Group items tagged

Look for almost a dozen consumer groups and privacy advocates to launch a full-court press on targeted behavioral advertising and online privacy on Capitol Hill next week. According to a source, those groups on Sept. 1 will release a background paper, letters to House members and other documents to make their case for stronger government oversight of online marketing targeted to kids. "A growing number of child advocacy and health groups have called on the FTC and Congress to prohibit the behavioral targeting of both children and teens, next week, many leading consumer and privacy groups will send a letter to congressional leaders calling for similar safeguards," confirms Jeff Chester, executive director of the Center for Digital Democracy. Chester saidd that 10 groups will be involved in the push, and that they will be "pressing Congress to write legislation that truly protects consumer privacy, but enables online marketing to flourish in a more responsible fashion." The effort comes as Congress prepares to return from its summer break. House Communications Subcommittee Chairman Rick Boucher (D-Va.) has made an online privacy bill a legislative priority in this session of Congress.

Urging Privacy Protections with Health IT Privacy safeguards are needed if funds are to be provided for implementation of health IT systems in economic stimulus package. At today's news conference, the Coalition for Patient Privacy is releasing a letter sent to Congress advocating for the inclusion of privacy safeguards with any funding given to implement health IT systems in the proposed economic stimulus package. In the letter, the bipartisan coalition, representing over 30 organizations, individual experts and the Microsoft Corporation, welcomes the renewed commitment in Congress to protecting consumers over special interests, but makes clear that trust is essential to health IT adoption and participation, and only attainable with privacy protections. The coalition is calling on Congress to "A.C.T.", by providing: accountability for access to health records, control of personal information, and transparency to protect medical consumers from abuse. Consumer trust is essential to health IT adoption and participation, and only attainable with privacy safeguards. Through these three tenets, implementation of health IT is not only attainable, but would protect the right to privacy for consumers, employees, and providers.

Cable operators will sit in the hot seat Thursday as Congress reviews their plans to roll out targeted advertising amid fears that consumer privacy could be infringed if the companies were to track and record viewing habits. The House subcommittee on Communications, Technology and the Internet will hold a hearing that will look at new uses for digital set-top boxes, the devices that control channels and perform other tasks on the TV screen. Cable TV companies plan to use such boxes to collect data and direct ads more targeted to individual preferences. "We have recently called on Congress and the Federal Trade Commission to investigate cable's new interactive targeted TV ad system on both antitrust and privacy grounds," said Jeff Chester, executive director of the Center for Digital Democracy. He's concerned about Canoe Ventures, a consortium formed by the nation's six largest cable companies to oversee the rollout of targeted and interactive ads nationally. Chester worries that Canoe will track what consumers do in their homes. Currently, cable companies aim their ads based strictly on geography. Now, cable's goal is to take the Internet's success with targeted ads and transfer that to the TV medium. Thus, a household that watches a lot of Nickelodeon and the Disney Channel eventually could be targeted for theme parks promotions. This type of targeting is something broadcast TV can't do. For starters, Canoe plans to offer ads this summer that consider demographic factors such as age and income. Philadelphia-based Comcast Corp. and Cablevision Systems Corp. of Bethpage, N.Y., also have been testing or rolling out targeted ads outside the consortium. But cable operators are wary about being seen as trampling on consumer privacy and reiterate that they don't plan to target based on any personally identifiable information, such as someone's name and address. Canoe said it doesn't have plans this year to use set-top box data for ads. Instead, the first ads it pl

Current government rules do too little to protect the privacy of people's personal health information and also hinder the use of health data in medical research, a panel of experts reported on Wednesday. A committee of the Institute of Medicine, which provides advice to U.S. policymakers, urged Congress to take an entirely new approach to protecting personal health data in research. Federal standards for protecting privacy of personal health data under the Health Insurance Portability and Accountability Act of 1996, or HIPAA, are not doing the job, the panel said. Congress and the Obama administration are planning major changes this year to the U.S. health care system. Regarding the privacy rules, Congress should either start from scratch or thoroughly overall HIPAA's privacy provisions, the panel said. Better data security is needed, with greater use of encryption and other security techniques, the panel said. Encryption should be required for laptops, flash drives and other devices containing such data, it said. "Both privacy and health research are important. And we feel that we can strengthen privacy protections for people who participate in research while also allowing important research to proceed without unnecessary impediments," Dr. Bernard Lo of the University of California San Francisco, a member of the panel, told reporters. HIPAA governs how personally identifiable health information can be used and disclosed by health plans, health care providers and others. The intention is to protect personal health information while permitting the flow of information for health-related research and medical care. Lo said HIPAA has burdensome and confusing procedures for people to consent to have their health data used in medical research, dissuading people from taking part in such research.

