Information Policy

Date Captured	Monday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.

Browser Privacy Features: A Work In Progress

Date Captured

Tuesday November 10, 2009 03:33 PM

Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action

Date Captured	Sunday August 09, 2009 03:39 PM
CDT Releases Updated Report on Privacy Controls for Web Browsers. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online. August 05, 2009

Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising

Date Captured

Thursday February 12, 2009 06:43 PM

[CDT believes the 2008 NAI Principles, while late in addressing new trends in the industry, demonstrate clear progress over the original code of conduct adopted in 2000. The transparency of the NAI’s revision and compliance process, the approach to sensitive information, and the coverage of advertising practices beyond behavioral advertising all represent important steps forward. While robust self-regulation in the behavioral advertising space does not obviate the need for a baseline federal privacy law covering data collection and usage of all kinds, the NAI has made advances in several areas, yielding what we hope will be better protections for consumer privacy. However, the 2008 NAI Principles still come up short in crucial respects including the opt-out choice requirement, the notice standard, the NAI member accountability model, the failure to address ISP behavioral advertising, the lack of a choice requirement for multi-site advertising, and the data retention principle. Some of these are outstanding issues that have existed within the NAI framework since its inception, while others are new concerns raised by the updates to the principles.]

Rethinking the Role of Consent in Protecting Health Information Privacy

Date Captured

Tuesday January 27, 2009 09:52 AM

CDT is advocating for the inclusion of privacy protections in the President's economic stimulus bill, which contains at least $20 billion for a national health information technology network. CDT's paper argues that personal health information should easily flow for treatment, payment, and certain core administrative tasks without requiring patient consent, but that stricter limits need to be placed on marketing and other secondary uses. January 26, 2009. This paper advocates for a new generation of privacy protections that allow personal health information to flow among health care entities for treatment, payment, and certain core administrative tasks without first requiring patient consent, as long as there is a comprehensive framework of rules that governs access to and disclosure of health data. Patient consent is one important element of this framework, but relying on consent would do little to protect privacy. This paper also suggests how a framework of protections can provide patients with more meaningful opportunities to make informed choices about sharing their personal health information online.

Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill

Date Captured

Sunday January 18, 2009 05:59 PM

[The bill's privacy provisions include the following: Stronger protections against the use of personal heath information for marketing purposes; Accountability for all entities that handle personal health information; A federal, individual right to be notified in the event of a breach of identifiable health information; Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes; Development and implementation of federal privacy and security protections for personal health records; Easy access by patients to electronic copies of their records; and Strengthened enforcement of health privacy rules. The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]

Court: Constitution Protects Stored Cell Phone Location Information (CDT Amicus Brief in the Case [PDF], July 31, 2008)

Date Captured	Monday September 29, 2008 10:15 PM
The Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, had argued for the warrant requirement that the court adopted in an amicus curiae brief filed in July. September 11, 2008.

Censorship

Facebook Makes Another Privacy Blooper

Date Captured	Thursday May 07, 2009 06:58 PM
Daily Examiner -- Wendy Davis - [Regardless of whether Facebook broke the law, users likely aren't going to be thrilled to learn that the site believes it can censor messages. If the company wants to be taken seriously as a communications platform, executives are going to have to start giving more consideration to users' privacy rights. ]

E P I C A l e r t -- Volume 15.15 -- July 25, 2008

Date Captured	Friday July 25, 2008 10:12 AM
Table of Contents -- [1] Court Rules that Data Breach Violates Fundamental Human Rights [2] Federal Court Strikes Down Internet Censorship Law, Again [3] Google Complies with California Privacy Policy Law After 30 Days [4] First European Privacy Seal Awarded to Search Engine Ixquick [5] DNS Security Standard Implemented into .org Domain [6] News in Brief

Communications Decency Act Tipping Under Cuomo Kid-Porn Accord

Date Captured

Wednesday June 11, 2008 01:53 PM

Wired writes, "It's possible that Sprint's, Verizon's and Time Warner's move against kiddie porn is a salvo to head off congressional action that might lead to even broader censorship. We all know that bad facts make bad law, and there's nothing worse than producing and distributing child porn. But the Cuomo deal is an indication that the dynamic that's kept the internet largely free of government intrusion is beginning to crack."

Child identity theft

A Better Start: Clearing Up Credit Records for California Foster Children

Date Captured

Tuesday September 13, 2011 01:16 PM

This report summarizes the result of the project team’s work on behalf of over 2,110 foster children in Los Angeles County, and it also recommends new procedures for use in helping this vulnerable population statewide. Key Findings of the Pilot Project • The project team successfully cleared all negative items from the credit reports of 104 foster children. • These 104 children (5% of the pilot project sample) had 247 separate accounts reported in their names, as the result of errors or identity theft. • The average account balance was $1,811, with the largest being a home loan of over $200,000. • The accounts found were two to three years old, opened when the child was 14 years old on average. • 12% of the children had records loosely linked to them by Social Security number only, which while not affecting their credit ratings could nevertheless pose problems for them in the future.

Civil Liberties

Review: Federal program used to hide flights from public

Date Captured

Tuesday April 13, 2010 08:22 PM

USA Today -- By Michael Grabell and Sebastian Jones, ProPublica - [Use of the airspace is considered public information because taxpayers fund air-traffic controllers, radars and runways. "It belongs to all of us," said Chuck Collins, who has studied private jet travel at the Institute for Policy Studies, a progressive think tank. "It's not a private preserve." NBAA spokesman Dan Hubbard said privacy is important to business fliers because competitors can learn of potential deals by tracking planes, and that could affect stock prices. "There are certain circumstances where there is a security concern," he said. In 2000, Congress required websites to stop posting flights of certain planes at the FAA's request. The FAA later agreed to let the aviation group be the clearinghouse. FAA spokeswoman Laura Brown said the agency lacks resources to evaluate whether requests to keep flights secret are justified, so the agency lets the NBAA decide each month the flights kept from public view.]

Coalition pushes ECPA update for online privacy in cloud computing age

Date Captured

Wednesday March 31, 2010 04:46 PM

Digital Due Process

Date Captured

Wednesday March 31, 2010 04:23 PM

SmartPrivacy for the Smart Grid: Embedding Privacy into the Design of Electricity Conservation

Date Captured

Friday February 19, 2010 03:47 PM

Authors Ann Cavoukian, Ph.D., Information and Privacy Commissioner of Ontario, Canada, Jules Polonetsky and Christopher Wolf -- Co-Chair, Future of Privacy Forum conclude - [The information collected on a Smart Grid will form a library of personal information, the mishandling of which could be highly invasive of consumer privacy. There will be major concerns if consumer-focused principles of transparency and control are not treated as essential design principles from beginning to end. Once energy consumption information flows outside of the home, the following questions may come to the minds of consumers: Who will have access to this intimate data, and for what purposes? Will I be notified? What are the obligations of companies making smart appliances and Smart Grid systems to build in privacy? How will I be able to control the details of my daily life in the future? Organizations involved with the Smart Grid, responsible for the processing of customers’ personal information, must be able to respond to these questions, and the best response is to ensure that privacy is embedded into the design of the Smart Grid, from start to finish —end-to-end.]

Secretary Napolitano Outlines Five Recommendations To Enhance Aviation Security

Date Captured

Thursday January 07, 2010 07:53 PM

Undercover and Sensitive Operations Unit Attorney General's Guidelines on FBI Undercover Operations Revised 11/13/92

Date Captured

Saturday December 26, 2009 09:04 PM

[The following Guidelines on the use of undercover activities and operations by the Federal Bureau of Investigation (FBI) are issued under the authority of the Attorney General provided in Title 28, United States Code, Sections 509, 510, and 533. They apply to all investigations conducted by the FBI, except those conducted pursuant to its foreign counterintelligence and foreign intelligence responsibilities.]

The Smart Grid and Privacy

Date Captured

Wednesday December 16, 2009 09:01 PM

EPIC Concerning Privacy and Smart Grid Technology - [A list of potential privacy consequences of Smart Grid systems include: Identity Theft; Determine Personal Behavior Patterns; Determine Specific Appliances Used; Perform Real-Time Surveillance; Reveal Activities Through Residual Data; Targeted Home Invasions (latch key children, elderly, etc.); Provide Accidental Invasions; Activity Censorship; Decisions and Actions Based Upon Inaccurate Data; Profiling; Unwanted Publicity and Embarrassment; Tracking Behavior Of Renters/Leasers; Behavior Tracking (possible combination with Personal Behavior Patterns); Public Aggregated Searches Revealing Individual Behavior. Plans are underway to support smart grid system applications that will monitor any device transmitting a signal, which may include non-energy-consuming end use items that are only fitted with small radio frequency identification devices (RFID) tags may be possible. RFID tags are included in most retail purchases for clothing, household items, packaging for food, and retail items.

Bill Introduced To Repeal Failed Real ID Act (7/31/2009) Bill Would Protect Civil Liberties And Drivers' License Security

Date Captured

Sunday August 09, 2009 05:13 PM

Browser Privacy Features: A Work In Progress

Date Captured	Sunday August 09, 2009 03:39 PM
CDT Releases Updated Report on Privacy Controls for Web Browsers. The report compares browser offerings in three key areas: privacy mode, cookie controls and object controls. Each of those, when used correctly, can greatly reduce the amount of personal information users transmit online. August 05, 2009

Facebook Makes Another Privacy Blooper

Date Captured	Thursday May 07, 2009 06:58 PM
Daily Examiner -- Wendy Davis - [Regardless of whether Facebook broke the law, users likely aren't going to be thrilled to learn that the site believes it can censor messages. If the company wants to be taken seriously as a communications platform, executives are going to have to start giving more consideration to users' privacy rights. ]

Federal departments fall short on civil liberties

Date Captured

Tuesday January 27, 2009 10:14 AM

HB 38 - Microchip Consent Act of 2009

Date Captured

Monday January 12, 2009 07:29 PM

To amend Chapter 1 of Title 51 of the Official Code of Georgia Annotated, relating to general provisions regarding torts, so as to prohibit requiring a person to be implanted with a microchip; to provide for a short title; to provide for definitions; to provide for penalties; to provide for regulation by the Composite State Board of Medical Examiners; to provide for related matters; to provide for an effective date; to repeal conflicting laws; and for other purposes. BE IT ENACTED BY THE GENERAL ASSEMBLY OF GEORGIA:

Electronic Frontier Foundation (EFF)

Date Captured	Tuesday December 16, 2008 06:16 PM
EFF is a leading civil liberties group defending rights in the digital world.

Minnesota Department of Health Continues to Violate State Law and Individual Privacy

Date Captured	Saturday December 13, 2008 04:29 PM
St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.

Privacy Lives

Date Captured	Friday December 12, 2008 06:15 PM
Melissa Ngo -- more than a blog -- lots of policy and topic specific archives.

Privacy International

Date Captured

Saturday December 06, 2008 05:23 PM

Privacy International (PI) is a human rights group formed in 1990 as a watchdog on surveillance and privacy invasions by governments and corporations. PI is based in London, England, and has an office in Washington, D.C. We have campaigned across the world to protect people against intrusion by governments and corporations that seek to erode this fragile right. We believe that privacy forms part of the bedrock of freedoms, and our goal has always been to use every means to preserve it.

Eric Holder and Privacy: A Preliminary Analysis

Date Captured	Friday December 05, 2008 08:51 PM

The Center for Democracy and Technology

Date Captured

Monday June 02, 2008 03:34 PM

The Center for Democracy and Technology is a non-profit public interest organization working to keep the Internet open, innovative, and free. As a civil liberties group with expertise in law, technology, and policy, CDT works to enhance free expression and privacy in communications technologies by finding practical and innovative solutions to public policy challenges while protecting civil liberties. CDT is dedicated to building consensus among all parties interested in the future of the Internet and other new communications media.

Clery

Addressing Emergencies on Campus June 2011

Date Captured

Tuesday June 28, 2011 06:32 PM

United States Department of Education (USED) : Summary of two applicable Federal education laws administered by the Department of Education (Department): the Family Educational Rights and Privacy Act (FERPA) and the Higher Education Act of 1965 (HEA), as amended. This Federal component is only one piece of what is necessary to consider in ensuring the safety of our Nation’s students, faculty, and school staff. A comprehensive and effective campus policy must incorporate all Federal and State policies regarding health and safety emergencies, education, student privacy, civil rights, and law enforcement, as well as specific local community needs.

The Handbook for Campus Safety and Security Reporting

Date Captured

Friday March 11, 2011 07:35 PM

FERPA does not preclude an institution’s compliance with the timely warning provision of the campus security regulations. FERPA recognizes that information can, in case of an emergency, be released without consent when needed to protect the health and safety of others. In addition, if institutions utilize information from the records of a campus law enforcement unit to issue a timely warning, FERPA is not implicated as those records are not protected by FERPA. U.S. Department of Education, Office of Postsecondary Education, The Handbook for Campus Safety and Security Reporting, Washington, D.C., 2011.

