Karl Wabst's Library tagged privacy →  View Popular

"Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer.

HHS intends to hire a contractor to demonstrate either the “ability or inability” to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule, according to a Jan. 4 notice on the Federal Business Opportunities Web site.

De-identification and re-identification of patient data have become hot issues in the discussion about how to protect patient privacy while advancing adoption of electronic health records. The Obama administration is distributing at least $17 billion in incentive payments to doctors and hospitals who buy and use digital systems for medical data."

washingtontechnology.com/...onic-records-hhs-contract.aspx - Preview

Privacy Anonymous Data De-Identification Re-Identification

"All Facebook users can deactivate their profiles, but doing so quietly might not make quite the same statement as using another service to slam the door on the site.

One such service, Seppukoo.com, created by the Italian group Les Liens Invisibles, drew attention late last year after launching a campaign to convince people to commit Facebook suicide. Wannabe ex-Facebook members can provide Seppukoo.com with their names and passwords and Seppukoo then not only deactivates their profiles, but also creates a "memorial" page that it sends to users' former Facebook friends.

Facebook evidently isn't happy about this development. Last month, the company fired off a cease-and-desist letter to Les Liens Invisibles, complaining that users who provide log-in data are violating Facebook's terms of service. The company also alleges that the scraping of its data violates a host of laws, including an anti-hacking law, the federal spam law and the copyright statute. "

www.mediapost.com/publications - Preview

Privacy seppukoo FaceBook Suicide Machine

"Your information is for sale, and the government is buying it at alarming rates. The CIA, FBI, Justice Department, Defense Department, and other government agencies are at this very moment turning to a group of companies to provide them information that these companies can gather without the restrictions that bind government intelligence agencies. The information is gathered from sources that few would believe the government could gain unfettered access to, but which, under current Fourth Amendment doctrine and statutory protections, are completely accessible.

Fourth-parties, such as ChoicePoint or LexisNexis, are private companies that aggregate data for the government, and they comprise the private security-industrial complex that arose after the attacks of September 11, 2001. They are in the business of acquiring information, not from the information’s originator (the first-party), nor from the information’s anticipated recipient (the second-party), but from the unavoidable digital intermediaries that transmit and store the information (third-parties). These fourth-party companies act with impunity as they gather information that the government wants but would be unable to collect on its own due to Fourth Amendment or statutory prohibitions. This paper argues that when fourth-parties disclose to law enforcement information generated as a result of searches that would be violations had the government conducted the searches itself, those fourth-parties’ actions should be considered searches by agents of the government, and the data should retain privacy protections. "

papers.ssrn.com/...papers.cfm - Preview

Privacy Data Brokers Sale of personal data Government

"When Jon Leibowitz was nominated in 2004 to sit on the Federal Trade Commission, critics feared that the former Hollywood lobbyist would be soft on the media and high-tech industries he used to promote. They presumed he would overlook emerging privacy concerns surrounding Google and Internet social networking sites in favor of the advertising industry.

But in the nine months since President Obama picked Leibowitz as the FTC's chairman, the agency has churned out a steady stream of actions aimed at the high-tech sector. "

www.washingtonpost.com/...AR2009122402895.html - Preview

Privacy leibowitz FTC washingtonpost

"Dr. John Noseworthy, Mayo Clinic's national CEO, has fired two employees who violated privacy policies.

"I authorized the termination of employment of a Mayo physician and a member of our allied health staff, each for inappropriately accessing and looking through a patient's confidential record," Noseworthy tells Mayo employees in a newsletter. He said it was one of the most difficult decisions he will ever make. He doesn't name the individuals.

Such a complaint would violate Minnesota Board of Medical Examiners' rules concerning mismanagement of medical records and unethical conduct, said Ruth Martinez, complaint review unit supervisor.

The board regulates physician and allied staff licensure and handles two to four patient privacy complaints a year, Martinez said. The story Noseworthy tells fits the definition of a violation, she said. "

www.postbulletin.com/...localnews_story.asp - Preview

Privacy Mayo dismissed

"It was a busy year for the digital ad space in terms of regulatory scrutiny, both in the U.S. and in Europe. As increasing amounts of user data are leveraged for behavioral ad targeting and audience segmentation, regulators on both sides of the Atlantic have turned their attention to the legality and necessity of tracking users' online behavior.

