date Captured | Friday May 08, 2009 07:06 PM | | GenomeWeb Daily News -- Andrea Anderson-- [For instance, some have expressed concern that even de-identified genetic data could be linked to study participants. Last August, the National Institutes of Health pulled their GWAS data from public databases in response to research suggesting that it might be possible to identify an individual from pooled genetic data. There has also been a great deal of discussion about what information participants should get back from such studies as well as researchers' responsibility for informing subjects about incidental findings. ] |
| F.B.I. and States Vastly Expand DNA Databases| Date Captured | Sunday April 19, 2009 05:40 PM | | NY Times By SOLOMON MOORE -- Published: April 18, 2009 -- [Minors are required to provide DNA samples in 35 states upon conviction, and in some states upon arrest. Three juvenile suspects in November filed the only current constitutional challenge against taking DNA at the time of arrest. The judge temporarily stopped DNA collection from the three youths, and the case is continuing.
Sixteen states now take DNA from some who have been found guilty of misdemeanors. As more police agencies take DNA for a greater variety of lesser and suspected crimes, civil rights advocates say the government’s power is becoming too broadly applied. “What we object to — and what the Constitution prohibits — is the indiscriminate taking of DNA for things like writing an insufficient funds check, shoplifting, drug convictions,” said Michael Risher, a lawyer for the American Civil Liberties Union.] |
| What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008| Date Captured | Sunday January 18, 2009 09:39 PM | | By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following?
Data-processing companies;
Insurers;
Researchers (in some instances);
Hospitals;
Doctors (even those not treating you);
Law enforcement officials;
Public health officials;
Federal government.
|
| Genetic Privacy - Individual's Genetic Information - Personal Property Rights | Date Captured | Monday January 12, 2009 08:32 PM | | HOUSE BILL 12 -- File Code: Criminal Law - Substantive Crimes
Crossfiled with: SENATE BILL 54 -
Prohibiting a person from knowingly collecting, analyzing, or retaining a DNA sample from an individual, performing a DNA analysis, or retaining or disclosing the results of a DNA analysis without written informed consent; exempting the collection and analysis of DNA samples for specified purposes from the prohibition; providing that the DNA sample and the results of the DNA analysis are the exclusive property of the individual from whom the sample is collected; etc.
|
| Minnesota Department of Health Continues to Violate State Law and Individual Privacy | Date Captured | Saturday December 13, 2008 04:29 PM | | St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.
|
| eBehavioral AdvertisingUpdated and Corrected: E-Book Buyer's Guide to Privacy| Date Captured | Thursday December 31, 2009 03:20 PM | | Electronic Frontier Foundation -- [A few weeks ago, EFF published its first draft of a Buyer's Guide to E-Book Privacy. In that first draft we incorporated the actual language of the privacy policies as much as possible, which unfortunately created some confusion since companies generally use different language to address similar issues. We also did a few other things clumsily.
First, we've re-written many of the questions and answers to provide more clarity about the behavior of each e-reader. Second, we've tried point out where companies' privacy policies themselves are unclear on particular issues. And finally, we've made the whole thing easier to read by changing its visual layout. This guide continues to be a work in progress. |
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Target-Marketing Becomes More Communal| Date Captured | Thursday November 05, 2009 10:45 AM | | WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai.
Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.] |
| Americans Reject Tailored Advertising and Three Activities that Enable It | Date Captured | Monday October 05, 2009 07:01 PM | | [First, federal legislation ought to require all websites to integrate the P3P
protocols into their privacy policies. That will provide a web-wide computerreadable
standard for websites to communicate their privacy policies
automatically to people’s computers. Visitors can know immediately when
they get to a site whether they feel comfortable with its information policy.
An added advantage of mandating P3P is that the propositional logic that
makes it work will force companies to be straightforward in presenting their
positions about using data. It will greatly reduce ambiguities and obfuscations
about whether and where personal information is taken.
· Second, federal legislation ought to mandate data-flow disclosure for any
entity that represents an organization online. The law would work this way:
When an internet user begins an online encounter with a website or
commercial email, that site or email should prominently notify the person of
an immediately accessible place that will straightforwardly present (1) exactly
what information the organization collected about that specific individual
during their last encounter, if there was one; (2) whether and how that
information was linked to other information; (3) specifically what other
organizations, if any, received the information; and (4) what the entity expects
will happen to the specific individual’s data during this new (or first)
encounter. Some organizations may then choose to allow the individuals to
negotiate which of forthcoming data-extraction, manipulation and sharing
activities they will or won’t allow for that visit.
· Third, the government should assign auditing organizations to verify through
random tests that both forms of disclosure are correct—and to reveal the
results at the start of each encounter. The organizations that collect the data
should bear the expense of the audits. Inaccuracies should be considered
deceptive practices by the Federal Trade Commission.
The three proposals follow the widely recognized Federal Trade Commission goals of
providing users with access, notice, choice, and security over their information.
Companies will undoubtedly protest that these activities might scare people from
allowing them to track information and raise the cost of maintaining databases about
people online. One response is that people, not the companies, own their personal
information. Another response is that perhaps consumers’ new analyses of the situation
will lead them to conclude that such sharing is not often in their benefit. If that happens,
it might lead companies that want to retain customers to change their information
tracking-and-sharing approaches.
The issues raised here about citizen understanding of privacy policies and data flow are
already reaching beyond the web to the larger digital interactive world of personal video
recorders (such as TiVo), cell phones, and personal digital assistants. At a time when
technologies to extract and manipulate consumer information are becoming ever-more
complex, citizens’ ability to control their personal information must be both more
straightforward and yet more wide-ranging than previously contemplated.]Turow, Joseph, King, Jennifer, Hoofnagle, Chris Jay, Bleakley, Amy and Hennessy, Michael, Americans Reject Tailored Advertising and Three Activities that Enable It (September 29, 2009). Available at SSRN: http://ssrn.com/abstract=1478214 |
| Americans Don't Like Being Tracked on Web | Date Captured | Monday October 05, 2009 06:21 PM | | [The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.] |
| In the garden of Google and evil| Date Captured | Monday May 11, 2009 05:55 PM | | Computer World - Robert L. Mitchell -- [As the focus by regulators and privacy advocates intensifies, Google should take a leadership role in developing pro-consumer privacy laws and best practices.
If it doesn't, Google could eventually lose the good will it has with its users, and regulators could make it the poster boy for privacy on the Web. Google need look no further than Microsoft to see how quickly public opinion can change for a defacto monopoly. ] |
| Location-based service| Date Captured | Thursday April 30, 2009 10:12 PM | | Wiki - [A location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device] |
| Google Becomes Default Location Provider For Firefox| Date Captured | Thursday April 30, 2009 06:47 PM | | TechCrunch.com -- Jason Kincaid -- [Google says that the data isn't currently being used for advertising purposes (at least for now), and that this is really about getting location-based functionality deployed to the web. But even without the advertising dollars, there is one very major upside: Google is going to be able to perfect its location database, with millions of users tapping into it on a daily basis. And that database is going to be extremely valuable going forward. ] |
| IE8's Cumbersome Privacy Controls May Discourage Use| Date Captured | Monday March 23, 2009 04:06 PM | | Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport.
The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.] |
| An Icon That Says They’re Watching You| Date Captured | Thursday March 19, 2009 06:20 PM | | NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all.
“I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ] |
| A Call to Legislate Internet Privacy| Date Captured | Monday March 16, 2009 10:31 AM | | NY Times Saul Hansell writes [“Internet users should be able to know what information is collected about them and have the opportunity to opt out,” he said.
While he hasn’t written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That’s not a big change from what happens now, at least on most big sites.
But in what could be a big change from current practice, Mr. Boucher wants sites to get explicit permission from users — an “opt in” — if they are going to share information with other companies.]
|
| Advertisers Get a Trove of Clues in Smartphones | Date Captured | Wednesday March 11, 2009 03:05 PM | | NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates.
“It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]
|
| Google to Offer Ads Based on Interests | Date Captured | Wednesday March 11, 2009 03:00 PM | | NY Times MIGUEL HELFT writes [Google will use a cookie, a small piece of text that resides inside a Web browser, to track users as they visit one of the hundreds of thousands of sites that show ads through its AdSense program. Google will assign those users to categories based on the content of the pages they visit. For example, a user may be pegged as a potential car buyer, sports enthusiast or expectant mother.
Google will then use that information to show people ads that are relevant to their interests, regardless of what sites they are visiting. An expectant mother may see an ad about baby products not only on a parenting site but also, for example, on a sports or fashion site that uses AdSense or on YouTube, which is owned by Google.]
|
| PRIVACY AND DATA PROTECTION| Date Captured | Wednesday March 11, 2009 02:42 PM | | The Business Forum for Consumer Privacy (BFCP)--a coalition of companies including Microsoft, Google and HP released a whitepaper intended to start a discussion about governing information collection and use. The BFCP says the current U.S. approach, which holds consumers responsible for how their private information is used, is not sufficient in the information economy. In the whitepaper, the forum proposes an alternative approach toward securing private data: a "use-and-obligations" model. This model, the authors say, draws upon the OECD Guidelines and the APEC Privacy Framework, and outlines five categories of data use: fulfillment, marketing, internal business operations, antifraud and authentication, and external legal and public good. Forum members say a use-and-obligations model will better address ways in which information is collected and used in the twenty-first century. |
| ONLINE BEHAVIORAL ADVERTISING: A CHECKLIST OF PRACTICES THAT IMPACT CONSUMER TRUST| Date Captured | Wednesday March 04, 2009 03:09 PM | | Truste white paper -- [Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas:4
Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses.
Notices about ad-serving and behavioral targeting being provided in banner ads or on home pages, in addition to within a privacy policy.
Choice being provided not only for the sharing of ad-serving data, but with regard to data use by a single company to tailor ads on its own sites.
The establishment of specific data retention policies and anonymization techniques for log-file data.] |
| Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting | Date Captured | Wednesday March 04, 2009 03:05 PM | | Behavioral advertising still represents un-charted territory, without clearly applicable laws or regulations. In February, the Federal Trade Commission (FTC) published a set of guidelines (titled “Self-Regulatory Principles for Online Behavioral Advertising”) for companies collecting information on the actions of Internet users for the purpose of providing targeted advertising to them. The principles encourage self-regulatory action on the part of the companies themselves, specifically encouraging transparency and customer control, reasonable security and limited data retention for customer data.
These principles have been criticized by privacy advocates, who assert that government should impose stricter laws rather than relying on companies to self regulate.
|
| Cable Companies Target Commercials to Audience | Date Captured | Wednesday March 04, 2009 02:53 PM | | NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian.
Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.)
Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car.
Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
|
| YouTube's new 'nocookie' feature continues to serve cookies| Date Captured | Tuesday March 03, 2009 03:20 PM | | CNET -- Chris Soghoian says [ Those in the privacy community will likely pounce on this as evidence of Google's hypocrisy, while Google will likely respond by carefully parsing the definition of the phrase "non-session cookie" to not include Flash-cookie objects. Google might even even argue that its Flash-based cookies do not contain unique tracking information (something this blogger is unable to verify, since the Adobe Flash Manager only allows you to delete, but not view the contents of a Flash cookie).
One thing is clear. YouTube has advertised a new delayed cookie feature, and stated that it "does not send a cookie until the visitor plays the video." That message is further reinforced by the fact that the new cookie-lite embedded video players are served from a different domain name, youtube-nocookie.com.
Yet a user visiting a page that includes one of these "delayed cookie" videos still ends up with a long term, non-session Flash cookie hidden away in the depths of their browser.
Technical definitions of "cookie" versus "Flash cookie" aside, YouTube's "delayed cookie" feature simply fails to deliver on the company's promises.]
] |
| Behavioral Advertising and Privacy| Date Captured | Friday February 13, 2009 01:31 PM | | World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources. |
| FTC Staff Revises Online Behavioral Advertising Principles| Date Captured | Thursday February 12, 2009 06:19 PM | | The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected – including sensitive information regarding health, finances, or children – could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC’s overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace.
|
| Ad groups to develop voluntary marketing privacy guidelines| Date Captured | Wednesday January 14, 2009 07:46 PM | | Daily News Alert - [The announcement of the joint effort took place on the same day that two consumer advocacy groups, the Center for Digital Democracy and the U.S. Public Interest Research Group, asked the FTC to investigate behavioral targeting practices aimed at users of mobile phones and requested regulations to make it easier for mobile phone users to control how information about them is used.]
|
| "Cleaning Up After Cookies"| Date Captured | Tuesday January 06, 2009 03:26 PM | | Kate McKinley, a researcher at iSec Partners writes [Modern web browsers and plugins are rapidly expanding web developers’ ability to store data on users’ systems,
while simultaneously adding features which allow users the perception of more control over that data.
Users need to be confident that their perceptions match reality. Unfortunately, the privacy modes offered by
browsers are still evolving (several are only available as betas), and none remove all the tracking data users might
expect them to block. A tool was created to set and report on different data stores. This paper presents the
findings from running this tool using several major browsers with two plug-ins across three common operating
systems. We find current browsers are unable to extend tracking protection to third party plug-ins such
as Google Gears and Adobe Flash. Some of these require no user prompting under common configurations
and even expose tracking data saved with one browser sites visited by a different browser. We also recommend
approaches for solving these problems.] |
| Careful what you search for| Date Captured | Thursday January 01, 2009 05:15 PM | | Fortune Jia Lynn Yang [So if you're a 33-year-old working female who lives in New York City and who likes to search for Jimmy Choo pumps, you might see ads for a local shoe store - thanks to the personal information the search engines have about you.
"There are many free online tools, but they're not really free," explained Greg Conti, a professor of computer science at West Point and the author of Googling Security: How Much Does Google Know About You? "We end up paying for them with micro-payments of personal information which, in turn, are captured and used for data mining and targeted advertising."]
|
| Why Obama should ditch YouTube| Date Captured | Sunday December 14, 2008 09:35 PM | | Christopher Soghoian, a student fellow at Harvard University's Berkman Center for Internet and Society and PhD candidate at Indiana University's School of Informatics blogs [The privacy risks aren't just limited to YouTube.
Just a week ago, Dan Goodin at The Register criticized the use of the Google Analytics Web-tracking code in the Change.gov site--which also sets a permanent tracking cookie. Although he mostly focused on security risks, and not privacy-related threats, he blasted Obama's Web design team, stating that:
The failure of Obama's Webmasters to follow anything remotely like best practices is more than a little troubling because it suggests they don't fully grasp the security realities of living in a Web 2.0 world.
Eight years ago, the issue of cookies tracking users on government sites was a fairly big issue in tech policy circles, drawing the attention of those in Congress. Eventually, the Office of Management and Budget issued a directive that forbid the use of persistent cookies on federal agency sites.
The Obama team's use of both YouTube and Google Analytics raises serious privacy concerns and likely clashes with the OMB directive.]
|
| Education Reporting SystemsSunguard| Date Captured | Saturday November 21, 2009 01:02 PM | | [Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.] |
| Electronic Health Records (EHR)Sebelius, Solis Announce Nearly $1 Billion Recovery Act Investment in Advancing Use of Health IT, Training Workers for Health Jobs of the Future| Date Captured | Monday February 15, 2010 06:21 PM | | WASHINGTON, DC - Health and Human Services Secretary Kathleen Sebelius and Labor Secretary Hilda Solis today announced a total of nearly $1 billion in Recovery Act awards to help health care providers advance the adoption and meaningful use of health information technology (IT) and train workers for the health care jobs of the future. The awards will help make health IT available to over 100,000 hospitals and primary care physicians by 2014 and train thousands of people for careers in health care and information technology. This Recovery Act investment will help grow the emerging health IT industry which is expected to support tens of thousands of jobs ranging from nurses and pharmacy techs to IT technicians and trainers.