Cloud Computing

Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era

Date Captured

Tuesday July 12, 2011 06:12 PM

Christopher Soghoian - [This paper will argue that this doctrine [[third-party doctrine]] becomes moot once encryption is in use and companies no longer have access to their customers’ private data.] [The real threat to privacy lies with the fact that corporations can and have repeatedly been forced to modify their own products in ways that harm end user privacy, such as by circumventing encryption.] Soghoian, Christopher, Caught in the Cloud: Privacy, Encryption, and Government Back Doors in the Web 2.0 Era (August 17, 2009). 8 J. on Telecomm. and High Tech. L. 359; Berkman Center Research Publication No. 2009-07

The NIST Definition of Cloud Computing (Draft)

Date Captured	Friday February 04, 2011 03:57 PM
Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

Guidelines on Security and Privacy in Public Cloud Computing

Date Captured

Friday February 04, 2011 03:36 PM

Cloud computing can and does mean different things to different people. The common characteristics most share are on-demand scalability of highly available and reliable pooled computing resources, secure access to metered services from nearly anywhere, and dislocation of data from inside to outside the organization. While aspects of these characteristics have been realized to a certain extent, cloud computing remains a work in progress. This publication provides an overview of the security and privacy challenges pertinent to public cloud computing and points out considerations organizations should take when outsourcing data, applications, and infrastructure to a public cloud environment. Draft Special Publication 800-144

Proposed Security Assessment & Authorization for U.S. Government Cloud Computing

Date Captured

Thursday November 04, 2010 08:10 PM

Proposed Security Assessment and Authorization for U.S. Government Cloud Computing: Over the past 18 months, an inter-agency team comprised of the National Institute of Standards and Technology (NIST), General Services Administration (GSA), the CIO Council and working bodies such as the Information Security and Identity Management Committee (ISIMC), has worked on developing the Proposed Security Assessment and Authorization for U.S. Government Cloud Computing. This team evaluated security controls and multiple Assessment and Authorization models for U.S. Government Cloud Computing as outlined in this document. The attached document is a product of 18 months of collaboration with State and Local Governments, Private Sector, NGO’s and Academia. This marks an early step toward our goal of deploying secure cloud computing services to improve performance and lower the cost of government operations, but we need to improve this document through your input.

Privacy Recommendations for the Use of Cloud Computing by Federal Departments and Agencies Privacy Committee Web 2.0/Cloud Computing Subcommittee -- August 2010

Date Captured

Thursday September 16, 2010 09:02 PM

Cloud Computing: Storm Warning for Privacy?

Date Captured

Wednesday July 07, 2010 01:20 PM

REPORT: FUTURE OF THE INTERNET, CLOUD COMPUTING - The future of cloud computing

Date Captured

Tuesday June 15, 2010 10:50 PM

[The future of cloud computing Technology experts and stakeholders say they expect they will ‘live mostly in the cloud’ in 2020 and not on the desktop, working mostly through cyberspace-based applications accessed through networked devices. This will substantially advance mobile connectivity through smartphones and other internet appliances. Many say there will be a cloud-desktop hybrid. Still, cloud computing has many difficult hurdles to overcome, including concerns tied to the availability of broadband spectrum, the ability of diverse systems to work together, security, privacy, and quality of service. ] Janna Quitney Anderson, Elon University; Lee Rainie, Pew Research Center’s Internet & American Life Project

Coalition pushes ECPA update for online privacy in cloud computing age

Date Captured

Wednesday March 31, 2010 04:46 PM

Digital Due Process

Date Captured

Wednesday March 31, 2010 04:23 PM

THE BROOKINGS INSTITUTION FALK AUDITORIUM - CLOUD COMPUTING FOR BUSINESS AND SOCIETY

Date Captured	Saturday February 20, 2010 07:05 PM
Washington, D.C. - Wednesday, January 20, 2010 Keynote Speaker: BRAD SMITH - Senior Vice President and General Counsel; Moderator: DARRELL WEST - The Brookings Institution Panelists: MICHAEL NELSON; ROB ATKINSON; JONATHAN ROCHELLE;

Sunguard

Date Captured

Saturday November 21, 2009 01:02 PM

[Student Information Management -- eSchoolPLUS is a student management system that helps educators and parents by providing them direct, real-time access to the most relevant student information available. Teachers and administrators can easily manage day-to-day student information and data such as demographics, scheduling, attendance, discipline, standardized tests, report cards and transcripts. With eSchoolPLUS, parents gain the ability to be more informed as to their child’s grades, attendance, assignments and discipline information. Superintendents, principals and other district administrators and school board members can track daily school status, student performance and progress.]

Cloud Standards Effort Could Turn into a Dustup

Date Captured

Monday May 04, 2009 04:32 PM

Digits - Technology News and Insights -- By Ben Worthen - [The Open Cloud Standards Incubator is part of an organization called Distributed Management Task Force. The DMTF was founded in 1992 and has developed standards for managing computers and sharing information on the Web in the past. Its members are a who’s who of the tech industry’s old guard—in addition to IBM and Microsoft they include EMC, H-P, Intel and many others. It’s too early to call the absence of Internet companies a rift, but it’s a split reminiscent of the one that occurred when IBM tried to get companies to sign up for its “Open Cloud Manifesto” a few weeks ago. At the time companies that didn’t participate in IBM’s effort were quick to dismiss the manifesto as meaningless marketing.]

Google Gives Advice on Cloud Computing

Date Captured	Saturday March 21, 2009 06:17 PM
PC Chloe Albanesius writes[Google has commissioned a report that unsurprisingly touts the benefits of cloud computing, and offers recommendations for policy makers looking at the technology. Google called on lawmakers to embrace full connectivity, open access, security, and privacy when considering cloud-based computing.] REPORT LINKED.

Facebook Bug Reveals Private Photos, Wall Posts

Date Captured

Saturday March 21, 2009 12:52 PM

Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services

Date Captured

Tuesday March 17, 2009 06:48 PM

EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud]

RE: USE OF CLOUD COMPUTING APPLICATIONS AND SERVICES

Date Captured

Thursday February 26, 2009 06:07 PM

Associate Director John B. Horrigan (202-419-4500) - September 2008 - Pew/Internet - [Convenience and flexibility are the watchwords for those who engage in cloud computing activities: 51% of internet users who have done a cloud computing activity say a major reason they do this is that it is easy and convenient. 41% of cloud users say a major reason they use these applications is that they like being able to access their data from whatever computer they are using. 39% cite the ease of sharing information as a major reason they use applications in cyberspace or store data there. At the same time, users report high levels of concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. 90% of cloud application users say they would be very concerned if the company at which their data were stored sold it to another party. 80% say they would be very concerned if companies used their photos or other data in marketing campaigns. 68% of users of at least one of the six cloud applications say they would be very concerned if companies who provided these services analyzed their information and then displayed ads to them based on their actions.]

Cloud computing takes hold despite privacy fears

Date Captured	Thursday February 26, 2009 06:03 PM
Computer Worlds -- Heather Havenstein [Users of online e-mail, storage systems fear the sale of personal data without permission]

Cloud Computing Privacy Tips

Date Captured

Wednesday February 25, 2009 04:11 PM

World Privacy Forum -- February 23, 2009 -- By Robert Gellman and Pam Dixon [Cloud Computing Tips for Consumers: Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider. Don’t put anything in the cloud you would not want the government or a private litigant to see. Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information. Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider. When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you. Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy? ]

REPORT: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing

Date Captured

Wednesday February 25, 2009 03:59 PM

Released February 23, 2009 - Author: Robert Gellman: [This report discusses the issue of cloud computing and outlines its implications for the privacy of personal information as well as its implications for the confidentiality of business and governmental information. The report finds that for some information and for some business users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. The report discusses how even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences. The report finds that information stored by a business or an individual with a third party may have fewer or weaker privacy or other protections than information in the possession of the creator of the information. The report, in its analysis and discussion of relevant laws, finds that both government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. A cloud provider’s terms of service, privacy policy, and location may significantly affect a user’s privacy and confidentiality interests.] see policy recommendations in full report.

Does Cloud Computing Mean More Risks to Privacy?

Date Captured

Wednesday February 25, 2009 03:44 PM

NY Times -- Saul Hansell -- [In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.]

Cómo proteger la información personal de su hijo en la escuela

FTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela

Date Captured

Sunday September 11, 2011 07:37 PM

Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y personal de la escuela de su hijo, sino también del público en general.

Consumer Privacy

Education New York comments re Student Privacy submitted to FERPA NPRM - May 23, 2011

Date Captured

Monday May 23, 2011 09:22 PM

Document ID: ED-2011-OM-0002-0001: Family Educational Rights and Privacy. The proposed changes to FERPA do not adequately address the capacity of marketers and other commercial enterprises to capture, use, and re-sell student information. Even with privacy controls in place, it is also far too easy for individuals to get a hold of student information and use it for illegal purposes, including identity theft, child abduction in custody battles, and domestic violence. Few parents are aware, for example, that anyone can request -- and receive -- a student directory from a school. Data and information breaches occur every day in Pre-K-20 schools across the country, so that protecting student privacy has become a matter of plugging holes in a dyke rather than advancing a comprehensive policy that makes student privacy protection the priority.

CONSUMER SENTINEL NETWORK \DATA BOOK for January - December 2010

Date Captured	Saturday March 12, 2011 11:39 AM
The 2010 Consumer Sentinel Network Data Book is based on unverified complaints reported by consumers. The data is not based on a consumer survey.

JESSICA PINEDA v. WILLIAMS-SONOMA STORES, INC.,

Date Captured

Saturday February 12, 2011 04:50 PM

The Song-Beverly Credit Card Act of 1971 (Credit Card Act) (Civ. Code, § 1747 et seq.) is “designed to promote consumer protection.” (Florez v. Linens ’N Things, Inc. (2003) 108 Cal.App.4th 447, 450 (Florez).) One of its provisions, section 1747.08, prohibits businesses from requesting that cardholders provide “personal identification information” during credit card transactions, and then recording that information. (Civ. Code, § 1747.08, subd. (a)(2).) We are now asked to resolve whether section 1747.08 is violated when a business requests and records a customer?s ZIP code during a credit card transaction. In light of the statute?s plain language, protective purpose, and legislative history, we conclude a ZIP code constitutes “personal identification information” as that phrase is used in section 1747.08. Thus, requesting and recording a cardholder?s ZIP code, without more, violates the Credit Card Act.

Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act

Date Captured

Friday February 11, 2011 06:04 PM

Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information. • Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers' options regarding those practices. • Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices. • Require companies to obtain "opt-in" consent to disclose information to a third party. In the bill, the term, "third party" would be defined based on consumers' reasonable expectations rather than corporate structure. • Establish a "safe harbor" that would exempt companies from the "opt-in" consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC. • Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information. • Require companies to have reasonable procedures to secure information and to retain personal information only as long as it's necessary to fulfill a legitimate business or law enforcement need.

COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK

Date Captured	Thursday December 16, 2010 01:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.

“Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

Date Captured

Thursday December 09, 2010 04:45 PM

FTC: To reduce the burden on consumers and ensure basic privacy protections, the report first recommends that “companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices.” Second, the report states, consumers should be presented with choice about collection and sharing of their data at the time and in the context in which they are making decisions – not after having to read long, complicated disclosures that they often cannot find. One method of simplified choice the FTC staff recommends is a “Do Not Track” mechanism governing the collection of information about consumer’s Internet activity to deliver targeted advertisements and for other purposes. The report also recommends other measures to improve the transparency of information practices, including consideration of standardized notices that allow the public to compare information practices of competing companies. The report recommends allowing consumers “reasonable access” to the data that companies maintain about them, particularly for non-consumer facing entities such as data brokers. Finally, FTC staff proposes that stakeholders undertake a broad effort to educate consumers about commercial data practices and the choices available to them.

html5

Date Captured	Wednesday October 20, 2010 07:42 PM
HTML5 is a new version of HTML and XHTML. The HTML5 draft specification defines a single language that can be written in HTML and XML. It attempts to solve issues found in previous iterations of HTML and addresses the needs of Web Applications, an area previously not adequately covered by HTML.

Online Privacy: What Does It Mean to Parents and Kids?

Date Captured	Friday October 08, 2010 02:07 PM
Zogby International conducted a poll for Common Sense Media, asking both teens and parents about their views of online privacy and how they feel their personal information is being used by websites, social networks, and other online platforms.

Letter to: Chairman Boucher and Ranking Member Stearns

Date Captured

Monday June 07, 2010 06:26 PM

Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off. The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns. The groups recommended the following: *The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data. *The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records." *The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]

How Unique Is Your Web Browser?

Date Captured

Tuesday May 18, 2010 01:32 PM

Peter Eckersley? Electronic Frontier Foundation, pde@eff.org/ -- [Conclusions -- We implemented and tested one particular browser ?ngerprinting method. It appeared, in general, to be very e?ective, though as noted in Section 3.1 there are many measurements that could be added to strengthn it. Browser ?ngerprinting is a powerful technique, and ?ngerprints must be con- sidered alongside cookies, IP addresses and supercookies when we discuss web privacy and user trackability. Although ?ngerprints turn out not to be particu- larly stable, browsers reveal so much version and con?guration information that they remain overwhelmingly trackable. There are implications both for privacy policy and technical design. Policymakers should start treating ?ngerprintable records as potentially per- sonally identi?able, and set limits on the durations for which they can be asso- ciated with identities and sensitive logs like clickstreams and search terms. The Tor pro ject is noteworthy for already considering and designing against ?ngerprintability. Other software that purports to protect web surfers’ privacy should do likewise, and we hope that the test site at panopticlick.eff.org may prove useful for this purpose. Browser developers should also consider what they can do to reduce ?ngerprintability, particularly at the JavaScript API level. We identi?ed only three groups of browser with comparatively good resis- tance to ?ngerprinting: those that block JavaScript, those that use TorButton, and certain types of smartphone. It is possible that other such categories exist in our data. Cloned machines behind ?rewalls are fairly resistant to our algo- rithm, but would not be resistant to ?ngerprints that measure clock skew or other hardware characteristics. ]

FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief

Date Captured

Monday May 10, 2010 09:54 AM

[This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, that adversely impact the users of the service. Facebook now discloses personal information to the public that Facebook users previously restricted. Facebook now discloses personal information to third parties that Facebook users previously did not make available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.]

DRAFT - Boucher bill

Date Captured	Thursday May 06, 2010 08:34 AM
A BILL : To require notice to and consent of an individual prior to the collection and disclosure of certain personal informa- tion relating to that individual.

