| . | HOME | RESEARCH & TOPICS | WORKPLACE | MEDICAL | ABOUT US | PRIVACY POLICY |
 |
 |
| . | HOME | RESEARCH & TOPICS | WORKPLACE | MEDICAL | ABOUT US | PRIVACY POLICY |
|
|
|
ChronologyThis is a chronological list of key World Privacy Forum work, as well as joint work with other groups. 200712/19/2007 Genetic privacy / SACGHSWorld Privacy Forum files public comments regarding oversight of genetic testing; warns about the privacy risks related to unregulated commercial genetic tests and the need to prevent phantom genetic tests from becoming a new business model for fraudstersThe World Privacy Forum filed extensive comments with the Secretary's Advisory Committee on Genetics, Health and Society (SACGHS) regarding its draft report on genetic testing oversight, U.S. System of Oversight of Genetic Testing: A Response to the Charge of the Secretary of HHS. The World Privacy Forum requested SACGHS pay more attention in its final report to the privacy consequences of unregulated genetic testing that occurs outside the health care sector. The WPF comments note that current and proposed remedies for the misuse of genetic information tend to focus on the use of the information within the health care treatment, payment, and insurance systems. What is crucially important is to analyze how to protect genetic information in the realm of commercial collection, maintenance, use and disclosures. Another area the comments discuss is the potential for new forms of fraudulent activity related to genetic testing (Phantom genetic testing, that is, genetic tests marketed to consumers that are not even real or viable genetic tests.) The World Privacy Forum specifically recommended that the National Committee on Vital and Health Statistics be tasked with looking at this matter, that an independent pre-market assessment mechanism is created for genetic tests offered outside the clinical setting, and that privacy be expressly discussed in the overarching recommendations in the final report. See the World Privacy Forum SACGHS comments (PDF) | Permalink | Related: see the draft SACGHS report | WPF medical privacy page
12/19/2007 Fair Information PracticesFair Information Practices (FIPS) page updateThe World Privacy Forum has updated its page on Fair Information Practices to include the new work by Robert Gellman in this area. His article, Fair Information Practices: A Basic History, December 2007, is an important history of the development of Fair Information Practices. It includes information that even experts familiar with FIPs may not know. See updated WPF Fair Information Practices page | Related: see Robert Gellman's article Fair Information Practices: A Basic History
11/29/2007 Medical identity theft updateNew FTC statistics affirm World Privacy Forum's 2006 Medical Identity Theft report; give first robust medical identity theft statisticsThe Federal Trade Commission released its national ID theft survey, which for the first time contains statistics specific to medical identity theft. According to the FTC report (p. 21), 3 percent of all identity theft victims in 2005 were victims of medical identity theft, which means of 8.3 million ID theft victims, approximately 250,000 people were victimized by medical identity theft in that year alone. The purpose of the World Privacy Forum 2006 report was to prove that medical identity theft existed, and was already occurring in large numbers. At the time the report was published, the crime of medical identity theft had not been specifically studied, nor was it understood to exist. The FTC statistics abundantly affirm the thesis and conclusions of the WPF report. See the new FTC ID theft report | See the WPF 2006 Medical Identity Theft Report
11/05/2007 Security Freeze update | Financial privacySecurity Freeze update: as of November 1, security freeze now available to consumers in all statesAs of November 1, 2007, the ability to place a security freeze is available nationwide at the three major credit reporting bureaus. To date, 39 states and the District of Columbia have some form of security freeze law. But now, even in the states that did not pass security freeze legislation, consumers will be able to place a security freeze. A security freeze lets you stop the disclosure of your credit report by a credit bureau. A security freeze can be especially helpful to individuals who are having persistent problems with identity theft. For more information: See the updated WPF Security Freeze page | Related: Top Ten Opt-Out list
11/05/2007 Announcement | CalPSABWorld Privacy Forum appointed to California Security and Privacy Advisory BoardWPF executive director Pam Dixon has been appointed by California Secretary of Health and Human Services Kim Belshe to the California Security and Privacy Advisory Board. Dixon will serve as interim co-chair of the board, which is tasked with addressing health information exchange (HIE) privacy and security efforts in California. The board's meetings will be open to the public. For more information see: CalPSAB's web site.
11/02/2007 Report | Internet privacy | NAIWPF Report: The Network Advertising Initiative: Failing at Consumer Protection and at Self-RegulationThe World Privacy Forum published a new report today, The Network Advertising Initiative: Failing at Consumer Protection and at Self-Regulation. The report is an in-depth analysis of the history and current operations of the National Advertising Initiative (NAI) self-regulatory agreement. The NAI was created to protect consumers' online privacy in the behavioral advertising arena. The report finds that the NAI has failed. The report discusses the failure of the NAI opt-out cookie, the uses of persistent consumer tracking technologies that go beyond cookies, such as Flash cookies, browser cache cookies, XML super cookies, and other issues. The report also discusses the practice of re-setting cookies after cookie deletion. The report gathers the details of the difficult membership history of the NAI, as well as the enforcement history of TRUSTe regarding NAI. Executive director Pam Dixon will be testifying before the FTC eHavioral
Town Hall meeting Nov. 2 to discuss the findings of this report, which
will be submitted to the FTC.
