Public Comments

Genetic Privacy | GINA — The World Privacy Forum filed comments on the proposed regulations on the Genetic Information NonDiscrimination Act, or GINA. The comments request that the Equal Opportunity Employment Commission close down several potential loopholes in consumer protection in the proposed regulations. The Forum specifically asked the EEOC to consider curtailing the amount of commercially available information employers could access about employees, for example, through marketing databases. WPF also requested that those covered under GINA be required to maintain audit trails in certain circumstances, and urged that wellness programs be structured in such a way so as to prevent information leakage through billing and other activities.

The Commission has laid down specific examples of what constitutes unreasonable opt- out procedures, particularly in its Affiliate Marketing Rule, which describes three distinct types of opt-out methods the Commission considers to be unreasonable. Some companies are ignoring the standards the Commission has set, and are requiring consumers whom they have notified online of an opt-out opportunity to then use paper and postal mail processes to accomplish the opt out.

CVS Caremark | FTC proposed consent agreement — The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain. The proposed agreement is in resonse to a CVS data breach. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach.

The World Privacy Forum filed comments with the Federal Trade Commission in response to its proposed consent agreement with the CVS Caremark pharmacy chain. The proposed agreement is in resonse to a CVS data breach. The agreement does not impose a monetary penalty on CVS, and does not provide remedies for consumers affected by the data breach. The World Privacy Forum urged the FTC to reconsider the agreement.

On January 14, 2009, the DMV issued a Section 11 (2008 Budget Act) letter to the Legislature stating its intent to change the terms of its driver license and id card contract – including the use of biometric systems including facial recognition scans and biometric thumbprints on people seeking driver’s licenses and ID cards. Unless the Joint Legislative Budget Committee objects within 30 days, the contract with the vendor will take effect.