Date Captured

Thursday May 06, 2010 08:24 AM

WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.). The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates. The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ]

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

FACEBOOK: Another Step in Open Site Governance

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Date Captured

Thursday April 01, 2010 04:42 PM

Michael Richter - Friday, March 26, 2010 at 12:04pm - [We're proposing another set of revisions to our Privacy Policy and Statement of Rights and Responsibilities to make way for some exciting new products we're contemplating. Not all of these products have been finalized and many aren't yet built at all. However, we've definitely identified some interesting opportunities to improve the way you share and connect with the people and things in your life. ]

THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’

Date Captured

Sunday January 31, 2010 10:03 PM

Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]

Subject: EU-US Safe Harbor

Date Captured

Saturday January 23, 2010 09:34 PM

Chris Wolf - [There are three principal methods to legally export data from the EU to the US and overcome the prohibition against export to a country deemed to lack adequate protections. The first two are through so-called "model contracts" and "Binding Corporate Rules". The third is pursuant to a "Safe Harbor" framework that that EU and US agreed upon in 2001. To participate in the Safe Harbor, a U.S. company self-certifies to the U.S. Department of Commerce that it will follow the Safe Harbor Privacy Principles, which contain the core requirements of the EU Data Protection Directive (notice, choice, access, security, protection in onward transfers, data integrity, and enforcement). The company also is to publicize its adherence to the Safe Harbor Principles on its website. The Federal Trade Commission (FTC) is charged with enforcement of the Safe Harbor undertakings under Section 5 of the Federal Trade Commission Act, which governs deceptive and unfair business practices. In other words, a company that commits publicly to adhering to the Safe Harbor principles (and that it has so certified to the Department of Commerce) is subject to enforcement by the FTC if it does not do so. Companies must do what they promise to do.]

FTC.: Has Internet Gone Beyond Privacy Policies?

Date Captured

Thursday January 21, 2010 08:55 AM

NY Times STEPHANIE CLIFFORD writes [Previous commissions looked at privacy under the framework of whether consumers were harmed, and with the basis that companies must advise consumers about what they’re doing and obtain their consent, Mr. Leibowitz said. But companies “haven’t given consumers effective notice, so they can make effective choices,” he said. Advise-and-consent “depended on the fiction that people were meaningfully giving consent,” Mr. Vladeck said. “The literature is clear” that few people read privacy policies, he said.]

FTC Probes Facebook's EPIC Privacy Fail

Date Captured

Thursday January 21, 2010 08:44 AM

Media Post -- Wendy Davis writes - [In addition, a Facebook employee allegedly said recently that users' messages are stored in a database regardless of whether users attempt to delete them. "We track everything. Every photo you view, every person you're tagged with, every wall-post you make, and so forth," the employee allegedly added. EPIC alleges that these public statements demonstrate that Facebook engages in unfair and deceptive trade practices. The new filing also questions a new iPhone synching feature that transfers users' iPhone contacts to Facebook, even when the phone contacts are not Facebook friends with the users.]

Comments of the World Privacy Forum to FTC, Nov. 6, 2009

Date Captured

Thursday December 17, 2009 10:58 PM

Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]

DOD nixes vendor of online monitoring software over privacy concerns

Date Captured	Monday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.

Date Captured

Monday December 07, 2009 08:53 PM

Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [

Lawmakers probe deeper into privacy

Date Captured

Tuesday November 24, 2009 03:07 PM

Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.]

Date Captured

Saturday November 21, 2009 01:16 PM

By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]

Federal data breach notification standard must pre-empt state laws

Date Captured

Monday November 16, 2009 08:33 PM

PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature

Date Captured

Tuesday November 10, 2009 03:33 PM

Date Captured

Sunday November 08, 2009 10:35 PM

SP0431, LR 597, item 1, Signed on 2009-06-02 00:00:00.0 - First Regular Session - 124th Maine Legislature, page 1 - 2. Marketing purposes. "Marketing purposes," with respect to the use of health-related information or personal information, means the purposes of marketing or advertising products, goods or services to individuals. 3. Person. "Person" includes an individual, firm, partnership, corporation, association, syndicate, organization, society, business trust, attorney-in-fact and every natural or artificial legal entity. 4. Personal information. "Personal information" means individually identifiable information, including: A. An individual's first name, or first initial, and last name; B. A home or other physical address; C. A social security number; D. A driver's license number or state identification card number; and E. Information concerning a minor that is collected in combination with an identifier described in this subsection. 5. Verifiable parental consent. "Verifiable parental consent" means any reasonable effort, taking into consideration available technology, including a request for authorization for future collection, use and disclosure described in the notice, to ensure that a parent of a minor receives notice of the PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature An Act To Prevent Predatory Marketing Practices against Minors collection of personal information, use and disclosure practices and authorizes the collection, use and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that minor. § 9552. Unlawful collection and use of data from minors

201 CMR 17.00: STANDARDS FOR THE PROTECTION OF PERSONAL INFORMATION OF RESIDENTS OF THE COMMONWEALTH

Date Captured

Saturday November 07, 2009 04:49 PM

(1) Purpose This regulation implements the provisions of M.G.L. c. 93H relative to the standards to be met by persons who own or license personal information about a resident of the Commonwealth of Massachusetts. This regulation establishes minimum standards to be met in connection with the safeguarding of personal information contained in both paper and electronic records. The objectives of this regulation are to insure the security and confidentiality of customer information in a manner fully consistent with industry standards; protect against anticipated threats or hazards to the security or integrity of such information; and protect against unauthorized access to or use of such information that may result in substantial harm or inconvenience to any consumer.

Predatory Marketing Law Opposed By AOL, News Corp., Yahoo, Others

Date Captured

Sunday August 30, 2009 08:59 PM

A new privacy law in Maine is facing a court challenge from media organizations as well as a coalition of online companies including AOL, News Corp. and Yahoo. [The new law, officially titled "An Act To Prevent Predatory Marketing Practices against Minors," prohibits companies from knowingly collecting personal information or health-related information from minors under 18 without their parents' consent. The measure also bans companies from selling or transferring health information about minors that identifies them, regardless of how the data was collected. ] [Privacy advocate Jeff Chester said the law's basic premise is valid, but that it "likely needs to be revised to accommodate concerns about its impact on educational and other non-profit uses." ]

FTC Online Privacy Guidelines Faulted

Date Captured

Friday February 13, 2009 01:11 PM

Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting. The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.]

Student Information Not For Sale At UW- Marathon County

Date Captured

Wednesday February 11, 2009 07:06 PM

Wsaw.com reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]

Bill would make prescription data private

Date Captured

Tuesday January 27, 2009 10:25 AM

["The sharing of prescription information for marketing purposes without consent violates the spirit of privacy law, and destroys the confidentiality of the doctor-patient relationship," said Leigh Sims, a spokeswoman for the coalition behind the bill. HIPAA allows states to pass stronger privacy protections.] [To fight this, Rep. Jamie Pedersen (D-Seattle) and others have introduced House Bill 1493 to close the loophole. Advocates say the change would protect thousands of patients at no cost to taxpayers.]

Washington state bill would make prescription data private

Date Captured

Tuesday January 27, 2009 10:25 AM

New York State Consumer Protection Board (CPB)

Date Captured

Friday December 26, 2008 05:07 PM

The Consumer Protection Board, established in 1970 by the New York State Legislature, is the State's top consumer watchdog and "think tank." The CPB's core mission is to protect New Yorkers by publicizing unscrupulous and questionable business practices and product recalls; conducting investigations and hearings; enforcing the "Do Not Call Law"; researching issues; developing legislation; creating consumer education programs and materials; responding to individual marketplace complaints by securing voluntary agreements; and, representing the interests of consumers before the Public Service Commission (PSC) and other State and federal agencies.

COPPA

COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION

Date Captured

Monday March 07, 2011 06:04 PM

Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an individual collected online, including: (a) A first and last name; (b) A home or other physical address including street name and name of a city or town; (c) An e-mail address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual's e-mail address; (d) A telephone number; (e) A Social Security number; (f) A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information; or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting; or (g) Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.

COPPA Rulemaking and Rule Reviews

Date Captured	Monday March 07, 2011 05:46 PM
Includes public testimony and roundtable. March 24, 2010

How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?

Date Captured

Thursday April 15, 2010 06:12 PM

Chris Jay Hoofnagle - University of California, Berkeley - School of Law, Berkeley Center for Law & Technology; Jennifer King -UC Berkeley School of Information; Berkeley Center for Law & Technology; Su Li- University of California, Berkeley- School of Law, Center for the Study of Law and Society; Joseph Turow - University of Pennsylvania - Annenberg School for Communication: [Abstract: Media reports teem with stories of young people posting salacious photos online, writing about alcohol-fueled misdeeds on social networking sites, and publicizing other ill-considered escapades that may haunt them in the future. These anecdotes are interpreted as representing a generation-wide shift in attitude toward information privacy. Many commentators therefore claim that young people “are less concerned with maintaining privacy than older people are.” Surprisingly, though, few empirical investigations have explored the privacy attitudes of young adults. This report is among the first quantitative studies evaluating young adults’ attitudes. It demonstrates that the picture is more nuanced than portrayed in the popular media. ] [Among the findings: _ Eighty-eight percent of people of all ages said they have refused to give out information to a business because they thought it was too personal or unnecessary. Among young adults, 82 percent have refused, compared with 85 percent of those over 65. _ Most people — 86 percent — believe that anyone who posts a photo or video of them on the Internet should get their permission first, even if that photo was taken in public. Among young adults 18 to 24, 84 percent agreed — not far from the 90 percent among those 45 to 54. _ Forty percent of adults ages 18 to 24 believe executives should face jail time if their company uses someone's personal information illegally — the same as the response among those 35 to 44 years old.]

FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.

Date Captured

Tuesday April 06, 2010 02:51 PM

[In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks: What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media. For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions. Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly. Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed. Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents. Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.]

DOD nixes vendor of online monitoring software over privacy concerns

Date Captured

Monday December 07, 2009 08:53 PM

Children's Privacy (FTC and many additional federal agencies).

Date Captured

Sunday November 01, 2009 09:40 PM

[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.

Children's Online Privacy Protection Act of 1998

Date Captured

Tuesday March 03, 2009 03:14 PM

TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION ***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA COPPA DEFINITION (LINK HAS FULL COPPA TEXT) (8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including— (A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph. (9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.

Protect Your Kids’ Privacy Online

Date Captured	Tuesday March 03, 2009 03:06 PM
The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law.

How to Protect Kids' Privacy Online: A Guide for Teachers

Date Captured

Wednesday May 23, 2007 09:21 AM

Whether playing, shopping, studying or just surfing, today's kids are taking advantage of all that the web has to offer. But when it comes to their personal information, who's in charge? The Children's Online Privacy Protection Act, enforced by the Federal Trade Commission, requires commercial website operators to get parental consent before collecting any personal information from kids under 13. COPPA allows teachers to act on behalf of a parent during school activities online, but does not require them to do so. That is, the law does not require teachers to make decisions about the collection of their students' personal information. Check to see whether your school district has a policy about disclosing student information. Here's a look at the basic provisions of the law and what they mean for you and your students.

Cyber Bullying

Student Reports of Bullying and Cyber-Bullying: Results From the 2009 School Crime Supplement to the National Crime Victimization Survey

Date Captured

Monday September 05, 2011 01:33 PM

In school year 2008–09, some 7,066,000 U.S. students ages 12 through 18, or 28.0 percent of all such students, reported they were bullied at school, and about 1,521,000, or 6.0 percent, reported they were cyber-bullied anywhere (i.e., on or off school property). eligible for free or reduced-price lunch. Furthermore, the tables use the SCS data to show the relationship between bullying and cyber-bullying victimization and other variables of interest, such as the reported presence of

State Cyberbullying Laws

Date Captured	Wednesday February 09, 2011 09:15 AM
A Brief Review of State Cyberbullying Laws and Policies - Sameer Hinduja, Ph.D. and Justin W. Patchin, Ph.D.; Cyberbullying Research Center

Legal Guide for Bloggers - Electronic Frontier Foundation - EFF

Date Captured

Saturday February 14, 2009 01:51 AM

Wired Safety's Cyberbullying Video part 1 and 2

Date Captured	Thursday January 29, 2009 11:10 AM

Enhancing Child Safety and Online Technologies

Date Captured

Tuesday January 27, 2009 05:45 PM

The Internet Safety Technical Task Force was created in February 2008 in accordance with the Joint Statement on Key Principles of Social Networking Safety announced in January 2008 by the Attorneys General Multi-State Working Group on Social Networking and MySpace. The scope of the Task Force's inquiry was to consider those technologies that industry and end users - including parents - can use to help keep minors safer on the Internet.

Bullies Worse than Predators On Social Networks

Date Captured

Sunday January 18, 2009 07:26 PM

Wired -- Kim Zetter - [encounters online often engage in risky behaviors or come from environments that make them more susceptible to risks, such as environments where there is little adult supervision or where there is drug abuse or physical and mental abuse. "Those who are most at risk often engage in risky behaviors and have difficulties in other parts of their lives. The psychosocial makeup of and family dynamics surrounding particular minors are better predictors of risk than the use of specific media or technologies," the report says. The report also says that although cyberbullying is a greater problem than predators, there is no evidence that bullying has increased because of social networking sites and that bullying still occurs more often offline than online, although social networking sites have created another avenue for expressing it. The report, titled "Enhancing Child Safety & Online Technologies," was commissioned by the National Association of Attorneys General, which is trying to determine the best way to combat cyberthreats against minors. It was produced by a task force headed by the Berkman Center for Internet and Society at Harvard University and is based on reviews of existing research in the area, of which the task force says there's a paucity, as well as an examination of existing tools that offer online safety features.]

