This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era — an era that was characterized by the use of mainframe computers and filing cabinets. Today’s digital information era looks much different than the ’70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process.

The US Department of Homeland Security (DHS) has withdrawn a proposed rulemaking related to biometric collection, USCIS Docket No. USCIS-2019-0007. Last year, WPF urged DHS to withdraw this biometric rulemaking because the rulemaking lacked scientific facts and basis. WPF also found that the DHS biometric proposal avoided discussion of the new barriers it would have created

We are extremely pleased and heartened that after years of requesting that the FTC make compliance reports public, that the Commission has agreed to do so with the Everalbum settlement. WPF submitted comments regarding the Everalbum proposed settlement to the US Federal Trade Commission on February 23, 2021. Today, the FTC announced the final settlement and

WPF filed comments today with the Department of Health and Human Services regarding an important Notice of Proposed Rulemaking that, if adopted, will bring substantial changes to patients’ electronic health records and how they are managed, among other issues. In general, we found much to support in the NPRM. However, there are sections of the

The World Privacy Forum participated in the C20 Civil Society Consultation on Sustainable Health Security Preparedness 20 April, 2021, part of the preparatory work for the G20 health-related declaration. (Rome Declaration.) In our attached statement to the C20 / G20, we outline three key requirements to allow safe and sustainable health data ecosystem knowledge utilization, including privacy and effective data governance, interoperability, and robust inclusion of LMICs and vulnerable or
marginalized populations in standards development.