10/30/2007 Consensus document | Consumer rights and protectionsPrivacy and consumer groups unveil consensus document recommending expanded consumer rights and protections in the behavioral advertising sector; call for a Do Not Track list, access, limits of the use of sensitive medical and financial information, expanded notice, accessibility for people with disabilities, and other rightsNine privacy and consumer groups, including the World Privacy Forum, unveiled a consensus document outlining key consumer rights and protections in the behavioral advertising sector. The document is directed toward the Federal Trade Commission, and urges the FTC to take proactive steps to adequately protect consumers as online and other forms of behavioral tracking and targeting become more ubiquitous. The consensus document was filed with the Secretary of the FTC and its commissioners. Behavioral advertising is the focus of the FTC's eHavioral Advertising Town Hall meeting taking place November 1-2 in Washington, D.C. The network advertising sector has a self-regulatory plan, the Network Advertising Initiative, in place, and has had this plan in place since 2000. The consensus document addresses the many areas where the NAI plan has failedto protect consumers. Read the consensus document | Permalink | Illustration of Do Not Track List
10/16/2007 Medical identity theft / AHIMAWorld Privacy Forum gives keynote speech to AHIMA on medical identity theft; outlines 8 best-practice responses to the crimeExecutive director Pam Dixon spoke to thousands of AHIMA delegates in Philadelphia sharing the latest information on medical identity theft and outlining 8 best practice responses to the crime for the health care sector. Dixon specifically asked for the creation of national guidelines for helping medical identity theft victims, the ability for victims to set red flag alerts in their health care files, that providers train and have dedicated personnel to help medical identity theft victims, "john and jane doe" file extractions, a focus on addressing insider access to patient information, risk assessments specifically for medical identity theft, and educational efforts. The information in the speech was based on the latest World Privacy Forum research in the area of medical identity theft. Read the speech Medical Identity Theft: Issues and Responses (PDF) | See the medical identity theft page | Read tips on what to do if you are a medical identity theft victim | Permalink
10/16/2007 Medical identity theft | Best practice responsesWorld Privacy Forum outlines 8 best practice responses to medical identity theft for the healthcare sectorThe World Privacy Forum has outlined 8 best practice responses to medical identity theft for the health care sector. The best practice responses are based on research the Forum is conducting for its second report on medical identity theft, and is a work in progress. The 8 best practice responses were presented to AHIMA delegates October 9; the Forum is soliciting and accepting feedback on the 8 best practices. Read Eight best practices for helping victims of medical identity theft | See the medical identity theft page | Tips for medical identity theft victims | Permalink
10/12/2007 Medicare / CMSWorld Privacy Forum files comments on CMS plan to allow release of patients' protected health information from Medicare database in some circumstances; benefits do not outweigh the risksThe World Privacy Forum filed extensive pubic comments on the substantive changes to the Medicare database release policy that the Centers for Medicare and Medicaid Services (CMS) has proposed in a System of Records Notice. As it currently stands, CMS is planning to release the individually identifiable protected health information of patients in the Medicare database to third parties in some circumstances. CMS has not established strong enough checks and controls on its release policy, and it has not explained how it is able to do this under HIPAA. The comments state that CMS has an obligation to explain how each routine use in its new policy is consistent with the authority in the HIPAA privacy rule. If a routine use allows disclosures that are broader than those permitted by HIPAA, then the routine use must be narrowed so that it is consistent with HIPAA. The comments also note that nothing in the CMS notice discusses substance abuse rules and other legal restrictions of the protected health data. The World Privacy Forum asked CMS to specify that the qualifications of any data aggregators who may potentially receive the data exclude any entity that sells other consumer data for any general business, credit, identification, or marketing purpose. Read the comments (PDF) | Permalink
09/17/2007 NHIN updateUpdate: World Privacy Forum's NHIN Timeline updated to reflect changes in AHICThe National Health Information Network, or NHIN, is part of a major undertaking to digitize and network the health care sector. From electronic health records to multi-state health information hubs, the U.S. government's goal is to modernize and move health care information from paper to digital. The Department of Health and Human Services is the primary mover behind this initiative, which is complex and multi-faceted. The World Privacy Forum keeps a chronology of NHIN events as a public service. The NHIN timeline has been updated to reflect changes in AHIC, a group that is charged in part with ensuring privacy and confidentiality in the NHIN and other aspects of health care modernization. AHIC is set to transition to a "public-private partnership," a move that will need to be watched closely to ensure robust consumer involvement. See the NHIN timeline | Also: See the NHIN page for background on NHIN | Related: Read more on AHIC transition plans
09/07/2007 AHIC successor / health care privacyWorld Privacy Forum requests adoption of a "no stakeholders left behind" policy in AHIC successor plansThe World Privacy Forum offered public comments on HHS' American Health Information Community (AHIC) successor plans, urging that HHS adopt a "no stakeholders left behind" policy as it forms the new public/private AHIC. The Forum's analysis of the AHIC Successor White Paper concluded that the current succession plans lack processes and checks that would ensure meaningful consumer participation, and that the AHIC successor plans as they currently stand do not bode well for a robust role for privacy or consumer groups in the new AHIC. Specific issues the World Privacy Forum discussed in its comments included fee structures, membership, handling conflicts of interest, stakeholder issues, privacy and identifiability issues, and the need for the new AHIC to achieve credibility. Read the WPF AHIC Successor comments (PDF) | Permalink | Related: World Privacy Forum's NHIN page .... more on the AHIC Successor at HHS.gov