It was the annual crunch time between Thanksgiving and the new year, and Nuala O'Connor Kelly had just sent to the printer the first-ever report to Congress by a chief privacy officer. This was it, the historic reporta 40-page description of what O'Connor Kelly had been doing during her first year as the first CPO of the U.S. Department of Homeland Security. Like addressing concerns about DHS's policies with privacy officers from other countries. Examining the department's growing use of biometrics. And reading irate e-mails from the public about controversial initiatives like the Transportation Security Administration's passenger screening program. If O'Connor Kelly was nervous about the grilling she was likely to get once members of Congress got their mitts on her report, she wasn't letting on. "It's actually a great moment for the [privacy] office to sit back and take stock of where we are now and where we're going for the next two, three, four, five years," says O'Connor Kelly, dashing from one meeting to the next with one of her staff members. At the time, O'Connor Kelly was the only federal government CPO whose position was mandated by law and who was required to file an annual report to Congress. But this seemed on the brink of change. Congress's consolidated 2005 appropriations bill, signed by President Bush in December, contains a provision thatdepending on how the White House's Office of Management and Budget interprets itwould create a handful or more of CPOs at federal agencies.

Congress already has more than 40 committees and well over 100 subcommittees. Does it really need one more? How about another task force? Or a working group? Yes, says Sen. John McCain: A new panel is needed to cope with a relatively recent and unquestionably grave threat - hacking.

The Senate and House appear headed for a clash over competing visions of how to protect the privacy of patients' electronic medical records, with the House favoring strict protections advocated by consumer groups while the Senate is poised to endorse more limited safeguards urged by business interests. President Obama has called creation of a nationwide system of electronic medical records fundamental to health-care reform, and both chambers of Congress have included about $20 billion to jump-start the initiative as part of their stimulus bills. But as with much in the stimulus package, it is not just the money but the accompanying provisions that groups are trying to influence. The effort to speed adoption of health information technology has become the focus of an intense lobbying battle fueled by health-care and drug-industry interests that have spent hundreds of millions of dollars on lobbying and tens of millions more on campaign contributions over the past two years, much of it shifting to the Democrats since they took control of Congress. At the heart of the debate is how to strike a balance between protecting patient privacy and expanding the health industry's access to vast and growing databases of information on the health status and medical care of every American. Insurers and providers say the House's proposed protections would hobble efforts to improve the quality and efficiency of health care, but privacy advocates fear that the industry would use the personal data to discriminate against patients in employment and health care as well as to market the information, often through third parties, to generate profits.

The debate on Internet privacy has begun in Congress. I had a chance to sit down recently with Representative Rick Boucher, the long-serving Virginia Democrat, who has just replaced Ed Markey, the Democrat from Massachusetts, as the chairman of the House Subcommittee looking after telecommunications, technology and the Internet. Mr. Boucher is widely regarded as one of the most technologically savvy members of Congress. As he ticked off his top priorities for his panel, most involved the pressing demands of telecommunications regulation. There is a law governing how local TV stations are carried on satellite broadcasters that needs to be renewed. There is the Universal Service Fund, which takes money from most telephone customers to pay for rural service to be improved. And there is the conversion to digital television and the investments in rural broadband to be supervised. But high on his list is a topic that is very much under his discretion: passing a bill to regulate the privacy of Internet users. "Internet users should be able to know what information is collected about them and have the opportunity to opt out," he said. While he hasn't written the bill yet, Mr. Boucher said that he, working with Representative Cliff Stearns, the Florida Republican who is the ranking minority member on the subcommittee, wants to require Web sites to disclose how they collect and use data, and give users the option to opt out of any data collection. That's not a big change from what happens now, at least on most big sites.

Congress has been dithering over the adoption of a federal data security breach notice law for the last several years without coming to an agreement on a national standard for reporting breaches in the security of personal and financial data, but on February 17, data breach notice provisions applicable to health information were signed into law as part of the HITECH Act provisions of the massive economic stimulus legislation, H.R. 1 (111th Cong., 1st Sess. Feb. 17, 2009). Beginning no later than September 16 of this year, "covered entities" under the Health Insurance Portability and Accountability Act (HIPAA) will be required to give notice of breaches in the security of protected health information, and "business associates" of HIPAA-covered entities will be required to report such breaches to the covered entities. §13402(a) & (b). Currently, California and Arkansas are the only states that require that notification be given in the case of a breach in the security of medical or health insurance information. The HIPAA Privacy Rule currently does not contain a requirement that individuals be notified in the event of such as breach. However, some covered entities interpret the existing HIPAA Privacy Rule requirement that covered entities mitigate harmful effects of uses or disclosures of health information in violation of either the Privacy Rule or the entity's policies and procedures as suggesting that such notice be given, and many covered entities currently provide such notification.

