Group items tagged

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

The loss of personally identifiable information, such as an individual's Social Security number, name, and date of birth can result in serious harm, including identity theft. Identity theft is a serious crime that impacts millions of individuals each year. Identity theft occurs when such information is used without authorization to commit fraud or other crimes. While progress has been made protecting personally identifiable information in the public and private sectors, challenges remain. GAO was asked to testify on how the loss of personally identifiable information contributes to identity theft. This testimony summarizes (1) the problem of identity theft; (2) steps taken at the federal, state, and local level to prevent potential identity theft; and (3) vulnerabilities that remain to protecting personally identifiable information, including in federal information systems. For this testimony, GAO relied primarily on information from prior reports and testimonies that address public and private sector use of personally identifiable information, as well as federal, state, and local efforts to protect the security of such information. GAO and agency inspectors general have made numerous recommendations to agencies to resolve prior significant information control deficiencies and information security program shortfalls. The effective implementation of these recommendations will continue to strengthen the security posture at these agencies. Identity theft is a serious problem because, among other things, it can take a long period of time before a victim becomes aware that the crime has taken place and thus can cause substantial harm to the victim's credit rating. Moreover, while some identity theft victims can resolve their problems quickly, others face substantial costs and inconvenience repairing damage to their credit records. Some individuals have lost job opportunities, been refused loans, or even been arrested for crimes they did not commit as a result of identit

There are many websites that sell or provide for free, personal information about individuals. This information is gathered from many sources including white pages listings (directory assistance), publicly-available sources and public records. * Data vendors that offer an opt out policy * Data vendors that do not offer an opt out policy Directory Listings: To prevent the cross-referencing of your address with your phone number, you can choose to not have your information available in the phone book or through directory assistance. If your number is "unlisted," your name, address and phone number will not be printed in the phone book, but the information is available through both directory assistance and reverse directory assistance. If your number is "unpublished," your information will not be printed in the phone book and is not available through directory assistance or reverse directory assistance. Or you can list your name and phone number, but not your address. Telephone companies usually charge a monthly fee to be unlisted or unpublished. Public Records: Please note that public records are often that--public. Web sites that provided personal information gathered from various sources are not required to offer a way to have that information removed or suppressed, though many will as a courtesy. The table below notes many of the more common online providers of public and non-public information that do offer an opt out mechanism. The opt out notes below usually only apply to non-public information. Not all web sites that sell personal information allow individuals to have their information removed or suppressed. Check the privacy policy of the site to see if they offer an opt-out mechanism. If one is provided, ask the online data broker for clarification on whether opting out also applies to public records information they may maintain. Some online data vendors will request information from you (such as your Social Security number or date of birth) to proce

The Government Accountability Office issued another scathing report saying that federal agencies still don't do enough to secure government IT assets. "Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies," Gregory Wilshusen, GAO director of information security issues, wrote in a 66-page report issued Friday. "Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss, or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft." In a written response accompanying the report, federal CIO Vivek Kundra said OMB is committed to the vision of a secure federal government, and are taking steps to make that vision a reality. OMB, he said, has initiated a review of the language in the current reporting instructions to identify and clarify confusion in the annual reporting. OMB also is working with the CIO Council and the Council of Inspectors General on Integrity and Efficiency to improve guidance to agencies. The GAO report also said that nearly all of the 24 major federal agencies last year had weaknesses in information security controls. "An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs," Wilshusen said. "As a result, agencies have limited assurance that controls are in place and operating as intended to protect their information resources, thereby leaving them vulnerable to attack or compromise."

