Data Brokers

WPF files comments for FTC Roundtables on privacy standards, consumer expectations of privacy

FTC Privacy Roundtable — The World Privacy Forum filed comments last week for the FTC Privacy Roundtables, the first of which will be held December 7, 2009. The WPF comments urged the FTC to consider the Fair Credit Reporting Act as a key privacy model to apply to additional areas, to use the full version of Fair Information Practices, and discussed how a rights-based framework was the key to advancing consumers’ interests. The comments discussed list brokers at length, and explained how even the most informationally cautious consumer will land on numerous marketing lists and databases. The WPF comments noted that not all marketing lists are used to target ads to consumers; some lists and databases are used to deny consumers goods and services. The comments contain a detailed section on privacy frameworks, a section on direct marketing, and an appendix with supporting information.

When opting out is hard to do: World Privacy Forum sends letter to FTC about data broker companies offering mail-based opt outs

Data broker opt out issue — The World Privacy Forum sent a letter to the Federal Trade Commission asking it to look into four companies offering online consumers the ability to opt out, then asking those consumers to use a variety of postal-mail-based methods to do so.

Public Comments: April 2009 – Request for declaration regarding fairness of opt-out methods and investigation into Acxiom, US Search, PublicRecordsNow, and USA People Search consumer opt-out methods for compliance with Section 5 of the FTC Act, 15 U.S.C. § 45(a)(1)

The Commission has laid down specific examples of what constitutes unreasonable opt- out procedures, particularly in its Affiliate Marketing Rule, which describes three distinct types of opt-out methods the Commission considers to be unreasonable. Some companies are ignoring the standards the Commission has set, and are requiring consumers whom they have notified online of an opt-out opportunity to then use paper and postal mail processes to accomplish the opt out.

Updates to Top Ten Opt-Out List

Opt-out | Financial privacy — The World Privacy Forum has updated its popular Top Ten Opt Out list to reflect several new change made to the Direct Marketing Association opt outs. In the past, some of the DMA opt-outs, like the Direct Marketing Association’s mailing preference lists, used to cost $1. That fee has now been removed for people opting out online. Please see item #3 on the Opt Out list for the complete update.

Public Comments: World Privacy Forum files comments on CMS plan to allow release of patients’ protected health information from Medicare database in some circumstances; benefits do not outweigh the risks

Medicare – CMS — The World Privacy Forum filed extensive pubic comments on the substantive changes to the Medicare database release policy that the Centers for Medicare and Medicaid Services (CMS) has proposed in a System of Records Notice. As it currently stands, CMS is planning to release the individually identifiable protected health information of patients in the Medicare database to third parties in some circumstances. CMS has not established strong enough checks and controls on its release policy, and it has not explained how it is able to do this under HIPAA. The comments state that CMS has an obligation to explain how each routine use in its new policy is consistent with the authority in the HIPAA privacy rule. If a routine use allows disclosures that are broader than those permitted by HIPAA, then the routine use must be narrowed so that it is consistent with HIPAA. The comments also note that nothing in the CMS notice discusses substance abuse rules and other legal restrictions of the protected health data. The World Privacy Forum asked CMS to specify that the qualifications of any data aggregators who may potentially receive the data exclude any entity that sells other consumer data for any general business, credit, identification, or marketing purpose.