education new york online education new york online education new york online
Today's Info Policy News
Weekly Archive
Information Policy
Protecting your children's privacy: The Facts
contact us
site map
With the exact phrase
With all of the words
With at least one of the words
Without these words
Within these fields         
Date range limit

      Pick Date
Item(s) found: 55
INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace
Date CapturedThursday November 21 2013, 2:23 PM
What GAO Recommends: Congress should consider strengthening the consumer privacy framework to reflect the effects of changes in technology and the increased market for consumer information. Any changes should seek to provide consumers with appropriate privacy protections without unduly inhibiting commerce and innovation. The Department of Commerce agreed that strengthened privacy protections could better protect consumers
FTC to Study Data Broker Industry’s Collection and Use of Consumer Data
Date CapturedTuesday December 18 2012, 1:44 PM
The nine data brokers receiving orders from the FTC are: 1) Acxiom, 2) Corelogic, 3) Datalogix, 4) eBureau, 5) ID Analytics, 6) Intelius, 7) Peekyou, 8) Rapleaf, and 9) Recorded Future. The FTC is seeking details about: the nature and sources of the consumer information the data brokers collect; how they use, maintain, and disseminate the information; and the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.
OHIO 3319.321 Confidentiality
Date CapturedThursday March 10 2011, 2:40 PM
Ohio Revised Code » Title [33] XXXIII EDUCATION (A) No person shall release, or permit access to, the directory information concerning any students attending a public school to any person or group for use in a profit-making plan or activity. Notwithstanding division (B)(4) of section 149.43 of the Revised Code, a person may require disclosure of the requestor’s identity or the intended use of the directory information concerning any students attending a public school to ascertain whether the directory information is for use in a profit-making plan or activity.
Some questions raised over release of student info (North Dakota)
Date CapturedTuesday March 08 2011, 4:54 PM
[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]
Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act
Date CapturedFriday February 11 2011, 6:04 PM
Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information. • Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers' options regarding those practices. • Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices. • Require companies to obtain "opt-in" consent to disclose information to a third party. In the bill, the term, "third party" would be defined based on consumers' reasonable expectations rather than corporate structure. • Establish a "safe harbor" that would exempt companies from the "opt-in" consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC. • Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information. • Require companies to have reasonable procedures to secure information and to retain personal information only as long as it's necessary to fulfill a legitimate business or law enforcement need.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Date CapturedTuesday January 04 2011, 9:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}
Directory Information Part 1 (WAV file, no text -- it's audio)
Date CapturedSunday December 26 2010, 5:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Date CapturedSunday December 26 2010, 5:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
Date CapturedThursday December 16 2010, 1:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.
Date CapturedWednesday October 20 2010, 7:42 PM
HTML5 is a new version of HTML and XHTML. The HTML5 draft specification defines a single language that can be written in HTML and XML. It attempts to solve issues found in previous iterations of HTML and addresses the needs of Web Applications, an area previously not adequately covered by HTML.
Schools Selling Students' Personal Information
Date CapturedWednesday October 06 2010, 3:17 PM
Link to stories about schools selling student information
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Date CapturedFriday October 01 2010, 7:22 PM
To appear at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10) William Enck, Peter Gilbert Byung-Gon Chun,Landon P. Cox , Jaeyeon Jung, Patrick McDaniel Anmol N. Sheth at CONCLUSION: While some mobile phone operating systems allow users to control applications’ access to sensitive informa- tion, such as location sensors, camera images, and con- tact lists, users lack visibility into how applications use their private data. To address this, we present TaintDroid, an ef?cient, system-wide information ?ow tracking tool that can simultaneously track multiple sources of sensi- tive data. A key design goal of TaintDroid is ef?ciency, and TaintDroid achieves this by integrating four gran- ularities of taint propagation (variable-level, message- level, method-level, and ?le-level) to achieve a 14% per- formance overhead on a CPU-bound microbenchmark. We also used our TaintDroid implementation to study the behavior of 30 popular third-party applications, cho- sen at random from the Android Marketplace. Our study revealed that two-thirds of the applications in our study exhibit suspicious handling of sensitive data, and that 15 of the 30 applications reported users’ locations to remote advertising servers. Our ?ndings demonstrate the effec- tiveness and value of enhancing smartphone platforms with monitoring tools such as TaintDroid.