1. You get what you pay for. 2. Americans do not take information or security as seriously as they do their love for profit & cost savings. If one does not value what they are trying to protect accurately, the investment one is prepared to make will always be insufficient. Then there are hindsight and rationalization (a.k.a. politicians) - Karl The Government Accountability Office issued another scathing report saying that federal agencies still don't do enough to secure government IT assets. "Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity and availability of critical information and information systems used to support the operations, assets and personnel of most federal agencies," Gregory Wilshusen, GAO director of information security issues, wrote in a 66-page report issued Friday. "Recently reported incidents at federal agencies have placed sensitive data at risk, including the theft, loss, or improper disclosure of personally identifiable information of Americans, thereby exposing them to loss of privacy and identity theft." In a written response accompanying the report, federal CIO Vivek Kundra said OMB is committed to the vision of a secure federal government, and are taking steps to make that vision a reality. OMB, he said, has initiated a review of the language in the current reporting instructions to identify and clarify confusion in the annual reporting. OMB also is working with the CIO Council and the Council of Inspectors General on Integrity and Efficiency to improve guidance to agencies. The GAO report also said that nearly all of the 24 major federal agencies last year had weaknesses in information security controls. "An underlying reason for these weaknesses is that agencies have not fully implemented their information security programs," Wilshusen said. "As a result, agencies have limited assurance that controls are in place and operating as intended to protect their inf

The discovery of documents with students' personally identifying information stored in an unlocked room has launched protests against the university's chief information security officer. Students at Binghamton University in New York are circulating a petition to remove the university's chief information security officer following the discovery of boxes full of documents listing personal information of students and parents in an unlocked storage room. The existence of the unsecured documents was discovered March 6 by a reporter working for student radio station WHRW and disclosed on March 9. For that investigative work, the student reporter could face criminal charges. Binghamton University has had other recent problems with information security. In the past year, according to an article written by Robert Glass, the WHRW news director, university employees accidentally e-mailed the Social Security numbers of 338 students to another group of 200 students, sent the personal information of exchange students -- passport scans and birth certificates -- to student groups, and disposed of information about more than 70 former graduate students in trash bins atop a pile of shredded documents. Those breaches led the university to create an information security council, with a full-time information security officer, to prevent further incidents, according to Glass. Glass did not immediately respond to a request for comment. A University spokeswoman characterized the hiring of Terry Dylewski as the university's chief information security officer as a reflection of the school's ongoing concern about information security rather than a response to past breaches. Asked about the status of the students' petition to remove Dylewski, as reported by Broome County Fox affiliate WICZ TV, she said that question should be directed to the students. The spokeswoman said the university is treating the incident as a possible crime and that a criminal investigation is ongoing. She sai

A recurring problem in modern litigation is the inadvertent disclosure of materials subject to the attorney-client privilege or the attorney work product protection. New Federal Rule of Evidence 502 changes the rules concerning waiver of privilege in all Federal and many State court cases, thereby reducing the risk that inadvertent disclosures will constitute a wavier of attorney client privilege or work product protection. But the new rule requires careful application. Important risks remain. Inadvertent disclosure of privileged or protected information too easily occurs when massive numbers of documents or files make it impractical or prohibitively expensive to review every item individually. The proverbial privileged document needle gets lost in the e-discovery haystack and is overlooked. Later, when opposing counsel recognizes that she has a potentially privileged document and brings this to the attention of disclosing counsel, there may be a fight as to whether the document will be returned, or whether the disclosure constitutes a wavier of any privilege related to the information. Under existing State and Federal law, release of privileged or protected information to an adversary, even if inadvertent, may constitute a waiver of the privilege or protection with regard to the information or document disclosed or, worse, to all documents and other information related to the same topic. Invoking the "claw" Amendments to Federal Rule of Civil Procedure 26(b), adopted in December 2006, were aimed at reducing the risks of waiver from inadvertent disclosures. Rule 26(b) provides that if privileged information is produced, the party making the claim of privilege may notify any party that received the information of the privilege claim and the basis for it. After being notified, a party must promptly return, sequester, or destroy the specified information and any copies it has, must not use or disclose the information until the privilege claim is resolved; must t

The Office of the Privacy Commissioner of Canada (OPC) has developed these guidelines to explain how the Personal Information Protection and Electronic Documents Act (PIPEDA) applies to transfers of personal information to a third party, including a third party operating outside of Canada, for processing. As the legislation itself states, PIPEDA is intended to "support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances…" This acknowledges that proper protection of personal information both facilitates and promotes commerce by building consumer confidence. Today's globally interdependent economy relies on international flows of information. These cross-border transfers do raise some legitimate concerns about where personal information is going as well as what happens to it while in transit and after it arrives at some foreign destination. Consumer confidence will be enhanced, and trust will be fostered, if consumers know that transfers of their personal information are governed by clear and transparent rules. There are different approaches to protecting personal information that is being transferred for processing. European Union member states have passed laws prohibiting the transfer of personal information to another jurisdiction unless the European Commission has determined that the other jurisdiction offers "adequate" protection for personal information.