08/30/2007 Consumer alert updateUpdate: Monster.com saying data breach may impact all users of Monster.com, official Federal job site USAJobs.com impactedMonster.com posted a warning on its site stating that all users of Monster.com may have been impacted by the data breach of its systems by hackers. All job seekers need to be aware of potential phishing attacks that are sophisticated and highly targeted, and job seekers with safety considerations need to be aware that their information has likely been compromised. The U.S. Office of Personnel Management has announced that the Federal job site USAJobs (which is outsourced to Monster.com) has also been impacted by the breach. The World Privacy Forum has updated its job seeking tips, and its consumer alert. View the Monster.com consumer alert | Read the updated WPF job seeker's tips
08/24/2007 Data breach / GAO data breach studyGAO's data breach list from its June 2007 reportThe World Privacy Forum made an information request to the GAO asking for a copy of the single, non-duplicative list of data breaches its June, 2007 data breach report (GAO -07-737) refers to and was based on. The list was not included in the GAO report. The GAO used a figure in its report of "more than 570 data breaches" from January 2005 to December 2006 based on this non-duplicative breach list. The GAO breach list is straightforward, it tallies data breaches chronologically from January 1, 2005 to December 31, 2006 from three organizations that maintain data breach lists. If the breach appeared on at least one of the three lists, it was apparently included in the final tally. The GAO states that the list was based on a February 15, 2007 download of the lists. Note: the WPF scan of the GAO list includes the first page twice. The front page of the scan is of the GAO list as it looks in the original document, and then the list was scanned for maximum readability into PDF format. View the GAO breach list | Related: GAO data breach report June 2007 | Permalink
08/23/2007 AHRQ / databases / medical privacyWorld Privacy Forum and EFF submit comments on AHRQ plan for national healthcare databaseIn June, the Agency for Healthcare Research and Quality (AHRQ) published a request for information about its plan to create a "public/private" national database of healthcare information tentatively called the "National Health Data Stewardship entity." WPF and EFF raised questions about ownership and management of the proposed database (Would this database fall under HIPAA? Would it fall under the Privacy Act of 1974?), questions about identifiability of patients in the database, and suggested that a full-time, independent privacy officer should be established for the program from the inception of the planning stages. The comments also discussed the numerous questions relating to data security (including medical identity theft) and data quality, as well as consent, access, and opt-out procedures for patients that the proposed national database raises. Read the joint comments (PDF) | Permalink
08/22/2007 Consumer Alert / Internet privacy / Job search safety and privacyConsumer Alert: Monster.com data breach impacts hundreds of thousands of job seekers; job seekers who have safety concerns may be especially at riskThe World Privacy Forum issued a consumer alert today warning about a data breach at Monster.com. Security firms that analyzed the breach have stated the breach impacts hundreds of thousands of job seekers. The immediate information that was stolen included job seekers' home address, phone numbers, email address, and resume IDs. Some victims may have received further phishing emails. Job seekers who have safety concerns such as law enforcement professionals, victims of domestic violence and other victims of crimes such as stalking -- who typically do not make their home addresses or personal phone numbers public -- have an immediate need to know if their personal information may be in the hands of criminals. The consumer alert contains tips for victims and links to resources and more information. Related: World Privacy Forum tips for using resume databases
08/08/2007 Medical privacy / NCVHS / HIPAAWorld Privacy Forum responds to June 2007 NCVHS recommendations to the Secretary of HHS regarding health care information at non-HIPAA covered entitiesThe World Privacy Forum has sent a letter to Dr. Simon P. Cohn, Chairman of the National Committee on Vital and Health Statistics, supporting the Committee's formal conclusion that all entities that create, compile, store, transmit, or use personally identifiable health information should be covered by a federal privacy law. More needs to be done about health care data that is left unprotected by HIPAA. The Forum's letter included a discussion of two HHS programs that operate outside of HIPAA: FDA RiskMAPS, and the National Institutes of Health, which is not a covered entity under HIPAA. Read the World Privacy Forum letter to NCVHS here (PDF). The NCVHS letter to the Secretary on HIPAA and non-covered entities is available here (PDF, at the NCVHS web site). For more about RiskMAPs, see WPF testimony from August 1, 2007 (PDF) and June 26, 2007 (PDF).
08/01/2007 iPledge Program / FDAWorld Privacy Forum testifies at FDA advisory committee hearing on the iPledge program; requests attention to privacy issuesThe World Privacy Forum testified before the Dermatologic and Ophthalmic Drugs Advisory Committee and the Drug Safety and Risk Management Advisory Committee of the Food and Drug Administration regarding privacy issues related to iPledge, a mandatory program for patients taking the drug Accutane or isotretinoin generics. The FDA has stated that the program, which it requires four drug manufacturers to have in place, does not fall under HIPAA. The program collects substantive amounts of patient information. The Forum urged the FDA to set privacy standards for all RiskMAPs in general, and to resolve privacy issues in the iPledge program specifically. The Forum requested that all marketing provisions of the iPledge program privacy policy be removed, that patients be expressly informed the program does not fall under HIPAA, and that patients be given a printed copy of the iPledge program privacy policy, among other requests. Read the written testimony (PDF). Related: earlier WPF testimony to FDA/AHRQ regarding RiskMAPs.