The practice of data collection for online ad purposes is far from new, and behavioral targeting firms and publishers have been selling those insights to advertisers for years. In 2008, proposed network-level deep-packet inspection technology drew the attention of regulators, as privacy advocates and consumers expressed concerns about their ISPs monitoring their every online move in order to target them with ads.

Although that technology, provided by firms such as Phorm and NebuAd, was eventually abandoned by ISPs after overwhelming criticism from privacy advocates and concerned consumers, regulators have taken the opportunity to continue their probe into the online ad business more widely.

Following a series of hearings, roundtables and data privacy events in the U.S. this year, Congress is now widely expected to pass legislation on the matter. That bill will likely grant the FTC power to regulate the space more closely, specifically in relation to user privacy and the data collection practices that are now commonplace on the Web"

www.clickz.com/3635983 - Preview

Privacy Behavioral Advertising Congress FTC

"It has come to this.

Already shoeless, beltless and waterless, more beleaguered air passengers will be holding their legs apart, raising their arms and effectively baring it all as they pass through U.S. airport security checkpoints. "

www.washingtonpost.com/...AR2010010301826.html - Preview

fullbody washingtonpost Trust Privacy

"A Mexican national has been arrested in Phoenix for allegedly stealing the identify of Florida Marlins relief pitcher Kiki Calero, police said.

Oscar Corral, 41, was arrested Thursday after being stopped for having a low tire, the South Florida Sun-Sentinel reported Saturday.

Corral allegedly showed a Phoenix officer a fake Puerto Rican driver's license and a Social Security card with Carlero's full name -- Enrique Calero Carrion.

Corral was booked into the Maricopa County jail and charged with possession of forged documents, Arizona Department of Public Safety spokesman Bart Graves said."

www.upi.com/...UPI-20421252772938 - Preview

Privacy Identity Theft Pitcher

"Hackers are to blame for most thefts of credit card numbers, medical records and other information of a million Massachusetts residents, The Boston Globe said.

The newspaper, citing state documents, said all the breaches happened in the past two years.

"Many thousands" of them had been reported from June to November and included confidential information from major institutions such as Blue Cross Blue Shield of Massachusetts and JPMorgan Chase Bank, the Globe said

Some of the information ended up in the wrong hands because of the theft of a laptop computer or loss of computer data tape. But most breaches can be traced to hacker breaking into computer networks, the Globe said.

Businesses and other institutions must develop a "culture of security" to protect the sensitive documents they control, said Barbara Anthony, undersecretary of consumer affairs and business regulation."

www.upi.com/...UPI-63481262581405 - Preview

Privacy Hackers Breach MA

"Susan Dandridge knew that when she sought protection in bankruptcy court last year, information about her debts and income would go into a public court file.

"It's old bills and stuff from my earlier life I'm trying to clean up," said the 53-year-old admissions adviser at Herzing University, a for-profit college with a campus in Kenosha. "I can deal with that."

But what she couldn't deal with was learning that some of those bills, from Aurora Health Care Inc., included specific details about the kind of treatment she got there and why.

"I never thought in a million years" that Chapter 13 would "take my personal life and make it an open book," she said recently. Now she's one of several Aurora patients in bankruptcy who have filed class-action lawsuits against Aurora over the way it submits claims in bankruptcy.

The suits, in federal and state court, claim Aurora violated Wisconsin's privacy law when it routinely filed proofs of claim against debtors that include patients' specific medical information as part of the billing records. The suits seek $25,000 in exemplary damages for each person whose private medical information was revealed.

The suits also seek to have such information taken out of thousands of other debtors' existing files.

In the case of the named class-action plaintiffs such as Dandridge, the information has already been sealed, according to court records. She estimated it was in her file for months before that happened. Other plaintiffs declined to talk about their cases.

The suits claim Aurora intentionally and recklessly disclosed the information, and that, as a consequence, the affected patients/debtors have suffered emotional embarrassment and been exposed to "medical identity theft.""

www.jsonline.com/...80553442.html - Preview

Privacy bankruptcy disclosure Aurora

"The botched Christmas Day effort of a Nigerian terrorist to blow up a plane as it came in for a landing near Detroit has once again tightened security precautions in this country and around the world.

The success of Umar Farouk Abdulmutallab to allegedly smuggle liquid explosives onto the international flight in his underwear has created a rush to more fully implement full-body scanning equipment at airports.

