education new york online education new york online education new york online
Search
Today's Info Policy News
Weekly Archive
Information Policy
FERPA
Protecting your children's privacy: The Facts
Parents 4 Privacy
WHO'S WATCHING YOUR CHILDREN?
about
contact us
site map
Search
With the exact phrase
With all of the words
With at least one of the words
Without these words
 
Within these fields         
 
Date range limit

      Pick Date
 
Item(s) found: 70
The Internet of Things: Privacy and Security in a Connected World
Date CapturedTuesday January 27 2015, 9:14 AM
Federal Trade Commission Staff Report On the November 2013 Workshop
The PII Problem: Privacy and a New Concept of Personally Identifiable Information
Date CapturedFriday November 14 2014, 6:32 AM
Paul M. Schwartz University of California, Berkeley - School of Law; Daniel J. Solove George Washington University Law School; December 5, 2011; New York University Law Review, Vol. 86, p. 1814, 2011; UC Berkeley Public Law Research Paper No. 1909366; GWU Legal Studies Research Paper No. 584; GWU Law School Public Law Research Paper No. 584; We show how existing approaches to PII impede the effective regulation of behavioral marketing, and how PII 2.0 would resolve these problems.
FTC's Brill Excludes Google, Facebook From Data Broker Push
Date CapturedFriday April 11 2014, 1:10 PM
March 14, 2014 Keynote address at a symposium on the “Internet of Things” held by the Center on Law and Information Policy at Fordham Law School
FTC to Study Data Broker Industry’s Collection and Use of Consumer Data
Date CapturedTuesday December 18 2012, 1:44 PM
The nine data brokers receiving orders from the FTC are: 1) Acxiom, 2) Corelogic, 3) Datalogix, 4) eBureau, 5) ID Analytics, 6) Intelius, 7) Peekyou, 8) Rapleaf, and 9) Recorded Future. The FTC is seeking details about: the nature and sources of the consumer information the data brokers collect; how they use, maintain, and disseminate the information; and the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold.
“Mobile Apps for Kids: Disclosures Still Not Making the Grade"
Date CapturedThursday December 13 2012, 12:18 PM
FTC: The report strongly urges all entities in the mobile app industry – including app stores, app developers, and third parties providing services within the apps – to accelerate efforts to ensure that parents have the key information they need to make decisions about the apps they download for their children. The report also urges industry to implement recommendations in the recent FTC Privacy Report including: Incorporating privacy protections into the design of mobile products and services; Offering parents easy-to-understand choices about the data collection and sharing through kids’ apps; and Providing greater transparency about how data is collected, used, and shared through kids’ apps.
FTC: Protecting Your Child's Personal Information at School
Date CapturedFriday August 17 2012, 8:21 AM
The Need for Privacy Protections: Perspectives from the Administration & FTC
Date CapturedTuesday May 29 2012, 9:08 AM
FTC May 9, 2012 testimony before the Committee on Commerce, Science & Transportation; US Senate
Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers
Date CapturedMonday March 26 2012, 11:16 AM
The final report calls on companies handling consumer data to implement recommendations for protecting privacy, including: Privacy by Design - companies should build in consumers' privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy; Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities. Greater Transparency - companies should disclose details about their collection and use of consumers' information, and provide consumers access to the data collected about them. *****Data Brokers - The Commission calls on data brokers to make their operations more transparent by creating a centralized website to identify themselves, and to disclose how they collect and use consumer data. In addition, the website should detail the choices that data brokers provide consumers about their own information.
Mobile Apps for Kids: Current Privacy Disclosures Are Disappointing
Date CapturedThursday February 16 2012, 11:10 AM
FTC staff report: Parents should be able to learn, before downloading an app for their children, what data will be collected, how the data will be used, and who will obtain access to the data.