07/26/2007 National Disaster Medical System / Privacy Act of 1974World Privacy Forum requests that the new National Disaster Medical System protect all patient information to standards at least equal to HIPAAThe World Privacy Forum has filed public comments with the Department of Health and Human Services requesting that its new National Disaster Medical System protect all patient information to at least the baseline protections that HIPAA affords, including the HIPAA security and privacy protections. Currently, the new system does not do this, even though the system is housed at HHS, the agency which promulgated the HIPAA standards. The National Disaster Medical System currently contains overbroad routine uses which could potentially result in significant privacy and even public health issues. For example, public health information will not be able to be disclosed under the National Disaster Medical System as the system is currently organized. Additionally, some of the current routine uses in the system would authorize disclosures that would be illegal under HIPAA. For example, Congressional disclosure of a HIPAA record requires a written authorization, something the new system does not require. Read the comments (PDF).
07/22/2007 Top ten opt out listWorld Privacy Forum's Top Ten Opt Out ListThis is a list of what top things to opt out of, and how to opt out. Millions of people have heard about the Do Not Call list, an opt out list that gets people off of telemarketing lists. But many fewer people have heard about the other opt outs that are available, like those that can take people out of data broker lists or opt outs that can stop schools from giving out directory information like email and home addresses. Opting out can range from the not-too-difficult (the Do Not Call list is a fairly simple opt out) to the challenging. This list is meant to simplify the information about which opt out does what, to help decide if a particular opt out is the right choice, and how to go about opting out. See the WPF Top Ten Opt Out List.
07/22/2007 Security freeze / identity theft / financial privacyHow to place a security freeze (credit freeze)A credit freeze (sometimes called a security freeze) lets you stop the disclosure of your credit report by a credit bureau. A credit freeze can be especially helpful to individuals who are having persistent problems with identity theft. If you live in a state with a security freeze law, then you may be able to place a security freeze on your files. This World Privacy Forum resource gives general background on security freezes, lists the states with security freeze laws, and links to more information for each state. See the Security Freeze page.
07/10/2007 FDA privacy standards - RiskMAPsThe FDA needs to set privacy standards to protect patients in drug risk programsWorld Privacy Forum executive director Pam Dixon testified at an FDA/AHRQ joint public workshop about the need for the FDA to set robust privacy standards for drug risk minimization programs, which are put in place for drugs the FDA has determined to be high risk in some way. Drug risk minimization programs (like the iPledge program for the acne drug Accutane) are not typically covered by HIPAA, and some programs have a privacy policy that allows marketing use of patient information collected as part of the risk program. This kind of marketing activity would not be allowable if the programs fell under HIPAA, and Dixon's testimony stated that patients in these programs should have the same kinds of privacy protections as HIPAA covered programs, and that marketing activities involving patient information should not be allowable in these programs. Read the testimony (PDF).
06/07/2007 Genetic privacyWorld Privacy Forum makes presentation at National Academy of Sciences' Institute of MedicineExecutive director Pam Dixon presented key issues and potential solutions regarding privacy and Genome Wide Association Studies at the Institute of Medicine's Board on Health Sciences Policy meeting. Her presentation included recommendations to engage in a comprehensive study of certificates of confidentiality, to encourage standards of identifiability, to encourage study of what more uniform standards of privacy and security for researchers might look like, and a recommendation to work toward broad solutions that extend beyond GWAS activities.
06/04/2007 AHIC - National Health Information NetworkWorld Privacy Forum Comments on AHIC Confidentiality, Privacy, Security Workgroup HypothesisThe American Health Information Community Workgroup on Confidentiality, Privacy and Security requested public feedback regarding its working hypothesis. WPF responded to the request with public comments encouraging the adoption of a unified policy architecture and encouraging AHIC to focus on enforcement mechanisms that are intended to directly benefit consumers. WPF also encouraged AHIC to look comprehensively at the demands a new national electronic health exchange network will make on privacy in the health care sector. Read the comments (PDF). See also the National Health Information Network Page for more about the NHIN, and the WPF medical privacy page.
05/24/2007 Genetic privacy / PGxWorld Privacy Forum files public comments and recommendations on pharmacogenomics privacy: all patient-specific PGx research should require certificates of confidentialityThe World Privacy Forum believes that the capability of identifying individuals from subsets of genetic information will expand greatly in the future. In public comments filed with the National Institutes of Health on pharmacogenomics (PGx) research, or research using genetic information to create highly personalized medicine, the World Privacy Forum recommended that all research activities that involve any type of patient-specific genetic information be required to have certificates of confidentiality, whether that information appears identifiable or not. The WPF also urged the NIH to require strong data use agreements to protect individuals' privacy. The WPF also urged NIH and the Department of Health and Human Services to reinstate the position of "privacy advocate" so as to provide oversight in this area. Read the comments (PDF). For more information, see the genetic section of the WPF Medical Privacy Page. Related note: Executive director Pam Dixon will be speaking about genetic research and privacy at the Institute of Medicine on June 7.
05/08/2007 REAL ID /National IDWorld Privacy Forum and Electronic Frontier Foundation File Public Comments on REAL IDThe World Privacy Forum and the Electronic Frontier Foundation (EFF) filed joint comments with the Department of Homeland Security about the proposed national ID system, REAL ID. The comments discuss the substantial flaws in the proposed REAL ID system including concerns about the overall structure of the program, the cards, the databases attached to the cards, the lack of controls on "function creep," the possibilities for discrimination, the potential for increased risk of identity theft, issues related to potential gaps in coverage for recipients on Federal programs, among other issues. Read the comments (PDF). See the EFF REAL ID pages for background about REAL ID.