The over $750 million in HHS grant awards Secretary Sebelius announced today are part of a federal initiative to build capacity to enable widespread meaningful use of health IT. This assistance at the state and regional level will facilitate health care providers' efforts to adopt and use electronic health records (EHRs) in a meaningful manner that has the potential to improve the quality and efficiency of health care for all Americans. Of the over $750 million investment, $386 million will go to 40 states and qualified State Designated Entities (SDEs) to facilitate health information exchange (HIE) at the state level, while $375 million will go to an initial 32 non-profit organizations to support the development of regional extension centers (RECs) that will aid health professionals as they work to implement and use health information technology - with additional HIE and REC awards to be announced in the near future. RECs are expected to provide outreach and support services to at least 100,000 primary care providers and hospitals within two years. |
| Personal Health Information Privacy| Date Captured | Sunday January 10, 2010 04:42 PM | | News about medical and electronic health privacy risk. |
| ELSI Panel Addresses Genomics Consent and Privacy at CSHL| Date Captured | Friday May 08, 2009 07:06 PM | | GenomeWeb Daily News -- Andrea Anderson-- [For instance, some have expressed concern that even de-identified genetic data could be linked to study participants. Last August, the National Institutes of Health pulled their GWAS data from public databases in response to research suggesting that it might be possible to identify an individual from pooled genetic data. There has also been a great deal of discussion about what information participants should get back from such studies as well as researchers' responsibility for informing subjects about incidental findings. ] |
| Behavioral Advertising and Privacy| Date Captured | Friday February 13, 2009 01:31 PM | | World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources. |
| FTC Online Privacy Guidelines Faulted| Date Captured | Friday February 13, 2009 01:11 PM | | Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.
The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.] |
| E P I C A l e r t - Volume 16.02 - February 10, 2009| Date Captured | Thursday February 12, 2009 11:42 PM | | [1] Medical Privacy Moves Forward in Congress -
[2] Civil Society Launches Campaign for Privacy Convention -
[3] National Academies Report Calls for New Approach to Medical -Privacy -
[4] President Obama Promotes Open Government
[5] Report - Google Latitude Poses Significant Privacy Risks
[6] News in Brief
[7] EPIC Bookstore: "The Dark Side"
[8] Upcoming Conferences and Events
|
| U.S. stimulus bill pushes e-health records for all| Date Captured | Thursday February 12, 2009 07:29 PM | | Declan McCullagh - [The U.S. Senate on Tuesday approved an $838 billion "stimulus" bill by a 61-37 vote, capping more than a week of political sparring between critics of the measure and President Obama, who claimed during a press conference that an "economic emergency" made it necessary.
What didn't come up during the president's first press conference was how one section of the convoluted legislation--it's approximately 800 pages total--is intended to radically reshape the nation's medical system by having the government establish computerized medical records that would follow each American from birth to death.
Billions will be handed to companies creating these databases. Billions will be handed to universities to incorporate patient databases "into the initial and ongoing training of health professionals." There's a mention of future "smart card functionality."
Yet nowhere in this 140-page portion of the legislation does the government anticipate that some Americans may not want their medical histories electronically stored, shared, and searchable. Although a single paragraph promises that data-sharing will "be voluntary," there's no obvious way to opt out.
"Without those protections, Americans' electronic health records could be shared--without their consent--with over 600,000 covered entities through the forthcoming nationally linked electronic health records network," said Sue Blevins, president of the Institute for Health Freedom, a nonprofit group that advocates health care privacy.]
|
| DOD’s and VA’s Sharing of Information | Date Captured | Friday January 30, 2009 10:11 AM | | (GAO-09-268) In the more than 10 years since DOD and VA began collaborating to
electronically share health information, the two departments have increased
interoperability. Nevertheless, while the departments continue to make
progress, the manner in which they report progress—by reporting increases
in interoperability over time—has limitations. These limitations are rooted in
the departments’ plans, which identify interoperable capabilities to be
implemented, but lack the results-oriented (i.e., objective, quantifiable, and
measurable) goals and associated performance measures that are a necessary
basis for effective management. Without establishing results-oriented goals,
then reporting progress using measures relative to the established goals, the
departments and their stakeholders do not have the comprehensive picture
that they need to effectively manage their progress toward achieving
increased interoperability. Further constraining the departments’
management effectiveness is their slow pace in addressing our July 2008
recommendation related to setting up the interagency program office that
Congress called for to function as a single point of accountability in the
development and implementation of electronic health record capabilities.
|
| Rethinking the Role of Consent in Protecting Health Information Privacy| Date Captured | Tuesday January 27, 2009 09:52 AM | | CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009.
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
|
| What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008| Date Captured | Sunday January 18, 2009 09:39 PM | | By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following?
Data-processing companies;
Insurers;
Researchers (in some instances);
Hospitals;
Doctors (even those not treating you);
Law enforcement officials;
Public health officials;
Federal government.
|
| Institute for Health Freedom (IHF)| Date Captured | Sunday January 18, 2009 09:32 PM | | Health Freedom Watch
(Email newsletter published by the Institute for Health Freedom)
January 2009 -- Contents:
Economic Stimulus Package and Your Health Privacy ;
HHS Secretary Confirmation Hearing: Questions Remain about How to Pay for Proposed Health-Care Expansions;
Lead Plaintiff in Medicare Lawsuit Asks for a Temporary Restraining Order and Preliminary Injunction against SSA and HHS.]
|
| Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill| Date Captured | Sunday January 18, 2009 05:59 PM | | [The bill's privacy provisions include the following:
Stronger protections against the use of personal heath information for marketing purposes;
Accountability for all entities that handle personal health information;
A federal, individual right to be notified in the event of a breach of identifiable health information;
Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
Development and implementation of federal privacy and security protections for personal health records;
Easy access by patients to electronic copies of their records; and
Strengthened enforcement of health privacy rules.
The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]
|
| Privacy Issue Complicates Push to Link Medical Data | Date Captured | Sunday January 18, 2009 05:39 PM | | NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.”
The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives.
“Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]
|
| Obama adds health IT to economic stimulus package| Date Captured | Friday December 19, 2008 07:34 PM | | Published on December 8, 2008 -- Government Health IT Paul McCloskey writes [The Wired bill, which failed to pass the Senate this summer, created incentives for health IT adoption and addressed several privacy problems that had long delayed the bill.
Obama’s address followed remarks a day earlier by Sen. Tom Daschle, the designated Secretary of the Department of Health and Human Services. The transition team will manage a series of “health care community discussions,” to run from Dec. 15 to Dec. 30, that will solicit opinions on health care reform directly from the public.
The meetings will be modeled on the Obama election campaign, which took advantage of the Internet to solicit support directly from the public. Obama's Internet site asks people to submit ideas for how to improve the health care system.]
|
| HHS -- Health Information Technology | Date Captured | Thursday December 18, 2008 05:18 PM | |
| Secretary Leavitt Announces New Principles, Tools to Protect Privacy, Encourage More Effective Use of Patient Information to Improve Care| Date Captured | Thursday December 18, 2008 05:11 PM | | The privacy principles articulated by Secretary Leavitt are as follows:
Individual Access – Consumers should be provided with a simple and timely means to access and obtain their personal health information in a readable form and format.
Correction – Consumers should be provided with a timely means to dispute the accuracy or integrity of their personal identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers also should be able to add to and amend personal health information in products controlled by them such as personal health records (PHRs).
Openness and Transparency -- Consumers should have information about the policies and practices related to the collection, use and disclosure of their personal information. This can be accomplished through an easy-to-read, standard notice about how their personal health information is protected. This notice should indicate with whom their information can or cannot be shared, under what conditions and how they can exercise choice over such collections, uses and disclosures. In addition, consumers should have reasonable opportunities to review who has accessed their personal identifiable health information and to whom it has been disclosed.
Individual Choice -- Consumers should be empowered to make decisions about with whom, when, and how their personal health information is shared (or not shared).
Collection, Use, and Disclosure Limitation – It is important to limit the collection, use and disclosure of personal health information to the extent necessary to accomplish a specified purpose. The ability to collect and analyze health care data as part of a public good serves the American people and it should be encouraged. But every precaution must be taken to ensure that this personal health information is secured, deidentified when appropriate, limited in scope and protected wherever possible.
Data Integrity – Those who hold records must take reasonable steps to ensure that information is accurate and up-to-date and has not been altered or destroyed in an unauthorized manner. This principle is tightly linked to the correction principle. A process must exist in which, if consumers perceive a part of their record is inaccurate, they can notify their provider. Of course the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers that right, but this principle should be applied even where the information is not covered by the Rule.
Safeguards – Personal identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
Accountability – Compliance with these principles is strongly encouraged so that Americans can realize the benefit of electronic health information exchange. Those who break rules and put consumers’ personal health information at risk must not be tolerated. Consumers need to be confident that violators will be held accountable.
|
| The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information| Date Captured | Thursday December 18, 2008 04:56 PM | | The principles of the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information below establish a single, consistent approach to address the privacy and security challenges related to electronic health information exchange through a network for all persons, regardless of the legal framework that may apply to a particular organization. The goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation’s adoption of health information technologies and help improve the availability of health information and health care quality. The principles have been designed to establish the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a netwo |
| Electronic RecordsHHS Names David Blumenthal As National Coordinator for Health Information Technology| Date Captured | Saturday March 21, 2009 01:00 PM | | The American Recovery and Reinvestment Act includes a $19.5 billion investment in health information technology, which will save money, improve quality of care for patients, and make our health care system more efficient. Dr. Blumenthal will lead the effort at HHS to modernize the health care system by catalyzing the adoption of interoperable health information technology by 2014 thereby reducing health costs for the federal government by an estimated $12 billion over 10 years. |
| Lost Cellphone? Your Carrier Has Your Backup | Date Captured | Wednesday February 25, 2009 08:28 PM | | Wall Street Journal - Mossberg Solution - KATHERINE BOEHRET [By the time you've left your cellphone in a taxi or dropped it into a pot of soup, it's too late. All those phone numbers you had at your finger tips -- your best friend, your boss, your mom -- are gone. (Well, maybe you'll remember Mom's.)
Some companies have tried to soothe backup concerns with gadgets like the $50 Backup-Pal from Advanced Wireless Solutions LLC, or wireless services like Skydeck. But for many for people, it's just as easy to ignore the risk.]
|
| Enhanced DLToday's Living on 'Today's THV at 5': Real ID Program| Date Captured | Tuesday December 01, 2009 03:27 PM | | Rebecca Buerkle writes - [Twenty-four states have passed laws or resolutions saying they will not comply. Other states that want an extension on the Dec. 31 deadline had until Tuesday to demonstrate they are making progress. But as many as 12 states may not be able to do so, making 36 states non-compliant.] |
| Video: Hacker war drives San Francisco cloning RFID passports| Date Captured | Tuesday February 03, 2009 07:21 PM | | Thomas Ricker - [Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the passports of two very unaware US citizens.] |
| How RFID Tags Could Be Used to Track Unsuspecting People | Date Captured | Thursday September 11, 2008 08:41 PM | | Scientific America -- "The new licenses come equipped with radio-frequency identification (RFID) tags that can be read right through a wallet, pocket or purse from as far away as 30 feet. Each tag incorporates a tiny microchip encoded with a unique identification number. As the bearer approaches a border station, radio energy broadcast by a reader device is picked up by an antenna connected to the chip, causing it to emit the ID number. By the time the license holder reaches the border agent, the number has already been fed into a Homeland Security database, and the traveler’s photograph and other details are displayed on the agent’s screen." |
| Enhanced driver's license program a "threat" to privacy| Date Captured | Wednesday August 13, 2008 08:12 PM | | ITBusiness reports, "Despite widespread privacy concerns, several Canadian provinces are pushing through with the implementation of the enhanced driver's license (EDL) scheme that seeks to link U.S.-Canada border security measures." |
| Enhanced Driver’s Licenses Coming Your Way…| Date Captured | Sunday July 27, 2008 05:01 PM | | Steven A. Culbreath, Esq. blogs, "DHS has worked to align REAL ID and EDL requirements. EDLs that are developed consistent with the requirements of REAL ID can be used for official purposes such as accessing a Federal facility, boarding Federally-regulated commercial aircraft, and entering nuclear power plants." And... "While the REAL ID requires proof of legal status in the U.S., the state issued EDL will require that the card holder be a U.S. citizen." |
| realnightmare.org| Date Captured | Sunday July 20, 2008 06:48 PM | | Anti-Real ID website |
| GOVERNOR PATERSON ANNOUNCES AVAILABILITY OF NEW ENHANCED DRIVER LICENSE| Date Captured | Saturday July 19, 2008 11:22 AM | | July 9, 2008 PRESS RELEASE excerpts: The EDL can be readily obtained by applying at local DMV offices. Since it is a driver license, it will be easier to carry than a passport, making it especially convenient for those who make frequent or unplanned crossings. The EDL will be valid for up to eight years, the same period as a current drivers license. The new licenses will be clearly distinguishable as a limited use international travel document by the added features of a U.S. flag on the front and the machine readable text on the reverse, both identifying it is an “enhanced” driver license.
Each EDL will have various new security features within the document that will help to deter counterfeiting. |
| E-ReaderUpdated and Corrected: E-Book Buyer's Guide to Privacy| Date Captured | Thursday December 31, 2009 03:20 PM | | Electronic Frontier Foundation -- [A few weeks ago, EFF published its first draft of a Buyer's Guide to E-Book Privacy. In that first draft we incorporated the actual language of the privacy policies as much as possible, which unfortunately created some confusion since companies generally use different language to address similar issues. We also did a few other things clumsily.
First, we've re-written many of the questions and answers to provide more clarity about the behavior of each e-reader. Second, we've tried point out where companies' privacy policies themselves are unclear on particular issues. And finally, we've made the whole thing easier to read by changing its visual layout. This guide continues to be a work in progress. |
| Fair Information PracticeTHE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’ | Date Captured | Sunday January 31, 2010 10:03 PM | | Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy,
and away from notice and consent; leveling the playing field between information processors and
data subjects; and created sufficient, but limited, liability so that data processors will have
meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and
that individuals will be compensated when processing results in serious harm. This is only a first
step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and
imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation
of privacy and the value of information flows in the face of explosive growth in technological
capabilities in an increasingly global society.]
|
| Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices" | Date Captured | Thursday January 07, 2010 06:04 PM | | State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" --
Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.] |
| Comments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| Use of parental list is faulted| Date Captured | Tuesday November 03, 2009 08:06 PM | | March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government.
Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.] |
| South Dakota Superintendent Thinks Info Policy Will Pass Tonight| Date Captured | Friday October 30, 2009 05:37 PM | | [Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information."
Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.] |
| FAIR INFORMATION PRACTICE PRINCIPLES| Date Captured | Friday October 30, 2009 11:08 AM | | Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection.(27) The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices.(28) Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
|
| Protection of Pupil Rights Amendment (PPRA) | Date Captured | Friday October 30, 2009 11:00 AM | | Protection of Pupil Rights Amendment (PPRA)
The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
|
| SPITZER PPRA LAWSUIT RE: SALE OF STUDENT INFORMATION| Date Captured | Friday October 30, 2009 10:15 AM | | Parties Subject to Order
ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment
shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of
America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and
employees and any other person under their direction or control, whether acting individually or in
concert with others or through any corporate entity or device through which they may now or
hereafter act or conduct business (collectively “respondents”).
|
| Americans Don't Like Being Tracked on Web | Date Captured | Monday October 05, 2009 06:21 PM | | [The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.] |
| Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009 | Date Captured | Monday May 04, 2009 04:43 PM | | [The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of
enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated
pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress
directed the Commission and other agencies to develop regulations requiring “creditors”3 and
“financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red
Flags Rule requires any of these entities that have “covered accounts” to develop and implement
written identity theft prevention programs.