In the Netherlands, where Abdulmutallab boarded the plane, officials said this week that they will now require all passengers headed to the United States to go through the body scanners.

Early versions of the body scanners created privacy concerns because they basically undress, at least visually on a monitor screen, whoever passes through them. Although they may be great for detecting hidden weapons and explosives, they’re not so terrific in protecting modesty.

Technology is already at work trying to address that objection. In more recent versions, the software has been updated to blur facial features or create a chalky outline of the body’s contours."

gwcommonwealth.com/...01012010edit01.txt - Preview

Terrorism Airport Privacy and Security

"Chicken producer Pilgrim's Pride /quotes/comstock/13*!ppc/quotes/nls/ppc (PPC 8.95, +0.04, +0.45%) said late Wednesday it will pay the U.S. government $4.5 million over the next three years to settle a two-year investigation into identity theft and employment at its five of its plants. No civil or criminal charges were filed against Pilgrim's Pride during the federal government's probe. Pilgrim's Pride said the settlement does not constitute any admission of civil or criminal misconduct on the part of the company or its employees. In 2007 and 2008, federal agents raided five Pilgrim's Pride plants, apprehending 338 illegal immigrants. Shares of Pilgrim's Pride, which this week emerged from bankruptcy, fell 2 cents to close at $8.91"

www.marketwatch.com/...llegal-worker-probe-2009-12-30 - Preview

Privacy ID Theft Pilgrim's Pride

"A Manhattan medical assistant has admitted stealing a stranger's identity and using it to get married in the other woman's name.

Aracelis Cherico (uh-RAYS'-lihs chur-EE'-koh) pleaded guilty Wednesday to identity theft in a scheme that has kept her victim from getting a marriage license.

Cherico admitted she used Sara Benitez's information for years, including when Cherico wed in 1992. In recent years, Cherico has filed tax returns in Benitez's name to get more than $2,600 in refunds.

It's unclear how she got Benitez's information. Prosecutors say Benitez was denied a marriage license because of the scam.

The 46-year-old Cherico is expected to be sentenced to 60 days in prison and to help clear Benitez's name."

www.latimes.com/...theft-marriage,0,4141824.story - Preview

Privacy ID Theft Marriage

"Integration trend stimulated by privacy concerns.
We are in the midst of a shift (powered by digital) where information flows side to side as much as from top down or bottom up. This means that the act of consumers talking to one other now has a rightful place within the circle of influential communications that shape brands.

There are some unique rules of engagement in accessing that communication. If marketers and researchers want to be able to tap into the huge amounts of rich, accurate, and timely information that consumers themselves generate, they have to think beyond traditional paradigms.

The next 12 months will continue the "privacy by design" movement whereby consumer privacy and user control will become more important for those seeking to understand consumer behavior. Privacy elements will therefore need to be integrated into consumer generated platforms. This will naturally lead to a land grab where parties join forces e.g. a market research company and a social network provider, so that the transition between the platform and the third party collecting data become seamless.

We will also see a continuation of media convergence. The aggressive nature of regulatory regimes means a global privacy standards framework will become vital. A global framework will allow for a more uniform application of notice and consumer consent regardless of platform. This should allow for greater transparency, but will place a premium on the key partnerships that are given permission to be part of reduced set of data collectors and processors. "

adage.com/...article - Preview

Privacy Digital Marketing

"Despite concerns from some privacy groups and U.S. lawmakers about behavioral advertising, most large advertising networks generally comply with a set of privacy and data-handling standards adopted by the Network Advertising Initiative a year ago, the NAI said in a report released Wednesday."

...NAI, whose members include Google, Yahoo and Advertising.com, should be praised for doing a compliance report after skipping it for several years, said Ari Schwartz, vice president and chief operating officer CDT. However, the group should consider using a third party to audit compliance of its privacy guidelines, instead of having NAI staff do the audits, he said.

In addition, while NAI members appear to be following most of the guidelines, some of the privacy safeguards are "weak," including the data retention standard, he said. "There's no maximum for data retention -- they just have to state what their data retention policy is," Schwartz added.

The NAI report doesn't lessen the need for new privacy laws, Schwartz said. Several online advertising networks are not members of NAI, and the recent public pressure has led to the NAI updating 8-year-old guidelines last year and issuing a compliance report for the first time in several years, although the group had promised regular reports, he said.