Is your company keeping information secure? Are you taking steps to protect personal information? Safeguarding sensitive data in your files and on your computers is just plain good business. After all, if that information falls into the wrong hands, it can lead to fraud or identity theft. A sound data security plan is built on five key principles: * Take stock. Know what personal information you have in your files and on your computers. * Scale down. Keep only what you need for your business. * Lock it. Protect the information in your care. * Pitch it. Properly dispose of what you no longer need. * Plan ahead. Create a plan to respond to security incidents. To learn more about how you can implement these principles in your business, play our interactive tutorial. You'll see and hear about practical steps your business can take to protect personal information. After you experience the tutorial, we hope you'll take advantage of the other resources on this site to educate your employees, customers, and constituents. Order copies of our brochure, Protecting Personal Information: A Guide for Business, or publish an article on information security in your newsletter, magazine, or website. All of the information on this site is in the public domain; we hope you'll share it freely.

You systems administrator knows more about you than you think.

More than one-third of information technology professionals abuse administrative passwords to access confidential data such as colleagues' salary details or board-meeting minutes, according to a survey. Data security company Cyber-Ark surveyed more than 400 senior IT professionals in the United States and Britain, and found that 35 percent admitted to snooping, while 74 percent said they could access information that was not relevant to their role. In a similar survey 12 months ago, 33 percent of IT professionals admitted to snooping. "Employee snooping on sensitive information continues unabated," Udi Mokady, CEO of Cyber-Ark, said in a statement. Cyber-Ark said the most common areas respondents indicated they access are HR records, followed by customer databases, M&A plans, layoff lists and lastly, marketing information. "While seemingly innocuous, (unmanaged privileged) accounts provide workers with the 'keys to the kingdom,' allowing them to access critically sensitive information," Mokady said. When IT professionals were asked what kind of data they would take with them if fired, the survey found a jump compared with a year ago in the number of respondents who said they would take proprietary data and information that is critical to maintaining competitive advantage and corporate security. The survey found a six-fold increase in staff who would take financial reports or merger and acquisition plans, and a four-fold increase in those who would take CEO passwords and research and development plans.

The Federal Trade Commission today announced that it has approved a Federal Register notice seeking public comment on a proposed rule that would require entities to notify consumers when the security of their electronic health information is breached. The American Recovery and Reinvestment Act of 2009 (the Recovery Act) includes provisions to advance the use of health information technology and, at the same time, strengthen privacy and security protections for health information. Among other things, the Recovery Act recognizes that there are new types of Web-based entities that collect or handle consumers' sensitive health information. Some of these entities offer personal health records, which consumers can use as an electronic, individually controlled repository for their medical information. Others provide online applications through which consumers can track and manage different kinds of information in their personal health records. For example, consumers can connect a device such as a pedometer to their computers and upload miles traveled, heart rate, and other data into their personal health records. These innovations have the potential to provide numerous benefits for consumers, which can only be realized if they have confidence that the security and confidentiality of their health information will be maintained. To address these issues, the Recovery Act requires the Department of Health and Human Services to conduct a study and report, in consultation with the FTC, on potential privacy, security, and breach notification requirements for vendors of personal health records and related entities. This study and report must be completed by February 2010. In the interim, the Act requires the Commission to issue a temporary rule requiring these entities to notify consumers if the security of their health information is breached. The proposed rule the Commission is announcing today is the first step in implementing this requirement. In keeping with the Recover