Cyber Crime

State Cyberbullying Laws

Date Captured	Wednesday February 09, 2011 09:15 AM
A Brief Review of State Cyberbullying Laws and Policies - Sameer Hinduja, Ph.D. and Justin W. Patchin, Ph.D.; Cyberbullying Research Center

Enhancing Child Safety and Online Technologies

Date Captured

Tuesday January 27, 2009 05:45 PM

Child Porn Laws Used Against Kids Who Photograph Themselves

Date Captured

Thursday January 15, 2009 08:09 PM

Wired -- Kim Zetter -- [In the Pennsylvania case, a school official seized the phone of one of the boys after he was caught using it during school hours in violation of a school rule, according to local police Capt. George Seranko. The official found the picture on the phone, and after some interrogation, discovered that two other girls had also e-mailed photos of themselves in the nude to friends. That's when the school called police, who obtained search warrants to seize the phones and examine them. Police showed the images to the local district attorney, who recommended they bring charges.]

Cyber Security

NSF Funds Research to Enable Distributed, Fair, and Privacy-Preserving Collaboration

Date Captured	Saturday September 25, 2010 04:14 PM
Stevens Institute of Technology: [Hoboken, NJ, September 25, 2010 --(PR.com)-- Dr. Susanne Wetzel, Associate Professor of Computer Science, has recently been awarded a $457K research grant from the National Science Foundation (NSF) to investigate privacy and security in the context of enabling collaboration.]

Cisco 2008 Annual Security Report -- Highlighting Global Security Threats and Trends

Date Captured

Monday December 15, 2008 04:21 PM

[This year's report reveals that online and data security threats continue to increase in number and sophistication. They propagate faster and are more difficult to detect. Key report findings include: Spam accounts for nearly 200 billion messages each day, which is approximately 90 percent of email sent worldwide. The overall number of disclosed vulnerabilities grew by 11.5 percent over 2007. Vulnerabilities in virtualization products tripled to 103 in 2008 from 35 in 2007, as more organizations embraced virtualization technologies to increase cost-efficiency and productivity Over the course of 2008, Cisco saw a 90 percent growth rate in threats originating from legitimate domains; nearly double what the company saw in 2007. Spam due to email reputation hijacking from the top three webmail providers accounted for just under 1 percent of all spam worldwide, but constituted 7.6 percent of all these providers' mail. Fortunately, responses to these threats and trends are improving. Advances in attack response stem from the increased collaboration between vendors and security researchers to review, identify, and combat vulnerabilities.]

When Hackers Attack: Practicing Cybersecurity at Home

Date Captured

Friday December 12, 2008 02:01 PM

Brian Krebs writes [While Barack Obama has selected key members of his national security team—Defense Secretary, National Security Adviser and Secretary of State—there are calls for the president-elect to make another security appointment. The bipartisan Commission on Cybersecurity for the 44th Presidency suggests that there is a dire need to create a National Office for Cyberspace to protect our nation’s most sensitive computer networks. The need for national cyberspace security is a no-brainer, but who is going to protect us from the digital devices that organize our lives and leaves personal information vulnerable to theft? Here, a behind-the-scenes look at how hackers are unearthing the private details of our lives by attacking our web browsers, cell phones, and personal electronics.]

Securing Cyberspace for the 44th Presidency

Date Captured	Monday December 08, 2008 07:24 PM
The report of the CSIS Commission on Cybersecurity for the 44th Presidency -- Cochairs: Representative James R. Langevin, Representative Michael T. McCaul, Scott Charney, Lt. General Harry Raduege, USAF (Ret). Project Director: James A. Lewis, Center for Strategic and International Studies, Washington, DC. December - 2008.

Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment

Date Captured

Wednesday December 03, 2008 04:02 PM

National Academies Press - [All U.S. agencies with counterterrorism programs that collect or "mine" personal data -- such as phone records or Web sites visited -- should be required to evaluate the programs' effectiveness, lawfulness, and impacts on privacy. A framework is offered that agencies can use to evaluate such information-based programs, both classified and unclassified. The book urges Congress to re-examine existing privacy law to assess how privacy can be protected in current and future programs and recommends that any individuals harmed by violations of privacy be given a meaningful form of redress.]

CYBER ANALYSIS AND WARNING - DHS Faces Challenges in Establishing a Comprehensive National Capability

Date Captured

Tuesday September 23, 2008 10:15 AM

GAO 08-588: We recommend that the Secretary of Homeland Security take four actions to fully establish a national cyber analysis and warning capability. Specifically, the Secretary should address deficiencies in each of the attributes identified for Recommendations for Executive Action • monitoring, including establish a comprehensive baseline understanding of the nation’s critical information infrastructure and engage appropriate nonfederal stakeholders to support a national-level cyber monitoring capability; • analysis, including expanding its capabilities to investigate incidents; • warning, including ensuring consistent notifications that are targeted, actionable, and timely; and • response, including ensuring that US-CERT provides assistance in the mitigation of and recovery from simultaneous severe incidents, including incidents of national significance. We also recommend that the Secretary address the challenges that impede DHS from fully implementing the key attributes, including the following 6 items: • engaging appropriate stakeholders in federal and nonfederal entities to determine ways to develop closer working and more trusted relationships; • expeditiously hiring sufficiently trained cyber analysts and developing strategies for hiring and retaining highly qualified cyber analysts; • identifying and acquiring technological tools to strengthen cyber analytical capabilities and handling the steadily increasing workload; developing predictive analysis capabilities by defining terminology, methodologies, and indicators, and engaging appropriate stakeholders in other federal and nonfederal entities; • filling key management positions and developing strategies for hiring and retaining those officials; and • ensuring that there are distinct and transparent lines of authority and responsibility assigned to DHS organizations with cybersecurity roles and responsibilities, including the Office of Cybersecurity and Communications and the National Cybersecurity Center.

"Cybersecurity Recommendations for the Next Administration”

Date Captured	Tuesday September 23, 2008 10:05 AM
Hearing on “Cybersecurity Recommendations for the Next Administration”

One in four data breaches involves schools

Date Captured	Tuesday June 03, 2008 08:34 PM
By Meris Stansbury, Assistant Editor, eSchool News, "Cyber criminals are becoming bolder and more sophisticated in their operations, federal computer security experts say. And that's bad news for schools, because educational institutions reportedly account for approximately one of every four data security breaches."

Understanding Denial-of-Service Attacks

Date Captured

Thursday August 02, 2007 12:26 PM

Cyber Security Tip ST04-015 -- In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting your computer and its network connection, or the computers and network of the sites you are trying to use, an attacker may be able to prevent you from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.

Data Broker

American Student List (ASL)

Date Captured

Monday March 07, 2011 05:39 PM

Student data for sale ONLINE. College Bound High School Students - Over 3 million high school juniors and seniors who have indicated an interest in higher education. Selectable by class year, age, head of household, income, geography and more; Teenage Lifestyle Interests - 5 million individuals ages 14-19. Selectable by self-reported interests in specific areas including sports, scholastic activities, careers, computers and more; College Students - Approximately 5 million students attending numerous colleges and universities. Home and/or school addresses and phone numbers are available. Selectable by class year, field of study, college attended, tuition level, competitive rank and more; College Grads And Alumni - Approximately 17 million College Grads/Alumni. Selectable by school last attended, household income, home ownership and more; Families With Children - 20 million households with the presence of children, tweens and teens (newborn through age 19). Selectable by head of household, income, gender, ethnicity, geography and more. Ethnic Lists - Over 3 million Ethnic Teens, 4.5 million Ethnic Families and 15 million Ethnic Young Adults. Numerous backgrounds are available including Hispanic/Latino, Asian-American, Native-American, African-American and more. Also available — Foreign-Speaking Teens — first- or second-generation teens who speak the language of their ethnic group.

Directory Information Part 1 (WAV file, no text -- it's audio)

Date Captured	Sunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.

COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK

Date Captured	Thursday December 16, 2010 01:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.

“Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

Date Captured

Thursday December 09, 2010 04:45 PM

Online Privacy: What Does It Mean to Parents and Kids?

Date Captured	Friday October 08, 2010 02:07 PM
Zogby International conducted a poll for Common Sense Media, asking both teens and parents about their views of online privacy and how they feel their personal information is being used by websites, social networks, and other online platforms.

Schools Selling Students' Personal Information

Date Captured	Wednesday October 06, 2010 03:17 PM
[KPRC Local 2 investigative reporter Amy Davis obtained the data for thousands of students from the Houston Independent School District simply by asking for it. She shows you how a lot of other people are getting the same information you may not want them to have.]

Letter to: Chairman Boucher and Ranking Member Stearns

Date Captured

Monday June 07, 2010 06:26 PM

On the Leakage of Personally Identi?able Information Via Online Social Networks

Date Captured

Wednesday June 02, 2010 10:01 PM

Balachander Krishnamurthy and Craig E. Wills - [Abstract For purposes of this paper, we de?ne “Personally identi?- able information” (PII) as information which can be used to distinguish or trace an individual’s identity either alone or when combined with other information that is linkable to a speci?c individual. The popularity of Online Social Net- works (OSN) has accelerated the appearance of vast amounts of personal information on the Internet. Our research shows that it is possible for third-parties to link PII, which is leaked via OSNs, with user actions both within OSN sites and else- where on non-OSN sites. We refer to this ability to link PII and combine it with other information as “leakage”. We have identi?ed multiple ways by which such leakage occurs and discuss measures to prevent it.]

DRAFT - Boucher bill

Date Captured	Thursday May 06, 2010 08:34 AM
A BILL : To require notice to and consent of an individual prior to the collection and disclosure of certain personal informa- tion relating to that individual.

Date Captured

Thursday May 06, 2010 08:24 AM

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Instructions for using the Privacy Notice Online Form Builder:

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Date Captured

Thursday April 15, 2010 04:28 PM

FEDERAL RESERVE: 1. Select your form, based on (1) whether you provide an opt out and (2) whether you include affiliate marketing: If you provide an opt out and you want to include affiliate marketing, use Form 1. If you provide an opt out and you do not want to include affiliate marketing, use Form 2. If you do not provide an opt out and you want to include affiliate marketing, use Form 3. If you do not provide an opt out and you do not want to include affiliate marketing, use Form 4. 2. The PDF forms have fillable areas, indicated by the shaded boxes outlined in red. Place your cursor in the box and fill in the appropriate text.]

FACEBOOK: Another Step in Open Site Governance

Date Captured

Thursday April 01, 2010 04:42 PM

Privacy flags raise concern for graduate students

Date Captured

Thursday March 11, 2010 09:24 PM

by Katie Perkowski -[Undergraduate students are not the only ones concerned with personal information available through UK’s online people search — now, graduate students are voicing their concern, too. Members of UK’s graduate school have recently voiced concern about their information like home address and home telephone number being available on the UK Web site without their knowledge, said English teaching assistant Jesslyn Collins-Frohlich.]

Comments of the World Privacy Forum to FTC, Nov. 6, 2009

Date Captured

Thursday December 17, 2009 10:58 PM

DOD nixes vendor of online monitoring software over privacy concerns

Date Captured

Monday December 07, 2009 08:53 PM

GOOD STUDENT LIST FOR SALE

Date Captured

Tuesday November 24, 2009 03:07 PM

Date Captured	Saturday November 21, 2009 01:57 PM
See lists for sale.

Lawmakers probe deeper into privacy

Date Captured

Saturday November 21, 2009 01:16 PM

Federal data breach notification standard must pre-empt state laws

Date Captured

Monday November 16, 2009 08:33 PM

PUBLIC Law, Chapter 230 LD 1183, item 1, 124th Maine State Legislature

Date Captured

Sunday November 08, 2009 10:35 PM

‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’

Date Captured

Thursday November 05, 2009 03:19 PM

H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]

Target-Marketing Becomes More Communal

Date Captured

Thursday November 05, 2009 10:45 AM

WSJ Emily Steel writes [["The data is becoming the most important component for marketers and Web sites. It tells them who their audience is," says Omar Tawakol, chief executive at Blue Kai. Some lawmakers, concerned about Internet privacy, are preparing legislation to make more transparent Web sites' tactics for collecting information on their users. In an effort to fend off legislation, data brokers say, they abide by industry standards and do not collect any personally identifiable information and sensitive data, such as health information. They also tout efforts to make their business practices more transparent to consumers.]

‘‘Personal Data Privacy and Security Act of 2009’’ S. 1490

Date Captured	Wednesday November 04, 2009 02:19 PM
11TH CONGRESS - 1ST SESSION -- S. 1490: To prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.

State says Cambridge Public Schools can't charge $14K for public records

Date Captured

Friday February 13, 2009 03:12 PM

David L. Harris -- GateHouse News Service - [On Nov. 30, 2007, the Chronicle sent a letter requesting directory information, but the request was later denied in a three-page letter from the school’s legal department. After appealing to the state’s supervisor of public records, Alan Cote, the school department sent a letter dated July 11, explaining that the work to compile the directory information would cost $14,426.88. The Chronicle’s sister paper, the Newton TAB, requested the same information from Newton Public Schools around the same time. The school department, which sent the data within three weeks of the request, did not charge the TAB for the information.]

Data Mining

Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act

Date Captured

Friday February 11, 2011 06:04 PM

Guidelines on Security and Privacy in Public Cloud Computing

Date Captured

Friday February 04, 2011 03:36 PM

Directory Information Part 1 (WAV file, no text -- it's audio)

Date Captured	Sunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.

COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK

Date Captured	Thursday December 16, 2010 01:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.

Many States Collect Graduates’ Employment Information, but Clearer Guidance on Student Privacy Requirements Is Needed

Date Captured	Monday December 13, 2010 09:17 AM
GAO-10-927 - GAO recommends that Education clarify means by which states can collect and share graduates’ employment information under the Family Educational Rights and Privacy Act (FERPA) and establish a time frame for doing so. Education agreed with the recommendation.

“Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

Date Captured

Thursday December 09, 2010 04:45 PM

Letter to: Chairman Boucher and Ranking Member Stearns

Date Captured

Monday June 07, 2010 06:26 PM

On the Leakage of Personally Identi?able Information Via Online Social Networks

Date Captured

Wednesday June 02, 2010 10:01 PM

How Unique Is Your Web Browser?

Date Captured

Tuesday May 18, 2010 01:32 PM

DRAFT - Boucher bill

Date Captured	Thursday May 06, 2010 08:34 AM
A BILL : To require notice to and consent of an individual prior to the collection and disclosure of certain personal informa- tion relating to that individual.

Date Captured

Thursday May 06, 2010 08:24 AM

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Instructions for using the Privacy Notice Online Form Builder:

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Date Captured

Thursday April 15, 2010 04:28 PM

Education and Workforce Data Connections: A Primer on States’ Status

Date Captured

Wednesday April 14, 2010 06:16 PM

Data Quality Campaign - [States are currently working to connect education and workforce data, however, states are far from reaching the goal of having data systems that can link across the P-20/Workforce spectrum. To connect these education and workforce databases, states should engage a broad range of stakeholders to: 1. Prioritize, through broad-based stakeholder input, the critical policy questions to drive the development and use of longitudinal data systems. 2. Ensure data systems are interoperable within and across agencies and states by adopting or developing common data standards, definitions and language. 3. Protect personally identifiable information through governance policies and practices that promote the security of the information while allowing appropriate data access and sharing.]

FACEBOOK: Another Step in Open Site Governance

Date Captured

Thursday April 01, 2010 04:42 PM

Sebelius, Solis Announce Nearly $1 Billion Recovery Act Investment in Advancing Use of Health IT, Training Workers for Health Jobs of the Future

Date Captured

Monday February 15, 2010 06:21 PM

WASHINGTON, DC - Health and Human Services Secretary Kathleen Sebelius and Labor Secretary Hilda Solis today announced a total of nearly $1 billion in Recovery Act awards to help health care providers advance the adoption and meaningful use of health information technology (IT) and train workers for the health care jobs of the future. The awards will help make health IT available to over 100,000 hospitals and primary care physicians by 2014 and train thousands of people for careers in health care and information technology. This Recovery Act investment will help grow the emerging health IT industry which is expected to support tens of thousands of jobs ranging from nurses and pharmacy techs to IT technicians and trainers. The over $750 million in HHS grant awards Secretary Sebelius announced today are part of a federal initiative to build capacity to enable widespread meaningful use of health IT. This assistance at the state and regional level will facilitate health care providers' efforts to adopt and use electronic health records (EHRs) in a meaningful manner that has the potential to improve the quality and efficiency of health care for all Americans. Of the over $750 million investment, $386 million will go to 40 states and qualified State Designated Entities (SDEs) to facilitate health information exchange (HIE) at the state level, while $375 million will go to an initial 32 non-profit organizations to support the development of regional extension centers (RECs) that will aid health professionals as they work to implement and use health information technology - with additional HIE and REC awards to be announced in the near future. RECs are expected to provide outreach and support services to at least 100,000 primary care providers and hospitals within two years.

Comments of the World Privacy Forum to FTC, Nov. 6, 2009

Date Captured

Thursday December 17, 2009 10:58 PM

DOD nixes vendor of online monitoring software over privacy concerns

Date Captured

Monday December 07, 2009 08:53 PM

GOOD STUDENT LIST FOR SALE

Date Captured

Tuesday November 24, 2009 03:07 PM

Date Captured	Saturday November 21, 2009 01:57 PM
See lists for sale.

Lawmakers probe deeper into privacy

Date Captured

Saturday November 21, 2009 01:16 PM

Federal data breach notification standard must pre-empt state laws

Date Captured

Monday November 16, 2009 08:33 PM

‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’

Date Captured

Thursday November 05, 2009 03:19 PM

Target-Marketing Becomes More Communal

Date Captured

Thursday November 05, 2009 10:45 AM

Google Becomes Default Location Provider For Firefox

Date Captured

Thursday April 30, 2009 06:47 PM

TechCrunch.com -- Jason Kincaid -- [Google says that the data isn't currently being used for advertising purposes (at least for now), and that this is really about getting location-based functionality deployed to the web. But even without the advertising dollars, there is one very major upside: Google is going to be able to perfect its location database, with millions of users tapping into it on a daily basis. And that database is going to be extremely valuable going forward. ]

F.B.I. and States Vastly Expand DNA Databases

Date Captured

Sunday April 19, 2009 05:40 PM

An Icon That Says They’re Watching You

Date Captured

Thursday March 19, 2009 06:20 PM

NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all. “I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ]

Behavioral Advertising and Privacy

Date Captured	Friday February 13, 2009 01:31 PM
World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources.

Upgraded Biometric Technology Facilitates Visitors' Entry to the United States

Date Captured

Thursday January 15, 2009 07:41 PM

Careful what you search for

Date Captured

Thursday January 01, 2009 05:15 PM

Fortune Jia Lynn Yang [So if you're a 33-year-old working female who lives in New York City and who likes to search for Jimmy Choo pumps, you might see ads for a local shoe store - thanks to the personal information the search engines have about you. "There are many free online tools, but they're not really free," explained Greg Conti, a professor of computer science at West Point and the author of Googling Security: How Much Does Google Know About You? "We end up paying for them with micro-payments of personal information which, in turn, are captured and used for data mining and targeted advertising."]

Minnesota Department of Health Continues to Violate State Law and Individual Privacy

Date Captured	Saturday December 13, 2008 04:29 PM
St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.

2008 Data Mining Report

Date Captured

Monday December 08, 2008 06:18 PM

This report describes DHS programs that meet the definition of data mining required by the Congress in Section 804 of the 9/11 Commission Act, entitled the Federal Agency Data Mining Reporting Act, and summarizes the Privacy Office’s public workshop, Implementing Privacy Protections in Government Data Mining, which was held on July 24-25, 2008. The Report also presents principles for implementing privacy protections in research projects conducted by the DHS Science and Technology Directorate (S&T), the Department’s primary research and development arm. The Principles, which were developed jointly by the Privacy Office and S&T, provide guidance for incorporating privacy protections into privacy-sensitive S&T research and development projects in a manner that supports the DHS mission. [As the Privacy Office’s Data Mining Workshop demonstrated, the term “data mining” can mean different things to different people. One thing is clear, however: regardless of how data mining is defined, data mining research that uses PII can have significant impacts on individual privacy, and those impacts must be addressed. The Department has taken a major step toward this goal by developing its Principles for Implementing Privacy Protections for Research Projects, which will be embedded in new research projects carried out by S&T, whether they involve data mining or not. The Privacy Office looks forward to collaborating with S&T to implement these Principles, so that research critical to the Department’s mission is carried out in a manner that sustains individual privacy.]

Protecting Individual Privacy in the Struggle Against Terrorists: A Framework for Program Assessment

Date Captured

Wednesday December 03, 2008 04:02 PM

In Pictures: Companies That Profit From Your Data

Date Captured	Monday June 23, 2008 03:13 PM
It may be your name, address and phone number. But it's their cash cow. By Andy Greenberg (there are a series of pictures/text with this link

PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information

Date Captured

Wednesday June 18, 2008 05:09 PM

Report: Feds need better privacy protection for data

Date Captured

Wednesday June 18, 2008 05:04 PM

Huge Databases Offer a Research Gold Mine — and Privacy Worries

Date Captured

Tuesday June 03, 2008 08:14 PM

By DAVID GLENN from the issue dated May 9, 2008 Chronicle of Higher Education, "Researchers have used the new databases to study many issues, including which high-school math courses are most important for college success and how exposure to adjunct instructors affects student retention. But the new education databases create obvious challenges for protecting student privacy — which is one reason most states have been slow to build them. Florida's education department takes elaborate steps to 'de-identify' its information before handing it to outside researchers. Despite those efforts, nervous officials in other states look at a system like Florida's and worry about potential violations of the Family Educational Rights and Privacy Act, or Ferpa. In March the U.S. Department of Education proposed new Ferpa regulations that might clarify the ground rules for the use of such databases, but it is far from certain that the new rules will make states more comfortable with the projects." http://chronicle.com -- Section: The Faculty -- Volume 54, Issue 35, Page A10

Data Mining and the Security-Liberty Debate

Date Captured

Monday June 02, 2008 04:57 PM

By Daniel Solove. "Countless discussions about the trade-offs between security and liberty begin by taking a security proposal and then weighing it against what it would cost our civil liberties. Often, the liberty interests are cast as individual rights and balanced against the security interests, which are cast in terms of the safety of society as a whole. Courts and commentators defer to the government's assertions about the effectiveness of the security interest. In the context of data mining, the liberty interest is limited by narrow understandings of privacy that neglect to account for many privacy problems. As a result, the balancing concludes with a victory in favor of the security interest. But as I argue, important dimensions of data mining's security benefits require more scrutiny, and the privacy concerns are significantly greater than currently acknowledged. These problems have undermined the balancing process and skewed the results toward the security side of the scale."

Data Stewardship

NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records

Date Captured

Tuesday January 04, 2011 09:55 PM

SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]

Data-driven Education

Directory Information Part 1 (WAV file, no text -- it's audio)

Date Captured	Sunday December 26, 2010 05:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.

Education and Workforce Data Connections: A Primer on States’ Status

Date Captured

Wednesday April 14, 2010 06:16 PM

DHS

Secretary Napolitano Outlines Five Recommendations To Enhance Aviation Security

Date Captured

Thursday January 07, 2010 07:53 PM

Today's Living on 'Today's THV at 5': Real ID Program

Date Captured	Tuesday December 01, 2009 03:27 PM
Rebecca Buerkle writes - [Twenty-four states have passed laws or resolutions saying they will not comply. Other states that want an extension on the Dec. 31 deadline had until Tuesday to demonstrate they are making progress. But as many as 12 states may not be able to do so, making 36 states non-compliant.]

Testimony of Secretary Janet Napolitano before the House Committee on Homeland Security on DHS, The Path Forward

Date Captured

Wednesday February 25, 2009 03:13 PM

Release Date: February 25, 2009 - The Committee’s platform items: [Improving the governance, functionality, and accountability of the Department of Homeland Security; enhancing security for all modes of transportation; strengthening our Nation: response, resilience, and recovery; shielding the Nation’s critical infrastructure from attacks; securing the homeland and preserving privacy, civil rights, and civil liberties; connecting the dots: intelligence, information sharing, and interoperability; implementing common-sense border and port security; and inspiring minds and developing technology – the future of homeland security. ]

Data Privacy & Integrity Advisory Committee

Date Captured

Tuesday February 03, 2009 05:45 PM

This letter (to Janet Napolitano and John W. Kropf) reflects the consensus recommendations provided by the Data Privacy and Integrity Advisory Committee to the Secretary and Acting Chief Privacy Officer of the Department of Homeland Security (DHS). The Committee’s charter under the Federal Advisory Committee Act is to provide advice on programmatic, policy, operational, administrative, and technological issues relevant to DHS that affect individual privacy, data integrity and other privacy-related issues. The Committee deliberated on and adopted the recommendations set forth below during a public meeting held by teleconference on February 3, 2009. This letter outlines certain key privacy issues currently facing the Department of Homeland Security that the Committee believes the new Administration should review. We recognize that efforts are underway on many of these issues and our intention is to highlight their importance. The letter reflects the consensus view of the members of the Committee.

Upgraded Biometric Technology Facilitates Visitors' Entry to the United States

Date Captured

Thursday January 15, 2009 07:41 PM

DHS office describes how it assesses privacy

Date Captured

Tuesday January 06, 2009 01:48 PM

The FIPPS said in the memo that DHS should: • Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII). • When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII. • Explain the authority that permits DHS to collect PII and the ways it will be used. • Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary. • Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected. • Ensure, as much as possible, that data is accurate, relevant, timely and complete. • Protect PII with appropriate security. • Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.

DHS Announces $48.6 Million in Driver’s License Security Grants

Date Captured

Tuesday December 16, 2008 08:35 PM

The U.S. Department of Homeland Security (DHS) today opened the application period for approximately $48.6 million under the Fiscal Year (FY) 2009 Driver’s License Security Grant Program. These grants support state efforts to prevent terrorism and reduce fraud by improving the reliability and accuracy of identification documents that state governments issue. The FY 2009 Driver’s License Security Grant Program will accept proposals that improve state capabilities consistent with the requirements of the REAL ID final rule. This year’s program also will contain pre-determined target allocation funds to all 56 states and territories instead of the competitively awarded funds issued to states and territories under the FY 2008 REAL ID program funds

2008 Data Mining Report

Date Captured

Monday December 08, 2008 06:18 PM

CYBER ANALYSIS AND WARNING - DHS Faces Challenges in Establishing a Comprehensive National Capability

Date Captured

Tuesday September 23, 2008 10:15 AM

"Cybersecurity Recommendations for the Next Administration”

Date Captured	Tuesday September 23, 2008 10:05 AM
Hearing on “Cybersecurity Recommendations for the Next Administration”

How RFID Tags Could Be Used to Track Unsuspecting People

Date Captured

Thursday September 11, 2008 08:41 PM

Scientific America -- "The new licenses come equipped with radio-frequency identification (RFID) tags that can be read right through a wallet, pocket or purse from as far away as 30 feet. Each tag incorporates a tiny microchip encoded with a unique identification number. As the bearer approaches a border station, radio energy broadcast by a reader device is picked up by an antenna connected to the chip, causing it to emit the ID number. By the time the license holder reaches the border agent, the number has already been fed into a Homeland Security database, and the traveler’s photograph and other details are displayed on the agent’s screen."

Analysis tool exempt from some privacy laws

Date Captured	Wednesday August 20, 2008 12:51 PM
fcw.com reports, "People whose biographic or biometric data is being analyzed by a new Immigration and Customs Enforcement (ICE) data system will not automatically be granted access to their records or be able to review them for accuracy as usually permitted by federal privacy protection laws."

