Public Comments

Public Comments: June 2009 – WPF files comments with the FTC regarding proposed rules for health care-related data breaches

The World Privacy Forum filed extensive comments with the Federal Trade Commission today regarding its notice of proposed rulemaking for data breaches of information containing actual health care information or health care-related information. The FTC rulemaking will apply to a variety of record holders, especially vendors of personal health records. The Forum supported much of the FTC’s proposed rulemaking, finding the rulemaking generally thoughtful and careful. In some areas, the Forum urged the FTC to narrow and further define and strengthen the proposed rule. The World Privacy Forum urged the FTC to tighten language around scope, the definition of “personal health record,” law enforcement delays of consumer notification, and urged the FTC to further clarify the definition of what falls under the category of “de-identified data.” Citing the research of Dr. LaTanya Sweeney and others, the Forum urged the FTC to require commercial companies and others holding health care data that has been partially de-identified to still report those breaches to the FTC and the public, and to monitor for re-identification.

Public Comments: May 2009 – WPF files comments with HHS regarding data breach guidance

The World Privacy Forum filed comments with the Department of Health and Human Services today regarding the HITECH Act guidance that HHS published along with a request for comments. The Forum urged the Department to tighten its proposed guidance, and to add more protections, oversight, and rules for “limited data set” breaches.

World Privacy Forum files comments with HHS regarding data breach guidance

Public comments re: health data breaches — The World Privacy Forum filed comments with the Department of Health and Human Services today regarding the HITECH Act guidance that HHS published along with a request for comments. The Forum urged the Department to tighten its proposed guidance, and to add more protections, oversight, and rules for “limited data set” breaches.

World Privacy Forum files comments on proposed genetic discrimination regulations

Genetic Privacy | GINA — The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loopholes in consumer protection in the proposed regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way so as to prevent information leakage through billing and other activities.

Public Comments: April 2009 – Request for declaration regarding fairness of opt-out methods and investigation into Acxiom, US Search, PublicRecordsNow, and USA People Search consumer opt-out methods for compliance with Section 5 of the FTC Act, 15 U.S.C. § 45(a)(1)

The Commission has laid down specific examples of what constitutes unreasonable opt- out procedures, particularly in its Affiliate Marketing Rule, which describes three distinct types of opt-out methods the Commission considers to be unreasonable. Some companies are ignoring the standards the Commission has set, and are requiring consumers whom they have notified online of an opt-out opportunity to then use paper and postal mail processes to accomplish the opt out.