The identity theft prevention programs must be designed to help identify, detect, and
respond to patterns, practices, or specific activities – known as “red flags” – that could indicate
identity theft. This rule applies to all entities that regularly permit deferred payments for goods
or services, including entities such as health care providers, attorneys, and other professionals, as
well as retailers and a wide range of businesses that invoice their customers.] |
| IE8's Cumbersome Privacy Controls May Discourage Use| Date Captured | Monday March 23, 2009 04:06 PM | | Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport.
The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.] |
| An Icon That Says They’re Watching You| Date Captured | Thursday March 19, 2009 06:20 PM | | NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all.
“I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ] |
| A Call to Legislate Internet Privacy| Date Captured | Monday March 16, 2009 10:31 AM | | NY Times Saul Hansell writes [“Internet users should be able to know what information is collected about them and have the opportunity to opt out,” he said.
While he hasn’t written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That’s not a big change from what happens now, at least on most big sites.
But in what could be a big change from current practice, Mr. Boucher wants sites to get explicit permission from users — an “opt in” — if they are going to share information with other companies.]
|
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| Advertisers Get a Trove of Clues in Smartphones | Date Captured | Wednesday March 11, 2009 03:05 PM | | NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates.
“It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]
|
| PRIVACY AND DATA PROTECTION| Date Captured | Wednesday March 11, 2009 02:42 PM | | The Business Forum for Consumer Privacy (BFCP)--a coalition of companies including Microsoft, Google and HP released a whitepaper intended to start a discussion about governing information collection and use. The BFCP says the current U.S. approach, which holds consumers responsible for how their private information is used, is not sufficient in the information economy. In the whitepaper, the forum proposes an alternative approach toward securing private data: a "use-and-obligations" model. This model, the authors say, draws upon the OECD Guidelines and the APEC Privacy Framework, and outlines five categories of data use: fulfillment, marketing, internal business operations, antifraud and authentication, and external legal and public good. Forum members say a use-and-obligations model will better address ways in which information is collected and used in the twenty-first century. |
| ONLINE BEHAVIORAL ADVERTISING: A CHECKLIST OF PRACTICES THAT IMPACT CONSUMER TRUST| Date Captured | Wednesday March 04, 2009 03:09 PM | | Truste white paper -- [Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas:4
Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses.
Notices about ad-serving and behavioral targeting being provided in banner ads or on home pages, in addition to within a privacy policy.
Choice being provided not only for the sharing of ad-serving data, but with regard to data use by a single company to tailor ads on its own sites.
The establishment of specific data retention policies and anonymization techniques for log-file data.] |
| Cable Companies Target Commercials to Audience | Date Captured | Wednesday March 04, 2009 02:53 PM | | NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian.
Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.)
Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car.
Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
|
| Children's Online Privacy Protection Act of 1998 | Date Captured | Tuesday March 03, 2009 03:14 PM | | TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION
***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA
COPPA DEFINITION (LINK HAS FULL COPPA TEXT)
(8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including—
(A) a first and last name;
(B) a home or other physical address including street name and name of a city or town;
(C) an e-mail address;
(D) a telephone number;
(E) a Social Security number;
(F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or
(G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.
(9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
|
| RE: USE OF CLOUD COMPUTING APPLICATIONS AND SERVICES| Date Captured | Thursday February 26, 2009 06:07 PM | | Associate Director John B. Horrigan (202-419-4500) -
September 2008 -
Pew/Internet - [Convenience and flexibility are the watchwords for those who engage in cloud computing
activities:
51% of internet users who have done a cloud computing activity say a major reason
they do this is that it is easy and convenient.
41% of cloud users say a major reason they use these applications is that they like
being able to access their data from whatever computer they are using.
39% cite the ease of sharing information as a major reason they use applications in
cyberspace or store data there.
At the same time, users report high levels of concern when presented with scenarios in which
companies may put their data to uses of which they may not be aware.
90% of cloud application users say they would be very concerned if the company at
which their data were stored sold it to another party.
80% say they would be very concerned if companies used their photos or other data
in marketing campaigns.
68% of users of at least one of the six cloud applications say they would be very
concerned if companies who provided these services analyzed their information and
then displayed ads to them based on their actions.] |
| Cloud computing takes hold despite privacy fears| Date Captured | Thursday February 26, 2009 06:03 PM | | Computer Worlds -- Heather Havenstein [Users of online e-mail, storage systems fear the sale of personal data without permission] |
| Cloud Computing Privacy Tips | Date Captured | Wednesday February 25, 2009 04:11 PM | | World Privacy Forum -- February 23, 2009 -- By Robert Gellman and Pam Dixon [Cloud Computing Tips for Consumers:
Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider.
Don’t put anything in the cloud you would not want the government or a private litigant to see.
Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information.
Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider.
When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you.
Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy? ]
|
| REPORT: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing| Date Captured | Wednesday February 25, 2009 03:59 PM | |
Released February 23, 2009 -
Author: Robert Gellman:
[This report discusses the issue of cloud computing and outlines its implications for the privacy of
personal information as well as its implications for the confidentiality of business and
governmental information. The report finds that for some information and for some business
users, sharing may be illegal, may be limited in some ways, or may affect the status or
protections of the information shared. The report discusses how even when no laws or
obligations block the ability of a user to disclose information to a cloud provider, disclosure may
still not be free of consequences. The report finds that information stored by a business or an
individual with a third party may have fewer or weaker privacy or other protections than
information in the possession of the creator of the information. The report, in its analysis and
discussion of relevant laws, finds that both government agencies and private litigants may be
able to obtain information from a third party more easily than from the creator of the
information. A cloud provider’s terms of service, privacy policy, and location may significantly
affect a user’s privacy and confidentiality interests.] see policy recommendations in full report. |
| Does Cloud Computing Mean More Risks to Privacy?| Date Captured | Wednesday February 25, 2009 03:44 PM | | NY Times -- Saul Hansell -- [In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.]
|
| FTC Online Privacy Guidelines Faulted| Date Captured | Friday February 13, 2009 01:11 PM | | Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.
The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.] |
| The F.T.C. Talks Tough on Internet Privacy| Date Captured | Thursday February 12, 2009 07:20 PM | | NY Times - Saul Hansell --
[In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers.
“This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
|
| Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising| Date Captured | Thursday February 12, 2009 06:43 PM | | [CDT believes the 2008 NAI Principles, while late in addressing new trends in the
industry, demonstrate clear progress over the original code of conduct adopted in 2000.
The transparency of the NAI’s revision and compliance process, the approach to sensitive
information, and the coverage of advertising practices beyond behavioral advertising all
represent important steps forward. While robust self-regulation in the behavioral
advertising space does not obviate the need for a baseline federal privacy law covering
data collection and usage of all kinds, the NAI has made advances in several areas,
yielding what we hope will be better protections for consumer privacy.
However, the 2008 NAI Principles still come up short in crucial respects including the
opt-out choice requirement, the notice standard, the NAI member accountability model,
the failure to address ISP behavioral advertising, the lack of a choice requirement for
multi-site advertising, and the data retention principle. Some of these are outstanding
issues that have existed within the NAI framework since its inception, while others are
new concerns raised by the updates to the principles.] |
| Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill| Date Captured | Sunday January 18, 2009 05:59 PM | | [The bill's privacy provisions include the following:
Stronger protections against the use of personal heath information for marketing purposes;
Accountability for all entities that handle personal health information;
A federal, individual right to be notified in the event of a breach of identifiable health information;
Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes;
Development and implementation of federal privacy and security protections for personal health records;
Easy access by patients to electronic copies of their records; and
Strengthened enforcement of health privacy rules.
The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]
|
| Privacy Issue Complicates Push to Link Medical Data | Date Captured | Sunday January 18, 2009 05:39 PM | | NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.”
The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives.
“Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]
|
| DHS office describes how it assesses privacy| Date Captured | Tuesday January 06, 2009 01:48 PM | | The FIPPS said in the memo that DHS should:
• Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII).
• When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII.
• Explain the authority that permits DHS to collect PII and the ways it will be used.
• Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary.
• Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected.
• Ensure, as much as possible, that data is accurate, relevant, timely and complete.
• Protect PII with appropriate security.
• Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.
|
| FBIUndercover and Sensitive Operations Unit Attorney General's Guidelines on FBI Undercover Operations Revised 11/13/92| Date Captured | Saturday December 26, 2009 09:04 PM | | [The following Guidelines on the use of undercover activities and operations by the Federal Bureau of Investigation (FBI) are issued under the authority of the Attorney General provided in Title 28, United States Code, Sections 509, 510, and 533. They apply to all investigations conducted by the FBI, except those conducted pursuant to its foreign counterintelligence and foreign intelligence responsibilities.] |
| FCCCable Companies Target Commercials to Audience | Date Captured | Wednesday March 04, 2009 02:53 PM | | NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian.
Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.)
Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car.
Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
|
| The Internet Safety Act launches a new battle on privacy | Date Captured | Wednesday February 25, 2009 03:32 PM | | The Christian Science Monitor -- Tom Regan [The bill would require almost everyone who provides Internet access to retain all records for two years. Right now, that includes big Internet service providers (ISPs) such as Verizon or Comcast, the coffee shop that offers free wireless access, and me because I have an Internet router set up at home that is accessed by several people. CNET News noted that the day the acts were introduced in Congress, “both the US Department of Justice’s position and legal definition of ‘electronic communication services’ line up with this [broad] interpretation.”
Another section of the bill says that anyone who “knowingly engages in any conduct the provider knows or has reason to believe facilitates access to, or the possession of, child pornography” can be tried under the law. More than a few ISPs worry that this broad wording includes the mere act of providing services such as e-mail might “facilitate access” to illegal material.]
|
| 2009 Media & Tech Priorities -- A Public Interest Agenda| Date Captured | Monday December 22, 2008 03:48 PM | | Free Press Action Fund -- [Obama’s FCC should act quickly to adopt rules preserving Net Neutrality that mirror the legislative effort. These rules should pertain to all wired and wireless networks and should enshrine the FCC’s established four openness principles alongside a necessary fifth principle that prohibits discrimination and pay-for-priority tolls. The FCC should establish an expedited complaint process for violations of the rules and stiff penalties for violators. Finally, the FCC should move to require extensive disclosure of Internet providers’ network management techniques as well as specific information about the quality of the Internet service being purchased by consumers.] |
| Google Wants Its Own Fast Track on the Web | Date Captured | Monday December 15, 2008 09:27 AM | | Wall Street Journal VISHESH KUMAR and CHRISTOPHER RHOADS write [For computer users, it could mean that Web sites by companies not able to strike fast-lane deals will respond more slowly than those by companies able to pay. In the worst-case scenario, the Internet could become a medium where large companies, such as Comcast Corp. in cable television, would control both distribution and content -- and much of what users can access, according to neutrality advocates.
The developments could test Mr. Obama's professed commitment to network neutrality. "The Internet is perhaps the most open network in history, and we have to keep it that way," he told Google employees a year ago at the company's Mountain View, Calif., campus. "I will take a back seat to no one in my commitment to network neutrality."
But Lawrence Lessig, an Internet law professor at Stanford University and an influential proponent of network neutrality, recently shifted gears by saying at a conference that content providers should be able to pay for faster service. Mr. Lessig, who has known President-elect Barack Obama since their days teaching law at the University of Chicago, has been mentioned as a candidate to head the Federal Communications Commission, which regulates the telecommunications industry.]
|
| FERPAPrivacy flags raise concern for graduate students| Date Captured | Thursday March 11, 2010 09:24 PM | | by Katie Perkowski -[Undergraduate students are not the only ones concerned with personal information available through UK’s online people search — now, graduate students are voicing their concern, too.
Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.] |
| Clash Over Student Privacy| Date Captured | Tuesday March 09, 2010 05:05 PM | | Inside Higher Ed - [WASHINGTON -- The U.S. Education Department has fired the top federal official charged with protecting student privacy, in what the dismissed official says was a conflict with the agency's political leaders over their zeal to encourage the collection of data about students' academic performance.
Paul Gammill says he was physically escorted out of the department's offices on a Friday morning last month after he refused to resign as director of the agency's Family Policy Compliance Office. Administration officials said that "[p]rivacy laws require us to keep certain employment matters confidential, so we cannot comment on Mr. Gammill.
But Gammill, not so encumbered, maintains that he was dismissed because, on several occasions, he argued in internal meetings and documents that the department's approach to prodding states to expand their longitudinal student data systems violated the Family Educational Rights and Privacy Act, which protects the privacy of students' educational records.] |
| Federal Register: July 6, 2000 (Volume 65, Number 130)| Date Captured | Tuesday March 09, 2010 04:56 PM | | DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family
Educational Rights and Privacy Act (FERPA). The amendments are needed
to implement sections 951 and 952 of the Higher Education Amendments of
1998 (HEA). These amendments permit postsecondary institutions to
disclose certain information to the public and to parents of students.
DATES: These regulations are effective August 7, 2000. |
| Putting Private Info on Government Database | Date Captured | Tuesday March 09, 2010 04:34 PM | | Phyllis Schlafly writes - [The Fordham report made numerous recommendations to beef up student privacy, such as collecting only information relevant to articulated purposes, purging unjustified data, enacting time limits for data retention and hiring a chief privacy officer for each state. There is no indication that these suggestions will be implemented.
The Obama Department of Education officials believe that collecting personally identifiable data is "at the heart of improving schools and school districts." One of the four reform mandates of the Race to the Top competition is to establish pre-kindergarten to college-and-career data systems that "track progress and foster continuous improvement."] |
| Comments of the World Privacy Forum regarding Notice of Proposed Rulemaking, FERPA| Date Captured | Tuesday February 02, 2010 08:28 PM | | [Our comments focus on several aspects of the Notice of Proposed Rulemaking (NPRM), notably,
the definition and handling of directory information and personally identifiable information. We
also comment on the use of full tax returns to determine eligibility. And finally, we comment on
the issue of outsourcing, including the need for audit trails in regards to the proposed expansion
of the school official exemption.] |
| Personal school data not always private| Date Captured | Tuesday November 03, 2009 08:15 PM | | SCOTT WALDMAN Staff Writer
Section: Capital Region, Page: B1
Date: Saturday, February 9, 2008
[GUILDERLAND - Last year, the Guilderland Teachers Association got the address of every local family and sent those with school-age children postcards promoting the union's picks in the May school board election.
But trying to get that kind of personal information from other school districts won't work. The issue shines a light on how school districts interpret a federal law that permits the disclosure of "directory" information - including student and parent names, addresses and phone numbers - without consent. The law leaves it up to individual districts to define what is considered directory information. The statute also stipulates that schools must tell residents they have the right to withhold the information.]
|
| Use of parental list is faulted| Date Captured | Tuesday November 03, 2009 08:06 PM | | March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government.
Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.] |
| Children's Privacy (FTC and many additional federal agencies).| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| South Dakota Superintendent Thinks Info Policy Will Pass Tonight| Date Captured | Friday October 30, 2009 05:37 PM | | [Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information."
Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.] |
| CHILDREN’S EDUCATIONAL RECORDS AND PRIVACY -- A STUDY OF ELEMENTARY AND SECONDARY SCHOOL STATE REPORTING SYSTEMS -- October 28, 2009 | Date Captured | Friday October 30, 2009 09:44 AM | | [The Study reports on the results of a survey of all fifty states and finds that state educational databases across the country ignore key privacy protections for the nation's K-12 children. The Study finds that large amounts of personally identifiable data and sensitive personal information about children are stored by the state departments of education in electronic warehouses or for the states by third party vendors. These data warehouses typically lack adequate privacy protections, such as clear access and use restrictions and data retention policies, are often not compliant with the Family Educational Rights and Privacy Act, and leave K-12 children unprotected from data misuse, improper data release, and data breaches. The Study provides recommendations for best practices and legislative reform to address these privacy problems.]
Joel R. Reidenberg, Professor of Law and Founding Academic Director of CLIP
Jamela Debelak, Esq., Executive Director of CLIP |
| National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local Education Agencies| Date Captured | Saturday March 21, 2009 01:43 PM | | National Forum on Education Statistics. Forum Guide to Protecting the Privacy of Student Information: State and Local
Education Agencies, NCES 2004–330. Washington, DC: 2004. |
| FERPA Online Library| Date Captured | Thursday March 12, 2009 03:22 PM | | Family Policy Compliance Office Letters |
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| Report Is Said To Criticize On-Campus Recruitment| Date Captured | Thursday March 12, 2009 03:10 PM | | September 6, 2007 -- NY SUN -- ALEXANDER BRITELL -- [A report by a civil liberties group and the president of Manhattan, Scott Stringer, will criticize military recruitment tactics at some city school campuses.
A source familiar with the findings of the report, which is drawn from the survey responses of nearly 1,000 students, said it alleges that military recruiters have been given too much access to public school classrooms, and that the city's Department of Education has not adequately informed students about their right to remove their names from recruiting lists.]
|
| Family Policy Compliance Office (FPCO)| Date Captured | Thursday March 12, 2009 02:49 PM | |
| State says Cambridge Public Schools can't charge $14K for public records| Date Captured | Friday February 13, 2009 03:12 PM | | David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88.
The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.] |
| Student Information Not For Sale At UW- Marathon County| Date Captured | Wednesday February 11, 2009 07:06 PM | | Wsaw.com reporter: Margo Spann --
[Private companies looking to sell or market products to college students are buying information about them directly from their schools.
The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students.
She says companies are often looking to buy students names, birth-dates, and email addresses.]
|
| Rethinking the Role of Consent in Protecting Health Information Privacy| Date Captured | Tuesday January 27, 2009 09:52 AM | | CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009.
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
|
| Family Educational Rights and Privacy; Final Rule| Date Captured | Tuesday December 09, 2008 07:02 PM | | FR Doc E8-28864[Federal Register: December 9, 2008 (Volume 73, Number 237)]
[Rules and Regulations]
[Page 74805-74855]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09de08-8] |
| U Alabama at Birmingham Student Records Policy, Photo as Directory Information| Date Captured | Thursday December 04, 2008 08:41 PM | | UAB’s Student Records Policy, derived from the Federal Educational Rights and Privacy Act (FERPA), lists the following items of a student record as “directory information:” Name, Telephone number, E-mail address, Date and place of birth, Major field of study, Participation in officially recognized activities and sports, Dates of attendance, Degrees and awards received, Institution most recently previously attended
These items are considered public information which may be made available by the university without prior consent of the student and are considered part of the public record of the student’s attendance.
Effective Spring 2009, the photo used on the CampusCard will become an item of directory information. Under the provisions of FERPA, students have the right to withhold the disclosure of directory information.
|
| Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)| Date Captured | Thursday December 04, 2008 04:36 PM | | The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by
FERPA. When making determinations as to whether personally identifiable information from
student health records maintained by the educational agency or institution may be disclosed, school
officials at institutions subject to FERPA should refer to FERPA and its requirements. While the
educational agency or institution has the responsibility to make the initial, case-by-case
determination of whether a disclosure meets the requirements of FERPA, the Department of
Education’s Family Policy Compliance Office is available to offer technical assistance to school
officials in making such determinations |
| Vermont to study student privacy policies| Date Captured | Thursday June 12, 2008 04:14 PM | | Reformer reports, "The state (Vermont) board is also going to consider how the education department handles third party research requests on behalf of the education department using student data.
Under the proposed change, the department information technology team would classify data as sensitive and confidential, and a written contract would have to be signed before the release of records.
A third proposed policy spells out how organizations that contract with the education department go about obtaining student information for their work."
|
| Students anxious about directory data | Date Captured | Wednesday June 11, 2008 10:06 AM | | Columbia Tribune reports, "The names, telephone numbers, e-mail addresses, mailing addresses and other information of University of Missouri students are all considered public information and have been drawing the attention of marketing agencies eager to sell goods and services to the student body." |
| One in four data breaches involves schools| Date Captured | Tuesday June 03, 2008 08:34 PM | | By Meris Stansbury, Assistant Editor, eSchool News, "Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches." |
| EDUCAUSE | Date Captured | Tuesday June 03, 2008 08:26 PM | | EDUCAUSE is a nonprofit association and good source of information about FERPA and higher education. |
| Huge Databases Offer a Research Gold Mine — and Privacy Worries| Date Captured | Tuesday June 03, 2008 08:14 PM | | By DAVID GLENN from the issue dated May 9, 2008 Chronicle of Higher Education, "Researchers have used the new databases to study many issues, including which high-school math courses are most important for college success and how exposure to adjunct instructors affects student retention.
But the new education databases create obvious challenges for protecting student privacy — which is one reason most states have been slow to build them. Florida's education department takes elaborate steps to 'de-identify' its information before handing it to outside researchers.
Despite those efforts, nervous officials in other states look at a system like Florida's and worry about potential violations of the Family Educational Rights and Privacy Act, or Ferpa. In March the U.S. Department of Education proposed new Ferpa regulations that might clarify the ground rules for the use of such databases, but it is far from certain that the new rules will make states more comfortable with the projects." http://chronicle.com -- Section: The Faculty -- Volume 54, Issue 35, Page A10
|
| FERPA Violation| Date Captured | Monday June 02, 2008 10:10 PM | | Letter from Wisconsin College Republicans to Family Policy Compliance Office regarding FERPA violation claim. |
| Frequently Asked Questions| Date Captured | Sunday June 01, 2008 04:41 PM | | What is "Directory Information"?
FERPA defines "directory information" as information contained in the education records of a student that would not generally be considered harmful or an invasion of privacy if disclosed. Typically, "directory information" includes information such as name, address, telephone listing, date and place of birth, participation in officially recognized activities and sports, and dates of attendance. A school may disclose "directory information" to third parties without consent if it has given public notice of the types of information which it has designated as "directory information," the parent's or eligible student's right to restrict the disclosure of such information, and the period of time within which a parent or eligible student has to notify the school in writing that he or she does not want any or all of those types of information designated as "directory information." The means of notification could include publication in various sources, including a newsletter, in a local newspaper, or in the student handbook. The school could also include the "directory information" notification as part of the general notification of rights under FERPA. The school does not have to notify a parent or eligible student individually. (34 CFR § 99.37.)
|
| | Family Educational Rights and Privacy Act (FERPA)| Date Captured | Thursday July 27, 2006 09:36 PM | | "The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.
FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are 'eligible students.'" parent or eligible student in order to release any information from a student's education record. However, FERPA allows schools to disclose those records, without consent, to the following parties or under the following conditions (34 CFR § 99.31):
School officials with legitimate educational interest;
Other schools to which a student is transferring;
Specified officials for audit or evaluation purposes;
Appropriate parties in connection with financial aid to a student;
Organizations conducting certain studies for or on behalf of the school;
Accrediting organizations;
To comply with a judicial order or lawfully issued subpoena;
Appropriate officials in cases of health and safety emergencies; and
State and local authorities, within a juvenile justice system, pursuant to specific State law.
Schools may disclose, without consent, "directory" information such as a student's name, address, telephone number, date and place of birth, honors and awards, and dates of attendance. However, schools must tell parents and eligible students about directory information and allow parents and eligible students a reasonable amount of time to request that the school not disclose directory information about them. Schools must notify parents and eligible students annually of their rights under FERPA. The actual means of notification (special letter, inclusion in a PTA bulletin, student handbook, or newspaper article) is left to the discretion of each school.
|
| File Sharing16 Apps That Make Sharing Large Files A Snap| Date Captured | Sunday August 09, 2009 05:00 PM | | Orli Yakuel-- [So why would you use an file-sharing app anyway? Actually for many reasons: for larger files, for privacy, multiple files, file format support, and more.
In this post, I compare 16 file-sharing services. I took three main issues under consideration when creating the comprehensive app list below: Free, Fast, and Useful . . .] |
| First AmendmentBrandeis in Italy: The Privacy Issues in the Google Video Case| Date Captured | Wednesday March 10, 2010 03:59 PM | | Huffington Post - Marc Rotenberg writes [I don't think this is really a case about ISP liability at all. It is a case about the use of a person's image, without their consent, that generates commercial value for someone else. That is the essence of the Italian law at issue in this case. It is also how the right of privacy was first established in the United States.
The video at the center of this case was very popular in Italy and drove lots of users to the Google Video site. This boosted advertising and support for other Google services. As a consequence, Google actually had an incentive not to respond to the many requests it received before it actually took down the video.
Back in the U.S., here is the relevant history: after Brandeis and Warren published their famous article on the right to privacy in 1890, state courts struggled with its application. In a New York state case in 1902, a court rejected the newly proposed right. In a second case, a Georgia state court in 1905 endorsed it.] Marc Rotenberg is the Executive Director, Electronic Privacy Information Center (EPIC). |
| Free Speech Coalition v. Holder| Date Captured | Sunday March 07, 2010 06:12 PM | | Electronic Frontier Foundation (EFF) has filed a friend-of-the-court brief urging a federal court judge to block two criminal statutes that unconstitutionally limit the free expression of millions of adults who use the Internet and other electronic forms of communication, bringing the threat of criminal sanctions for private, lawful speech.
At issue are provisions of federal law that require anyone who produces a visual depiction of sexually explicit expression to maintain extensive records -- including copies of drivers' licenses, the dates and times images were taken, and all URLs where images were posted -- and often force public disclosure of a creator's home address. Even more troubling, the regulations allow law enforcement warrantless entry into homes or offices in order to inspect the records that are supposed to be kept. While these statutes regulate the commercial pornography industry, they also likely apply to a staggering number of Americans who create and share images of themselves over social networks, online dating services, personal erotic websites, and text messaging.
The current implementation of 18 U.S.C. § 2257 unconstitutionally encroaches on
the free expression of a staggering number of Americans. Section 2257, which originally
targeted producers of child pornography by creating a rebuttable presumption that an
individual depicted in sexually explicit expression was a minor in a child pornography
prosecution if the producer did not maintain records, has been amended to expand its
scope such that it now applies to individual photographers and videographers who create
and publish sexual content for personal and non-commercial purposes.1 As a result, the
use of social networking applications, dating profiles, personal erotic websites, sexual
text messaging and other forms of adult expression are burdened by onerous recordkeeping
requirements of which most speakers are likely not even aware. The price of
failure to comply is potential criminal penalties and significant prison time. |
| Bloggers Now Eligible For Press Passes In NYC| Date Captured | Tuesday March 02, 2010 08:02 PM | | Wendy David writes [Under the new proposed policy, the New York Police Department would be able to issue press passes good for two years to any journalist who has personally attended and reported on at least six qualified events in the city in the preceding two years, regardless of whether the reports were published online, in print newspapers, magazines, books or other media. Events that will qualify include city-sponsored activity -- like a press conference or parade -- as well as emergencies where the city has set up do-not-cross lines. The proposal also allows inexperienced journalists to obtain single-use press passes.] |
| Two German Killers Demanding Anonymity Sue Wikipedia’s Parent | Date Captured | Friday November 13, 2009 06:29 PM | | NYT John Schwartz writes [ Wolfgang Werlé and Manfred Lauber became infamous for killing a German actor in 1990. Now they are suing to force Wikipedia to forget them.
The legal fight pits German privacy law against the American First Amendment. German courts allow the suppression of a criminal’s name in news accounts once he has paid his debt to society, noted Alexander H. Stopp, the lawyer for the two men, who are now out of prison.] |
| Fourth AmendmentNelson v. NASA| Date Captured | Wednesday March 10, 2010 03:46 PM | | [On August 30, 2007, Appellants filed suit alleging, both
individually and on behalf of the class of JPL employees in
non-sensitive or “low risk” positions, that NASA’s newly
imposed background investigations are unlawful. Appellants
bring three primary claims: (1) NASA and the Department of
Commerce (collectively “Federal Appellees”) violated the
Administrative Procedure Act (“APA”) by acting withoutstatutory authority in imposing the investigations on contract
employees; (2) the investigations constitute unreasonable
searches prohibited by the Fourth Amendment; and (3) the
investigations violate their constitutional right to informational
privacy.] |
| Security and Privacy? Forget About It| Date Captured | Monday March 08, 2010 08:41 PM | | By Richard Adhikari - TechNewsWorld - [As the Obama administration grapples with the thorny issue of beefing up the United States' cybersecurity infrastructure, and as security experts warn of impending cyberwarfare, a debate is raging over how much surveillance is enough.
One of the biggest problems about implementing cybersecurity is that it involves a measure of surveillance, and the line between surveillance and snooping is razor thin. Thin enough, in fact, that Einstein 3, the latest iteration of the Federal government's intrusion detection program, has aroused privacy concerns because it can examine the content of email.
That, some privacy advocates believe, makes it almost equivalent to warrantless wiretapping.
The security community is divided over the issue.]
[Using NSA technology almost certainly will lead to an invasion of privacy, the EFF's Rotenberg fears. "The folks over at NSA are not just interested in looking for malware, they're very interested in content," he said. "This is the problem with Einstein 2 and Einstein 3."
On the other hand, turning over the responsibility for deep packet inspection to private companies could have its own pitfalls. "Deep packet inspection opens the doors to commercialization," Rotenberg warned. "The companies can say, 'We have to do this because of our security mandate and oh, by the way, there's a marketing opportunity here.'"] |
| Free Speech Coalition v. Holder| Date Captured | Sunday March 07, 2010 06:12 PM | | Electronic Frontier Foundation (EFF) has filed a friend-of-the-court brief urging a federal court judge to block two criminal statutes that unconstitutionally limit the free expression of millions of adults who use the Internet and other electronic forms of communication, bringing the threat of criminal sanctions for private, lawful speech.
At issue are provisions of federal law that require anyone who produces a visual depiction of sexually explicit expression to maintain extensive records -- including copies of drivers' licenses, the dates and times images were taken, and all URLs where images were posted -- and often force public disclosure of a creator's home address. Even more troubling, the regulations allow law enforcement warrantless entry into homes or offices in order to inspect the records that are supposed to be kept. While these statutes regulate the commercial pornography industry, they also likely apply to a staggering number of Americans who create and share images of themselves over social networks, online dating services, personal erotic websites, and text messaging.