It's often the security issue that dogs Google, Microsoft and other purveyors of personal health records (PHR): How will so much personal medical data be kept safe? A tangential question for Google, however -- one that has dogged the search giant since its Google Health offering was first made available in May 2008 -- is whether Google's search-based advertising platform creates a conflict with storing personal health data. Speaking at the Mastermind Session at Everything Channel's Healthcare Summit in San Diego in November,Google Vice President of Research and Special Initiatives Alfred Spector told health care CIOs, solution providers and other attendees that Google intended Google Health as an extension of the Google brand, and it was and would continue to be entirely separate from Google's main advertising platform. Watchdog organizations have taken Google to task over that claim, however, with one, Consumer Watchdog, even accusing Google of trying to lobby Congress to allow it to sell medical records by loosening regulatory language in the stimulus bill. "The medical technology portion of the economic stimulus bill does not sufficiently protect patient privacy, and recent amendments have made this situation worse," wrote Jerry Flanagan of Consumer Watchdog in a Jan. 27 open letter to Congress. "Medical privacy must be strengthened before the measure's final passage, rather than allowing corporate interests to take advantage of the larger bill's urgency." Flanagan in the letter states that, "Google is said to be lobbying hard ... to weaken the ban currently in the draft measure on the sale of our private medical records." While Consumer Watchdog did not cite specific evidence of Google pushing for softer restrictions, Google responded to the group's claims on its Public Policy Blog last week. "The claim -- based on no evidence whatsoever -- is 100 percent false and unfounded," wrote Pablo Chavez, Google's Senior Policy Counsel. "Google does not sell health

The U.S. Supreme Court Monday accepted an appeal by several groups that brought a constitutional challenge to the Public Company Accounting Oversight Board created by 2002 changes in federal accounting laws. The free-enterprise groups and a Nevada accounting firm sued to stop the Securities and Exchange Commission from naming members of the accounting board, set up by Congress to oversee public-company accountants. "In creating the board, Congress deliberately sought to test the outer boundaries of its ability to reduce presidential power," the groups said in the appeal. The groups, in their lawsuit, claimed the U.S. Constitution required board members to be appointed by the president or the SEC chairman, rather than the entire commission for the securities agency. The Supreme Court's decision to hear the appeal breathes new life into the case, which didn't get much traction in lower courts. The U.S. Solicitor General's office, in court briefs, had urged the high court to reject the appeal, calling it a "poor vehicle" to resolve the constitutional issues raised by the challengers. "The president's control over the SEC is constitutionally sufficient and the act in turn grants the SEC complete and pervasive control over every aspect of the board's authority," Solicitor General Elena Kagan wrote. A U.S. federal judge dismissed the lawsuit in 2007 and the Washington-based U.S. Federal Circuit Court of Appeals also rejected the challenge in a 2-1 decision last year. The private, nonprofit board is charged with inspecting and disciplining public company accountants. The case is the Free Enterprise Fund vs. the Public Company Accounting Oversight Board, 08-861. Oral arguments will be held in the fall, and a decision is expected by July 2010.

"As Congress makes headlines on healthcare and financial industry oversight reform, online data privacy watchdogs are hammering away behind the scenes on the Hill. A joint hearing on online and offline data collection scheduled for later this week, and a planned series of Federal Trade Commission data privacy events have advocacy groups from as far away as California visiting Washington to make sure their voices are heard. "What we're concerned about is the amount of surveillance and tracking going on without consumer consent," said Lee Tien, senior staff attorney at the San Francisco-based Electronic Frontier Foundation. Though often skeptical of government regulation, EFF recently joined lobbying groups including Center for Digital Democracy in recommending that Congress pass clear consumer privacy legislation. "

Patients' advocates claimed victory in a battle over the privacy of health records as the U.S. Congress approved the economic stimulus bill, which contains $19 billion for health-care information. U.S. House and Senate negotiators' compromise reflects stricter standards that privacy advocates wanted for marketing, selling and disclosing health data. Both houses approved the $787 billion stimulus plan today and sent it to President Barack Obama for his signature. The legislation contains $2 billion in grants to create a national system of computerized health records and $17 billion in higher Medicare and Medicaid reimbursements for doctors and hospitals to adopt the technology. Electronic records will improve care and reduce costs, Obama said. The legislation also will boost the health-records industry, led by Allscripts-Misys Healthcare Solutions Inc., Quality Systems Inc. and Athenahealth Inc. "We've dramatically improved on the status-quo, wholly unregulated system where private patient data was bought and sold like any commodity," Caroline Fredrickson, director of the American Civil Liberties Union's Washington legislative office, said in an interview today.