FTC Alerta para Consumidores: Cómo proteger la información personal de su hijo en la escuela
Date CapturedSunday September 11 2011, 7:37 PM
Pregunte en la escuela de su hijo cuál es la política aplicable al directorio de información de los estudiantes. En el directorio de información de los estudiantes se pueden listar el nombre, domicilio, fecha de nacimiento, número de teléfono, domicilio de email y foto de su hijo. La ley FERPA establece que las escuelas deben notificar a los padres y tutores sus respectivas políticas aplicables al directorio de información de los estudiantes, y darle el derecho de optar por que no se suministre esa información a terceros. Es mejor que presente su solicitud por escrito y que guarde una copia para sus archivos. Si usted no ejerce su derecho de optar por que no se comparta la información de su hijo, los datos listados en el directorio de la escuela pueden estar a disposición no sólo de los compañeros de clase y personal de la escuela de su hijo, sino también del público en general.
FTC "STOLEN FUTURES" WEBCAST Session Two - FAMILIAL IDENTITY THEFT - July 12, 2011
Date CapturedSunday September 11 2011, 12:04 AM
WEBCAST ON CHILD IDENTITY THEFT. DISCUSSES MOST AT RISK STUDENTS. Session 2 Linda Foley is the founder of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. Theresa Ronnebaum is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION on CHILD IDENTITY THEFT
Date CapturedFriday September 02 2011, 9:38 PM
PREPARED STATEMENT OF THE FEDERAL TRADE COMMISSION Before the SUBCOMMITTEE ON SOCIAL SECURITY of the HOUSE COMMITTEE ON WAYS AND MEANS on Child Identity Theft Field Hearing Plano, Texas September 1, 2011; EXCERPT: A. The Child Identity Theft Forum Discussions [They noted that identity thieves often steal children’s information from schools, businesses, and government agencies.]
FTC CONSUMER ALERT: Student Surveys: Ask Yourself Some Questions
Date CapturedFriday September 02 2011, 6:35 PM
[The Protection of Pupil Rights Amendment (PPRA) is a federal law that affords certain rights to parents of minor students with regard to surveys that ask questions of a personal nature, as well as to surveys designed to collect personal information from students for marketing purposes. Briefly, with regard to marketing surveys, PPRA generally requires schools to develop policies, notify parents about these surveys and permit them to opt their children out of participation in those surveys. Surveys that are exclusively used for certain educational purposes are excepted from these requirements.] [FTC recommends that you check to see if the survey form includes a privacy statement. If there is no privacy statement, you may want to think twice about distributing the survey. In any case, it is wise to know: • who is collecting the information; • how the information will be used; • with whom the information will be shared; and • whether students will have a choice about the use of their information.]
FTC CONSUMER ALERT: Protecting Your Child's Personal Information at School
Date CapturedFriday September 02 2011, 6:10 PM
[Ask your child's school about its directory information policy. Student directory information can include your child's name, address, date of birth, telephone number, email address, and photo. FERPA requires schools to notify parents and guardians about their school directory policy, and give you the right to opt-out of the release of directory information to third parties. It's best to put your request in writing and keep a copy for your files. If you don't opt-out, directory information may be available not only to the people in your child's class and school, but also to the general public.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25 2011, 5:26 PM
Session 3 TRANSCRIPT - Securing Children’s Data in the Educational System: Steven Toporoff - Federal Trade Commission. PANELISTS: Kathleen Styles, U.S. Department of Education; Michael Borkoski, Howard County Maryland Public Schools; Larry Wong, Montgomery County Maryland Public Schools; Richard Boyle ECMC, Denny Shaw i-SAFE, Inc. [This panel will explore the Family Educational Rights and Privacy Act (FERPA) and initiatives to protect children’s personal information in school systems. We will also explore lessons learned from a high-profile data breach involving student information. Finally, the panel will discuss outreach efforts to teach children, teachers, youth counselors, and school administrators about privacy and securing children’s personal information.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedMonday July 25 2011, 5:16 PM
Session 2 TRANSCRIPT intro [Linda Foley is the founder and research director of the Identity Theft Resource Center, a nationwide nonprofit, victim-services advocacy, and consumer-education program based in San Diego, California. Russell Butler is Executive Director of the Maryland Crime Victims Resource Center, which provides criminal justice information and education, support services, therapeutic individual, family, and group counseling, and legal information, referrals, and representation to victims of crime. And then I have Theresa Ronnebaum. Theresa is the Identity Theft Program Specialist for the Florida Attorney General's office with over 15 years experience in victim advocacy.]
