Update — We have updated our tipsheet to reflect the new information that has been published regarding the Apple smart phone geolocation issue. Apple plans to make changes to its software to improve the privacy problems the tipsheet discusses.

Apple Privacy — Some of Apple’s products, including iOS 4 iPhones and iPads, have been tracking consumers’ detailed location information and storing the data directly on the devices. This raises privacy concerns, as the data on the phones and iPads is unencrypted and may be accessed directly. This tipsheet explains iPhone and iPad iOS4 geolocation privacy issues, including who needs to be most concerned about them, and what to do. Health care providers, overseas human rights workers, members of law enforcement and victims of domestic violence are among those who have special considerations and sensitivities to this privacy issue.

Consumers receive breach letters — Pharmaceutical manufacturer GSK, maker of drugs Paxil, Boniva, Advair, and many others, sent a letter to consumers who had registered on one or more of its product websites. Due to the Epsilon data breach, registrants’ names, email, and the product they registered for was breached. Information people give to a company via a pharmaceutical product web site such as this is not usually covered under HIPAA. See our Patient’s Guide to HIPAA for more on what is covered under HIPAA and what is not. WPF recommends that consumers use a “throwaway” or temporary email address if deciding to register at a Pharmaceutical product web sites.

Educational Privacy — The Family Educational Rights and Privacy Act of 1974, FERPA, has been amended substantially. The proposed amendments have been published and are open for comment until May 23, 2011. The current changes impact students’ medical, educational, and informational privacy interests. WPF will be filing detailed comments on FERPA, including how the proposal interacts with California privacy laws. We will be posting additional materials on commenting soon.

Joint Comments on HIEs — California has proposed regulations for health information exchange projects in the state. WPF has submitted comments encouraging more privacy protections, and we are joined in our comments by Privacy Activism and the Center for Digital Democracy. One key request in the comments is that California not allow patient consent to be waived in HIE projects. We are also requesting that California create a unified web listing of its HIE projects for increased transparency and to facilitate patient access to HIE information and policies.