Today's Info Policy News
Protecting your children's privacy: The Facts
WHO'S WATCHING YOUR CHILDREN?
With the exact phrase
With all of the words
With at least one of the words
Without these words
Within these fields
Date range limit
No limit: Show me all items regardless of date captured.
Limit the search to items added since this date.
Item(s) found: 55
INFORMATION RESELLERS Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace
Thursday November 21 2013, 2:23 PM
What GAO Recommends: Congress should consider strengthening the consumer privacy framework to reflect the effects of changes in technology and the increased market for consumer information. Any changes should seek to provide consumers with appropriate privacy protections without unduly inhibiting commerce and innovation. The Department of Commerce agreed that strengthened privacy protections could better protect consumers
FTC to Study Data Broker Industry’s Collection and Use of Consumer Data
Tuesday December 18 2012, 1:44 PM
The nine data brokers receiving orders from the FTC are: 1) Acxiom, 2) Corelogic, 3) Datalogix, 4) eBureau, 5) ID Analytics, 6) Intelius, 7) Peekyou, 8) Rapleaf, and 9) Recorded Future. The FTC is seeking details about: the nature and sources of the consumer information the data brokers collect; how they use, maintain, and disseminate the information; and the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.
OHIO 3319.321 Confidentiality
Thursday March 10 2011, 2:40 PM
Ohio Revised Code » Title  XXXIII EDUCATION (A) No person shall release, or permit access to, the directory information concerning any students attending a public school to any person or group for use in a profit-making plan or activity. Notwithstanding division (B)(4) of section 149.43 of the Revised Code, a person may require disclosure of the requestor’s identity or the intended use of the directory information concerning any students attending a public school to ascertain whether the directory information is for use in a profit-making plan or activity.
Some questions raised over release of student info (North Dakota)
Tuesday March 08 2011, 4:54 PM
[North Dakota: High schools across the state would be required to give names, addresses and phone numbers of their students to the State Board of Higher Education under a proposed Senate bill.] [Several committee members expressed concern about the additional information and wanted to make sure parents would be fully aware of what information was being requested before opting out. That view also was shared by Bev Nielson of the North Dakota School Boards Association.]
Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act
Friday February 11 2011, 6:04 PM
Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information. • Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers' options regarding those practices. • Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices. • Require companies to obtain "opt-in" consent to disclose information to a third party. In the bill, the term, "third party" would be defined based on consumers' reasonable expectations rather than corporate structure. • Establish a "safe harbor" that would exempt companies from the "opt-in" consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC. • Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information. • Require companies to have reasonable procedures to secure information and to retain personal information only as long as it's necessary to fulfill a legitimate business or law enforcement need.
NCES 2011-602 Data Stewardship: Managing Personally Identifiable Information in Electronic Student Education Records
Tuesday January 04 2011, 9:55 PM
SLDS Technical Brief - Guidance for Statewide Longitudinal Data Systems (SLDS) [A privacy and data protection program for student education records must include an array of rules and procedures for protecting PII held in the record system. It also must include a full set of public disclosures of the existence and uses of the information included in the data system, a description of all parents’ or eligible students’ rights to review and appeal the contents of an individual education record and of their rights and the procedures to appeal a violation. ]*****[A school directory may include PII such as a student’s name, grade level, and contact information. Taken by itself, the release of this information is not harmful to a student. However, when combined with the student’s Social Security Number or another identifier and the student’s education record, this information has the potential for violating a student’s right to privacy. The release of this combined record could lead to harm or embarrassment. Thus, the privacy and data protection program should focus on PII that will be maintained in the electronic student record system with its likely wealth of student data.2}
Directory Information Part 1 (WAV file, no text -- it's audio)
Sunday December 26 2010, 5:36 PM
EDNY comments on Data Quality Campaign webcast with US ED response. See Part 2 for continuation of conversation.
Directory Information Part 2 (This file is an audio 'wav' file)
Sunday December 26 2010, 5:23 PM
Part 2 of EDNY comments on Data Quality Campaign webcast with US ED response.
COMMERCIAL DATA PRIVACY AND INNOVATION IN THE INTERNET ECONOMY: A DYNAMIC POLICY FRAMEWORK
Thursday December 16 2010, 1:16 PM
US DEPT OF COMMERCE REPORT says the principles "should promote increased transparency through simple notices, clearly articulated purposes for data collection, commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability." NO RECOMMENDATIONS REGARDING EDUCATION AND FERPA DIRECTORY INFORMATION.