The current implementation of 18 U.S.C. § 2257 unconstitutionally encroaches on
the free expression of a staggering number of Americans. Section 2257, which originally
targeted producers of child pornography by creating a rebuttable presumption that an
individual depicted in sexually explicit expression was a minor in a child pornography
prosecution if the producer did not maintain records, has been amended to expand its
scope such that it now applies to individual photographers and videographers who create
and publish sexual content for personal and non-commercial purposes.1 As a result, the
use of social networking applications, dating profiles, personal erotic websites, sexual
text messaging and other forms of adult expression are burdened by onerous recordkeeping
requirements of which most speakers are likely not even aware. The price of
failure to comply is potential criminal penalties and significant prison time. |
| Undercover and Sensitive Operations Unit Attorney General's Guidelines on FBI Undercover Operations Revised 11/13/92| Date Captured | Saturday December 26, 2009 09:04 PM | | [The following Guidelines on the use of undercover activities and operations by the Federal Bureau of Investigation (FBI) are issued under the authority of the Attorney General provided in Title 28, United States Code, Sections 509, 510, and 533. They apply to all investigations conducted by the FBI, except those conducted pursuant to its foreign counterintelligence and foreign intelligence responsibilities.] |
| U.S. Constitution: Fourth Amendment | Date Captured | Thursday January 01, 2009 07:07 PM | | Linked page includes Findlaw annotations [The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.]
|
| You Have Near-Zero Expectation of Privacy in Your Cell Phone Records [Part I]| Date Captured | Thursday January 01, 2009 07:01 PM | | Journalist Mark Nestmann -- [The calling records on your cell phone have "no expectation of privacy," according to a court decision issued by a federal court in Kansas. And under the court's reasoning, it's possible that other data stored on modern cell phones have no expectation of privacy, either.] |
| Court: Constitution Protects Stored Cell Phone Location Information (CDT Amicus Brief in the Case [PDF], July 31, 2008)| Date Captured | Monday September 29, 2008 10:15 PM | | The Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, had argued for the warrant requirement that the court adopted in an amicus curiae brief filed in July. September 11, 2008.
|
| Court: Constitution Protects Stored Cell Phone Location Information (Federal Court Decision [PDF], September 10, 2008| Date Captured | Monday September 29, 2008 10:05 PM | | A federal court ruled September 10th that stored cell phone location information is protected by the Fourth Amendment. The court said the government needed a warrant, based on probable cause, in order to gain access to stored cell phone location information. Other courts have required probable cause for law enforcement access to real-time cell phone location information; however, this decision is particularly important because it extends the probable cause requirement to stored location information. The Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, had argued for the warrant requirement that the court adopted in an amicus curiae brief filed in July. September 11, 2008 |
| Freedom of Information (FOI)NYS Department of State Committee on Open Government| Date Captured | Saturday February 14, 2009 01:43 AM | | The Committee on Open Government is responsible for overseeing and advising with regard to the Freedom of Information, Open Meetings and Personal Privacy Protection Laws (Public Officers Law, Articles 6, 7 and 6-A respectively). |
| Freedom of Information (FOI)| Date Captured | Saturday December 06, 2008 05:12 PM | | Links to FOI sites. |
| FTCTHE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’ | Date Captured | Sunday January 31, 2010 10:03 PM | | Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy,
and away from notice and consent; leveling the playing field between information processors and
data subjects; and created sufficient, but limited, liability so that data processors will have
meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and
that individuals will be compensated when processing results in serious harm. This is only a first
step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and
imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation
of privacy and the value of information flows in the face of explosive growth in technological
capabilities in an increasingly global society.]
|
| Subject: EU-US Safe Harbor| Date Captured | Saturday January 23, 2010 09:34 PM | | Chris Wolf - [There are three principal methods to legally export data from the EU to the US and overcome the prohibition against export to a country deemed to lack adequate protections. The first two are through so-called "model contracts" and "Binding Corporate Rules". The third is pursuant to a "Safe Harbor" framework that that EU and US agreed upon in 2001. To participate in the Safe Harbor, a U.S. company self-certifies to the U.S. Department of Commerce that it will follow the Safe Harbor Privacy Principles, which contain the core requirements of the EU Data Protection Directive (notice, choice, access, security, protection in onward transfers, data integrity, and enforcement). The company also is to publicize its adherence to the Safe Harbor Principles on its website. The Federal Trade Commission (FTC) is charged with enforcement of the Safe Harbor undertakings under Section 5 of the Federal Trade Commission Act, which governs deceptive and unfair business practices. In other words, a company that commits publicly to adhering to the Safe Harbor principles (and that it has so certified to the Department of Commerce) is subject to enforcement by the FTC if it does not do so. Companies must do what they promise to do.] |
| FTC.: Has Internet Gone Beyond Privacy Policies?| Date Captured | Thursday January 21, 2010 08:55 AM | | NY Times STEPHANIE CLIFFORD writes [Previous commissions looked at privacy under the framework of whether consumers were harmed, and with the basis that companies must advise consumers about what they’re doing and obtain their consent, Mr. Leibowitz said. But companies “haven’t given consumers effective notice, so they can make effective choices,” he said.
Advise-and-consent “depended on the fiction that people were meaningfully giving consent,” Mr. Vladeck said. “The literature is clear” that few people read privacy policies, he said.] |
| FTC Probes Facebook's EPIC Privacy Fail| Date Captured | Thursday January 21, 2010 08:44 AM | | Media Post -- Wendy Davis writes - [In addition, a Facebook employee allegedly said recently that users' messages are stored in a database regardless of whether users attempt to delete them. "We track everything. Every photo you view, every person you're tagged with, every wall-post you make, and so forth," the employee allegedly added. EPIC alleges that these public statements demonstrate that Facebook engages in unfair and deceptive trade practices.
The new filing also questions a new iPhone synching feature that transfers users' iPhone contacts to Facebook, even when the phone contacts are not Facebook friends with the users.] |
| FTC spam site| Date Captured | Tuesday January 05, 2010 09:00 PM | | [This website has information about the Federal Trade Commission's recent law enforcement actions against deceptive commercial email and spammers' responsibilities under the CAN-SPAM law. In the "For Consumers" section, you'll find tips on how to reduce the amount of spam email in your in-box.] |
| Net Privacy 2010: How Far Will the Needle Move?| Date Captured | Saturday January 02, 2010 01:33 PM | | eSecurity Planet Kenneth Corbin writes [Some of the largest companies in the industry, including Google (NASDAQ: GOOG) and Microsoft (NASDAQ: MSFT), have expressed support for baseline privacy legislation, providing it doesn't get too specific in targeting specific technologies.
In the early part of 2010, Rep. Rick Boucher, who chairs the House subcommittee on technology and the Internet, has said he plans to introduce a bill that would do just that. He has been working with Cliff Stearns, the ranking Republican on the subcommittee, as well as the leaders of the subcommittee on consumer protection, to draft the bill, and spent the better part of 2009 seeking input from a variety of stakeholders.] |
| Refocusing the FTC’s Role in Privacy Protection | Date Captured | Monday December 14, 2009 05:31 PM | | Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable. |
| DOD nixes vendor of online monitoring software over privacy concerns| Date Captured | Monday December 07, 2009 08:53 PM | | Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats.
EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.]
[ |
| Ad Industry Works on Ads About Ads | Date Captured | Tuesday November 24, 2009 03:07 PM | | Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads.
The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.] |
| Federal data breach notification standard must pre-empt state laws| Date Captured | Monday November 16, 2009 08:33 PM | | Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.]
[Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.] |
| Refocusing the FTC’s Role in Privacy Protection| Date Captured | Tuesday November 10, 2009 03:33 PM | | Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [
A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology
Refocusing the FTC’s Role in Privacy Protection
1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable
2) The Significance of a Comprehensive Set of Fair Information Practice Principles
3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward
4) CDT Recommendations for Future FTC Action
|
| Data Accountability and Trust Act -- H. R. 2221 | Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 2221 -- To protect consumers by requiring reasonable security policies and procedures
to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| Children's Privacy (FTC and many additional federal agencies).| Date Captured | Sunday November 01, 2009 09:40 PM | | [Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number.
Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot.
What Can You Do?
Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.]
*****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
|
| FAIR INFORMATION PRACTICE PRINCIPLES| Date Captured | Friday October 30, 2009 11:08 AM | | Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection.(27) The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices.(28) Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
|
| SPITZER PPRA LAWSUIT RE: SALE OF STUDENT INFORMATION| Date Captured | Friday October 30, 2009 10:15 AM | | Parties Subject to Order
ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment
shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of
America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and
employees and any other person under their direction or control, whether acting individually or in
concert with others or through any corporate entity or device through which they may now or
hereafter act or conduct business (collectively “respondents”).
|
| Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009 | Date Captured | Monday May 04, 2009 04:43 PM | | [The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of
enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated
pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress
directed the Commission and other agencies to develop regulations requiring “creditors”3 and
“financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red
Flags Rule requires any of these entities that have “covered accounts” to develop and implement
written identity theft prevention programs.
The identity theft prevention programs must be designed to help identify, detect, and
respond to patterns, practices, or specific activities – known as “red flags” – that could indicate
identity theft. This rule applies to all entities that regularly permit deferred payments for goods
or services, including entities such as health care providers, attorneys, and other professionals, as
well as retailers and a wide range of businesses that invoice their customers.] |
| FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs| Date Captured | Monday May 04, 2009 04:38 PM | | [The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.]
|
| IE8's Cumbersome Privacy Controls May Discourage Use| Date Captured | Monday March 23, 2009 04:06 PM | | Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport.
The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.] |
| An Icon That Says They’re Watching You| Date Captured | Thursday March 19, 2009 06:20 PM | | NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all.
“I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ] |
| Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services | Date Captured | Tuesday March 17, 2009 06:48 PM | | EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud] |
| Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting | Date Captured | Wednesday March 04, 2009 03:05 PM | | Behavioral advertising still represents un-charted territory, without clearly applicable laws or regulations. In February, the Federal Trade Commission (FTC) published a set of guidelines (titled “Self-Regulatory Principles for Online Behavioral Advertising”) for companies collecting information on the actions of Internet users for the purpose of providing targeted advertising to them. The principles encourage self-regulatory action on the part of the companies themselves, specifically encouraging transparency and customer control, reasonable security and limited data retention for customer data.
These principles have been criticized by privacy advocates, who assert that government should impose stricter laws rather than relying on companies to self regulate.
|
| Cable Companies Target Commercials to Audience | Date Captured | Wednesday March 04, 2009 02:53 PM | | NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian.
Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.)
Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car.
Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
|
| YouTube's new 'nocookie' feature continues to serve cookies| Date Captured | Tuesday March 03, 2009 03:20 PM | | CNET -- Chris Soghoian says [ Those in the privacy community will likely pounce on this as evidence of Google's hypocrisy, while Google will likely respond by carefully parsing the definition of the phrase "non-session cookie" to not include Flash-cookie objects. Google might even even argue that its Flash-based cookies do not contain unique tracking information (something this blogger is unable to verify, since the Adobe Flash Manager only allows you to delete, but not view the contents of a Flash cookie).
One thing is clear. YouTube has advertised a new delayed cookie feature, and stated that it "does not send a cookie until the visitor plays the video." That message is further reinforced by the fact that the new cookie-lite embedded video players are served from a different domain name, youtube-nocookie.com.
Yet a user visiting a page that includes one of these "delayed cookie" videos still ends up with a long term, non-session Flash cookie hidden away in the depths of their browser.
Technical definitions of "cookie" versus "Flash cookie" aside, YouTube's "delayed cookie" feature simply fails to deliver on the company's promises.]
] |
| Protect Your Kids’ Privacy Online| Date Captured | Tuesday March 03, 2009 03:06 PM | | The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law. |
| FTC Online Privacy Guidelines Faulted| Date Captured | Friday February 13, 2009 01:11 PM | | Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting.
The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.] |
| The F.T.C. Talks Tough on Internet Privacy| Date Captured | Thursday February 12, 2009 07:20 PM | | NY Times - Saul Hansell --
[In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers.
“This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
|
| Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising| Date Captured | Thursday February 12, 2009 06:43 PM | | [CDT believes the 2008 NAI Principles, while late in addressing new trends in the
industry, demonstrate clear progress over the original code of conduct adopted in 2000.
The transparency of the NAI’s revision and compliance process, the approach to sensitive
information, and the coverage of advertising practices beyond behavioral advertising all
represent important steps forward. While robust self-regulation in the behavioral
advertising space does not obviate the need for a baseline federal privacy law covering
data collection and usage of all kinds, the NAI has made advances in several areas,
yielding what we hope will be better protections for consumer privacy.
However, the 2008 NAI Principles still come up short in crucial respects including the
opt-out choice requirement, the notice standard, the NAI member accountability model,
the failure to address ISP behavioral advertising, the lack of a choice requirement for
multi-site advertising, and the data retention principle. Some of these are outstanding
issues that have existed within the NAI framework since its inception, while others are
new concerns raised by the updates to the principles.] |
| FTC Staff Revises Online Behavioral Advertising Principles| Date Captured | Thursday February 12, 2009 06:19 PM | | The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected – including sensitive information regarding health, finances, or children – could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC’s overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace.
|
| Security In Numbers: Social Security Numbers and Identity Theft: A Federal Trade Commission Report Providing Recommendations On Social Security Number Use In the Private Sector | Date Captured | Thursday December 18, 2008 05:57 PM | | (December, 2008) Conclusion -- Since the creation of the SSN in 1936, the private sector increasingly has utilized it for various purposes – both as an identifier and an authenticator – because it is the only permanent, unique piece of information that most Americans have about themselves. The SSN’s use has expanded as organizations have adapted their business and record-keeping systems to utilize increasingly sophisticated
automated data processing. The SSN has, over time, become an integral part of our financial system.
As the private sector’s use of the SSN has grown, so too has its availability and value for identity thieves. The Commission believes that a number of actions could be taken to reduce the role of SSNs in identity theft, with emphasis on reducing the demand for SSNs by minimizing their value to identity thieves through improved authentication processes. Most importantly, the Commission recommends that Congress consider establishing national authentication standards for businesses that have consumer accounts and are not already subject to authentication requirements from other federal agencies.
Because authentication can never be perfect, however, the Commission also recommends
carefully targeted actions to limit the supply or availability of SSNs to identity thieves. Specifically, the Commission recommends that Congress consider prohibiting the display of SSNs on publicly-available documents, identification cards, and other materials that could potentially fall into the hands of identity thieves. The Commission also recommends that Congress set national safeguards and breach notification standards, because better-protected SSNs are less likely to fall into the hands of criminals. Finally, the Commission is committed to educating consumers on protecting their SSNs and businesses on reducing their use of SSNs, and recommends that the government and private
sector entities explore information sharing and other cooperative efforts to achieve these goals.
Together, these actions could substantially reduce the misuse of SSNs by identity thieves, while at the same time preserving the beneficial uses of SSNs in our economic system. |
| FTC Issues Report on Social Security Numbers and Identity Theft| Date Captured | Thursday December 18, 2008 05:48 PM | | The Federal Trade Commission issued a report today recommending five measures to help prevent Social Security numbers from being used for identity theft. Principal among the report’s recommendations is that Congress consider taking action to strengthen the procedures that private-sector organizations use to authenticate their customers’ identities.
“Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars,” the report states.
|
| Fusion CentersComments of the World Privacy Forum to FTC, Nov. 6, 2009| Date Captured | Thursday December 17, 2009 10:58 PM | | Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 -
[The World Privacy Forum understands that businesses have a right to exist and to make money,
and that advertising and marketing is part of the marketplace. But we also believe that there is
not a reasonable balance right now between what data is being collected and used, and what
consumers can do to manage that data and their privacy. There are no perfect solutions, but we
think that a rights-based framework based on approaches contained in the Fair Credit Reporting
Act and on Fair Information Practices will address many of the problems and help create
solutions that are equitable for all stakeholders.]
|
| GAOPrivacy flags raise concern for graduate students| Date Captured | Thursday March 11, 2010 09:24 PM | | by Katie Perkowski -[Undergraduate students are not the only ones concerned with personal information available through UK’s online people search — now, graduate students are voicing their concern, too.
Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.] |
| Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies| Date Captured | Thursday March 12, 2009 03:16 PM | | GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
|
| DOD’s and VA’s Sharing of Information | Date Captured | Friday January 30, 2009 10:11 AM | | (GAO-09-268) In the more than 10 years since DOD and VA began collaborating to
electronically share health information, the two departments have increased
interoperability. Nevertheless, while the departments continue to make
progress, the manner in which they report progress—by reporting increases
in interoperability over time—has limitations. These limitations are rooted in
the departments’ plans, which identify interoperable capabilities to be
implemented, but lack the results-oriented (i.e., objective, quantifiable, and
measurable) goals and associated performance measures that are a necessary
basis for effective management. Without establishing results-oriented goals,
then reporting progress using measures relative to the established goals, the
departments and their stakeholders do not have the comprehensive picture
that they need to effectively manage their progress toward achieving
increased interoperability. Further constraining the departments’
management effectiveness is their slow pace in addressing our July 2008
recommendation related to setting up the interagency program office that
Congress called for to function as a single point of accountability in the
development and implementation of electronic health record capabilities.
|
| CYBER ANALYSIS AND WARNING - DHS Faces Challenges in Establishing a Comprehensive National Capability| Date Captured | Tuesday September 23, 2008 10:15 AM | | GAO 08-588: We recommend that the Secretary of Homeland Security take four actions to fully establish a national cyber analysis and warning capability. Specifically, the Secretary should address deficiencies in each of the attributes identified for
Recommendations for Executive Action
• monitoring, including establish a comprehensive baseline understanding of the nation’s critical information infrastructure and engage appropriate nonfederal stakeholders to support a national-level cyber monitoring capability;
• analysis, including expanding its capabilities to investigate incidents;
• warning, including ensuring consistent notifications that are targeted, actionable, and timely; and
• response, including ensuring that US-CERT provides assistance in the mitigation of and recovery from simultaneous severe incidents, including incidents of national significance.
We also recommend that the Secretary address the challenges that impede DHS from fully implementing the key attributes, including the following 6 items:
• engaging appropriate stakeholders in federal and nonfederal entities to determine ways to develop closer working and more trusted relationships;
• expeditiously hiring sufficiently trained cyber analysts and developing strategies for hiring and retaining highly qualified cyber analysts;
• identifying and acquiring technological tools to strengthen cyber analytical capabilities and handling the steadily increasing workload; developing predictive analysis capabilities by defining terminology, methodologies, and indicators, and engaging appropriate stakeholders in other federal and nonfederal entities;
• filling key management positions and developing strategies for hiring and retaining those officials; and
• ensuring that there are distinct and transparent lines of authority and responsibility assigned to DHS organizations with cybersecurity roles and responsibilities, including the Office of Cybersecurity and Communications and the National Cybersecurity Center. |
| Alternatives Exist for Enhancing Protection of Personally Identifiable Information| Date Captured | Saturday June 21, 2008 08:57 PM | | Highlights of GAO-08-536, a report to congressional requesters: In assessing the appropriate balance between the needs of the federal government to collect personally identifiable information for programmatic purposes and the assurances that individuals should have that their information is being sufficiently protected and properly used, Congress should consider amending applicable laws, such as the Privacy Act and the E-Government Act, according to the alternatives outlined in this report, including:
• revising the scope of the laws to cover all personally identifiable information collected, used, and maintained by the federal government;
• setting requirements to ensure that the collection and use of personally identifiable information is limited to a stated purpose; and
• establishing additional mechanisms for informing the public about privacy protections by revising requirements for the structure and publication of public notices. |
| PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information| Date Captured | Wednesday June 18, 2008 05:09 PM | | In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes. |
| Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown| Date Captured | Thursday June 05, 2008 07:03 PM | | GAO-07-737 -- There are two primary forms of identity theft. First, identity thieves can use financial account identifiers, such as credit card or bank account numbers, to take over an individual’s existing accounts to make unauthorized charges or withdraw money. Second, thieves can use identifying data, which can include such things as SSNs and driver’s license numbers, to open new financial accounts and incur charges and credit in an individual’s name, without that person’s knowledge. This second form of identity theft is potentially the most damaging because, among other things, it can take some time before a victim becomes aware of the problem, and it can cause substantial harm to the victim’s credit rating. While some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. |
| Health and Human Services (HHS)Federal departments fall short on civil liberties| Date Captured | Tuesday January 27, 2009 10:14 AM | | By Peter Eisler, USA TODAY - [WASHINGTON — The departments of Defense, State, and Health and Human Services have not met legal requirements meant to protect Americans' civil liberties, and a board that's supposed to enforce the mandates has been dormant since 2007, according to federal records.
All three departments have failed to comply with a 2007 law directing them to appoint civil liberties protection officers and report regularly to Congress on the safeguards they use to make sure their programs don't undermine the public's rights and privacy, a USA TODAY review of congressional filings shows.] |
| Rethinking the Role of Consent in Protecting Health Information Privacy| Date Captured | Tuesday January 27, 2009 09:52 AM | | CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009.
This paper advocates for a new generation of privacy protections that allow personal health information
to flow among health care entities for treatment, payment, and certain core administrative tasks without
first requiring patient consent, as long as there is a comprehensive framework of rules that governs
access to and disclosure of health data. Patient consent is one important element of this framework,
but relying on consent would do little to protect privacy. This paper also suggests how a framework of
protections can provide patients with more meaningful opportunities to make informed choices about
sharing their personal health information online.
|
| HealthcareHealth care meets social networking| Date Captured | Thursday January 22, 2009 03:59 PM | | Jacksonville Business Journal - Kimberly Morrison -- [Mayo Clinic, which has a campus in Jacksonville, has come a long way in just a few years, since adding a Facebook page with more than 3,000 friends, a YouTube channel with videos of doctors talking about illness, treatments and research, a health blog for consumers and another for media to improve the process of medical reporting. It’s also creating “secret groups” on Facebook to connect patients to others with similar illnesses, an area it hopes to expand in the future.
But that’s just the tip of the iceberg in the brave new world of Health 2.0.]
|
| Higher EducationH.R.6. Higher Education Amendments of 1998| Date Captured | Monday March 08, 2010 06:54 PM | | An Act - To extend the authorization of programs under the Higher Education Act of 1965,
and for other purposes.
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) SHORT TITLE.—This Act may be cited as the ‘‘Higher Education Amendments of 1998’’.
|
| Quinn Emanuel Brochure Spills Value of Confidential Facebook Settlement| Date Captured | Wednesday February 11, 2009 07:17 PM | | The Reporter - Zusha Elinson -- [Facebook paid the founders of ConnectU $65 million to settle lawsuits accusing Facebook CEO Mark Zuckerberg of stealing the idea for the wildly successful social-networking Web site, according to a law firm's marketing brochure.
Lawyers in the heavyweight fight had expended great effort to keep the settlement secret -- even going as far as persuading a judge to clear the courtroom of reporters on one occasion. But ConnectU's former lawyers from Quinn Emanuel Urquhart Oliver & Hedges published the settlement amount in a firm advertisement trumpeting the firm's prowess.] [The ConnectU dispute got started at Harvard, where ConnectU's founders, Cameron and Tyler Winklevoss and Divya Narendra hired fellow student Zuckerberg to work on code for a dating Web site for Harvard students. They sued Facebook in 2004, accusing Zuckerberg of delaying the project while using the information to start his own Web site. He quit Harvard and moved to Palo Alto, Calif., to start the company. ConnectU's lawyers argued that it amounted to trade secret theft and copyright infringement. Last February, Facebook agreed to settle the matter by paying to acquire ConnectU.]
|
| Student Information Not For Sale At UW- Marathon County| Date Captured | Wednesday February 11, 2009 07:06 PM | | Wsaw.com reporter: Margo Spann --
[Private companies looking to sell or market products to college students are buying information about them directly from their schools.
The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students.
She says companies are often looking to buy students names, birth-dates, and email addresses.]
|
| Family Educational Rights and Privacy; Final Rule| Date Captured | Tuesday December 09, 2008 07:02 PM | | FR Doc E8-28864[Federal Register: December 9, 2008 (Volume 73, Number 237)]
[Rules and Regulations]
[Page 74805-74855]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr09de08-8] |
| Thurston cameras not a privacy violation| Date Captured | Thursday December 04, 2008 05:06 PM | | Amanda Crowe, a freshman majoring in international affairs and Hatchet columnist says [Authoritarianism prevents personal freedoms, these cameras do not. Students are free to do as they wish, as long as they follow the law and University rules. These laws and rules are what you agree to when you live in this country and go to this school. So what's there to hide?]
|
| Mobile phones demystify commuter rat race| Date Captured | Saturday June 07, 2008 05:04 PM | | Blog responds to this controversial academic research. |
| Study secretly tracks cellphone users| Date Captured | Thursday June 05, 2008 03:01 PM | | AP reports, "Researchers secretly tracked the locations of 100,000 people outside the United States through their cellphone use and concluded that most people rarely stray more than a few miles from home.
The first-of-its-kind study by Northeastern University raises privacy and ethical questions for its monitoring methods, which would be illegal in the United States."
|
| EDUCAUSE | Date Captured | Tuesday June 03, 2008 08:26 PM | | EDUCAUSE is a nonprofit association and good source of information about FERPA and higher education. |
| Huge Databases Offer a Research Gold Mine — and Privacy Worries| Date Captured | Tuesday June 03, 2008 08:14 PM | | By DAVID GLENN from the issue dated May 9, 2008 Chronicle of Higher Education, "Researchers have used the new databases to study many issues, including which high-school math courses are most important for college success and how exposure to adjunct instructors affects student retention.
But the new education databases create obvious challenges for protecting student privacy — which is one reason most states have been slow to build them. Florida's education department takes elaborate steps to 'de-identify' its information before handing it to outside researchers.
Despite those efforts, nervous officials in other states look at a system like Florida's and worry about potential violations of the Family Educational Rights and Privacy Act, or Ferpa. In March the U.S. Department of Education proposed new Ferpa regulations that might clarify the ground rules for the use of such databases, but it is far from certain that the new rules will make states more comfortable with the projects." http://chronicle.com -- Section: The Faculty -- Volume 54, Issue 35, Page A10
|
| Guidelines for Working with Law Enforcement Agencies| Date Captured | Wednesday August 08, 2007 12:15 PM | | By Michael Corn. EQ -- Volume 30 Number 3 2007. Checklist:
* Create a policy to address the handling of all legal documents.
* Form a team consisting of the security officer, legal counsel, and campus police.
* Put campus legal counsel on your telephone speed-dial.
* Meet with provost and/or chancellor to discuss law enforcement requests and investigations.
* Review and document the salient features of your environment, including your institutional policies on data release and retention.
* Understand your obligations with regard to confidentiality.
* Discuss with the agent(s) in charge of an investigation whom you wish to inform of the investigation and why.
* Work with the agent(s) in charge of an investigation to review what they are looking for and what will not be useful to them.
* Develop internal procedures that control the materials and information of legally restricted information. Buy a safe for storing legal materials.
* Work with law enforcement agents to better understand your environment and narrow the scope of information requests.
|
| HIPAAPersonal Health Information Privacy| Date Captured | Sunday January 10, 2010 04:42 PM | | News about medical and electronic health privacy risk. |
| Bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| Washington state bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| Health care meets social networking| Date Captured | Thursday January 22, 2009 03:59 PM | | Jacksonville Business Journal - Kimberly Morrison -- [Mayo Clinic, which has a campus in Jacksonville, has come a long way in just a few years, since adding a Facebook page with more than 3,000 friends, a YouTube channel with videos of doctors talking about illness, treatments and research, a health blog for consumers and another for media to improve the process of medical reporting. It’s also creating “secret groups” on Facebook to connect patients to others with similar illnesses, an area it hopes to expand in the future.
But that’s just the tip of the iceberg in the brave new world of Health 2.0.]
|
| What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008| Date Captured | Sunday January 18, 2009 09:39 PM | | By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following?
Data-processing companies;
Insurers;
Researchers (in some instances);
Hospitals;
Doctors (even those not treating you);
Law enforcement officials;
Public health officials;
Federal government.
|
| Privacy Issue Complicates Push to Link Medical Data | Date Captured | Sunday January 18, 2009 05:39 PM | | NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.”
The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives.
“Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]
|
| Secretary Leavitt Announces New Principles, Tools to Protect Privacy, Encourage More Effective Use of Patient Information to Improve Care| Date Captured | Thursday December 18, 2008 05:11 PM | | The privacy principles articulated by Secretary Leavitt are as follows:
Individual Access – Consumers should be provided with a simple and timely means to access and obtain their personal health information in a readable form and format.
Correction – Consumers should be provided with a timely means to dispute the accuracy or integrity of their personal identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers also should be able to add to and amend personal health information in products controlled by them such as personal health records (PHRs).
Openness and Transparency -- Consumers should have information about the policies and practices related to the collection, use and disclosure of their personal information. This can be accomplished through an easy-to-read, standard notice about how their personal health information is protected. This notice should indicate with whom their information can or cannot be shared, under what conditions and how they can exercise choice over such collections, uses and disclosures. In addition, consumers should have reasonable opportunities to review who has accessed their personal identifiable health information and to whom it has been disclosed.
Individual Choice -- Consumers should be empowered to make decisions about with whom, when, and how their personal health information is shared (or not shared).
Collection, Use, and Disclosure Limitation – It is important to limit the collection, use and disclosure of personal health information to the extent necessary to accomplish a specified purpose. The ability to collect and analyze health care data as part of a public good serves the American people and it should be encouraged. But every precaution must be taken to ensure that this personal health information is secured, deidentified when appropriate, limited in scope and protected wherever possible.
Data Integrity – Those who hold records must take reasonable steps to ensure that information is accurate and up-to-date and has not been altered or destroyed in an unauthorized manner. This principle is tightly linked to the correction principle. A process must exist in which, if consumers perceive a part of their record is inaccurate, they can notify their provider. Of course the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers that right, but this principle should be applied even where the information is not covered by the Rule.
Safeguards – Personal identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure.
Accountability – Compliance with these principles is strongly encouraged so that Americans can realize the benefit of electronic health information exchange. Those who break rules and put consumers’ personal health information at risk must not be tolerated. Consumers need to be confident that violators will be held accountable.
|
| The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information| Date Captured | Thursday December 18, 2008 04:56 PM | | The principles of the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information below establish a single, consistent approach to address the privacy and security challenges related to electronic health information exchange through a network for all persons, regardless of the legal framework that may apply to a particular organization. The goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation’s adoption of health information technologies and help improve the availability of health information and health care quality. The principles have been designed to establish the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a netwo |
| Joint Guidance on the Application of the Family Educational Rights and Privacy Act (FERPA) And the Health Insurance Portability and Accountability Act of 1996 (HIPAA) To Student Health Records (ID: CSD5578)| Date Captured | Thursday December 04, 2008 04:36 PM | | The HIPAA Privacy Rule specifically excludes from its coverage those records that are protected by
FERPA. When making determinations as to whether personally identifiable information from
student health records maintained by the educational agency or institution may be disclosed, school
officials at institutions subject to FERPA should refer to FERPA and its requirements. While the
educational agency or institution has the responsibility to make the initial, case-by-case
determination of whether a disclosure meets the requirements of FERPA, the Department of
Education’s Family Policy Compliance Office is available to offer technical assistance to school
officials in making such determinations |
| Medical Blogs May Threaten Patient Privacy| Date Captured | Friday August 08, 2008 04:57 PM | | US News and World Report -- "In some cases, patients described in medical blogs may be able to identify themselves, the researchers said. For example, three of the blogs in the study had recognizable photos of patients, including one with an extensive description of the patient and links to photos.