Stolen Futures: A Forum on Child Identity Theft July 12, 2011
Date CapturedWednesday July 20 2011, 6:12 PM
TRANSCRIPT SESSION ONE: Stolen Futures: A Forum on Child Identity Theft July 12, 2011; The Federal Trade Commission (FTC) and the Office for Victims Rights (OVC), Office of Justice Programs, U.S. Department of Justice, will hold a forum to discuss child identity theft. Government, business, non-profit, legal service providers, and victim advocates will explore the nature of child identity theft, including foster care identity theft and identity theft within families, with the goal of advising parents and victims on how to prevent the crime and how to resolve child identity theft problems.
CONSUMER SENTINEL NETWORK \DATA BOOK for January - December 2010
Date CapturedSaturday March 12 2011, 11:39 AM
The 2010 Consumer Sentinel Network Data Book is based on unverified complaints reported by consumers. The data is not based on a consumer survey.
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE FEDERAL TRADE COMMISSION
Date CapturedMonday March 07 2011, 6:04 PM
Marc Rotenberg, EPIC testimony to FTC: COPPA currently defines PI as: Personal information means individually identifiable information about an individual collected online, including: (a) A first and last name; (b) A home or other physical address including street name and name of a city or town; (c) An e-mail address or other online contact information, including but not limited to an instant messaging user identifier, or a screen name that reveals an individual's e-mail address; (d) A telephone number; (e) A Social Security number; (f) A persistent identifier, such as a customer number held in a cookie or a processor serial number, where such identifier is associated with individually identifiable information; or a combination of a last name or photograph of the individual with other information such that the combination permits physical or online contacting; or (g) Information concerning the child or the parents of that child that the operator collects online from the child and combines with an identifier described in this definition.
COPPA Rulemaking and Rule Reviews
Date CapturedMonday March 07 2011, 5:46 PM
Includes public testimony and roundtable. March 24, 2010
Rush Introduces Online Privacy Bill, H.R. 611, The BEST PRACTICES Act
Date CapturedFriday February 11 2011, 6:04 PM
Ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information. • Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers' options regarding those practices. • Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and direct the Federal Trade Commission to establish flexible and reasonable standards and requirements for such notices. • Require companies to obtain "opt-in" consent to disclose information to a third party. In the bill, the term, "third party" would be defined based on consumers' reasonable expectations rather than corporate structure. • Establish a "safe harbor" that would exempt companies from the "opt-in" consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC. • Require companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information. • Require companies to have reasonable procedures to secure information and to retain personal information only as long as it's necessary to fulfill a legitimate business or law enforcement need.
“Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”
Date CapturedThursday December 09 2010, 4:45 PM
FTC: To reduce the burden on consumers and ensure basic privacy protections, the report first recommends that “companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices.” Second, the report states, consumers should be presented with choice about collection and sharing of their data at the time and in the context in which they are making decisions – not after having to read long, complicated disclosures that they often cannot find. One method of simplified choice the FTC staff recommends is a “Do Not Track” mechanism governing the collection of information about consumer’s Internet activity to deliver targeted advertisements and for other purposes. The report also recommends other measures to improve the transparency of information practices, including consideration of standardized notices that allow the public to compare information practices of competing companies. The report recommends allowing consumers “reasonable access” to the data that companies maintain about them, particularly for non-consumer facing entities such as data brokers. Finally, FTC staff proposes that stakeholders undertake a broad effort to educate consumers about commercial data practices and the choices available to them.
TaintDroid: An Information-Flow Tracking System for Realtime Privacy Monitoring on Smartphones
Date CapturedFriday October 01 2010, 7:22 PM
To appear at the 9th USENIX Symposium on Operating Systems Design and Implementation (OSDI’10) William Enck, Peter Gilbert Byung-Gon Chun,Landon P. Cox , Jaeyeon Jung, Patrick McDaniel Anmol N. Sheth at CONCLUSION: While some mobile phone operating systems allow users to control applications’ access to sensitive informa- tion, such as location sensors, camera images, and con- tact lists, users lack visibility into how applications use their private data. To address this, we present TaintDroid, an ef?cient, system-wide information ?ow tracking tool that can simultaneously track multiple sources of sensi- tive data. A key design goal of TaintDroid is ef?ciency, and TaintDroid achieves this by integrating four gran- ularities of taint propagation (variable-level, message- level, method-level, and ?le-level) to achieve a 14% per- formance overhead on a CPU-bound microbenchmark. We also used our TaintDroid implementation to study the behavior of 30 popular third-party applications, cho- sen at random from the Android Marketplace. Our study revealed that two-thirds of the applications in our study exhibit suspicious handling of sensitive data, and that 15 of the 30 applications reported users’ locations to remote advertising servers. Our ?ndings demonstrate the effec- tiveness and value of enhancing smartphone platforms with monitoring tools such as TaintDroid.
