Digital Signage Privacy Principles — The nation’s leading consumer and privacy groups released a set of baseline consumer privacy principles to be included in digital signage networks. The principles were released at the Digital Signage Expo in Las Vegas, Nevada, where World Privacy Forum executive director Pam Dixon spoke about the principles to a large group of digital signage industry professionals.
FTC Privacy Roundtable — WPF executive director Pam Dixon will testify at the FTC Privacy Roundtable about information brokers and commercial data practices and they impact consumers. Dixon will be discussing the business models of data brokers, issues with smart grids, and opt-out problems, among other issues.
FTC — The Federal Trade Commission has delayed the enforcement date of the Red Flag Rule until June 1, 2010.
Health data breach rulemaking — The Federal Trade Commission has issued its final Health Breach Notification Rule for vendors of Personal Health Records and related entities, as required under ARRA, The American Recovery and Reinvestment Act of 2009. The initial proposed Health Breach Notification Rule was generally thoughtful and thorough. The World Privacy Forum submitted extensive comments on the proposed rule both supporting parts of it and making some suggestions for changes. The FTC incorporated several specific WPF suggestions into the final rule. In particular, the FTC incorporated the applicability of the rule to foreign entities with U.S. customers (Final Rule p. 17), and the applicability of the rule to search engines appearing on Personal Health Record web sites (Final Rule p. 34). The new rule will be published in the Federal Register shortly; until then, it is available at the FTC web site. Also available is a form that entities covered under this rule can use to report data breaches to the FTC. The Health Breach Notification Rule will be effective 30 days after publication in the Federal Register, and full compliance with the rule will be required beginning 180 days after publication.
Resource — A substantial new resource for individuals seeking to research California laws and regulations regarding health information has come online. The CHILI database is a project of the California Office of Health Information Integrity, and has interfaced with the California Privacy and Security Advisory Board, which the World Privacy Forum co-chairs. The CHILI database can be searched by HIPAA section, California Code section, California health information law keywords, or by statutory scheme.