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Date CapturedTuesday September 28 2010, 2:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
Letter to: Chairman Boucher and Ranking Member Stearns
Date CapturedMonday June 07 2010, 6:26 PM
Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off. The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns. The groups recommended the following: *The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data. *The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records." *The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
FACEBOOK: Another Step in Open Site Governance
Date CapturedThursday April 01 2010, 4:42 PM
Michael Richter - Friday, March 26, 2010 at 12:04pm - [We're proposing another set of revisions to our Privacy Policy and Statement of Rights and Responsibilities to make way for some exciting new products we're contemplating. Not all of these products have been finalized and many aren't yet built at all. However, we've definitely identified some interesting opportunities to improve the way you share and connect with the people and things in your life. ]
Delta College trustees won't add more student information to campus directory
Date CapturedThursday March 18 2010, 1:34 PM
By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]
CDT- Updating the Privacy Act of 1974 -
Date CapturedTuesday March 16 2010, 9:16 PM
[Updating the Privacy Act of 1974 June 5, 2009 government-wide push toward the development of policies and practices to protect the information of citizens and other individuals. While the underlying framework of the law, rooted in the principles of Fair Information Practices (FIPs), is still sound, the thirty-five year-old wording of the Act renders it ill-equipped to meet many of the privacy challenges posed by modern information technology. 1) Updating the Privacy Act of 1974 2) Fair Information Practices are Central 3) The Creation of Federal Privacy Leadership 4) Updating Definitions to Match Changing Data Practices 5) Strengthening Privacy Notices
THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’
Date CapturedSunday January 31 2010, 10:03 PM
Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]
Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices"
Date CapturedThursday January 07 2010, 6:04 PM
State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" -- Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17 2009, 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14 2009, 5:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
Lawmakers probe deeper into privacy
Date CapturedSaturday November 21 2009, 1:16 PM
By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedTuesday November 10 2009, 3:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
Use of parental list is faulted
Date CapturedTuesday November 03 2009, 8:06 PM
March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government. Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.]
Kids' Privacy
Date CapturedSunday November 01 2009, 9:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
South Dakota Superintendent Thinks Info Policy Will Pass Tonight
Date CapturedFriday October 30 2009, 5:37 PM
[Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information." Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.]
Date CapturedFriday October 30 2009, 11:08 AM
Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Protection of Pupil Rights Amendment (PPRA)
Date CapturedFriday October 30 2009, 11:00 AM
Protection of Pupil Rights Amendment (PPRA) The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
Date CapturedFriday October 30 2009, 10:15 AM
Parties Subject to Order ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and employees and any other person under their direction or control, whether acting individually or in concert with others or through any corporate entity or device through which they may now or hereafter act or conduct business (collectively “respondents”).
Americans Don't Like Being Tracked on Web
Date CapturedMonday October 05 2009, 6:21 PM
[The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.]
Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009
Date CapturedMonday May 04 2009, 4:43 PM
[The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress directed the Commission and other agencies to develop regulations requiring “creditors”3 and “financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red Flags Rule requires any of these entities that have “covered accounts” to develop and implement written identity theft prevention programs. The identity theft prevention programs must be designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. This rule applies to all entities that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers.]
IE8's Cumbersome Privacy Controls May Discourage Use
Date CapturedMonday March 23 2009, 4:06 PM
Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport. The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.]
An Icon That Says They’re Watching You
Date CapturedThursday March 19 2009, 6:20 PM
NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all. “I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ]
A Call to Legislate Internet Privacy
Date CapturedMonday March 16 2009, 10:31 AM
NY Times Saul Hansell writes [“Internet users should be able to know what information is collected about them and have the opportunity to opt out,” he said. While he hasn’t written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That’s not a big change from what happens now, at least on most big sites. But in what could be a big change from current practice, Mr. Boucher wants sites to get explicit permission from users — an “opt in” — if they are going to share information with other companies.]