Fliers without ID placed on TSA list

Date Captured

Wednesday August 13, 2008 09:30 PM

USA Today reports, "The Transportation Security Administration has collected records on thousands of passengers who went to airport checkpoints without identification, adding them to a database of people who violated security laws or were questioned for suspicious behavior. The TSA began storing the information in late June, tracking many people who said they had forgotten their driver's license or passport at home. The database has 16,500 records of such people and is open to law enforcement agencies, according to the TSA."

realnightmare.org

Date Captured	Sunday July 20, 2008 06:48 PM
Anti-Real ID website

Jindal Vetoes His Vote

Date Captured	Sunday July 20, 2008 06:12 PM
New Orleans blog, "As a new Republican governor, Jindal signed legislation into law earlier this month that prohibits Louisiana from participating in the very same Real ID Act he voted for as a congressman."

GOVERNOR PATERSON ANNOUNCES AVAILABILITY OF NEW ENHANCED DRIVER LICENSE

Date Captured

Saturday July 19, 2008 11:22 AM

July 9, 2008 PRESS RELEASE excerpts: The EDL can be readily obtained by applying at local DMV offices. Since it is a driver license, it will be easier to carry than a passport, making it especially convenient for those who make frequent or unplanned crossings. The EDL will be valid for up to eight years, the same period as a current drivers license. The new licenses will be clearly distinguishable as a limited use international travel document by the added features of a U.S. flag on the front and the machine readable text on the reverse, both identifying it is an “enhanced” driver license. Each EDL will have various new security features within the document that will help to deter counterfeiting.

Borderline searches and seizures

Date Captured	Friday June 27, 2008 07:34 PM
The Gripe Line \| Ed Foster -- blog response is interesting.

Laptop Searches in Airports Draw Fire at Senate Hearing

Date Captured

Friday June 27, 2008 06:29 PM

NY Times reports, "'If you asked most Americans whether the government has the right to look through their luggage for contraband when they are returning from an overseas trip, they would tell you "yes, the government has that right," ' Senator Russ Feingold, Democrat of Wisconsin, said Wednesday at the hearing of a Senate Judiciary subcommittee.' 'But,' Mr. Feingold continued, 'if you asked them whether the government has a right to open their laptops, read their documents and e-mails, look at their photographs and examine the Web sites they have visited, all without any suspicion of wrongdoing, I think those same Americans would say that the government absolutely has no right to do that.'”

Plan to Fingerprint Foreigners Exiting U.S. Is Opposed

Date Captured

Monday June 23, 2008 03:01 PM

Washington Post reports, "The airline industry and embassies of 34 countries, including the members of the European Union, are urging the U.S. government to withdraw a plan that would require airlines and cruise lines to collect digital fingerprints of all foreigners before they depart the United States, starting in August 2009. Their opposition could trigger a battle with Congress and the Bush administration, which want the new plan established quickly."

Protecting Personal Information: Is the Federal Government Doing Enough?

Date Captured

Wednesday June 18, 2008 06:20 PM

Statement of Ari Schwartz, Vice President Center for Democracy & Technology before the Committee on Homeland Security and Governmental Affairs -- "Current federal laws and policies provide to those agency officials who care about privacy valuable tools to protect personal information in the hands of the federal government. Unfortunately, these laws and policies clearly have not been implemented consistently in a way that prevents indifference or wanton neglect of personal information. Moreover, even diligent officials find gaps in existing laws, especially because those laws, especially the Privacy Act of 1974, have failed to keep pace with technological change. To adequately protect privacy in this digital age, when more information is collected and shared than ever before, both Congress and the Executive Branch will need to work together to close the long-recognized gaps in existing laws and policies. At the same time, both branches must foster the leadership and insist upon the measurement capabilities needed to ensure that existing and new laws and policies are implemented uniformly and diligently."

PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information

Date Captured

Wednesday June 18, 2008 05:09 PM

Report: Feds need better privacy protection for data

Date Captured

Wednesday June 18, 2008 05:04 PM

Bills would give more access to DHS data

Date Captured

Tuesday June 17, 2008 01:17 PM

The Intelligence, Information Sharing and Terrorism Risk Assessment Subcommittee sent the full committee a bill designed to enhance public access to government documents and a measure that would reduce the extent to which DHS classifies documents. The subcommittee also sent the full committee legislation that would require DHS to make greater use of open-source data for intelligence products. In addition, it agreed to a bill that would give state and local authorities greater flexibility in how they use DHS grants to pay analysts at state and local intelligence fusion centers.

DHS wants biometric helping hand

Date Captured	Tuesday June 17, 2008 01:10 PM
Five years after Congress ordered biometric tracking of foreign visitors leaving the United States by land and after spending millions of dollars on planning and testing that yielded limited results, the Homeland Security Department is now seeking the private sector’s help to address the challenge.

Privacy Impact Assessment for the Use of Radio Frequency Identification (RFID) Technology for Border Crossings

Date Captured

Thursday June 05, 2008 10:39 PM

U.S. Customs and Border Protection (CBP) employs Radio Frequency Identification (RFID) Technology that is to be used in cross border travel documents to facilitate the land border primary inspection process. A unique number is embedded in an RFID tag which, in turn, is embedded in each cross border travel document. At the border, the unique number is read wirelessly by CBP and then forwarded through a secured data circuit to back-end computer systems. The back-end systems use the unique number to retrieve personally identifiable information about the traveler. This information is sent to the CBP Officer to assist in the authentication of the identity of the traveler and to facilitate the land border primary inspection process. Multiple border crossing programs use or plan to take advantage of CBP’s vicinity RFID-reader enabled border crossing functionality including CBP’s own trusted traveler programs, the pending Department of State’s (DoS) Passport Card, the Mexican Border Crossing Card, the proposed Enhanced Driver’s License (EDL) offered by various states, tribal enrollment cards that could be developed by various Native American Tribes, and the proposed Enhanced Driver’s Licenses being developed within the various provincial authorities in Canada. DHS, DoS, and States and other entities collect PII from travelers during the enrollment/application process for current or anticipated RFID enabled travel documents. This PII is stored in secured computer systems and is associated with a unique RFID identifier stored in a card the traveler presents during the border crossing process. In order to expedite processing, this unique RFID identifier is transmitted wirelessly from the individual’s RFID enabled card to an RFID reader which triggers the CBP computer systems to retrieve the PII stored in secured back-end systems and pre-position the PII associated with that traveler corresponding to the unique RFID identifier. This automated process enables the CBP Officer to quickly compare the information presented on the computer screen with the information on the travel card and the traveler, and thus enhance security and complete the clearance process faster than if the enrollment information were not available. No personally identifiable information is transmitted via RFID, and the traveler is fully informed of the methods for transmitting and using this information as part of the enrollment process for RFID enabled travel documents.

"REAL ID Implementation Review: Few Benefits, Staggering Costs"

Date Captured

Tuesday June 03, 2008 02:35 PM

EPIC: The final rule includes few protections for individual privacy and security in its massive national identification database. It harms national security by creating yet another “trusted” credential for criminals to exploit. The Department of Homeland Security has faced so many obstacles with the REAL ID system that the agency now plans an implementation deadline of 2017 – nine years later than the 2008 statutory deadline.181 It is an unfunded mandate that would cost billions, with the burden ultimately being placed on the individual taxpayer. Technical experts familiar with the challenges of privacy protection and identification presented the Department of Homeland Security with a variety of recommendations that would have minimized the risks of the REAL ID system. The DHS made some modifications, but left the essential system in place. As REAL ID currently stands, the costs are many and the benefits are few. Public opposition to implementation is understandable.

N.Y. opts for hybrid driver’s licenses

Date Captured

Tuesday June 03, 2008 02:03 PM

Washington Technology reports, "Some of the enhanced licenses have been controversial because of privacy concerns. Washington, which was the first state to begin producing the new licenses, includes a radio frequency identification microchip on the licenses. The RFID chips, which can be read wirelessly from 20 feet to 30 feet away, have been criticized for their potential to be scanned without authorization, risking identity theft and loss of privacy. It is not clear whether New York’s licenses will include the RFID chip. Information was not immediately available from a spokesman for the state Department of Motor Vehicles."

FEMA to manage cellular alert system

Date Captured	Tuesday June 03, 2008 01:58 PM
The alert system, mandated by Congress in the Warning Alert Response Network Act, will allow federal, state and local emergency alerts to be sent by authorized senders. FEMA, as the aggregator, will verify the authenticity of the alerts and pass them to commercial mobile phone providers, who will pass them on to their subscribers.

General Information Technology Access Account Records System (GITAARS) DHS/ALL-004, May 15, 2008, 73 FR 28139

Date Captured

Tuesday June 03, 2008 12:51 PM

In accordance with the Privacy Act of 1974, the Department of Homeland Security is giving notice that it proposes to update a system of records in its inventory. The Department of Homeland Security is updating the General Information Technology Access Account Records System system of records notice to include four new routine uses and to add to the categories of records covered by the system. The first new routine use will allow for information sharing with federal agencies such as the Office of Personnel Management, the Merit Systems Protection Board, Office of Management and Budget, Federal Labor Relations Authority, Government Accountability Office, or the Equal Employment Opportunity Commission when information is requested in the performance of those agencies' official duties. The second routine use will allow for the routine sharing of business information outside of the Department for official purposes. This includes the sharing of business contact information to contacts outside of the Department. The third routine use allows for sharing for the purpose of investigating an alleged or proven act of identity fraud or theft. The fourth routine use allows sharing of information to regulatory and oversight bodies, including auditors, who are responsible for ensuring appropriate use of government resources.

DHS Announces Pre-Travel Authorization Program for U.S.-Bound Travelers from Visa Waiver Countries

Date Captured

Tuesday June 03, 2008 12:47 PM

PRESS RELEASE: “Rather than relying on paper-based procedures, this system will leverage 21st century electronic means to obtain basic information about who is traveling to the U.S.without a visa,” said Homeland Security Secretary Michael Chertoff. “Getting this information in advance enables our frontline personnel to determine whether a visa-free traveler presents a threat, before boarding an aircraft or arriving on our shores. It is a relatively simple and effective way to strengthen our security, and that of international travelers, while helping to preserve an important program for key allies.”

Fact Sheet: Electronic System for Travel Authorization (ESTA)

Date Captured

Tuesday June 03, 2008 12:44 PM

The Department of Homeland Security (DHS) has announced the ESTA Interim Final Rule (IFR), which establishes a new online system that is part of the Visa Waiver Program (VWP) and is required by the Implementing Recommendations of the 9/11 Commission Act of 2007. Once ESTA is mandatory, all nationals or citizens of Visa Waiver Program (VWP) countries who plan to travel to the United States for temporary business or pleasure will require an approved ESTA prior to boarding a carrier to travel by air or sea to the United States under the VWP. The rule does not apply to U.S. citizens traveling overseas.

Privacy Impact Assessment for the Western Hemisphere Travel Initiative Land and Sea Final

Date Captured

Tuesday June 03, 2008 12:32 PM

The Department of Homeland Security (DHS) and U.S. Customs and Border Protection (CBP), in conjunction with the Bureau of Consular Affairs at the Department of State (DOS), published in the Federal Register a final rule to notify the public of how they will implement the Western Hemisphere Travel Initiative (WHTI) for sea and land ports-of entry. The final rule removes the current regulatory exceptions to the passport requirement provided under sections 212(d)(4)(B) and 215(b) of the Immigration and Nationality Act (INA). On August 9, 2007, the DHS Privacy Office issued a Privacy Impact Assessment (PIA) for the proposed rule, which was published in the Federal Register on June 26, 2007, at 72 FR 35088. This PIA updates the earlier PIA for the proposed rule to reflect changes in the WHTI final rule for land and sea ports-of-entry.

Documents Required for Travelers Departing From or Arriving in the United States

Date Captured

Monday June 02, 2008 06:49 PM

The WHTI final rule requires travelers to present a passport or other approved secure document denoting citizenship and identity for all land and sea travel into the United States. WHTI establishes document requirements for travelers entering the United States who were previously exempt, including citizens of the U.S., Canada and Bermuda. These document requirements will be effective June 1, 2009.

Understanding Denial-of-Service Attacks

Date Captured

Thursday August 02, 2007 12:26 PM

DNA

ELSI Panel Addresses Genomics Consent and Privacy at CSHL

Date Captured

Friday May 08, 2009 07:06 PM

GenomeWeb Daily News -- Andrea Anderson-- [For instance, some have expressed concern that even de-identified genetic data could be linked to study participants. Last August, the National Institutes of Health pulled their GWAS data from public databases in response to research suggesting that it might be possible to identify an individual from pooled genetic data. There has also been a great deal of discussion about what information participants should get back from such studies as well as researchers' responsibility for informing subjects about incidental findings. ]

F.B.I. and States Vastly Expand DNA Databases

Date Captured

Sunday April 19, 2009 05:40 PM

What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008

Date Captured

Sunday January 18, 2009 09:39 PM

By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following? Data-processing companies; Insurers; Researchers (in some instances); Hospitals; Doctors (even those not treating you); Law enforcement officials; Public health officials; Federal government.

Genetic Privacy - Individual's Genetic Information - Personal Property Rights

Date Captured

Monday January 12, 2009 08:32 PM

HOUSE BILL 12 -- File Code: Criminal Law - Substantive Crimes Crossfiled with: SENATE BILL 54 - Prohibiting a person from knowingly collecting, analyzing, or retaining a DNA sample from an individual, performing a DNA analysis, or retaining or disclosing the results of a DNA analysis without written informed consent; exempting the collection and analysis of DNA samples for specified purposes from the prohibition; providing that the DNA sample and the results of the DNA analysis are the exclusive property of the individual from whom the sample is collected; etc.

