Federal Trade Commission (FTC)

Mar 27 2009

Public Comments: March 2009 – Comments on the Proposed Consent Agreement with CVS / Caremark

The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain. The proposed agreement is in resonse to a CVS data breach. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach. The World Privacy Forum urged the FTC to reconsider the agreement.

Feb 18 2009

CVS Caremark pharmacy chain agrees to pay $2.25 million to settle charges of HIPAA violations; also settles with the FTC

Medical privacy | HIPAA | FTC — According to a legal complaint, CVS pharmacies — the largest pharmacy chain in the United States — did not take appropriate steps to protect its customers’ and employees’ sensitive information when it improperly disposed of documents, labels, prescription bottles, and other items with clearly identifiable and highly sensitive personal information such as SSNs, prescription information, driver’s license numbers, and other information still on those materials. CVS agreed to pay $2.25 million to settle its violations of HIPAA as part of a Resolution Agreement with the Department of Health and Human Services. CVS has also signed a consent agreement with the FTC; the public can comment on this agreement until March 20, 2009. The World Privacy Forum will be filing comments with the FTC on the consent agreement with CVS, which we will post here.

Feb 12 2009

FTC releases its online advertising principles; Commissioner Harbour urges FTC to go beyond self-regulation

Internet privacy — The Federal Trade Commission released its self-regulatory principles for behaviorally-targeted advertising today. The World Privacy Forum will be holding a press conference responding to the principles at 12:30 p.m. Eastern.

Aug 16 2008

World Privacy Forum Files FTC Complaint About AOL Data Releases

Internet privacy — The World Privacy Forum filed a complaint today with the Federal Trade Commission regarding AOL’s multiple releases of portions of its users’ search query histories. The complaint discusses AOL search query releases from 2004 and 2006. The complaint alleges that the data release was intentional, and due to significant identifiability issues of the data subjects, that the releases are harming some AOL customers, and that AOL customers did not know their search histories would be made available to the public. The World Privacy Forum urges consumers to take precautions when using search engines.

Jul 10 2008

FTC reports more than 145 million telephone numbers are in the National Do Not Call Registry

Do Not Call Registry — In its fourth annual report to Congress on the Do Not Call Registry, the Federal Trade Commission released some interesting new statistics. As of September 2007, there were 145,498,656 telephone numbers in the Do Not Call Registry. The FTC also reported that 6,242 entities paid over $21 million for access to the DNC Registry in 2007. The report also details the FTC’s enforcement actions against businesses violating the DNC Registry rules. As of September 30, 2007, the FTC had filed 25 cases regarding DNC Registry violations and had settled 22 of the cases.

New Report: Risky Analysis: Assessing and Improving AI Governance Tools

We are pleased to announce the publication of a new WPF report, “Risky Analysis: Assessing and Improving AI Governance Tools.” This report sets out a definition of AI governance tools, documents why and how these tools are critically important for trustworthy AI, and where these tools are around the world. The report also documents problems in some AI governance tools themselves, and suggests pathways to improve AI governance tools and create an evaluative environment to measure their effectiveness. AI systems should not be deployed without simultaneously evaluating the potential adverse impacts of such systems and mitigating their risks, and most of the world agrees about the need to take precautions against the threats posed. The specific tools and techniques that exist to evaluate and measure AI systems for their inclusiveness, fairness, explainability, privacy, safety and other trustworthiness issues — called in the report collectively AI governance tools – can improve such issues. While some AI governance tools provide reassurance to the public and to regulators, the tools too often lack meaningful oversight and quality assessments. Incomplete or ineffective AI governance tools can create a false sense of confidence, cause unintended problems, and generally undermine the promise of AI systems. The report contains rich background details, use cases, potential solutions to the problems discussed in the report, and a global index of AI Governance Tools.
National IDs Around the World — Interactive map

About this Data Visualization: This interactive map displays the presence...
Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974

This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.