FACEBOOK - Complaint, Request for Investigation, Injunction, and Other Relief
Date CapturedMonday May 10 2010, 9:54 AM
[This complaint concerns material changes to privacy settings made by Facebook, the largest social network service in the United States, that adversely impact the users of the service. Facebook now discloses personal information to the public that Facebook users previously restricted. Facebook now discloses personal information to third parties that Facebook users previously did not make available. These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.]
Proposed Privacy Legislation Wins Few Fans
Date CapturedThursday May 06 2010, 8:24 AM
WSJ : [ The goal for the legislation is to set a standard for consumer privacy protections and also provide consumers with more transparency and control regarding the collection, use and sharing of their information, said Rep. Rick Boucher (D., Va.). Mr. Boucher released a draft of the bill for discussion on Tuesday along with Rep. Cliff Stearns (R., Fla.). The bill stipulates that as a general rule companies can collect information about consumers unless a person opts out of that data collection — a point of contention among privacy advocates. The regulation also specifies standards for the collection and use of personally identifiable information. Companies must disclose to consumers if they are collecting personally identifiable information and how they are using that data. Consumers must give a company permission to share that personally identifiable information with outside companies. ]
FTC Seeks Comment on Children's Online Privacy Protections; Questions Whether Changes to Technology Warrant Changes to Agency Rule.
Date CapturedTuesday April 06 2010, 2:51 PM
[In a Federal Register notice to be published shortly, the FTC poses its standard regulatory review questions and identifies several areas where public comment would be especially useful. Among other things, the FTC asks: What implications for COPPA enforcement are raised by mobile communications, interactive television, interactive gaming, or other similar interactive media. For input on the use of automated systems – those that filter out any personally identifiable information prior to posting – to review children’s Web submissions. Whether operators have the ability to contact specific individuals using information collected from children online, such as persistent IP addresses, mobile geolocation data, or information collected in connection with behavioral advertising, and whether the Rule’s definition of “personal information” should be expanded accordingly. Whether there are additional technological methods to obtain verifiable parental consent that should be added to the COPPA Rule, and whether any of the methods currently included should be removed. Whether parents are exercising their right under the Rule to review or delete personal information collected from their children, and what challenges operators face in authenticating parents. Whether the Rule’s process for FTC approval of self-regulatory guidelines – known as safe harbor programs – has enhanced compliance, and whether the criteria for FTC approval and oversight of the guidelines should be modified in any way.]
THE FAILURE OF FAIR INFORMATION PRACTICE PRINCIPLES forthcoming in Consumer Protection in the Age of the ‘Information Economy’
Date CapturedSunday January 31 2010, 10:03 PM
Fred H. Cate - [The key is refocusing FIPPS on substantive tools for protecting privacy, and away from notice and consent; leveling the playing field between information processors and data subjects; and created sufficient, but limited, liability so that data processors will have meaningful incentives, rather than bureaucratic regulations, to motivate appropriate behavior, and that individuals will be compensated when processing results in serious harm. This is only a first step. These proposed Consumer Privacy Protection Principles are undoubtedly incomplete and imperfect, but they are an effort to return to a more meaningful dialogue about the legal regulation of privacy and the value of information flows in the face of explosive growth in technological capabilities in an increasingly global society.]