Wednesday October 20 2010, 7:42 PM
HTML5 is a new version of HTML and XHTML. The HTML5 draft specification defines a single language that can be written in HTML and XML. It attempts to solve issues found in previous iterations of HTML and addresses the needs of Web Applications, an area previously not adequately covered by HTML.
Schools Selling Students' Personal Information
Wednesday October 06 2010, 3:17 PM
Link to stories about schools selling student information
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Friday October 01 2010, 7:22 PM
To appear at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10) William Enck, Peter Gilbert Byung-Gon Chun,Landon P. Cox , Jaeyeon Jung, Patrick McDaniel Anmol N. Sheth at CONCLUSION: While some mobile phone operating systems allow users to control applications’ access to sensitive informa- tion, such as location sensors, camera images, and con- tact lists, users lack visibility into how applications use their private data. To address this, we present TaintDroid, an ef?cient, system-wide information ?ow tracking tool that can simultaneously track multiple sources of sensi- tive data. A key design goal of TaintDroid is ef?ciency, and TaintDroid achieves this by integrating four gran- ularities of taint propagation (variable-level, message- level, method-level, and ?le-level) to achieve a 14% per- formance overhead on a CPU-bound microbenchmark. We also used our TaintDroid implementation to study the behavior of 30 popular third-party applications, cho- sen at random from the Android Marketplace. Our study revealed that two-thirds of the applications in our study exhibit suspicious handling of sensitive data, and that 15 of the 30 applications reported users’ locations to remote advertising servers. Our ?ndings demonstrate the effec- tiveness and value of enhancing smartphone platforms with monitoring tools such as TaintDroid.
Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Tuesday September 28 2010, 2:51 PM
GAO-08-795T : In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices.
Letter to: Chairman Boucher and Ranking Member Stearns
Monday June 07 2010, 6:26 PM
Mike Sachoff -- [In response to a discussion draft of a new privacy bill now under consideration by the House Subcommittee on Communications, Technology and the Internet, ten privacy and consumer groups today called for stronger measures to protect consumer privacy both online and off. The organizations including the Consumer Federation of America, Electronic Frontier Foundation, Consumer Watchdog, World Privacy Forum, Consumer Action, USPIRG, Privacy Rights Clearinghouse, Privacy Times, Privacy Lives, and the Center for Digital Democracy, raised their concerns in a letter to Subcommittee Chairman Rick Boucher and Ranking Member Cliff Stearns. The groups recommended the following: *The bill should incorporate the Fair Information Practice Principles that have long served as the bedrock of consumer privacy protection in the U.S., including the principle of not collecting more data than is necessary for the stated purposes, limits on how long data should be retained, and a right to access and correct one's data. *The bill's definitions of what constitutes "sensitive information" need to be expanded; for instance, to include health-related information beyond just "medical records." *The bill should require strict "opt-in" procedures for the collection and use of covered data and should prohibit the collection and use of any sensitive information except for the transactions for which consumers provided it.]
FACEBOOK: Another Step in Open Site Governance
Thursday April 01 2010, 4:42 PM
Delta College trustees won't add more student information to campus directory
Thursday March 18 2010, 1:34 PM
By Andrew Dodson | The Bay City Times - [Currently, information on Delta College students that is readily available, unless they have opted out, includes their name, degree, address, awards, dates attended, program, participation in activities, enrollment, e-mail and weight and height for members of athletic teams. Higgs argued that the college should have more items on file, including a student photo, whether or not that student is full or part time and a phone number. "That's what the courts look to," said Higgs. "Our policy doesn't have those things and it should." Other board members disagreed, saying that more data collecting isn't required and isn't worth the time. They voted against the plan 8-1.]