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Date CapturedThursday March 12 2009, 3:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
Advertisers Get a Trove of Clues in Smartphones
Date CapturedWednesday March 11 2009, 3:05 PM
NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates. “It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]
Date CapturedWednesday March 11 2009, 2:42 PM
The Business Forum for Consumer Privacy (BFCP)--a coalition of companies including Microsoft, Google and HP released a whitepaper intended to start a discussion about governing information collection and use. The BFCP says the current U.S. approach, which holds consumers responsible for how their private information is used, is not sufficient in the information economy. In the whitepaper, the forum proposes an alternative approach toward securing private data: a "use-and-obligations" model. This model, the authors say, draws upon the OECD Guidelines and the APEC Privacy Framework, and outlines five categories of data use: fulfillment, marketing, internal business operations, antifraud and authentication, and external legal and public good. Forum members say a use-and-obligations model will better address ways in which information is collected and used in the twenty-first century.
Date CapturedWednesday March 04 2009, 3:09 PM
Truste white paper -- [Self-regulation is a process often preceded by leading companies beginning to strengthen practices and chart advances that are then more widely adopted. In particular, companies should be aware of evolving industry practices in the following areas:4 Application of certain privacy principles to some types of non-personal data, for example, behavioral profiles, cookie IDs or IP addresses. Notices about ad-serving and behavioral targeting being provided in banner ads or on home pages, in addition to within a privacy policy. Choice being provided not only for the sharing of ad-serving data, but with regard to data use by a single company to tailor ads on its own sites. The establishment of specific data retention policies and anonymization techniques for log-file data.]
Cable Companies Target Commercials to Audience
Date CapturedWednesday March 04 2009, 2:53 PM
NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian. Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.) Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car. Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
Children's Online Privacy Protection Act of 1998
Date CapturedTuesday March 03 2009, 3:14 PM
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION ***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA COPPA DEFINITION (LINK HAS FULL COPPA TEXT) (8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including— (A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph. (9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
Date CapturedThursday February 26 2009, 6:07 PM
Associate Director John B. Horrigan (202-419-4500) - September 2008 - Pew/Internet - [Convenience and flexibility are the watchwords for those who engage in cloud computing activities: 51% of internet users who have done a cloud computing activity say a major reason they do this is that it is easy and convenient. 41% of cloud users say a major reason they use these applications is that they like being able to access their data from whatever computer they are using. 39% cite the ease of sharing information as a major reason they use applications in cyberspace or store data there. At the same time, users report high levels of concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. 90% of cloud application users say they would be very concerned if the company at which their data were stored sold it to another party. 80% say they would be very concerned if companies used their photos or other data in marketing campaigns. 68% of users of at least one of the six cloud applications say they would be very concerned if companies who provided these services analyzed their information and then displayed ads to them based on their actions.]