The researchers also found that some of the medical blogs allowed advertisements, and some promoted health -care products within the blog text. None of the bloggers who described products within the text adhered to medical ethics standards of providing information on conflicts of interest, or whether payment was received for promotion of the products.
The study was published online in the Journal of General Internal Medicine." (Dr. Tara Lagu, Robert Wood Johnson Foundation Clinical Scholar, and colleagues at the University of Pennsylvania)
|
| CDT Testimony before House Health Subcommittee, June 04, 2008| Date Captured | Wednesday June 04, 2008 04:20 PM | | CDT Testimony Supports Draft Health Health Information Legislation -- We need a comprehensive privacy and security framework that is based on fair
information practices (i.e., the Markle Foundation Common Framework) and sets
clear guidelines for use and disclosure of electronic health information. The
framework should build on HIPAA and incorporate protections for health information
held by non-health care entities.CDT today testified before the House Health Subcommittee in support of draft legislation regarding health information technology and privacy legislation. CDT supports the draft language because it takes critical steps toward the goal of a comprehensive privacy and security framework, and targets many of the key issues raised by the new e-health environment. CDT urged the Subcommittee to develop this framework by building on the HIPAA Privacy and Security Rules. CDT also recommended including strong protections for health information held, or managed on behalf of consumers, by employers and companies not part of the traditional health care system |
| Personal Health Records: Why Many PHRs Threaten Privacy| Date Captured | Monday June 02, 2008 05:26 PM | | Prepared by Robert Gellman for the World Privacy Forum - "Significant privacy consequences of PHRs not covered under HIPAA can include:
• Health records in a PHR may lose their privileged status.
• PHR records can be more easily subpoenaed by a third party than health records
covered under HIPAA.
• Identifiable health information may leak out of a PHR into the marketing system
or to commercial data brokers.
• In some cases, the information in a non-HIPAA covered PHR may be sold,
rented, or otherwise shared.
• It may be easier for consumers to accidentally or casually authorize the sharing of
records in a PHR.
• Consumers may think they have more control over the disclosure of PHR records
than they actually do.
• The linkage of PHR records from different sources may be embarrassing, cause
family problems, or have other unexpected consequences.
• Privacy protections offered by PHR vendors may be weaker than consumers
expect and may be subject to change without notice or consumer consent." |
| Hospitals, patients clash on privacy rights| Date Captured | Monday June 02, 2008 03:45 PM | | "California has a medical privacy act 'designed to prevent patients from being used as a marketing database,' said San Francisco attorney Khaldoun Baghdadi, who has handled claims from patients who believe their privacy has been violated. 'If that medical information was disclosed negligently, each patient can be awarded $1,000 per violation.'"
|
| ID "REAL ID Implementation Review: Few Benefits, Staggering Costs"| Date Captured | Tuesday June 03, 2008 02:35 PM | | EPIC: The final rule includes few protections for individual privacy and security
in its massive national identification database. It harms national security by
creating yet another “trusted” credential for criminals to exploit. The Department
of Homeland Security has faced so many obstacles with the REAL ID system that
the agency now plans an implementation deadline of 2017 – nine years later than
the 2008 statutory deadline.181 It is an unfunded mandate that would cost
billions, with the burden ultimately being placed on the individual taxpayer.
Technical experts familiar with the challenges of privacy protection and
identification presented the Department of Homeland Security with a variety of
recommendations that would have minimized the risks of the REAL ID system.
The DHS made some modifications, but left the essential system in place. As
REAL ID currently stands, the costs are many and the benefits are few. Public
opposition to implementation is understandable. |
| N.Y. opts for hybrid driver’s licenses| Date Captured | Tuesday June 03, 2008 02:03 PM | | Washington Technology reports, "Some of the enhanced licenses have been controversial because of privacy concerns. Washington, which was the first state to begin producing the new licenses, includes a radio frequency identification microchip on the licenses. The RFID chips, which can be read wirelessly from 20 feet to 30 feet away, have been criticized for their potential to be scanned without authorization, risking identity theft and loss of privacy.
It is not clear whether New York’s licenses will include the RFID chip. Information was not immediately available from a spokesman for the state Department of Motor Vehicles."
|
| Identification and Authentication Resource Page| Date Captured | Monday June 02, 2008 03:13 PM | | This is a resource page in connection with the Center for American Progress report “The ID Divide: Addressing the Problems of Identification and Authentication in American Society,” by Peter P. Swire and Cassandra Q. Butts.
|
| The ID Divide -- Addressing the Challenges of Identification and Authentication in American Society| Date Captured | Monday June 02, 2008 03:03 PM | | By Peter Swire, Cassandra Q. Butts. "Our report first explores the background of the issue, including the sharp rise in recent years in how often Americans are asked for proof of identity. We then examine the facts of the ID Divide in detail, identifying at least four important types of problems: A large population affected by identity theft and data breaches;
The growing effects of watch lists; Specific groups that disproportionately lack IDs today; The effects of new and stricter ID and matching requirements. |
| Identity TheftCommission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009 | Date Captured | Monday May 04, 2009 04:43 PM | | [The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of
enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated
pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress
directed the Commission and other agencies to develop regulations requiring “creditors”3 and
“financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red
Flags Rule requires any of these entities that have “covered accounts” to develop and implement
written identity theft prevention programs.
The identity theft prevention programs must be designed to help identify, detect, and
respond to patterns, practices, or specific activities – known as “red flags” – that could indicate
identity theft. This rule applies to all entities that regularly permit deferred payments for goods
or services, including entities such as health care providers, attorneys, and other professionals, as
well as retailers and a wide range of businesses that invoice their customers.] |
| FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs| Date Captured | Monday May 04, 2009 04:38 PM | | [The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.]
|
| New York State Consumer Protection Board (CPB)| Date Captured | Friday December 26, 2008 05:07 PM | | The Consumer Protection Board, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and "think tank." The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the "Do Not Call Law"; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission (PSC) and other State and federal agencies.
|
| Security In Numbers: Social Security Numbers and Identity Theft: A Federal Trade Commission Report Providing Recommendations On Social Security Number Use In the Private Sector | Date Captured | Thursday December 18, 2008 05:57 PM | | (December, 2008) Conclusion -- Since the creation of the SSN in 1936, the private sector increasingly has utilized it for various purposes – both as an identifier and an authenticator – because it is the only permanent, unique piece of information that most Americans have about themselves. The SSN’s use has expanded as organizations have adapted their business and record-keeping systems to utilize increasingly sophisticated
automated data processing. The SSN has, over time, become an integral part of our financial system.
As the private sector’s use of the SSN has grown, so too has its availability and value for identity thieves. The Commission believes that a number of actions could be taken to reduce the role of SSNs in identity theft, with emphasis on reducing the demand for SSNs by minimizing their value to identity thieves through improved authentication processes. Most importantly, the Commission recommends that Congress consider establishing national authentication standards for businesses that have consumer accounts and are not already subject to authentication requirements from other federal agencies.
Because authentication can never be perfect, however, the Commission also recommends
carefully targeted actions to limit the supply or availability of SSNs to identity thieves. Specifically, the Commission recommends that Congress consider prohibiting the display of SSNs on publicly-available documents, identification cards, and other materials that could potentially fall into the hands of identity thieves. The Commission also recommends that Congress set national safeguards and breach notification standards, because better-protected SSNs are less likely to fall into the hands of criminals. Finally, the Commission is committed to educating consumers on protecting their SSNs and businesses on reducing their use of SSNs, and recommends that the government and private
sector entities explore information sharing and other cooperative efforts to achieve these goals.
Together, these actions could substantially reduce the misuse of SSNs by identity thieves, while at the same time preserving the beneficial uses of SSNs in our economic system. |
| FTC Issues Report on Social Security Numbers and Identity Theft| Date Captured | Thursday December 18, 2008 05:48 PM | | The Federal Trade Commission issued a report today recommending five measures to help prevent Social Security numbers from being used for identity theft. Principal among the report’s recommendations is that Congress consider taking action to strengthen the procedures that private-sector organizations use to authenticate their customers’ identities.
“Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars,” the report states.
|
| Federal Trade Commission Identity Theft Survery Report 2006| Date Captured | Friday June 27, 2008 07:43 PM | | Executive Summary
Identity theft (ID theft) is an issue that continues to plague consumers, businesses, and law enforcement. To provide greater insight into the prevalence and cost of ID theft, the Federal Trade Commission (FTC) has sponsored its second ID theft survey of US adults. The specific objectives of the survey were to:
•
Estimate the prevalence of ID theft victimization
•
Measure the impacts of ID theft on the victims
•
Identify actions taken by victims
•
Explore measures that may help victims of future cases of ID theft |
| Data Breaches Are Frequent, but Evidence of Resulting Identity Theft Is Limited; However, the Full Extent Is Unknown| Date Captured | Thursday June 05, 2008 07:03 PM | | GAO-07-737 -- There are two primary forms of identity theft. First, identity thieves can use financial account identifiers, such as credit card or bank account numbers, to take over an individual’s existing accounts to make unauthorized charges or withdraw money. Second, thieves can use identifying data, which can include such things as SSNs and driver’s license numbers, to open new financial accounts and incur charges and credit in an individual’s name, without that person’s knowledge. This second form of identity theft is potentially the most damaging because, among other things, it can take some time before a victim becomes aware of the problem, and it can cause substantial harm to the victim’s credit rating. While some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. |
| Do Data Breach Disclosure Laws Reduce Identity Theft? | Date Captured | Thursday June 05, 2008 06:07 PM | | Identity theft resulted in corporate and consumer losses of $56 billion dollars in 2005, with about 30% of
known identity thefts caused by corporate data breaches. Many US states have responded by adopting data
breach disclosure laws that require firms to notify consumers if their personal information has been lost or
stolen. While the laws are expected to reduce losses, their full effects have yet to be empirically measured.
We use panel from the US Federal Trade Commission with state and time fixed-effects regression to
estimate the impact of data breach disclosure laws on identity theft over the years 2002 to 2006. We find no
statistically significant effect that laws reduce identity theft, even after considering income, urbanization,
strictness of law and interstate commerce. If the probability of becoming a victim conditional on a data
breach is very small, then the law’s maximum effectiveness is inherently limited. Quality of data and the
possibility of reporting bias also make proper identification difficult. However, we appreciate that these
laws may have other benefits such as reducing a victim’s average losses and improving a firm’s security and
operational practices. |
| ImmigrationEnhanced Driver’s Licenses Coming Your Way…| Date Captured | Sunday July 27, 2008 05:01 PM | | Steven A. Culbreath, Esq. blogs, "DHS has worked to align REAL ID and EDL requirements. EDLs that are developed consistent with the requirements of REAL ID can be used for official purposes such as accessing a Federal facility, boarding Federally-regulated commercial aircraft, and entering nuclear power plants." And... "While the REAL ID requires proof of legal status in the U.S., the state issued EDL will require that the card holder be a U.S. citizen." |
| Information PolicyCenter for Digital Democracy| Date Captured | Friday February 13, 2009 01:22 PM | |
| | Medical Blogs May Threaten Patient Privacy| Date Captured | Friday August 08, 2008 04:57 PM | | US News and World Report -- "In some cases, patients described in medical blogs may be able to identify themselves, the researchers said. For example, three of the blogs in the study had recognizable photos of patients, including one with an extensive description of the patient and links to photos.
The researchers also found that some of the medical blogs allowed advertisements, and some promoted health -care products within the blog text. None of the bloggers who described products within the text adhered to medical ethics standards of providing information on conflicts of interest, or whether payment was received for promotion of the products.
The study was published online in the Journal of General Internal Medicine." (Dr. Tara Lagu, Robert Wood Johnson Foundation Clinical Scholar, and colleagues at the University of Pennsylvania)
|
| Wolf Reveals House Computers Compromised by Outside Source| Date Captured | Tuesday June 17, 2008 01:21 PM | | Offers Privileged Resolution on House Floor Calling for Greater Protection Of Congressional Computer and Information Systems.
|
| Access Rights to Business Data on Personally-Owned Computers| Date Captured | Thursday June 05, 2008 10:51 AM | | A White Paper by John C. Montaña for The ARMA International Education Foundation. "The continuing and pervasive blurring of the boundaries between work and home
environments is another reality for many workers. Increased responsibilities and
workloads, demands for longer hours and many other factors combine to create a
situation in which many workers are required to resort to extraordinary measures to meet
the demands of work and profession.
In many cases, these demands are met by working at home. Increasingly, this work is
computer-based work, and includes e-mail, word processing documents, spreadsheet and
other computer-generated data objects. In many cases, this work is done on a computer
provided by the employer for the purposes of facilitating the employee’s at-home work.
In many other cases, however, the work is performed on a computer owned the employee
themselves or someone else living in the employee’s residence." |
| The Internet in Transition: A Platform To Keep the Internet Open, Innovative and Free| Date Captured | Thursday June 05, 2008 10:13 AM | | CDT publication excerpt: "The Internet’s remarkable success is built on a policy framework based on the
principles of openness, competition, innovation, non-discrimination, privacy,
consumer choice and freedom of expression. Faced with legitimate concerns
ranging from terrorism to the protection of children online, policymakers must
find solutions that reinforce — rather than undermine — these core principles." |
| Electronic Privacy Information Center (EPIC)| Date Captured | Sunday June 01, 2008 05:31 PM | | EPIC is a public interest research center in Washington, D.C. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. |
| Intellectual PropertyGoogle's Big Fat Looming Antitrust Problem| Date Captured | Friday May 08, 2009 06:58 PM | | E-Commerce Times -- By Erika Morphy -- [It is difficult to pinpoint exactly where the antitrust fault line is in this particular case, which revolves around a lawsuit the Association of American Publishers and the Authors Guild filed against Google some three years ago in an effort to shut down its book-scanning project. Critics of last month's settlement said the plaintiffs do not represent all of the authors of works that Google will eventually publish in its Book Search Project.
The possibility that this deal could give Google a monopoly over electronically available copyrighted works appears to be the antitrust basis for the inquiry.] |
| International Canadian airlines plead with government to solve U.S. security dilemma| Date Captured | Thursday January 07, 2010 08:04 PM | | C Jim Bronskill (CP) -- [OTTAWA — Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information.]
|
| Internet Happy Birthday, Internet| Date Captured | Friday October 30, 2009 08:22 PM | | NPR interview -- authentication and privacy concerns mentioned.
October 30, 2009
[On Oct. 29, 1969, around 10:30 P.M., a message from one computer was sent over a modified phone line to another computer hundreds of miles away. Some say the Internet was born that day. UCLA computer scientist Leonard Kleinrock, who was there, gives his account.]
IMPORTANT EXCERPT:
[Dr. KLEINROCK: Yes. In fact, in those early days, the culture of the Internet was one of trust, openness, shared ideas. You know, I knew everybody on the Internet in those days and I trusted them all. And everybody behaved well, so we had a very easy, open access. We did not introduce any limitations nor did we introduce what we should have, which was the ability to do strong user authentication and strong file authentication. So I know that if you are communicating with me, it's you, Ira Flatow, and not someone else. And if you send me a file, I receive the file you intended me to receive.