CDT- Updating the Privacy Act of 1974 -
Tuesday March 16 2010, 9:16 PM
[Updating the Privacy Act of 1974 June 5, 2009 government-wide push toward the development of policies and practices to protect the information of citizens and other individuals. While the underlying framework of the law, rooted in the principles of Fair Information Practices (FIPs), is still sound, the thirty-five year-old wording of the Act renders it ill-equipped to meet many of the privacy challenges posed by modern information technology. 1) Updating the Privacy Act of 1974 2) Fair Information Practices are Central 3) The Creation of Federal Privacy Leadership 4) Updating Definitions to Match Changing Data Practices 5) Strengthening Privacy Notices
THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’
Sunday January 31 2010, 10:03 PM
Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]
Summary of LD 1677 Bill Info LD 1677 (SP 649) "An Act To Protect Minors from Pharmaceutical Marketing Practices"
Thursday January 07 2010, 6:04 PM
State of Maine Legislature - "An Act To Protect Minors from Pharmaceutical Marketing Practices" -- Sponsored by Senator Elizabeth Schneider. -- IAPP writes -- [The bill applies to online information only and is limited to pharmaceutical marketing. It gives the attorney general the power to adopt rules to determine its scope. Violation of the law would be considered an unfair trade practice.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Thursday December 17 2009, 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Monday December 14 2009, 5:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
Lawmakers probe deeper into privacy
Saturday November 21 2009, 1:16 PM
By Kim Hart - 11/19/09 04:00 PM ET - [Jennifer Barrett, an executive with Acxiom, a marketing company, said the firm could collect 1,500 possible data points about individual consumers, such as age, hobbies, address, occupation and recent purchases. Acxiom typically maintains 20-40 data points on the average person. Acxiom receives that information from public records, surveys consumers fill out voluntarily (such as warranty cards) and information from other companies. In response to questions from Rep. Mike Doyle (D-Penn.), Barrett said consumers can see what data has been stored about them and can change or delete information used for marketing purposes. But consumers cannot find out who else has bought their data from Axciom.]
Refocusing the FTC’s Role in Privacy Protection
Tuesday November 10 2009, 3:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
Use of parental list is faulted
Tuesday November 03 2009, 8:06 PM
March 17, 2008 by Scott Waldman - [GUILDERLAND - Guilderland School District violated federal law when it provided the names and addresses of parents to the teachers union, according to the state's authority on open government. Last year, Guilderland Teachers Association used those names and addresses to send parents of school-aged children postcards promoting the union's picks in a school board election. School officials deny that any law was broken, but the district recently imposed a moratorium on releasing "directory" information after complaints by school board members and news coverage of the controversy.]
Sunday November 01 2009, 9:40 PM
South Dakota Superintendent Thinks Info Policy Will Pass Tonight
Friday October 30 2009, 5:37 PM
[Over the past month some parents have voiced their concerns to the school board over what they consider the selling of their children's contact information. Some say they don't want it to land in the wrong hands. Pam Homan says parents have known about the information policy for some time. "On the blue card as we call it parents have been informed of the FERPA requirement and whether or not they wish to have their child's name included or excluded from information." Revisions have been made to the proposed policy. Allowing parents more control over where the information is given. It will allow four categories that are: school publications, directory information, SD board of regents, and military recruiters.]
FAIR INFORMATION PRACTICE PRINCIPLES
Friday October 30 2009, 11:08 AM
Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Protection of Pupil Rights Amendment (PPRA)
Friday October 30 2009, 11:00 AM
Protection of Pupil Rights Amendment (PPRA) The Protection of Pupil Rights Amendment (PPRA) (20 U.S.C. § 1232h; 34 CFR Part 98) applies to programs that receive funding from the U.S. Department of Education (ED). PPRA is intended to protect the rights of parents and students .
Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION
Friday October 30 2009, 10:15 AM
Parties Subject to Order ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and employees and any other person under their direction or control, whether acting individually or in concert with others or through any corporate entity or device through which they may now or hereafter act or conduct business (collectively “respondents”).
Americans Don't Like Being Tracked on Web
Monday October 05 2009, 6:21 PM
[The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.]
Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009
Monday May 04 2009, 4:43 PM
[The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress directed the Commission and other agencies to develop regulations requiring “creditors”3 and “financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red Flags Rule requires any of these entities that have “covered accounts” to develop and implement written identity theft prevention programs. The identity theft prevention programs must be designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. This rule applies to all entities that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers.]
IE8's Cumbersome Privacy Controls May Discourage Use
Monday March 23 2009, 4:06 PM
Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport. The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.]
An Icon That Says They’re Watching You
Thursday March 19 2009, 6:20 PM
NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all. “I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ]
A Call to Legislate Internet Privacy
Monday March 16 2009, 10:31 AM
NY Times Saul Hansell writes [“Internet users should be able to know what information is collected about them and have the opportunity to opt out,” he said. While he hasn’t written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That’s not a big change from what happens now, at least on most big sites. But in what could be a big change from current practice, Mr. Boucher wants sites to get explicit permission from users — an “opt in” — if they are going to share information with other companies.]