Cloud computing takes hold despite privacy fears
Date CapturedThursday February 26 2009, 6:03 PM
Computer Worlds -- Heather Havenstein [Users of online e-mail, storage systems fear the sale of personal data without permission]
Cloud Computing Privacy Tips
Date CapturedWednesday February 25 2009, 4:11 PM
World Privacy Forum -- February 23, 2009 -- By Robert Gellman and Pam Dixon [Cloud Computing Tips for Consumers: Read the Terms of Service before placing any information in the cloud. If you don’t understand the Terms of Service, consider using a different cloud provider. Don’t put anything in the cloud you would not want the government or a private litigant to see. Pay close attention if the cloud provider reserves rights to use, disclose, or make public your information. Read the privacy policy before placing your information in the cloud. If you don’t understand the policy, consider using a different provider. When you remove your data from the cloud provider, does the cloud provider still retain rights to your information? If so, consider whether that makes a difference to you. Will the cloud provider give advance notice of any change of terms in the terms of service or privacy policy? ]
REPORT: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing
Date CapturedWednesday February 25 2009, 3:59 PM
Released February 23, 2009 - Author: Robert Gellman: [This report discusses the issue of cloud computing and outlines its implications for the privacy of personal information as well as its implications for the confidentiality of business and governmental information. The report finds that for some information and for some business users, sharing may be illegal, may be limited in some ways, or may affect the status or protections of the information shared. The report discusses how even when no laws or obligations block the ability of a user to disclose information to a cloud provider, disclosure may still not be free of consequences. The report finds that information stored by a business or an individual with a third party may have fewer or weaker privacy or other protections than information in the possession of the creator of the information. The report, in its analysis and discussion of relevant laws, finds that both government agencies and private litigants may be able to obtain information from a third party more easily than from the creator of the information. A cloud provider’s terms of service, privacy policy, and location may significantly affect a user’s privacy and confidentiality interests.] see policy recommendations in full report.
Does Cloud Computing Mean More Risks to Privacy?
Date CapturedWednesday February 25 2009, 3:44 PM
NY Times -- Saul Hansell -- [In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.]
Behavioral Advertising and Privacy
Date CapturedFriday February 13 2009, 1:31 PM
World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources.
FTC Online Privacy Guidelines Faulted
Date CapturedFriday February 13 2009, 1:11 PM
Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting. The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.]
The F.T.C. Talks Tough on Internet Privacy
Date CapturedThursday February 12 2009, 7:20 PM
NY Times - Saul Hansell -- [In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers. “This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising
Date CapturedThursday February 12 2009, 6:43 PM
[CDT believes the 2008 NAI Principles, while late in addressing new trends in the industry, demonstrate clear progress over the original code of conduct adopted in 2000. The transparency of the NAI’s revision and compliance process, the approach to sensitive information, and the coverage of advertising practices beyond behavioral advertising all represent important steps forward. While robust self-regulation in the behavioral advertising space does not obviate the need for a baseline federal privacy law covering data collection and usage of all kinds, the NAI has made advances in several areas, yielding what we hope will be better protections for consumer privacy. However, the 2008 NAI Principles still come up short in crucial respects including the opt-out choice requirement, the notice standard, the NAI member accountability model, the failure to address ISP behavioral advertising, the lack of a choice requirement for multi-site advertising, and the data retention principle. Some of these are outstanding issues that have existed within the NAI framework since its inception, while others are new concerns raised by the updates to the principles.]
Student Information Not For Sale At UW- Marathon County
Date CapturedWednesday February 11 2009, 7:06 PM reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]
What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008
Date CapturedSunday January 18 2009, 9:39 PM
By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following? Data-processing companies; Insurers; Researchers (in some instances); Hospitals; Doctors (even those not treating you); Law enforcement officials; Public health officials; Federal government.
Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill
Date CapturedSunday January 18 2009, 5:59 PM
[The bill's privacy provisions include the following: Stronger protections against the use of personal heath information for marketing purposes; Accountability for all entities that handle personal health information; A federal, individual right to be notified in the event of a breach of identifiable health information; Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes; Development and implementation of federal privacy and security protections for personal health records; Easy access by patients to electronic copies of their records; and Strengthened enforcement of health privacy rules. The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]
Privacy Issue Complicates Push to Link Medical Data
Date CapturedSunday January 18 2009, 5:39 PM
NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.” The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives. “Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]
DHS office describes how it assesses privacy
Date CapturedTuesday January 06 2009, 1:48 PM
The FIPPS said in the memo that DHS should: • Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII). • When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII. • Explain the authority that permits DHS to collect PII and the ways it will be used. • Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary. • Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected. • Ensure, as much as possible, that data is accurate, relevant, timely and complete. • Protect PII with appropriate security. • Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.
PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Date CapturedWednesday June 18 2008, 5:09 PM
In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices. OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes.

Back to Top of Page