Privacy Act of 1974 — The Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter.
AOL released three months’ worth of the detailed search queries of 657,000-plus of its users. The approximately 20 million search queries and the additional data on users’ click-throughs to web sites in the search results are generally highly revealing of individuals’ personal, financial, political, medical, religious, and other preferences as well as the businesses and people they associate with.
Identity theft — The World Privacy Forum submitted comments in response to the Federal Trade Commission’s request for feedback on its upcoming identity theft survey. The FTC identity theft survey is one of the most quoted surveys on the subject. The World Privacy Forum requested changes and clarifications to the survey, including adding questions about security breach notices and clarifying existing questions about medical identity theft, among other issues.
Medical privacy — The World Privacy Forum testified before the National Committee on Vital Health Statistics in August regarding the importance of patient choice in the area of Electronic Health Records. The testimony stressed the importance of building security, patient privacy, and choice into EHRs and any form of the proposed National Health Information Network (NHIN).
The World Privacy Forum has been particularly interested in developments related to EHRs and the NHIN. Given the impetus of the 2004 Executive Order  mandating forward movement in these areas, and the broad impact digitized medical records will potentially have on patients and on the healthcare sector, the World Privacy Forum believes that the decisions this Committee and others shaping these efforts arrive at will be of lasting importance. Given the transition of many parts of our society from analog to digital, it is crucial to ask what this digitization will look like and to carefully examine and discuss what form EHRs and related systems should take in regards to patient choice, privacy, and security.