Subject: EU-US Safe Harbor
Date CapturedSaturday January 23 2010, 9:34 PM
Chris Wolf - [There are three principal methods to legally export data from the EU to the US and overcome the prohibition against export to a country deemed to lack adequate protections. The first two are through so-called "model contracts" and "Binding Corporate Rules". The third is pursuant to a "Safe Harbor" framework that that EU and US agreed upon in 2001. To participate in the Safe Harbor, a U.S. company self-certifies to the U.S. Department of Commerce that it will follow the Safe Harbor Privacy Principles, which contain the core requirements of the EU Data Protection Directive (notice, choice, access, security, protection in onward transfers, data integrity, and enforcement). The company also is to publicize its adherence to the Safe Harbor Principles on its website. The Federal Trade Commission (FTC) is charged with enforcement of the Safe Harbor undertakings under Section 5 of the Federal Trade Commission Act, which governs deceptive and unfair business practices. In other words, a company that commits publicly to adhering to the Safe Harbor principles (and that it has so certified to the Department of Commerce) is subject to enforcement by the FTC if it does not do so. Companies must do what they promise to do.]
FTC.: Has Internet Gone Beyond Privacy Policies?
Date CapturedThursday January 21 2010, 8:55 AM
NY Times STEPHANIE CLIFFORD writes [Previous commissions looked at privacy under the framework of whether consumers were harmed, and with the basis that companies must advise consumers about what they’re doing and obtain their consent, Mr. Leibowitz said. But companies “haven’t given consumers effective notice, so they can make effective choices,” he said. Advise-and-consent “depended on the fiction that people were meaningfully giving consent,” Mr. Vladeck said. “The literature is clear” that few people read privacy policies, he said.]
FTC Probes Facebook's EPIC Privacy Fail
Date CapturedThursday January 21 2010, 8:44 AM
Media Post -- Wendy Davis writes - [In addition, a Facebook employee allegedly said recently that users' messages are stored in a database regardless of whether users attempt to delete them. "We track everything. Every photo you view, every person you're tagged with, every wall-post you make, and so forth," the employee allegedly added. EPIC alleges that these public statements demonstrate that Facebook engages in unfair and deceptive trade practices. The new filing also questions a new iPhone synching feature that transfers users' iPhone contacts to Facebook, even when the phone contacts are not Facebook friends with the users.]
FTC spam site
Date CapturedTuesday January 05 2010, 9:00 PM
[This website has information about the Federal Trade Commission's recent law enforcement actions against deceptive commercial email and spammers' responsibilities under the CAN-SPAM law. In the "For Consumers" section, you'll find tips on how to reduce the amount of spam email in your in-box.]
Net Privacy 2010: How Far Will the Needle Move?
Date CapturedSaturday January 02 2010, 1:33 PM
eSecurity Planet Kenneth Corbin writes [Some of the largest companies in the industry, including Google (NASDAQ: GOOG) and Microsoft (NASDAQ: MSFT), have expressed support for baseline privacy legislation, providing it doesn't get too specific in targeting specific technologies. In the early part of 2010, Rep. Rick Boucher, who chairs the House subcommittee on technology and the Internet, has said he plans to introduce a bill that would do just that. He has been working with Cliff Stearns, the ranking Republican on the subcommittee, as well as the leaders of the subcommittee on consumer protection, to draft the bill, and spent the better part of 2009 seeking input from a variety of stakeholders.]
Comments of the World Privacy Forum to FTC, Nov. 6, 2009
Date CapturedThursday December 17 2009, 10:58 PM
Pam Dixon Executive Director, World Privacy Forum -- Re: Privacy Roundtables – Comment, Project No. P095416 - [The World Privacy Forum understands that businesses have a right to exist and to make money, and that advertising and marketing is part of the marketplace. But we also believe that there is not a reasonable balance right now between what data is being collected and used, and what consumers can do to manage that data and their privacy. There are no perfect solutions, but we think that a rights-based framework based on approaches contained in the Fair Credit Reporting Act and on Fair Information Practices will address many of the problems and help create solutions that are equitable for all stakeholders.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedMonday December 14 2009, 5:31 PM
Comments of the Center for Democracy & Technology (CDT) in regards to the FTC Consumer Privacy Roundtable.