The Heartland data breach is an opportunity for the US government to standardise data breach notification laws. Bill Conner, chairman, president and CEO of Entrust, claimed that following the revelation that more than 100 million credit cards could have been compromised, the government needs to continue to move quickly to standardise data breach notification laws and call for technology, such as encryption and stronger authentication, that truly protects consumer information. Conner said: "Cybercrime continues to grow and is increasingly affecting more and more of this country's citizens. To slow the upward trend of cybercrime in this country, all organisations - enterprise, consumer and even governments - need to carefully review current security approaches and identify key gaps within their infrastructures." He further called for Congress to pass a data breach notification law that better protects consumer identities through stronger data security standards with strong encryption. "This is an opportunity to do something about a security issue that impacts all Americans", said Conner.

"If you live in Texas, your medical records are definitely up for sale by the state. If you live anywhere else in the United States, they probably are for sale there, too. Medical health records provide key information to researchers, who have lobbied hard to keep them accessible, despite government concerns about the privacy of patient data. The controversy dates back to 1996, when Congress passed the Health Insurance Portability and Accountability Act (HIPAA) to protect patients. "Researchers have very broad access rights to health care records under HIPAA," says Pam Dixon, director of a non-profit called the World Privacy Forum "The rules are pretty loose, and there are a lot of ways to get around them." That's especially true since the act wasn't designed to cover common scenarios today: records stored online in a vast, hackable cloud. In the rush to digitize all electronic health records, Dixon says not everyone is taking the proper steps to de-personalize the data and protect patients."

"A German computer scientist has published details of the secret code used to protect the conversations of more than 4bn mobile phone users. Karsten Nohl, working with other experts, has spent the past five months cracking the algorithm used to encrypt calls using GSM technology. GSM is the most popular standard for mobile networks around the world. The work could allow anyone - including criminals - to eavesdrop on private phone conversations. Mr Nohl told the Chaos Communication Congress in Berlin that the work showed that GSM security was "inadequate". "

"Rep. Loretta Sanchez, Chair, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities With many committees and subcommittees having oversight over government cybersecurity, Rep. Loretta Sanchez thinks it would be a good idea to gather them together to map out steps Congress can take to help secure government IT."

US Government agencies collaborate to help secure information assets & protect our infrastructure and citizens? What an idea!

"U.S. marketers and consumer advocates are preparing for battle over the rules governing online advertising tailored to individual browsing habits, often tracked and collected without notice or permission. The U.S. Congress is due to intervene in the issue in the coming weeks, with a bill in the House of Representatives that would oblige websites to state explicitly how they use the information and allow those using the site to opt out. A billion-dollar industry and consumer privacy are at stake."

"Sherry Natoli is followed everywhere she goes while shopping online, but she doesn't mind at all. Natoli, who owns a seashell business in Tampa, does all but her grocery shopping on the Internet and even opts in whenever she's asked whether she's willing to have her online movements tracked by websites." Companies have been monitoring our online behavior for almost as long as there's been an Internet, often using our online footsteps (cookies) whenever we search, browse or buy online. Tracking technology has advanced so much that everything from how long we linger over a product description to whether we are searching for sexual-dysfunction drugs can be collected and stored on individual profiles. Our profiles are numeric descriptions, not our real names, but in some cases, it's not hard to determine personal information behind the numbers. Privacy concerns abound, and several privacy and consumer groups are urging Congress to enact laws on what can and can't be collected and for how long.

First quarter federal reports show Google lobbied on the electronic medical records provisions of the federal economic stimulus act, contradicting the Internet giant's earlier claims that Consumer Watchdog's report of its effort was "100 percent false." Google's report shows a total expenditure of $880,000 on lobbying during the period including on "online health-related initiatives; issues relating to online personal health records, including in connection with H.R. 1: American Recovery and Reinvestment Act of 2009." Google also contracted with an outside firm, the Podesta Group, which independently reported lobbying for Google on "health information technology" and "online privacy." King and Spalding LLP also independently reported lobbying for Google on "online health-related initiatives, including health information technology provisions in H.R. 1, The American Recovery and Reinvestment Act." After the nonprofit, nonpartisan Consumer Watchdog reported the "rumored" lobbying in January, Google contacted a charitable foundation about withdrawing Consumer Watchdog's funding. In a letter to Google CEO Eric Schmidt released today, Consumer Watchdog said the company owes the group an apology. Read Consumer Watchdog's letter here: http://www.consumerwatchdog.org/resources/LtrSchmidt042209.pdf. "It is now clear from public records that Google was lobbying Congress relating to online personal health records in connection with the economic stimulus act... What else could Google have been seeking except to be excluded from the Health Insurance Portability and Accountability Act (HIPAA) provisions on privacy and forbidding sale of records? Please tell us," wrote Jamie Court, Consumer Watchdog president and John M. Simpson, consumer advocate. "There is a simple way to resolve this," the letter said. "Publicly release all the substance of Google's lobbying efforts on H.R. 1. Google knows the drill: organize the information and make it universally accessible and useful."