We should've installed that in the architecture in the early days. And the first thing we should've done with it is turn it off, because we needed this open, trusted, available, shared environment, which was the culture, the ethics of the early Internet. And then when we approach the late 1980s and the early 1990s and spam, and viruses, and pornography and eventually the identity theft and the fraud, and the botnets and the denial of service we see today, as that began to emerge, we should then slowly have turned on that authentication process, which is part of what your other caller referred to is this IPV6 is an attempt to bring on and patch on some of this authentication capability. But it's very hard now that it's not built deep into the architecture of the Internet.]
|
| The F.T.C. Talks Tough on Internet Privacy| Date Captured | Thursday February 12, 2009 07:20 PM | | NY Times - Saul Hansell --
[In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers.
“This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
|
| LegislationFederal Register: July 6, 2000 (Volume 65, Number 130)| Date Captured | Tuesday March 09, 2010 04:56 PM | | DEPARTMENT OF EDUCATION - 34 CFR Part 99 - Family Educational Rights and Privacy- AGENCY: Department of Education. ACTION: Final regulations. SUMMARY: The Secretary amends the regulations implementing the Family
Educational Rights and Privacy Act (FERPA). The amendments are needed
to implement sections 951 and 952 of the Higher Education Amendments of
1998 (HEA). These amendments permit postsecondary institutions to
disclose certain information to the public and to parents of students.
DATES: These regulations are effective August 7, 2000. |
| H.R.6. Higher Education Amendments of 1998| Date Captured | Monday March 08, 2010 06:54 PM | | An Act - To extend the authorization of programs under the Higher Education Act of 1965,
and for other purposes.
Be it enacted by the Senate and House of Representatives of
the United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) SHORT TITLE.—This Act may be cited as the ‘‘Higher Education Amendments of 1998’’.
|
| Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices" | Date Captured | Thursday January 07, 2010 06:04 PM | | State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" --
Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.] |
| Net Privacy 2010: How Far Will the Needle Move?| Date Captured | Saturday January 02, 2010 01:33 PM | | eSecurity Planet Kenneth Corbin writes [Some of the largest companies in the industry, including Google (NASDAQ: GOOG) and Microsoft (NASDAQ: MSFT), have expressed support for baseline privacy legislation, providing it doesn't get too specific in targeting specific technologies.
In the early part of 2010, Rep. Rick Boucher, who chairs the House subcommittee on technology and the Internet, has said he plans to introduce a bill that would do just that. He has been working with Cliff Stearns, the ranking Republican on the subcommittee, as well as the leaders of the subcommittee on consumer protection, to draft the bill, and spent the better part of 2009 seeking input from a variety of stakeholders.] |
| Lawmakers probe deeper into privacy | Date Captured | Saturday November 21, 2009 01:16 PM | | By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies.
In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.] |
| PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature | Date Captured | Sunday November 08, 2009 10:35 PM | | SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 -
2. Marketing purposes. "Marketing purposes," with respect to the use of health-related
information or personal information, means the purposes of marketing or advertising products, goods or
services to individuals.
3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate,
organization, society, business trust, attorney-in-fact and every natural or artificial legal entity.
4. Personal information. "Personal information" means individually identifiable information,
including:
A. An individual's first name, or first initial, and last name;
B. A home or other physical address;
C. A social security number;
D. A driver's license number or state identification card number; and
E. Information concerning a minor that is collected in combination with an identifier described in
this subsection.
5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort,
taking into consideration available technology, including a request for authorization for future collection,
use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the
PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature
An Act To Prevent Predatory Marketing Practices against Minors
collection of personal information, use and disclosure practices and authorizes the collection, use and
disclosure, as applicable, of personal information and the subsequent use of that information before that
information is collected from that minor.
§ 9552. Unlawful collection and use of data from minors |
| 201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH| Date Captured | Saturday November 07, 2009 04:49 PM | | (1) Purpose
This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met
by persons who own or license personal information about a resident of the Commonwealth of
Massachusetts. This regulation establishes minimum standards to be met in connection with
the safeguarding of personal information contained in both paper and electronic records. The
objectives of this regulation are to insure the security and confidentiality of customer
information in a manner fully consistent with industry standards; protect against anticipated
threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or
inconvenience to any consumer. |
| Data Accountability and Trust Act -- H. R. 2221 | Date Captured | Thursday November 05, 2009 03:19 PM | | H. R. 2221 -- To protect consumers by requiring reasonable security policies and procedures
to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach.
[Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
|
| ‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490| Date Captured | Wednesday November 04, 2009 02:19 PM | | 11TH CONGRESS - 1ST SESSION -- S. 1490:
To prevent and mitigate identity theft, to ensure privacy, to provide notice
of security breaches, and to enhance criminal penalties, law enforcement
assistance, and other protections against security breaches, fraudulent
access, and misuse of personally identifiable information.
|
| Americans Don't Like Being Tracked on Web | Date Captured | Monday October 05, 2009 06:21 PM | | [The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.] |
| Predatory Marketing Law Opposed By AOL, News Corp., Yahoo, Others| Date Captured | Sunday August 30, 2009 08:59 PM | |
A new privacy law in Maine is facing a court challenge from media organizations as well as a coalition of online companies including AOL, News Corp. and Yahoo.
[The new law, officially titled "An Act To Prevent Predatory Marketing Practices against Minors," prohibits companies from knowingly collecting personal information or health-related information from minors under 18 without their parents' consent. The measure also bans companies from selling or transferring health information about minors that identifies them, regardless of how the data was collected. ]
[Privacy advocate Jeff Chester said the law's basic premise is valid, but that it "likely needs to be revised to accommodate concerns about its impact on educational and other non-profit uses." ] |
| Facebook to modify its privacy guidelines| Date Captured | Saturday August 22, 2009 06:55 PM | | By Matt Hartley, Financial Post [Facebook Inc. says it's on the same page as Canada's top privacy watchdog and plans to tweak its privacy and security policies to bring the world's largest social network in line with Canadian privacy law.] |
| Bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| Washington state bill would make prescription data private| Date Captured | Tuesday January 27, 2009 10:25 AM | | ["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill.
HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.] |
| Child Porn Laws Used Against Kids Who Photograph Themselves| Date Captured | Thursday January 15, 2009 08:09 PM | | Wired -- Kim Zetter -- [In the Pennsylvania case, a school official seized the phone of one of the boys after he was caught using it during school hours in violation of a school rule, according to local police Capt. George Seranko. The official found the picture on the phone, and after some interrogation, discovered that two other girls had also e-mailed photos of themselves in the nude to friends. That's when the school called police, who obtained search warrants to seize the phones and examine them. Police showed the images to the local district attorney, who recommended they bring charges.]
|
| Genetic Privacy - Individual's Genetic Information - Personal Property Rights | Date Captured | Monday January 12, 2009 08:32 PM | | HOUSE BILL 12 -- File Code: Criminal Law - Substantive Crimes
Crossfiled with: SENATE BILL 54 -
Prohibiting a person from knowingly collecting, analyzing, or retaining a DNA sample from an individual, performing a DNA analysis, or retaining or disclosing the results of a DNA analysis without written informed consent; exempting the collection and analysis of DNA samples for specified purposes from the prohibition; providing that the DNA sample and the results of the DNA analysis are the exclusive property of the individual from whom the sample is collected; etc.
|
| HB 38 - Microchip Consent Act of 2009| Date Captured | Monday January 12, 2009 07:29 PM | | To amend Chapter 1 of Title 51 of the Official Code of Georgia Annotated, relating to general provisions regarding torts, so as to prohibit requiring a person to be implanted with a microchip; to provide for a short title; to provide for definitions; to provide for penalties; to provide for regulation by the Composite State Board of Medical Examiners; to provide for related matters; to provide for an effective date; to repeal conflicting laws; and for other purposes.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA:
|
| Ohio House Bill Number 648| Date Captured | Thursday December 25, 2008 02:23 PM | | (127th General Assembly)
(Substitute House Bill Number 648)
AN ACT -- To amend section 1347.99 and to enact sections 1347.15 and 5703.211 of the Revised Code to require state agencies to adopt rules governing access to the confidential personal information that they keep, to create a civil action for harm resulting from an intentional violation of these rules, to impose a criminal penalty for such an intentional violation, and to require the Department of Taxation to adopt rules to generally require the tracking of searches of any of the Department's databases.
|
| Ohio moves to change privacy laws| Date Captured | Thursday December 25, 2008 02:07 PM | | Putnamsentinel.com sez
[HB 648 would require state agencies to develop criteria for determining which employees may access or authorize access to confidential personal information and list valid reasons for accessing the data, based on the agencies' responsibilities. Also, agencies must define procedures for recording each specific case where an employee accesses somebody's personal information. Should an unclassified employee violate these rules by improperly accessing personal information, they would be fired and could be charged with a first degree misdemeanor.]
|
| Facebook and the Social Dynamics of Privacy (DRAFT)| Date Captured | Monday December 08, 2008 06:08 PM | | James Grimmelmann. 2008. "Facebook and the Social Dynamics of Privacy" The Selected Works of James Grimmelmann -- [This Article provides the first comprehensive analysis of the law and policy of privacy on social network sites, using Facebook as its principal example. It explains how Facebook users socialize on the site, why they misunderstand the risks involved, and how their privacy suffers as a result. Facebook offers a socially compelling platform that also facilitates peer-to-peer privacy violations: users harming each others’ privacy interests. These two facts are inextricably linked; people use Facebook with the goal of sharing some information about themselves. Policymakers cannot make Facebook completely safe, but they can help people use it safely.
The Article makes this case by presenting a rich, factually grounded description of the social dynamics of privacy on Facebook. It then uses that description to evaluate a dozen possible policy interventions. Unhelpful interventions—such as mandatory data portability and bans on underage use—fail because they also fail to engage with key aspects of how and why people use social network sites. The potentially helpful interventions, on the other hand—such as a strengthened public-disclosure tort and a right to opt out completely—succeed because they do engage with these social dynamics.]
|
| Electronic Frontier Foundation (EFF) | Date Captured | Sunday June 29, 2008 02:40 PM | | EFF fights for freedom primarily in the courts, bringing and defending lawsuits even when that means taking on the US government or large corporations. By mobilizing more than 50,000 concerned citizens through our Action Center, EFF beats back bad legislation. In addition to advising policymakers, EFF educates the press and public.
|
| CDT Policy Post 14.10: Recommended Principles for Updating Privacy Laws| Date Captured | Thursday June 26, 2008 07:24 PM | | Recommended Principles for Updating Privacy Laws
(1) Legislation Needed to Bring Privacy Laws Up to Date
(2) Shortcomings of the Privacy Act of 1974
(3) Shortcomings of the Privacy Impact Assessment Process and Lack of OMB Guidance
(4) Recommendations
|
| Google Says it Would Support U.S. Privacy Law| Date Captured | Wednesday June 11, 2008 03:51 PM | | Reuters reports, "Marc Rotenberg, executive director of the Electronic Privacy Information Center, was skeptical of Google's endorsement of a federal privacy law. Rotenberg said that when companies push for a 'comprehensive' law, they often want something that would preempt more stringent state laws.'" |
| Housing Bill Creates National Fingerprint Registry| Date Captured | Tuesday June 10, 2008 07:37 PM | | Heritage Foundation -- Sens. Diane Feinstein (D-Calif.) and Mel Martinez (R-Fla.) authored a bill (with 11 co-sponsors, including Sen. Barack Obama) that was incorporated into a housing bill passed by the Senate Banking Committee 19-2 before the Memorial Day recess — a bill that creates a national fingerprint registry. (some interesting blog comments) |
| IAPP Privacy Tracker| Date Captured | Monday June 09, 2008 04:24 PM | | Notable bills to watch. |
| What If Samuel D. Warren Hadn’t Married A Senator’s Daughter?: Uncovering The Press Coverage That Led To The Right To Privacy| Date Captured | Thursday June 05, 2008 06:42 PM | | Modern tort protection for personal privacy is commonly traced back to Samuel Warren
and Louis Brandeis’1890 law review article, The Right of Privacy, yet scholars have long
been uncertain what prompted Warren and Brandeis’ impassioned attack on invasive
press practices, unable to point to any news coverage of Warren that might convincingly
explain his evident outrage at the press. This Article attempts to solve that mystery by
examining approximately 60 newspaper stories from Boston, New York, and
Washington, D.C., most never before analyzed, that report on the personal lives of
Warren and his family. These stories—including some particularly intrusive coverage of
Warren family tragedies—very plausibly explain what Warren had in mind when he
wrote that ruthless gossip regarding private matters had become a social blight requiring
legal remedy. This Article, part of a symposium dedicated to exploring how modern law
might have developed differently without catalytic events, concludes that Warren and
Brandeis’ landmark article would not have been written if Warren had not married into a
political family in the public eye.
|
| Privacy's Other Path: Recovering the Law of Confidentiality | Date Captured | Monday June 02, 2008 10:23 AM | | NEIL M. RICHARDS & DANIEL J. SOLOVE - 96 Geo. L.J. 124 -- ... "The familiar legend of privacy law holds that Samuel Warren and Louis Brandeis "invented" the right to privacy in 1890, and that William Prosser aided its development by recognizing four privacy torts in 1960. ... Prosser did not include the breach of confidentiality tort in the "invasion of privacy" section of the Restatement, which consisted solely of the four Warren and Brandeis privacy torts. ... For almost a century, some English commentators had called for the establishment of a Warren-and-Brandeis-style privacy tort to supplement breach of confidence. ... Although the court noted that the breach of confidence analysis was affected by the passage of the HRA, it stated that there was still no free-standing privacy tort under English law. ... At the outset, he declared that such cases should appropriately be resolved through the existing doctrinal mechanism of breach of confidence, and that the creation of a new privacy tort would be unnecessary. ... The key conceptual difference between the breach of confidence tort and public disclosure of private facts tort is the nature of what is protected. ... Yet despite its significant power, as demonstrated by English law, the American breach of confidentiality tort often fails to make an appearance in privacy cases even when it seems to be highly applicable. ... More broadly, since American privacy law often remains focused around individualistic conceptions of privacy, it has not fully embraced protecting confidentiality in relationships. ... "
|
| Cybercrime's Scope: Interpreting 'Access' and 'Authorization' in Computer Misuse Statutes | Date Captured | Monday June 02, 2008 10:15 AM | | ORIN S. KERR -- George Washington University - Law School -- NYU Law Review, Vol. 78, No. 5, pp. 1596-1668, November 2003. This Article presents a comprehensive inquiry into the meaning of unauthorized access statutes. It begins by explaining why legislatures enacted unauthorized access statutes, and why early beliefs that such statutes solved the problem of computer misuse have proved remarkably naïve. Next, the Article explains how the courts have construed these statutes in an overly broad way that threatens to criminalize a surprising range of innocuous conduct involving computers. In the final section, the Article offers a normative proposal for interpreting access and authorization. This section argues that courts should reject a contract theory of authorization, and should narrow the scope of unauthorized access statutes to circumvention of code-based restrictions on computer privileges. The section justifies this proposal on several grounds. First, the proposal will best mediate the line between securing privacy and protecting the liberty of Internet users. Second, the proposal mirrors criminal law's traditional treatment of crimes that contain a consent element. Third, the proposed approach is consistent with the basic theories of punishment. Fourth, the proposed interpretation avoids possible constitutional difficulties that may arise under the broader constructions that courts recently have favored. |
| Location Based ServicesLocation-based service| Date Captured | Thursday April 30, 2009 10:12 PM | | Wiki - [A location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device] |
| |
| |
