Resource | case file — Amazon.com filed a lawsuit in April to fight the North Carolina Department of Revenue’s request for detailed information on Amazon.com customers. The North Carolina tax department requested Amazon.com to hand over “all information for all sales to customers with a North Carolina shipping address” between 2003 to 2010. In the decision, Seattle, Washington U.S. District Court Judge Marsha J. Pechman wrote, “Citizens are entitled to receive information and ideas through books, films, and other expressive materials anonymously.” She also stated that “The fear of government tracking and censoring one\’s reading, listening, and viewing choices chills the exercise of First Amendment rights.” This is an important decision for privacy rights, and online privacy in particular.
Digital Signage Privacy Principles — The nation’s leading consumer and privacy groups released a set of baseline consumer privacy principles to be included in digital signage networks. The principles were released at the Digital Signage Expo in Las Vegas, Nevada, where World Privacy Forum executive director Pam Dixon spoke about the principles to a large group of digital signage industry professionals.
FTC Privacy Roundtable — WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.
FTC — The Federal Trade Commission has delayed the enforcement date of the Red Flag Rule until June 1, 2010.
Health data breach rulemaking — The Federal Trade Commission has issued its final Health Breach Notification Rule for vendors of Personal Health Records and related entities, as required under ARRA, The American Recovery and Reinvestment Act of 2009. The initial proposed Health Breach Notification Rule was generally thoughtful and thorough. The World Privacy Forum submitted extensive comments on the proposed rule both supporting parts of it and making some suggestions for changes. The FTC incorporated several specific WPF suggestions into the final rule. In particular, the FTC incorporated the applicability of the rule to foreign entities with U.S. customers (Final Rule p. 17), and the applicability of the rule to search engines appearing on Personal Health Record web sites (Final Rule p. 34). The new rule will be published in the Federal Register shortly; until then, it is available at the FTC web site. Also available is a form that entities covered under this rule can use to report data breaches to the FTC. The Health Breach Notification Rule will be effective 30 days after publication in the Federal Register, and full compliance with the rule will be required beginning 180 days after publication.