05/04/2007 REAL IDStop REAL IDREAL ID is a national ID card program. Currently, the Department of Homeland Security is accepting public comments on the REAL ID plan. Comments will be accepted until Tuesday, May 8. The World Privacy Forum has joined with a large coalition of groups to solicit public comments on REAL ID; to file comments, please visit the Speak Out Against REAL ID coalition page for more information. http://www.privacycoalition.org/stoprealid/
04/20/2007 Discussion Forum: Consent and PrivacyLaunch of the WPF Discussion Forum: The Paradox of Consent, analysis by Bob GellmanWorld Privacy Forum launches its Discussion Forum with an inaugural paper by Robert Gellman on the complexities of consent in the privacy sphere. Gellman's analysis focuses on the core privacy issues underlying "The Maine Incident," that is, Maine's historic 1998 passage of medical privacy legislation, and the subsequent repealing of key aspects of that legislation two weeks after it was enacted. Issues related to consent were key factors in the Maine events. Read Gellman's paper in the WPF discussion forum, or jump directly to Gellman's paper: Consent for Disclosures of Health Records: Lessons from the Past (PDF).
04/03/2007 National Health Information NetworkUpdate: World Privacy Forum's National Health Information Network TimelineRecently, the first live prototypes of the NHIN were demonstrated in Washington, D.C. This was a milestone event in the development of the planned network. The National Health Information Network is an ambitious project the U.S. government undertook in 2004 to digitize and network patient health records across the nation. This project raises challenging confidentiality, privacy, and security issues. See the World Privacy Forum's updated NHIN page and NHIN Timeline for more information. Also see the Forum's Medical ID theft report for an analysis of the potential impact of an NHIN on medical ID theftissues.
03/21/2007 Medical privacy / Department of TransportationCommercial drivers' license applicants requesting exemption from the diabetes standard have their personal medical information, name, age, and more published in the Federal Register; World Privacy Forum urges changes to the practiceThe World Privacy Forum filed comments with the Department of Transportation today regarding the department's publicationof the detailed personal medical information of individuals subject to DOT regulations in the Federal Register along with their names, ages, and other identifying information. The WPF comments argue that personal medical information combined with name, age, etc. does not belong in the Federal Register, where it can have potentially far-reaching consequences for those individuals who are named as well as their family members. The comment period closes April 2. Read the WPF comments (PDF).
02/05/2007 Genetic privacyWorld Privacy Forum comments about the ethical, legal, and social implications of using genetic health care data in electronic health recordsThe World Privacy Forum filed public comments with the Department of Health and Human services in response to an HHS request for information regarding the use of patients' genetic data for research, health care, and for use in electronic health records. The World Privacy Forum is requesting that HHS use all Fair Information Principles in any personalized health care projects, and is requesting that a formal ELSI (ethical, legal, and social implications) committee be set up to oversee any projects, among other requests. Read the comments (PDF). Also see: WPF Fair Information Practices page. 01/19/2007 Identity TheftPresident's Identity Theft Task Force: World Privacy Forum requests that medical identity theft be added to task force agendaThe World Privacy Forum filed comments and recommendations with the President's Identity Theft Task Force. The task force's draft report and recommendations did not include or contemplate medical identity theft solutions for victims; the WPF has requested and recommended that this be corrected. Medical identity theft victims need more help, more recourse, and agency attention. Read the WPF task force comments (PDF). Also see the WPF Medical ID Theft Page, which links to the WPF report, consumer tips, and FAQs for victims.
200612/15 2006 e-Government /CIPSEAWPFcomments on proposed guidance on Confidential Information Protection and Efficiency Act of 2002 (CIPSEA)The World Privacy Forum submitted comments to the Office of Management and Budget regarding proposed guidance on Title V of the e-Government Act. The proposed guidance did not address the relationship between CIPSEA and the USA PATRIOT Act Section 215, and guidance regarding identifiability and the Privacy Act of 1974 needs to be further refined. WPF suggests that OMB consider developing a formal statistical confidentiality seal controlled by a federal agency. The purpose would be to provide an identifiable marker that would tell individuals if the information they provide will receive the highest degree of confidentiality protection available under law. Read the WPF comments (PDF).
12/14/2006 Medical privacy / Medicare Part DWorld Privacy Forum Requests That CMS Bring Its Medicare Part D Data Activities Under HIPAA and Require Certificates of Confidentiality to Protect Patient PrivacyIn comments filed with the Centers for Medicare and Medicaid Services, the World Privacy Forum requested that CMS give effect to data restrictions that Congress has expressly included in the law. WPF also requested that CMS include in its standard agreements for use of CMS data a requirement that the recipient obtain a certification of confidentiality for all identifiable CMS data. WPF also requested that CMS perform a regulatory impact analysis and publish a system of records notice. Read the comments (PDF).
12/06/2006 Identity theft / Consumer AlertIdentity Theft Victims of Choicepoint Data Breach May Now File Reimbursement ClaimsThe Federal Trade Commission has set up a new web site and phone number for identity theft victims of the Choicepoint data breach. The new site and phone number gives victims information on how to file claims for monetary reimbursement if out- of- pocket losses accrued as a result of the ID theft. A fund of $5 million is available to victims, the deadline for filing is February 4, 2007. The site is <http://www.ftc.gov/choicepoint>, the data breach hotline phone number is 1-888-884-8772.