Commercial Activities in Schools: Use of Student Data is Limited and Additional Dissemination of Guidance Could Help Districts Develop Policies
Thursday March 12 2009, 3:16 PM
GAO -- Recommendation: The Secretary of Education should take additional action to assist districts in understanding that they are required to have specific policies in place for the collection, disclosure, and use of student information for marketing and selling purposes by disseminating its guidance to state school boards associations.
Advertisers Get a Trove of Clues in Smartphones
Wednesday March 11 2009, 3:05 PM
NY Times STEPHANIE CLIFFORD writes [The capability for collecting information has alarmed privacy advocates. “It’s potentially a portable, personal spy,” said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers’ access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. “Users are going to be inclined to say, sure, what’s harmful about a click, not realizing that they’ve consented to give up their information.”]
PRIVACY AND DATA PROTECTION
Wednesday March 11 2009, 2:42 PM
The Business Forum for Consumer Privacy (BFCP)--a coalition of companies including Microsoft, Google and HP released a whitepaper intended to start a discussion about governing information collection and use. The BFCP says the current U.S. approach, which holds consumers responsible for how their private information is used, is not sufficient in the information economy. In the whitepaper, the forum proposes an alternative approach toward securing private data: a "use-and-obligations" model. This model, the authors say, draws upon the OECD Guidelines and the APEC Privacy Framework, and outlines five categories of data use: fulfillment, marketing, internal business operations, antifraud and authentication, and external legal and public good. Forum members say a use-and-obligations model will better address ways in which information is collected and used in the twenty-first century.
ONLINE BEHAVIORAL ADVERTISING: A CHECKLIST OF PRACTICES THAT IMPACT CONSUMER TRUST
Wednesday March 04 2009, 3:09 PM
Cable Companies Target Commercials to Audience
Wednesday March 04 2009, 2:53 PM
NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian. Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.) Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car. Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
Children's Online Privacy Protection Act of 1998
Tuesday March 03 2009, 3:14 PM
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION ***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA COPPA DEFINITION (LINK HAS FULL COPPA TEXT) (8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including— (A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph. (9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
RE: USE OF CLOUD COMPUTING APPLICATIONS AND SERVICES
Thursday February 26 2009, 6:07 PM
Associate Director John B. Horrigan (202-419-4500) - September 2008 - Pew/Internet - [Convenience and flexibility are the watchwords for those who engage in cloud computing activities: 51% of internet users who have done a cloud computing activity say a major reason they do this is that it is easy and convenient. 41% of cloud users say a major reason they use these applications is that they like being able to access their data from whatever computer they are using. 39% cite the ease of sharing information as a major reason they use applications in cyberspace or store data there. At the same time, users report high levels of concern when presented with scenarios in which companies may put their data to uses of which they may not be aware. 90% of cloud application users say they would be very concerned if the company at which their data were stored sold it to another party. 80% say they would be very concerned if companies used their photos or other data in marketing campaigns. 68% of users of at least one of the six cloud applications say they would be very concerned if companies who provided these services analyzed their information and then displayed ads to them based on their actions.]
Cloud computing takes hold despite privacy fears
Thursday February 26 2009, 6:03 PM
Computer Worlds -- Heather Havenstein [Users of online e-mail, storage systems fear the sale of personal data without permission]
Cloud Computing Privacy Tips
Wednesday February 25 2009, 4:11 PM
REPORT: Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing
Wednesday February 25 2009, 3:59 PM
Does Cloud Computing Mean More Risks to Privacy?
Wednesday February 25 2009, 3:44 PM
NY Times -- Saul Hansell -- [In the United States, information held by a company on your behalf — be it a bank, an e-mail provider or a social network — is often not protected as much as information a person keeps at home or a business stores in computers it owns. Sometimes that means that a government investigator, or even a lawyer in a civil lawsuit, can get access to records by simply using a subpoena rather than a search warrant, which requires more scrutiny by a court.]
Behavioral Advertising and Privacy
Friday February 13 2009, 1:31 PM
World Privacy Forum - About Behaviorally targeted advertising, World Privacy Forum testimony and Comments, resources.
FTC Online Privacy Guidelines Faulted
Friday February 13 2009, 1:11 PM
Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting. The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.]