"It seems that when there's regulatory pressure, they actually do comply with what they said they were going to do," he said. "We certainly wouldn't want to see any regulatory pressure lifted."

www.pcworld.com/...comply_with_privacy_rules.html - Preview

Privacy NAI Compliance Self-regulation

"Aviation security could be improved with the use of databases containing passengers' personal information, technology such as body scans and better information-sharing. But the changes would require greater tolerance of intrusions and far more effective government oversight, security specialists say. "

www.washingtonpost.com/...AR2009122902767.html - Preview

Privacy Security Trust

"The attempted attack on a Detroit-bound flight last week, along with the events preceding and following it, has provided a snapshot of the ongoing struggle to balance civil liberties and national security.

President Obama on Tuesday admitted a "systemic failure" on multiple levels in the run-up to the attempted bombing. Suspect Umar Farouk Abdulmutallab was in a terror database of more than a half-million people but was not on a "no-fly" list.

The administration has initiated a review of airport security and the watch-list system in the wake of the failed plot. But so far, analysts say what happened is emblematic of the struggle between privacy and security interests.

"It's just (an) inability to understand the right way to strike the balance that's at fault," said constitutional attorney David Rivkin.

Airlines don't have access to the government's comprehensive terrorist database. They screen travelers based on the smaller, "no-fly" list."

www.foxnews.com/...shot-struggle-security-privacy - Preview

Privacy Security Trust Scanner

"US lawmakers have favoured a compulsory full body scan of the passengers of all US-bound international flights so as to avoid any kind of security breach.

“I would say right now we do need full-body scan, especially when you have countries like Nigeria, which have inadequate security, and you have passengers transiting in Amsterdam and coming here,” US Congressman Peter King told CBS news in an interview.

“There is a brief violation of privacy with the full-body scan, but on the other hand we can save thousands of lives,” said King, a US Republican Congressman, who is a Ranking Member of the House Committee of Homeland Security."

ibnlive.in.com/...107856-2.html - Preview

Privacy full body scan passengers

"The HITECH Act within the American Recovery and Reinvestment Act substantially enhanced the HIPAA privacy and security rules. Some of those changes went into force during 2009, with more than a dozen additional regulatory actions or industry guidance documents expected in 2010.

Requirements - and penalties - of the privacy and security rules now apply directly to business associates. These include such entities as I.T. vendors, banks, billing firms and other service providers, who now must comply with the rules as if they were covered entities. Further, some newer types of organizations - particularly health information exchanges/regional health information organizations, e-prescribing gateways and personal health records vendors - now are considered business associates.

Advertisement



Rule Provisions

Under HITECH as enacted, covered entities and personal health records vendors must notify individuals if their protected health information is breached. They also must notify the Department of Health and Human Services and local news media if the breach involves more than 500 individuals. Business associates experiencing a breach must notify the covered entity, which then notifies individuals. However, notification of a breach is not required if the information was unintentionally disclosed to an authorized recipient and is not further disclosed, or if it is rendered unreadable via encryption or other methods."

www.healthdatamanagement.com/...cy_security_HIPAA-39505-1.html - Preview

HITECH Privacy Health Care Security

"Credit card hackers are stealing Christmas from hundreds of Alaskans this year.

More victims are coming forward to report their bank accounts have been raided, and police estimate 1,000 people fell victim to the scheme.

Police say the thieves hacked a computer at an Anchorage business and then sold the card numbers to folks across the U.S.

People are out thousands of dollars and the Grinch who swiped the cards is still out there.

Last-minute shoppers don't have the luxury of looking at price tags, and many don't even want to know how much they'll end up spending this Christmas.

But for some people in Anchorage, their bank accounts are being hit with an unpleasant holiday surprise.

"It was about $175 at one store and $156 at another and then there was an attempted charge for $1 and that one was declined," said Tabetha Toloff, one of the victims of the scheme.

A hacker stole Toloff's credit card number from a local business and cloned it. The charges showed up in Georgia.

She counts herself lucky. Another friend lost her entire checking account.

Toloff claims even though she got the money back, it wears on consumer confidence.

"I have a new card. I haven't used it. I don't want to use it. I've been dealing strictly with cash. I'm a little gun shy right now so I'm going to wait a while and let this blow over before I use my debit card again, or even my credit card," Toloff said."

www.ktuu.com/...story.asp - Preview

Privacy theft Alaska Credit Trust