Minnesota Department of Health Continues to Violate State Law and Individual Privacy

Date Captured	Saturday December 13, 2008 04:29 PM
St. Paul/Minneapolis – Concerned parents and the Citizens’ Council on Health Care (CCHC) called on Governor Tim Pawlenty to require his Commissioner of Health to cease and desist the warehousing of newborn blood and baby DNA without informed, written parent consent.

eBehavioral Advertising

An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications

Date Captured

Monday January 03, 2011 09:11 PM

Dongseok Jang; Ranjit Jhala; Sorin Lerner; Hovav Shacham - Dept. of Computer Science and Engineering University of California, San Diego, USA : {d1jang,jhala,lerner,hovav}@cs.ucsd.edu --[Our JavaScript information ?ow framework found many interesting privacy-violating infor- mation ?ows including 46 cases of real history sni?ng over the Alexa global top 50,000 websites, despite some incom- pleteness. One direction for future work is a larger scale study on privacy-violating information ?ows. Such a study could per- form a deeper crawl of the web, going beyond the front- pages of web sites, and could look at more kinds of privacy- violating information ?ows. Moreover, we would also like to investigate the prevalence of security attacks led by privacy- violating information ?ows like phishing and request forgery] [...we believe that with careful and extensive engineering e?orts, there is a possibility that our framework could lead to a practical protection mechanism.]

“Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

Date Captured

Thursday December 09, 2010 04:45 PM

html5

Date Captured	Wednesday October 20, 2010 07:42 PM
HTML5 is a new version of HTML and XHTML. The HTML5 draft specification defines a single language that can be written in HTML and XML. It attempts to solve issues found in previous iterations of HTML and addresses the needs of Web Applications, an area previously not adequately covered by HTML.

On the Leakage of Personally Identi?able Information Via Online Social Networks

Date Captured

Wednesday June 02, 2010 10:01 PM

How Unique Is Your Web Browser?

Date Captured

Tuesday May 18, 2010 01:32 PM

Date Captured

Thursday May 06, 2010 08:24 AM

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?

Date Captured	Monday April 26, 2010 08:32 PM
Facebook’s Privacy Policy. This policy contains eight sections: 1. Introduction; 2. Information We Receive; 3. Information You Share With Third Parties; 4. Sharing Information on Facebook; 5. How We Use Your Information; 6. How We Share Information; 7. How You Can View, Change, or Remove Information; 8. How We Protect Information; 9. Other Terms.

Date Captured

Thursday April 15, 2010 06:12 PM

Updated and Corrected: E-Book Buyer's Guide to Privacy

Date Captured

Thursday December 31, 2009 03:20 PM

Electronic Frontier Foundation -- [A few weeks ago, EFF published its first draft of a Buyer's Guide to E-Book Privacy. In that first draft we incorporated the actual language of the privacy policies as much as possible, which unfortunately created some confusion since companies generally use different language to address similar issues. We also did a few other things clumsily. First, we've re-written many of the questions and answers to provide more clarity about the behavior of each e-reader. Second, we've tried point out where companies' privacy policies themselves are unclear on particular issues. And finally, we've made the whole thing easier to read by changing its visual layout. This guide continues to be a work in progress.

Date Captured	Monday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.

Target-Marketing Becomes More Communal

Date Captured

Tuesday November 24, 2009 03:07 PM

Date Captured

Thursday November 05, 2009 10:45 AM

Americans Reject Tailored Advertising and Three Activities that Enable It

Date Captured

Monday October 05, 2009 07:01 PM

[First, federal legislation ought to require all websites to integrate the P3P protocols into their privacy policies. That will provide a web-wide computerreadable standard for websites to communicate their privacy policies automatically to people’s computers. Visitors can know immediately when they get to a site whether they feel comfortable with its information policy. An added advantage of mandating P3P is that the propositional logic that makes it work will force companies to be straightforward in presenting their positions about using data. It will greatly reduce ambiguities and obfuscations about whether and where personal information is taken. · Second, federal legislation ought to mandate data-flow disclosure for any entity that represents an organization online. The law would work this way: When an internet user begins an online encounter with a website or commercial email, that site or email should prominently notify the person of an immediately accessible place that will straightforwardly present (1) exactly what information the organization collected about that specific individual during their last encounter, if there was one; (2) whether and how that information was linked to other information; (3) specifically what other organizations, if any, received the information; and (4) what the entity expects will happen to the specific individual’s data during this new (or first) encounter. Some organizations may then choose to allow the individuals to negotiate which of forthcoming data-extraction, manipulation and sharing activities they will or won’t allow for that visit. · Third, the government should assign auditing organizations to verify through random tests that both forms of disclosure are correct—and to reveal the results at the start of each encounter. The organizations that collect the data should bear the expense of the audits. Inaccuracies should be considered deceptive practices by the Federal Trade Commission. The three proposals follow the widely recognized Federal Trade Commission goals of providing users with access, notice, choice, and security over their information. Companies will undoubtedly protest that these activities might scare people from allowing them to track information and raise the cost of maintaining databases about people online. One response is that people, not the companies, own their personal information. Another response is that perhaps consumers’ new analyses of the situation will lead them to conclude that such sharing is not often in their benefit. If that happens, it might lead companies that want to retain customers to change their information tracking-and-sharing approaches. The issues raised here about citizen understanding of privacy policies and data flow are already reaching beyond the web to the larger digital interactive world of personal video recorders (such as TiVo), cell phones, and personal digital assistants. At a time when technologies to extract and manipulate consumer information are becoming ever-more complex, citizens’ ability to control their personal information must be both more straightforward and yet more wide-ranging than previously contemplated.]Turow, Joseph, King, Jennifer, Hoofnagle, Chris Jay, Bleakley, Amy and Hennessy, Michael, Americans Reject Tailored Advertising and Three Activities that Enable It (September 29, 2009). Available at SSRN: http://ssrn.com/abstract=1478214

Americans Don't Like Being Tracked on Web

Date Captured	Monday October 05, 2009 06:21 PM
[The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.]

In the garden of Google and evil

Date Captured

Monday May 11, 2009 05:55 PM

Computer World - Robert L. Mitchell -- [As the focus by regulators and privacy advocates intensifies, Google should take a leadership role in developing pro-consumer privacy laws and best practices. If it doesn't, Google could eventually lose the good will it has with its users, and regulators could make it the poster boy for privacy on the Web. Google need look no further than Microsoft to see how quickly public opinion can change for a defacto monopoly. ]

Location-based service

Date Captured	Thursday April 30, 2009 10:12 PM
Wiki - [A location-based service (LBS) is an information and entertainment service, accessible with mobile devices through the mobile network and utilizing the ability to make use of the geographical position of the mobile device]

Google Becomes Default Location Provider For Firefox

Date Captured

Thursday April 30, 2009 06:47 PM

IE8's Cumbersome Privacy Controls May Discourage Use

Date Captured

Monday March 23, 2009 04:06 PM

Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport. The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.]

An Icon That Says They’re Watching You

Date Captured

Thursday March 19, 2009 06:20 PM

A Call to Legislate Internet Privacy

Date Captured

Monday March 16, 2009 10:31 AM

NY Times Saul Hansell writes [“Internet users should be able to know what information is collected about them and have the opportunity to opt out,” he said. While he hasn’t written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That’s not a big change from what happens now, at least on most big sites. But in what could be a big change from current practice, Mr. Boucher wants sites to get explicit permission from users — an “opt in” — if they are going to share information with other companies.]

Advertisers Get a Trove of Clues in Smartphones

Date Captured

Wednesday March 11, 2009 03:05 PM

NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates. “It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]

Google to Offer Ads Based on Interests

Date Captured

Wednesday March 11, 2009 03:00 PM

NY Times MIGUEL HELFT writes [Google will use a cookie, a small piece of text that resides inside a Web browser, to track users as they visit one of the hundreds of thousands of sites that show ads through its AdSense program. Google will assign those users to categories based on the content of the pages they visit. For example, a user may be pegged as a potential car buyer, sports enthusiast or expectant mother. Google will then use that information to show people ads that are relevant to their interests, regardless of what sites they are visiting. An expectant mother may see an ad about baby products not only on a parenting site but also, for example, on a sports or fashion site that uses AdSense or on YouTube, which is owned by Google.]

PRIVACY AND DATA PROTECTION

Date Captured

Wednesday March 11, 2009 02:42 PM

The Business Forum for Consumer Privacy (BFCP)--a coalition of companies including Microsoft, Google and HP released a whitepaper intended to start a discussion about governing information collection and use. The BFCP says the current U.S. approach, which holds consumers responsible for how their private information is used, is not sufficient in the information economy. In the whitepaper, the forum proposes an alternative approach toward securing private data: a "use-and-obligations" model. This model, the authors say, draws upon the OECD Guidelines and the APEC Privacy Framework, and outlines five categories of data use: fulfillment, marketing, internal business operations, antifraud and authentication, and external legal and public good. Forum members say a use-and-obligations model will better address ways in which information is collected and used in the twenty-first century.

ONLINE BEHAVIORAL ADVERTISING: A CHECKLIST OF PRACTICES THAT IMPACT CONSUMER TRUST

Date Captured

Wednesday March 04, 2009 03:09 PM

Truste white paper -- [Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas:4 Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses. Notices about ad-serving and behavioral targeting being provided in banner ads or on home pages, in addition to within a privacy policy. Choice being provided not only for the sharing of ad-serving data, but with regard to data use by a single company to tailor ads on its own sites. The establishment of specific data retention policies and anonymization techniques for log-file data.]

Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting

Date Captured

Wednesday March 04, 2009 03:05 PM

Behavioral advertising still represents un-charted territory, without clearly applicable laws or regulations. In February, the Federal Trade Commission (FTC) published a set of guidelines (titled “Self-Regulatory Principles for Online Behavioral Advertising”) for companies collecting information on the actions of Internet users for the purpose of providing targeted advertising to them. The principles encourage self-regulatory action on the part of the companies themselves, specifically encouraging transparency and customer control, reasonable security and limited data retention for customer data. These principles have been criticized by privacy advocates, who assert that government should impose stricter laws rather than relying on companies to self regulate.

Cable Companies Target Commercials to Audience

Date Captured

Wednesday March 04, 2009 02:53 PM

NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian. Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.) Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car. Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]

YouTube's new 'nocookie' feature continues to serve cookies

Date Captured

Tuesday March 03, 2009 03:20 PM

CNET -- Chris Soghoian says [ Those in the privacy community will likely pounce on this as evidence of Google's hypocrisy, while Google will likely respond by carefully parsing the definition of the phrase "non-session cookie" to not include Flash-cookie objects. Google might even even argue that its Flash-based cookies do not contain unique tracking information (something this blogger is unable to verify, since the Adobe Flash Manager only allows you to delete, but not view the contents of a Flash cookie). One thing is clear. YouTube has advertised a new delayed cookie feature, and stated that it "does not send a cookie until the visitor plays the video." That message is further reinforced by the fact that the new cookie-lite embedded video players are served from a different domain name, youtube-nocookie.com. Yet a user visiting a page that includes one of these "delayed cookie" videos still ends up with a long term, non-session Flash cookie hidden away in the depths of their browser. Technical definitions of "cookie" versus "Flash cookie" aside, YouTube's "delayed cookie" feature simply fails to deliver on the company's promises.] ]

Behavioral Advertising and Privacy

Date Captured	Friday February 13, 2009 01:31 PM
World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources.

FTC Staff Revises Online Behavioral Advertising Principles

Date Captured

Thursday February 12, 2009 06:19 PM

The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected – including sensitive information regarding health, finances, or children – could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC’s overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace.

Ad groups to develop voluntary marketing privacy guidelines

Date Captured

Wednesday January 14, 2009 07:46 PM

Daily News Alert - [The announcement of the joint effort took place on the same day that two consumer advocacy groups, the Center for Digital Democracy and the U.S. Public Interest Research Group, asked the FTC to investigate behavioral targeting practices aimed at users of mobile phones and requested regulations to make it easier for mobile phone users to control how information about them is used.]

"Cleaning Up After Cookies"

Date Captured

Tuesday January 06, 2009 03:26 PM

Kate McKinley, a researcher at iSec Partners writes [Modern web browsers and plugins are rapidly expanding web developers’ ability to store data on users’ systems, while simultaneously adding features which allow users the perception of more control over that data. Users need to be confident that their perceptions match reality. Unfortunately, the privacy modes offered by browsers are still evolving (several are only available as betas), and none remove all the tracking data users might expect them to block. A tool was created to set and report on different data stores. This paper presents the findings from running this tool using several major browsers with two plug-ins across three common operating systems. We find current browsers are unable to extend tracking protection to third party plug-ins such as Google Gears and Adobe Flash. Some of these require no user prompting under common configurations and even expose tracking data saved with one browser sites visited by a different browser. We also recommend approaches for solving these problems.]

Careful what you search for

Date Captured

Thursday January 01, 2009 05:15 PM

Why Obama should ditch YouTube

Date Captured

Sunday December 14, 2008 09:35 PM

Christopher Soghoian, a student fellow at Harvard University's Berkman Center for Internet and Society and PhD candidate at Indiana University's School of Informatics blogs [The privacy risks aren't just limited to YouTube. Just a week ago, Dan Goodin at The Register criticized the use of the Google Analytics Web-tracking code in the Change.gov site--which also sets a permanent tracking cookie. Although he mostly focused on security risks, and not privacy-related threats, he blasted Obama's Web design team, stating that: The failure of Obama's Webmasters to follow anything remotely like best practices is more than a little troubling because it suggests they don't fully grasp the security realities of living in a Web 2.0 world. Eight years ago, the issue of cookies tracking users on government sites was a fairly big issue in tech policy circles, drawing the attention of those in Congress. Eventually, the Office of Management and Budget issued a directive that forbid the use of persistent cookies on federal agency sites. The Obama team's use of both YouTube and Google Analytics raises serious privacy concerns and likely clashes with the OMB directive.]

