Online privacy and government web sites — The World Privacy Forum filed comments with the Office of Management and Budget regarding its proposal to begin to allow the use of tracking cookies on government web sites. The proposal was published in the Federal Register, and outlined a three-tiered plan for how web tracking technologies might be used. The Forum’s comments focused on methods of opt-out, data retention, secondary use, user authentication, new tracking technologies such as Flash cookies, and the need for new opt-out mechanisms. The Forum also urged the federal government to not allow third party tracking of consumers’ use of government web sites, and to guard against any discrimination against consumers who do not want to be tracked.
The World Privacy Forum filed extensive comments with the Federal Trade Commission today regarding its notice of proposed rulemaking for data breaches of information containing actual health care information or health care-related information. The FTC rulemaking will apply to a variety of record holders, especially vendors of personal health records. The Forum supported much of the FTC’s proposed rulemaking, finding the rulemaking generally thoughtful and careful. In some areas, the Forum urged the FTC to narrow and further define and strengthen the proposed rule. The World Privacy Forum urged the FTC to tighten language around scope, the definition of “personal health record,” law enforcement delays of consumer notification, and urged the FTC to further clarify the definition of what falls under the category of “de-identified data.” Citing the research of Dr. LaTanya Sweeney and others, the Forum urged the FTC to require commercial companies and others holding health care data that has been partially de-identified to still report those breaches to the FTC and the public, and to monitor for re-identification.
The World Privacy Forum filed comments with the Department of Health and Human Services today regarding the HITECH Act guidance that HHS published along with a request for comments. The Forum urged the Department to tighten its proposed guidance, and to add more protections, oversight, and rules for “limited data set” breaches.
Public comments re: health data breaches — The World Privacy Forum filed comments with the Department of Health and Human Services today regarding the HITECH Act guidance that HHS published along with a request for comments. The Forum urged the Department to tighten its proposed guidance, and to add more protections, oversight, and rules for “limited data set” breaches.
Genetic Privacy | GINA — The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loopholes in consumer protection in the proposed regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way so as to prevent information leakage through billing and other activities.