11/27/2006 Privacy Act of 1974Department of Justice Proposes Making Changes to Routine Uses of its Systems and Databases; World Privacy Forum Files Comments on Problematic Privacy Act Issues with the Proposed ChangesThe Department of Justice published a notice proposing to update the Routine Uses of its systems and databases under the Privacy Act of 1974. The proposal was not precise enough, and was written in such a way as to allow sensitive Privacy Act systems such as the Criminal Division Witness Security File (CRM-002), the Witness Immunity Records (CRM-022), and the National Instant Criminal Background Check System (NICS, FBI-018) to be disclosed to almost anyone in certain circumstances, including to individuals working outside of law enforcement. The World Privacy Forum is requesting that the DOJ significantly tighten its language in the proposal, and to specify what individuals or entities may have access to these sensitive records, under what specific conditions. The World Privacy Forum is also requesting the DOJ republish all of its up-to-date system of records notices in their entirety immediately and at least every two years thereafter. Read the comments (PDF).
10/31/2006 Genetic privacyWorld Privacy Forum Comments on Proposed Policy for Genetic DatabaseGenome-wide association studies present complex and challenging privacy issues. The National Institutes of Health, in a published request for information, asked for public comment on its proposed policy regarding its support and management of a central genomic repository for genome-wide association studies. In comments filed with the National Institutes of Health, the World Privacy Forum raised concerns about the proposed NIH policy in the specific areas of genetic identifiability, secondary uses of the genetic data, oversight, legal protections, and informed consent. Read the comments (PDF).
09/27/2006 Privacy Act of 1974World Privacy Forum Files Comments on a Proposed DHS rulemaking; asks the Department to make a Commitment to Transparency and AccountabilityIn response to a proposed Department of Homeland Security rulemaking regarding a system of records, the World Privacy Forum filed comments requesting changes. The primary objections are that the proposed system of records commingles records and functions, the proposed exemption is inconsistent with the system notice, and DHS's proposed exemption from civil remedies was not correct, among other issues. The World Privacy Forum stated in its comments that the Department of Homeland Security should demonstrate its commitment to accountability and transparency in the rulemaking. Read the comments (PDF).
09/18/2006 Identity theft, medical identity theftWorld Privacy Forum Comments on "Red Flag" Guidelines for Identity Theft, Requests Addition of Medical Identity Theft to Red Flag RuleThe World Privacy Forum filed comments with the Federal Trade Commission, the Treasury, and other federal agencies today regarding the joint draft rule on "Red Flags" for identity theft. In its comments, the World Privacy Forum requested that medical identity theft be added to several aspects and portions of the proposed rule. Adding medical identity theft to the rule is essential to help close gaps in protection for consumers and to encourage health care providers to attend to victims' challenges and needs regarding medical identity theft. Read the comments (PDF). For more on medical identity theft, also see the Forum's medical identity theft report and tips on the Medical Identity Theft page.
08/16/2006 Internet privacyWorld Privacy Forum Files FTC Complaint About AOL Data ReleasesThe World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL's multiple releases of portions of its users' search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines. For more see the complaint (PDF). Also see the World Privacy Forum Search Engine Privacy Tips.
08/08/2006 Internet privacyWorld Privacy Forum Announces Plans to File FTC Complaint About AOL Search Data ReleaseThe World Privacy Forum announced today that it would be filing a complaint with the Federal Trade Commission about the posting by AOL of a portion of its users’ search data on the Internet. While the data was not expressly identified by name, the search queries themselves included in some cases personally identifiable information such as individuals’ names, Social Security Numbers, and myriad other personal information. The World Privacy Forum urges consumers to take precautions when using search engines. For more see the Press Release. Also see the World Privacy Forum Search Engine Privacy Tips.
07/20/2006 Genetic privacyWorld Privacy Forum Comments on Privacy Issues Relating to a Nationwide Genetic Research ProjectThe collection of DNA material from 500,000 to 1,000,000 or more individuals as part of a large U.S. medical research project raises many challenging ethical, legal, and privacy issues. An advisory committee reporting to the Office of the Secretary of Health and Human Services ( the Secretary's Advisory Committee on Genetics, Health and Society) has published a detailed analysis of the issues such a project and its associated databases and biobanks would raise in a draft report. The committee's final report and policy recommendations will be submitted to the Secretary of HHS. The World Privacy Forum has submitted public comments on the draft; the comments include key policy recommendations.
The Forum's recommendations include the need to provide protection from compelled disclosure of information, the necessity for a full-time project privacy officer with enforcement power, the need to address identifiability issues, and the need for a far-reaching and robust privacy policy that exceeds the requirements of HIPAA, among other recommendations. Read the WPF comments and recommendations (PDF) or read the WPF comments on the web. Also, see the Medical Privacy Project page.
06/30/2006 Medical records privacy and how-toStep-by-step FAQ for victims of medical identity theftFollowing its report on medical identity theft, the World Privacy Forum has responded to the need for specialized advice for victims of medical identity theft. The Access, Amendment, and Accounting of Disclosures: FAQs for Medical ID Theft Victims is the first resource of its kind, and is intended to help victims navigate the complicated process of correcting medical files and recovering from the unique harms of medical identity theft. The FAQ includes sample letters to use, as well as step-by-step advice on how to get a copy of health records, ask for changes to health records from healthcare providers, and ask for a history of disclosures of health records. Read the FAQs. For more see the Medical ID Theft page.