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

Individuals have been at risk of having their personal information stolen and used to commit identity-related crimes long before the emergence of the Internet. What the Information Age has changed, however, is the method by which identity thieves can access and exploit the personal information of others. One method in particular leaves hundreds of thousands, and in some cases tens of millions, of individuals at risk for identity theft: large scale data breaches by skilled hackers. In this method, criminals remotely access the computer systems of government agencies, universities, merchants, financial institutions, credit card companies, and data processors, and steal large volumes of personal information on individuals. Such large scale data breaches have revolutionized the identity theft landscape as it relates to fraud on existing accounts through the use of compromised credit and debit card account information. Large scale data breaches would be of no more concern than small scale identity thefts if criminals were unable to quickly and widely distribute the stolen information for subsequent fraudulent use (assuming, of course, that the breach would be quickly detected). Such wide-scale global distribution of stolen information has been made possible for criminals with the advent of criminal websites, known as "carding forums," dedicated to the sale of stolen personal and financial information. These websites allow criminals to quickly sell the fruits of their ill-gotten gains to thousands of eager fraudsters

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

Woonsocket-based CVS Caremark Corp., the largest U.S. drugstore chain, has agreed to pay $2.25 million to settle federal charges that company employees compromised customer privacy by throwing prescription records and drug bottles into open trash bins. The Federal Trade Commission said its investigation with the Health and Human Services Department followed media reports that trash bins behind CVS pharmacies contained pill bottles bearing patient names, credit-card and insurance information, and Social Security numbers. The company also did not have adequate policies for disposing of that information, and did not sufficiently train employees to dispose of the information properly, the agencies said. The items that were not properly discarded included pill bottles, medication instruction sheets, computer order forms, payroll information, job applications and credit-card and insurance information. Those labels and forms contained personal information including Social Security numbers and credit card and insurance information, and in some cases, driver's license numbers and account numbers. Names of the patients' doctors were also included. The settlement "will restore appropriate privacy protections to tens of millions of people across the country," FTC chairman William Kovacic said in a statement. "It also sends a strong message" that organizations "are required to secure consumers' private information," he said.

On September 12, 2009, Maine's Act to Prevent Predatory Marketing Practices Against Minors (the "Act") will take effect. The Act prohibits businesses from knowingly collecting or receiving a minor's health-related information or personal information for marketing purposes without first obtaining verifiable parental consent. Businesses are also prohibited from using any health-related information or personal information regarding a minor for the purpose of marketing a product or service to the minor. Pursuant to the Act, the use of information in such a manner is a predatory marketing practice, which may be sanctioned as an unfair trade practice. The law also allows individuals subject to unlawful data collection or predatory marketing practices to bring a private right of action against violators. For businesses, the implications of Maine's new data collection and marketing restrictions are far-reaching. The scope of the law covers both online and off-line marketing activities, and the broad definition of personal information includes a minor's name in combination with any information concerning the minor. In light of the Act's restrictive requirements and considerable scope, businesses would be well-advised to evaluate their current marketing practices and age verification mechanisms. The text of the law is available here.

Privacy is a central element of the FTC's consumer protection mission. In recent years, advances in computer technology have made it possible for detailed information about people to be compiled and shared more easily and cheaply than ever. That has produced many benefits for society as a whole and individual consumers. For example, it is easier for law enforcement to track down criminals, for banks to prevent fraud, and for consumers to learn about new products and services, allowing them to make better-informed purchasing decisions. At the same time, as personal information becomes more accessible, each of us - companies, associations, government agencies, and consumers - must take precautions to protect against the misuse of our information. The Federal Trade Commission is educating consumers and businesses about the importance of personal information privacy, including the security of personal information. Under the FTC Act, the Commission guards against unfairness and deception by enforcing companies' privacy promises about how they collect, use and secure consumers' personal information. Under the Gramm-Leach-Bliley Act, the Commission has implemented rules concerning financial privacy notices and the administrative, technical and physical safeguarding of personal information, and it aggressively enforces against pretexting. The Commission also protects consumer privacy under the Fair Credit Reporting Act and the Children's Online Privacy Protection Act.