Education Policy

Education and Workforce Data Connections: A Primer on States’ Status

Date Captured

Wednesday April 14, 2010 06:16 PM

Education Reporting Systems

Sunguard

Date Captured

Saturday November 21, 2009 01:02 PM

Electronic Health Records (EHR)

Sebelius, Solis Announce Nearly $1 Billion Recovery Act Investment in Advancing Use of Health IT, Training Workers for Health Jobs of the Future

Date Captured

Monday February 15, 2010 06:21 PM

Personal Health Information Privacy

Date Captured	Sunday January 10, 2010 04:42 PM
News about medical and electronic health privacy risk.

ELSI Panel Addresses Genomics Consent and Privacy at CSHL

Date Captured

Friday May 08, 2009 07:06 PM

Behavioral Advertising and Privacy

Date Captured	Friday February 13, 2009 01:31 PM
World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources.

FTC Online Privacy Guidelines Faulted

Date Captured

Friday February 13, 2009 01:11 PM

E P I C A l e r t - Volume 16.02 - February 10, 2009

Date Captured	Thursday February 12, 2009 11:42 PM
[1] Medical Privacy Moves Forward in Congress - [2] Civil Society Launches Campaign for Privacy Convention - [3] National Academies Report Calls for New Approach to Medical -Privacy - [4] President Obama Promotes Open Government [5] Report - Google Latitude Poses Significant Privacy Risks [6] News in Brief [7] EPIC Bookstore: "The Dark Side" [8] Upcoming Conferences and Events

U.S. stimulus bill pushes e-health records for all

Date Captured

Thursday February 12, 2009 07:29 PM

Declan McCullagh - [The U.S. Senate on Tuesday approved an $838 billion "stimulus" bill by a 61-37 vote, capping more than a week of political sparring between critics of the measure and President Obama, who claimed during a press conference that an "economic emergency" made it necessary. What didn't come up during the president's first press conference was how one section of the convoluted legislation--it's approximately 800 pages total--is intended to radically reshape the nation's medical system by having the government establish computerized medical records that would follow each American from birth to death. Billions will be handed to companies creating these databases. Billions will be handed to universities to incorporate patient databases "into the initial and ongoing training of health professionals." There's a mention of future "smart card functionality." Yet nowhere in this 140-page portion of the legislation does the government anticipate that some Americans may not want their medical histories electronically stored, shared, and searchable. Although a single paragraph promises that data-sharing will "be voluntary," there's no obvious way to opt out. "Without those protections, Americans' electronic health records could be shared--without their consent--with over 600,000 covered entities through the forthcoming nationally linked electronic health records network," said Sue Blevins, president of the Institute for Health Freedom, a nonprofit group that advocates health care privacy.]

DOD’s and VA’s Sharing of Information

Date Captured

Friday January 30, 2009 10:11 AM

(GAO-09-268) In the more than 10 years since DOD and VA began collaborating to electronically share health information, the two departments have increased interoperability. Nevertheless, while the departments continue to make progress, the manner in which they report progress—by reporting increases in interoperability over time—has limitations. These limitations are rooted in the departments’ plans, which identify interoperable capabilities to be implemented, but lack the results-oriented (i.e., objective, quantifiable, and measurable) goals and associated performance measures that are a necessary basis for effective management. Without establishing results-oriented goals, then reporting progress using measures relative to the established goals, the departments and their stakeholders do not have the comprehensive picture that they need to effectively manage their progress toward achieving increased interoperability. Further constraining the departments’ management effectiveness is their slow pace in addressing our July 2008 recommendation related to setting up the interagency program office that Congress called for to function as a single point of accountability in the development and implementation of electronic health record capabilities.

Rethinking the Role of Consent in Protecting Health Information Privacy

Date Captured

Tuesday January 27, 2009 09:52 AM

What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008

Date Captured

Sunday January 18, 2009 09:39 PM

Institute for Health Freedom (IHF)

Date Captured	Sunday January 18, 2009 09:32 PM
Health Freedom Watch (Email newsletter published by the Institute for Health Freedom) January 2009 -- Contents: Economic Stimulus Package and Your Health Privacy ; HHS Secretary Confirmation Hearing: Questions Remain about How to Pay for Proposed Health-Care Expansions; Lead Plaintiff in Medicare Lawsuit Asks for a Temporary Restraining Order and Preliminary Injunction against SSA and HHS.]

Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill

Date Captured

Sunday January 18, 2009 05:59 PM

Privacy Issue Complicates Push to Link Medical Data

Date Captured

Sunday January 18, 2009 05:39 PM

NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.” The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives. “Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]

Obama adds health IT to economic stimulus package

Date Captured

Friday December 19, 2008 07:34 PM

Published on December 8, 2008 -- Government Health IT Paul McCloskey writes [The Wired bill, which failed to pass the Senate this summer, created incentives for health IT adoption and addressed several privacy problems that had long delayed the bill. Obama’s address followed remarks a day earlier by Sen. Tom Daschle, the designated Secretary of the Department of Health and Human Services. The transition team will manage a series of “health care community discussions,” to run from Dec. 15 to Dec. 30, that will solicit opinions on health care reform directly from the public. The meetings will be modeled on the Obama election campaign, which took advantage of the Internet to solicit support directly from the public. Obama's Internet site asks people to submit ideas for how to improve the health care system.]

HHS -- Health Information Technology

Date Captured	Thursday December 18, 2008 05:18 PM

Secretary Leavitt Announces New Principles, Tools to Protect Privacy, Encourage More Effective Use of Patient Information to Improve Care

Date Captured

Thursday December 18, 2008 05:11 PM

The privacy principles articulated by Secretary Leavitt are as follows: Individual Access – Consumers should be provided with a simple and timely means to access and obtain their personal health information in a readable form and format. Correction – Consumers should be provided with a timely means to dispute the accuracy or integrity of their personal identifiable health information, and to have erroneous information corrected or to have a dispute documented if their requests are denied. Consumers also should be able to add to and amend personal health information in products controlled by them such as personal health records (PHRs). Openness and Transparency -- Consumers should have information about the policies and practices related to the collection, use and disclosure of their personal information. This can be accomplished through an easy-to-read, standard notice about how their personal health information is protected. This notice should indicate with whom their information can or cannot be shared, under what conditions and how they can exercise choice over such collections, uses and disclosures. In addition, consumers should have reasonable opportunities to review who has accessed their personal identifiable health information and to whom it has been disclosed. Individual Choice -- Consumers should be empowered to make decisions about with whom, when, and how their personal health information is shared (or not shared). Collection, Use, and Disclosure Limitation – It is important to limit the collection, use and disclosure of personal health information to the extent necessary to accomplish a specified purpose. The ability to collect and analyze health care data as part of a public good serves the American people and it should be encouraged. But every precaution must be taken to ensure that this personal health information is secured, deidentified when appropriate, limited in scope and protected wherever possible. Data Integrity – Those who hold records must take reasonable steps to ensure that information is accurate and up-to-date and has not been altered or destroyed in an unauthorized manner. This principle is tightly linked to the correction principle. A process must exist in which, if consumers perceive a part of their record is inaccurate, they can notify their provider. Of course the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule provides consumers that right, but this principle should be applied even where the information is not covered by the Rule. Safeguards – Personal identifiable health information should be protected with reasonable administrative, technical, and physical safeguards to ensure its confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access, use, or disclosure. Accountability – Compliance with these principles is strongly encouraged so that Americans can realize the benefit of electronic health information exchange. Those who break rules and put consumers’ personal health information at risk must not be tolerated. Consumers need to be confident that violators will be held accountable.

The Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information

Date Captured

Thursday December 18, 2008 04:56 PM

The principles of the Nationwide Privacy and Security Framework for Electronic Exchange of Individually Identifiable Health Information below establish a single, consistent approach to address the privacy and security challenges related to electronic health information exchange through a network for all persons, regardless of the legal framework that may apply to a particular organization. The goal of this effort is to establish a policy framework for electronic health information exchange that can help guide the Nation’s adoption of health information technologies and help improve the availability of health information and health care quality. The principles have been designed to establish the roles of individuals and the responsibilities of those who hold and exchange electronic individually identifiable health information through a netwo

Electronic Records

HHS Names David Blumenthal As National Coordinator for Health Information Technology

Date Captured

Saturday March 21, 2009 01:00 PM

The American Recovery and Reinvestment Act includes a $19.5 billion investment in health information technology, which will save money, improve quality of care for patients, and make our health care system more efficient. Dr. Blumenthal will lead the effort at HHS to modernize the health care system by catalyzing the adoption of interoperable health information technology by 2014 thereby reducing health costs for the federal government by an estimated $12 billion over 10 years.

Lost Cellphone? Your Carrier Has Your Backup

Date Captured

Wednesday February 25, 2009 08:28 PM

Wall Street Journal - Mossberg Solution - KATHERINE BOEHRET [By the time you've left your cellphone in a taxi or dropped it into a pot of soup, it's too late. All those phone numbers you had at your finger tips -- your best friend, your boss, your mom -- are gone. (Well, maybe you'll remember Mom's.) Some companies have tried to soothe backup concerns with gadgets like the $50 Backup-Pal from Advanced Wireless Solutions LLC, or wireless services like Skydeck. But for many for people, it's just as easy to ignore the risk.]

Enhanced DL

Today's Living on 'Today's THV at 5': Real ID Program

Date Captured	Tuesday December 01, 2009 03:27 PM
Rebecca Buerkle writes - [Twenty-four states have passed laws or resolutions saying they will not comply. Other states that want an extension on the Dec. 31 deadline had until Tuesday to demonstrate they are making progress. But as many as 12 states may not be able to do so, making 36 states non-compliant.]

Video: Hacker war drives San Francisco cloning RFID passports

Date Captured	Tuesday February 03, 2009 07:21 PM
Thomas Ricker - [Chris recently drove around San Francisco reading RFID tags from passports, driver licenses, and other identity documents. In just 20 minutes, he found and cloned the passports of two very unaware US citizens.]

How RFID Tags Could Be Used to Track Unsuspecting People

Date Captured

Thursday September 11, 2008 08:41 PM

Enhanced driver's license program a "threat" to privacy

Date Captured	Wednesday August 13, 2008 08:12 PM
ITBusiness reports, "Despite widespread privacy concerns, several Canadian provinces are pushing through with the implementation of the enhanced driver's license (EDL) scheme that seeks to link U.S.-Canada border security measures."

Enhanced Driver’s Licenses Coming Your Way…

Date Captured

Sunday July 27, 2008 05:01 PM

Steven A. Culbreath, Esq. blogs, "DHS has worked to align REAL ID and EDL requirements. EDLs that are developed consistent with the requirements of REAL ID can be used for official purposes such as accessing a Federal facility, boarding Federally-regulated commercial aircraft, and entering nuclear power plants." And... "While the REAL ID requires proof of legal status in the U.S., the state issued EDL will require that the card holder be a U.S. citizen."

realnightmare.org

Date Captured	Sunday July 20, 2008 06:48 PM
Anti-Real ID website

GOVERNOR PATERSON ANNOUNCES AVAILABILITY OF NEW ENHANCED DRIVER LICENSE

Date Captured

Saturday July 19, 2008 11:22 AM

E-Reader

Updated and Corrected: E-Book Buyer's Guide to Privacy

Date Captured

Thursday December 31, 2009 03:20 PM

FAA

Review: Federal program used to hide flights from public

Date Captured

Tuesday April 13, 2010 08:22 PM

Fair Information Practice

Some questions raised over release of student info (North Dakota)

Date Captured

Tuesday March 08, 2011 04:54 PM

[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]

Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act

Date Captured

Friday February 11, 2011 06:04 PM

NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records

Date Captured

Tuesday January 04, 2011 09:55 PM

COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK

Date Captured	Thursday December 16, 2010 01:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.

html5

Date Captured	Wednesday October 20, 2010 07:42 PM
HTML5 is a new version of HTML and XHTML. The HTML5 draft specification defines a single language that can be written in HTML and XML. It attempts to solve issues found in previous iterations of HTML and addresses the needs of Web Applications, an area previously not adequately covered by HTML.

Schools Selling Students' Personal Information

Date Captured	Wednesday October 06, 2010 03:17 PM
[KPRC Local 2 investigative reporter Amy Davis obtained the data for thousands of students from the Houston Independent School District simply by asking for it. She shows you how a lot of other people are getting the same information you may not want them to have.]

Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information

Date Captured	Tuesday September 28, 2010 02:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.

Letter to: Chairman Boucher and Ranking Member Stearns

Date Captured

Monday June 07, 2010 06:26 PM

Delta College trustees won't add more student information to campus directory

Date Captured

Thursday March 18, 2010 01:34 PM

By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]

CDT- Updating the Privacy Act of 1974 -

Date Captured

Tuesday March 16, 2010 09:16 PM

[Updating the Privacy Act of 1974 June 5, 2009 government-wide push toward the development of policies and practices to protect the information of citizens and other individuals. While the underlying framework of the law, rooted in the principles of Fair Information Practices (FIPs), is still sound, the thirty-five year-old wording of the Act renders it ill-equipped to meet many of the privacy challenges posed by modern information technology. 1) Updating the Privacy Act of 1974 2) Fair Information Practices are Central 3) The Creation of Federal Privacy Leadership 4) Updating Definitions to Match Changing Data Practices 5) Strengthening Privacy Notices

THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’

Date Captured

Sunday January 31, 2010 10:03 PM

Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices"

Date Captured	Thursday January 07, 2010 06:04 PM
State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" -- Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.]

Comments of the World Privacy Forum to FTC, Nov. 6, 2009

Date Captured

Thursday December 17, 2009 10:58 PM

Date Captured	Monday December 14, 2009 05:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.