The F.T.C. Talks Tough on Internet Privacy
Thursday February 12 2009, 7:20 PM
NY Times - Saul Hansell -- [In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers. “This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising
Thursday February 12 2009, 6:43 PM
[CDT believes the 2008 NAI Principles, while late in addressing new trends in the industry, demonstrate clear progress over the original code of conduct adopted in 2000. The transparency of the NAI’s revision and compliance process, the approach to sensitive information, and the coverage of advertising practices beyond behavioral advertising all represent important steps forward. While robust self-regulation in the behavioral advertising space does not obviate the need for a baseline federal privacy law covering data collection and usage of all kinds, the NAI has made advances in several areas, yielding what we hope will be better protections for consumer privacy. However, the 2008 NAI Principles still come up short in crucial respects including the opt-out choice requirement, the notice standard, the NAI member accountability model, the failure to address ISP behavioral advertising, the lack of a choice requirement for multi-site advertising, and the data retention principle. Some of these are outstanding issues that have existed within the NAI framework since its inception, while others are new concerns raised by the updates to the principles.]
Student Information Not For Sale At UW- Marathon County
Wednesday February 11 2009, 7:06 PM
Wsaw.com reporter: Margo Spann -- [Private companies looking to sell or market products to college students are buying information about them directly from their schools. The Assistant Director of Student Services at UW Marathon County Annette Hackbarth-Onson says federal law allows colleges to sell information about their students. She says companies are often looking to buy students names, birth-dates, and email addresses.]
What Every American Needs to Know about the HIPAA Medical Privacy Rule* -- Updated November 2008
Sunday January 18 2009, 9:39 PM
By Sue A. Blevins, president of the Institute for Health Freedom and Robin Kaigh, Esq., an attorney dedicated to patients’ health privacy rights. [Did you know that under the federal HIPPA (Health Insurance Portability and Accountability Act of 1996) medical privacy rule, your personal health information—including past records and genetic information—can be disclosed without your consent to large organizations such as the following? Data-processing companies; Insurers; Researchers (in some instances); Hospitals; Doctors (even those not treating you); Law enforcement officials; Public health officials; Federal government.
Center for Democracy & Technology (CDT) Applauds Critical Privacy, Security Provisions in Health IT Stimulus Bill
Sunday January 18 2009, 5:59 PM
[The bill's privacy provisions include the following: Stronger protections against the use of personal heath information for marketing purposes; Accountability for all entities that handle personal health information; A federal, individual right to be notified in the event of a breach of identifiable health information; Prohibitions on the sale of valuable patient-identifiable data for inappropriate purposes; Development and implementation of federal privacy and security protections for personal health records; Easy access by patients to electronic copies of their records; and Strengthened enforcement of health privacy rules. The provisions in the bill are similar to those that received bipartisan approval by the House Energy & Commerce Committee in the last Congress.]
Privacy Issue Complicates Push to Link Medical Data
Sunday January 18 2009, 5:39 PM
NY Times By ROBERT PEAR [“Until people are more confident about the security of electronic medical records,” Mr. Whitehouse said, “it’s vitally important that we err on the side of privacy.” The data in medical records has great potential commercial value. Several companies, for example, buy and sell huge amounts of data on the prescribing habits of doctors, and the information has proved invaluable to pharmaceutical sales representatives. “Health I.T. without privacy is an excellent way for companies to establish a gold mine of information that can be used to increase profits, promote expensive drugs, cherry-pick patients who are cheaper to insure and market directly to consumers,” said Dr. Deborah C. Peel, coordinator of the Coalition for Patient Privacy, which includes the American Civil Liberties Union among its members.]
DHS office describes how it assesses privacy
Tuesday January 06 2009, 1:48 PM
The FIPPS said in the memo that DHS should: • Be transparent and provide notice to the individuals regarding collection and use of personally identifiable information (PII). • When possible, seek consent from individuals to use their PII and provide access, correction and redress regarding DHS’ use of PII. • Explain the authority that permits DHS to collect PII and the ways it will be used. • Only collect PII that is necessary to accomplish the specific purpose and keep it only as long as necessary. • Use PII only for the purpose specified in the notice. Limit sharing of PII outside the department to purposes that are compatible with the reasons that PII was collected. • Ensure, as much as possible, that data is accurate, relevant, timely and complete. • Protect PII with appropriate security. • Be held accountable for complying with the principles and provide training for all employees and contractors who use PII and perform audits.
PRIVACY -- Congress Should Consider Alternatives for Strengthening Protection of Personally Identifiable Information
Wednesday June 18 2008, 5:09 PM
In its report GAO identified alternatives that the Congress should consider, including revising the scope of privacy laws to cover all personal information, requiring that the use of such information be limited to a specific purpose, and revising the structure and publication of privacy notices. OMB commented that the Congress should consider these alternatives in the broader context of existing privacy and related statutes.
Back to Top of Page