"Every day thousands of people download new applications onto their smart phones without much care for the terms of service they so easily agree to. What most of these people don't know is they may be volunteering information and allowing for companies to gather data without their consent. Recently a company called Pinch Media was charged with being a little too invasive when it comes to gathering information through their iPhone apps. According to one iPhone developer, applications using Pinch Media can retrieve information like your phone's personal ID number and can work in conjunction with other applications like Facebook to determine your gender, birth year and even your exact longitude and latitude. Pinch Media has been accused of gathering information that has nothing to do with its applications. Instead, they have been using this data collection for advertisements and other marketing purposes. Worse, is that this information is often taken without the consent of the user and more often than not does not allow the user the option to stop the information gathering. Pinch Media has fought back by arguing that they are completely within their rights to retrieve the information as long as the user gives consent when they agree to the terms of the application. Regardless of whether or not the information they gathered is being used for good or ill mannered purposes one thing is certain. Smart phone users should pay more attention to the terms of service they agree to. A simple visit to a software developer's web site can be the difference between you using your applications and your applications using you. Take the time out to read the fine print, and if you aren't sure about something - email the company directly with your questions or concerns."

Government Information Security Podcasts As a GovInfoSecurity.com annual member, this content can be used toward your membership credits and transcript tracking. Click For More Info Probing Federal IT Security Programs: Gregory Wilshusen, GAO February 23, 2009 Government Accountability Office auditors will have a busy spring, examining a number of federal government programs aimed at securing government information systems and data. In an interview with GovInfoSecurity.com, Gregory Wilshusen discusses how the GAO is looking at how private industry and two dozen federal agencies employ metrics to measure the effectiveness of information security control activities. Other current GAO information security investigations he discusses include: Federal Desktop Core Configuration intended to standardize security features on personal computers purchased by the government. Trusted Internet Connection initiative aimed at slashing government Internet connections to fewer than 100 from more than 2,000. Einstein automated networking monitoring program run by U.S Computer Emergency Readiness Team. Gregory Wilshusen is director of information security issues at GAO, where he leads information security-related studies and audits of the federal government. He has more than 26 years of auditing, financial management and information systems experience. Before joining GAO in 1997, Wilshusen served as a senior systems analyst at the Department of Education as well as the controller for the North Carolina Department of Environment, Health and Natural Resources.

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

NEW YORK With increasing amounts of personal information liable to float around in cyberspace, consumers are deciding whether their data is safe in the hands of some public- and private-sector entities. A BBC World News America/Harris Poll finds a mixed verdict, with social-networking sites faring especially badly. In polling conducted last month, adults were asked to say how much trust they have in various sectors "to handle your personally identified information (such as credit-card information, contact information and so forth) in a properly confidential and secure manner." The poll's best scores went to "health providers, such as doctors and hospitals," with 20 percent of respondents expressing "a great deal of trust" and 55 percent "some trust" in these. Nineteen percent voiced "not much trust" and 7 percent "no trust at all" in this sector. At the bottom of the rankings were "social-networking sites (like Facebook or MySpace)," with 5 percent expressing a great deal of trust and 18 percent some trust in these. Thirty-one percent said they had not much trust and 46 percent no trust at all in these sites to safeguard personal information. (Whether people should direct their distrust to themselves for posting such information there in the first place is a question the survey didn't address.) Respondents were also wary of "search and portal sites (like Google or Yahoo!)" when it comes to keeping personal information secure: Ten percent voiced a great deal of trust, 39 percent some, 29 percent not much and 22 percent no trust at all. Even the federal government fared (slightly) better, with 13 percent expressing a great deal of trust, 41 percent some, 28 percent not much and 18 percent none. The scores were more positive for "banks and brokerage companies": 15 percent a great deal of trust, 43 percent some, 28 percent not much and 13 percent none. That was roughly on a par with the ratings for "my e-mail provider": 14 percent a great deal, 48 percent some, 27 p