06/15/2006 Agency comments / Medical privacyWorld Privacy Forum comments on Medicaid Program and State Children's Health Insurance Program Systems Notice; requests changesThe World Privacy Forum submitted comments to the Centers for Medicare & Medicaid Services requesting that it amend a Systems of Records Notice to address an oversight and address other privacy issues. The Forum requested that CMS add a reference in the system notice to Executive Order 13181 of December 20, 2000, “To Protect the Privacy of Protected Health Information in Oversight Investigations.” The Forum also requested that the routine uses be revised to reflect the HIPAA requirements as appropriate when the disclosures involve HIPAA records. Read the comments in PDF.
06/05/2006 National Health Information NetworkNational Health Information Network TimelineThis timeline charts the major developments of the National Health Information Network. This network, usually called the NHIN, is a project underway led by the U.S. government. The goal is to transition from a paper-based health care system to a digitally based one, with electronic medical files to be shared over a network. The NHIN is intended to be a sophisticated network that hospitals, insurers, doctors, and others could potentially access. Such a network brings patient privacy, security, and confidentiality issues into sharp relief. The NHIN now has pilot projects underway in multiple U.S. cities. This timeline charts the NHIN from its start to the present. See the timeline on the web. See the NHIN page for other NHIN news and updates.
06/05/2006 Fair Information PracticesA Brief Introduction to Fair Information PracticesThis is a short introduction to the eight principles known as "Fair Information Practices." These eight principles and practices describe how an information-based society may approach information handling, storage, management, and flows with a view toward maintaining fairness, privacy, and security in a rapidly evolving global technology environment.
05/03/2006 Medical privacyMedical Identity Theft: The Information Crime That Can KillThis new World Privacy Forum report (PDF Executive Summary) (PDF Full Report) describes what medical identity theft is, discusses victim experiences, and why this crime is important to detect. Victims of medical identity theft may not know that they have medical files that have been falsified by imposters, and can receive improper medical treatment based on these errors. The report estimates that between a quarter and a half million people have been victims of medical identity theft. See the Medical identity theft page for the report, for updates, and for consumer tips.
03/08/2006 Financial privacyComments to IRS on Tax Information SharingJoint comments filed by EPIC, Privacy Rights Clearinghouse, and World Privacy Forum. Comments are available at the EPIC site: <http://www.epic.org/privacy/tax/irscom3806.html>.
02/08/2006 Medical privacy / HIPAAWorld Privacy Forum Files Comments About Proposed Changes to HIPAAFive groups joined the World Privacy Forum in asking for changes to be made to a proposed rule on how medical healthcare claims attachments are handled electronically. The World Privacy Forum and the EFF, EPIC, Privacy Rights Clearinghouse, Privacy Activism and U.S. Public Interest Research Group (U.S. PIRG) asked that physicians be given more control over what parts of health records they send electronically to insurance companies, that psychotherapy notes not be included when sending health records for insurance payment, and that the HIPAA Privacy Rule be rigorously applied to scanned health records. Read the comments in PDF format.
01/31/2006 Domestic surveillanceWorld Privacy Forum Requests NSA Domestic Surveillance InquiryThe World Privacy Forum joined a coalition of 41 civil liberties, privacy, and trans-political organizations in a letter requesting a thorough and comprehensive inquiry by the Committee on the Judiciary into domestic surveillance program(s). Read the letter in PDF format.
01/20/2006 Internet privacySearch Engine Privacy TipsWorking to proactively prevent problems related to the use of search engines is preferable to trying to clean up privacy problems after the fact. Here are some tips and resources for enhancing search engine privacy. Read the tips.
01/04/2006 Identity theftFTC to Conduct New Identity Theft Survey; World Privacy Forum Submits CommentsThe World Privacy Forum submitted comments in response to the Federal Trade Commission's request for feedback on its upcoming identity theft survey. The FTC identity theft survey is one of the most quoted surveys on the subject. The World Privacy Forum requested changes and clarifications to the survey, including adding questions about security breach notices and clarifying existing questions about medical identity theft, among other issues. Read the comments in PDF format.
2005
11/04/2005 Medical privacyWorld Privacy Forum Comments to HHS on Protecting Patient Choice and Expanding Medical Privacy RightsThe World Privacy Forum filed comments with Health and Human Services this week asking the agency to protect patient choice and privacy. The World Privacy Forum asked that patients continue to be able to receive accounting of disclosures under HIPAA, and asked that this important patient right under HIPAA not be removed or weakened. The World Privacy Forum also asked HHS to review how patients' records can be amended under HIPAA, and recommended that in light of the coming National Health Information Network, that changes to enhance patient choice may be needed in this area. Read the comments on the Web or in PDF format. For more on the National Health Information Network, see our NHIN page.
9/30/2005 Medical privacyWorld Privacy Forum Testifies on Electronic Health Records and PrivacyThe World Privacy Forum testified before the National Committee on Vital Health Statistics in August regarding the importance of patient choice in the area of Electronic Health Records. The testimony stressed the importance of building security, patient privacy, and choice into EHRs and any form of the proposed National Health Information Network (NHIN). Read the testimony on the Web or in PDF format. Also see the Forum's NHIN page.
8/4/2005 TelemarketingWorld Privacy Forum Comments to the FCC on TelemarketingIn official comments filed with the Federal Communications Commission, the World Privacy Forum urged the Commission to maintain state telemarketing regulations. (PDF Comments.)
7/14/2005 ReportCall Don't Click Update: Still be smart about ordering federally mandated free credit reportsThis new report (PDF Complete Report) (HTML Exec Summary ) is a complete update on the Forum's original February 25 report on AnnualCreditreport.com. Since the publication of the first Call Don't Click report, the number of imposter sites has increased by 124 percent. Some of the imposter sites have become more aggressive, improperly asking for consumers' Social Security Numbers. Other imposter domains lead to commercial data broker sites. The report lists and discusses the sites, the new findings, and recommendations. See the AnnualCreditReport.com page.