It is hard work looking for a job, Matt Sawyer said. "Well with the economy being down right now, it's pretty hard," said Sawyer. Like most job hunters, Matt is posting his resume on various online job sites. But you have to be careful when sending out your personal information over the Internet, privacy expert Pam Dixon said. "The problem is, if you don't use it correctly, it can come back to haunt you," she said. Dixon runs the World Privacy Forum and warns job hunters to be cautious with their personal information when posting their resume. "In fact any competent job site will give you the option of hiding your personal information," said Dixon. Scam artists have been known to steal personal information from resumes and use it to apply for credit. That is why Dixon said you should only include your first initial and last name, no full names, when writing your resume. She also said not to include your phone number or address. Dixon said you should create an email address that is temporary and just use it for your job search. Dixon said scam artist will even call people from their resume and ask for detailed information like a copy of their driver's license or social security number or even their credit card information. The scammers will claim it's for a background check but it's only to steal from the job seeker. Matt admits if he was approached for a job he might give away too much information. "I think when people first get that call and they're real excited about it, they might just jump into it and go ahead and do it," he said.

Top House and Senate Democrats are working on legislation that would prevent online marketers from sharing Web-surfing information unless Internet users allowed them to. That's according to House Communications, Technology and the Internet Subcommittee chairman Rick Boucher (D.-Va.), who told Multichannel News that such a bill was in the works and was one of his top legislative priorities. The issue of online behavioral marketing has gained traction recently, spurred by privacy concerns and by media companies' need to find new ways for advertisers to reach aggregated audiences at a time of fragmented viewing and multiplying delivery platforms. Boucher's predecessor atop the committee, Rep. Edward Markey (D-Mass.), held a hearing last fall on the issue and helped quash a test by ad-tracking company NebuAd and cable operator Charter Communications. In an interview, Boucher said he was teaming with Reps. Cliff Stearns (R-Fla.), ranking member of his subcommittee, and Joe Barton (R-Texas), ranking full committee member, on a bill that would apply "across the board" to behavioral advertising and data collection by Web sites. "The goal would be to give the Internet user a sense that information about him that is collected by Web sites is well understood by the user, so he has an opportunity to know what is collected," Boucher said. "He would then have an opportunity to act in a way that prevents that Web site using that information to market him personally, and an even broader opportunity to prevent the transfer of that information about him to third parties." Boucher envisions a combination of opt-in and opt-out requirements. "Opt-in would apply where the information is conveyed to third parties," he said, while "opt out would apply where the Web site that collects the information is using that information directly to market the customers from whom it is collected." Center for Digital Democracy executive director Jeff Chester was please

Two companies that collect, analyze and sell prescription information are mounting a Supreme Court challenge to New Hampshire's first-in-the-nation law making doctors' prescription writing habits confidential. In an appeal filed March 27, IMS Health Inc. of Norwalk, Conn., and Verispan LLC of Yardley, Pa., tell the high court that the law violates their First Amendment right to free speech in pursuit of their business. The law, aimed at thwarting hard-sell tactics by drug companies to doctors, makes it a crime for pharmacies and others to transfer information disclosing a doctor's prescribing history if the information could be used for marketing of prescription drugs in New Hampshire. Patients' names are not included in the data. The companies say that the ruling by the 1st U.S. Circuit Court of Appeals in Boston that upheld the law's constitutionality could be broadly applied to newspaper publication of stock market information and many other services that gather large amounts of information. The money made by selling the information to drug makers, the companies say, allows them to provide the same material to researchers and humanitarian organizations at little or no cost. The law first took effect in 2006. The following year, U.S. District Judge Paul Barbadoro in Concord ruled in the companies' favor and said the law violated the First Amendment. Another federal judge subsequently ruled against a similar law in Maine, relying heavily on the New Hampshire decision. But the 1st Circuit overruled Barbadoro, calling the law a valid step to promote the delivery of cost-effective health care. "Even if the Prescription Information Law amounts to a regulation of protected speech - a proposition with which we disagree - it passes constitutional muster," the court said. "In combating this novel threat to cost-effective delivery of health care, New Hampshire has acted with as much forethought and precision as the circumstances permit and the