7/11/2005 Resume and jobsearching privacyUpdated Resume Posting Tips for JobseekersBefore you post your resume online, read these twelve resume posting truths to help minimize resume privacy problems such as identity theft. Job Seekers Guide to Resume Databases: Twelve Resume Posting Truths . For more resources on job search privacy, see the World Privacy Forum's Workplace Privacy Project.
6/07/2005 Medical privacyHIPAA News and National Health Information Network NewsIn HIPAA news, the Department of Justice has released a new ruling regarding HIPAA. The opinion is available here (PDF). Also, the HHS report summarizing the 500 + comments on the RFI for the National Health Information Network has been posted. The HHS report is available here. The World Privacy Forum and the Electronic Frontier Foundation submitted joint comments for the NHIN RFI, those comments are available here (PDF).
5/26/2005 Financial and Internet privacyCall Don't Click: Updated Consumer tips for retrieving your federally mandated free credit reportBefore you call, click, or mail away for your federally mandated free credit report, read these tips to help you avoid potential problems. This consumer tip sheet includes graphics to show you what problematic "fake" free credit sites look like, and includes consumer-tested tips for safely receiving your free reports. The tip sheet also includes resources with information, phone numbers, and addresses for ordering your report. See the AnnualCreditReport.com page for more.
2/15/2005 Medical Privacy / Infrastructure & DatabasesWPF and EFF Submit Comments on the National Health Information NetworkThe World Privacy Forum and the Electronic Frontier Foundation have submitted official comments in response to the U.S. government's "Request for Information" about its plan to digitize all patient medical records and create an electronic "National Health Information Network" or NHIN. The comments urge caution in designing the NHIN and call for the government to build privacy, security, and open source technologies into the system from the beginning of the project. NHIN Joint Comments PDF . Also see the NHIN page.
1/19/2005 Workplace Surveillance and PrivacyWorld Privacy Forum Testifies about Federal ID CardThe World Privacy Forum testified on January 19 regarding the need to build reasonable privacy and security protections into the proposed "smart"Federal ID cards. The testimony included recommendations on making the mandated employee background checks equitable, careful implementation of the Privacy Act, and conducting a Privacy Impact Assessment. Other key issues included setting limits on card use and protecting the mandated source documents, such as birth certificates, that will be required to obtain a card. WPF and other testimony is available at the National Institute of Standards and Technology site: <http://csrc.nist.gov/piv-project/workshop-Jan19-2005/presentations.html>.
2004
12/23/2004 Workplace Surveillance and PrivacyJoint Comments on the Proposed Federal ID StandardWPF, EFF, Privacy Rights Clearinghouse, and PrivacyActivism call for greater attention to privacy provisions of the proposed new Federal ID card, which will be "contactless." Joint comments PDF. Related: January 19 public meeting testimony on the Federal ID standard. See Events or About Us for meeting details.
9/07/04 Job Applicant PrivacyConsumer's Privacy Guide to Job Searching OnlineOriginally created for the 2003 Job Search Privacy Study in PDF format, the Guide has been made into an easy to use Web page. Job seekers can now click through the guide as they look for job sites that are pro-privacy.
9/07/04 Internet PrivacyHow to Say No to Cookies that Track YouSome computer cookies are harmless, but others can track your moves across many Web sites, eventually building a detailed dossier of your preferences. This new consumer tips article discusses the difference, and links to "opt out" cookies that will stop the tracking.
7/08/04 Internet Privacy and Security; Job Applicant Rights and PrivacyA Year in the Life of a Job Scam: Pt. 1 of the World Privacy Forum Job Scam ReportThis new report tracks a widespread online job scam over the course of a year from July 2003 to July 2004. The report contains findings, recommendations, critical new tips for job seekers, and examples and explanations of the scam in action (emails to victims, contracts, etc.) The report examines the intersection between job fraud and job seeker privacy. Responses from job sites about what they are doing about job fraud are included in the report. Report HTML | Report PDF
7/08/04 Internet Privacy and Security; Job Applicant Rights and PrivacyTimeline: The Evolution of an Online Job ScamThis visual timeline chronicles a year of a job scam. The timeline documents the cities the fake jobs were targeting, dates the jobs posted, the various company names the scam operated under, and the contact names used in the scam. The job scam timeline is documented with screen shots of the job listings and how they looked as posted. The scam is still active. Timeline HTML
7/08/04 Internet Privacy and Security; Job Applicant Rights and PrivacyConsumer Tips to Help Combat Job ScamsThese reality-based consumer tips are simple and are based on research from the key findings in the World Privacy Forum Job Scam Report. The Consumer Tips include "Red flags" to recognize scams and a step-by-step explanation and illustration using real examples of how one type of scam operates. Tips HTML
7/5/04 Database PrivacyWPF Calls for WHOIS Database Privacy ImprovementsIn comments submitted to ICANN's Task Forces 1 and 2 on the WHOIS Database, the World Privacy Forum has asked for tiered access to domain registry information. This would allow domain registrants the ability to keep home phone numbers, addresses, and email addresses private. The WPF has also asked that personal information in the WHOIS database not be made available to marketers. Comments PDF
2003
|
| © 2003 - 2008 WORLD PRIVACY FORUM | CONTACT | RESOURCES |