DOD nixes vendor of online monitoring software over privacy concerns
Date CapturedMonday December 07 2009, 8:53 PM
Jaikumar Vijayan writes [In September, EPIC, a Washington-based privacy advocacy group, filed a complaint against EchoMetrix with the Federal Trade Commission. EPIC claimed that EchoMetrix was violating the provisions of the Children's Online Privacy Protection Act (COPPA) by collecting personally identifiable information about children and their browsing habits and online chats. EPIC claimed that EchoMetrix used the information to deliver targeted advertising to children and also sold that information to third-party marketers. In its complaint, EPIC pointed to a separate service offered by EchoMetrix called Pulse, which analyzes data gathered from multiple sources including instant messages, blogs and chat rooms. The information is sold as market research intelligence to marketing companies, the EPIC complaint said.] [
Ad Industry Works on Ads About Ads
Date CapturedTuesday November 24 2009, 3:07 PM
Wall Street Journal Emily Steel writes -- [At issue is the practice of tracking consumers’ Web activities — from the searches they make to the sites they visit and the products they buy — for the purpose of targeting ads. The efforts follow calls from the FTC earlier this year for Web advertisers and Internet companies to do a better job explaining how they track and use information about consumers’ Web activities and creating a simple way consumers can opt out of being tracked.]
Federal data breach notification standard must pre-empt state laws
Date CapturedMonday November 16 2009, 8:33 PM
Nextgov Jill R. Aitoro writes -- [The Data Breach Notification Act, introduced in January by Sen. Dianne Feinstein, D-Calif., would authorize the attorney general to bring civil actions against firms that failed to notify people whose personal information had been compromised in a breach and would extend notification requirements to government agencies. The Personal Data Privacy and Security Act, introduced in July by Sen. Patrick Leahy, D-Vt., also would set notification requirements and tighter criminal penalties for identity theft and willful concealment of a breach, and would require businesses to implement preventive security standards to guard against threats to their databases.] [Two states are credited for having breach notification laws with the most teeth, said Peter McLaughlin, senior counsel with Foley & Lardner LLP and a member of the law firm's privacy, security and information management practice. Foley & Lardner released a report on Monday that provides in-depth coverage of all major aspects of U.S. and international security breach laws.]
Refocusing the FTC’s Role in Privacy Protection
Date CapturedTuesday November 10 2009, 3:33 PM
Center for Technology in Government (CDT) Policy Post 15.17, November 10, 2009. [ A Briefing On Public Policy Issues Affecting Civil Liberties Online from The Center For Democracy and Technology Refocusing the FTC’s Role in Privacy Protection 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable 2) The Significance of a Comprehensive Set of Fair Information Practice Principles 3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward 4) CDT Recommendations for Future FTC Action
‘‘Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act’’ or the ‘‘BEST PRACTICES Act’’
Date CapturedThursday November 05 2009, 3:19 PM
H. R. 5777 -- To foster transparency about the commercial use of personal information, provide consumers with meaningful choice about the collection, use, and disclosure of such information, and for other purposes. [Requires information brokers to: (1) establish procedures to verify the accuracy of information that identifies individuals; (2) provide to individuals whose personal information it maintains a means to review it; (3) place notice on the Internet instructing individuals how to request access to such information; and (4) correct inaccurate information. Directs the FTC to require information brokers to establish measures which facilitate the auditing or retracing of access to, or transmissions of, electronic data containing personal information. Prohibits information brokers from obtaining or disclosing personal information by false pretenses (pretexting).]
Kids' Privacy
Date CapturedSunday November 01 2009, 9:40 PM
[Thanks to COPPA, sites have to get a parent’s permission if they want to collect or share your kids’ personal information, with only a few exceptions. That goes for information sites ask for up-front, and information your kids choose to post about themselves. Personal information includes your child’s full name, address, email address, or cell phone number. Under COPPA, sites also have to post privacy policies that give details about what kind of information they collect from kids — and what they might do with it (say, to send a weekly newsletter, direct advertising to them, or give the information to other companies). If a site plans to share the child’s information with another company, the privacy policy must say what that company will do with it. Links to the policies should be in places where they’re easy to spot. What Can You Do? Your kids’ personal information and privacy are valuable —to you, to them, and to marketers.] *****NOTE DISPARITY WITH PROTECTION PROVIDED UNDER FERPA.
FAIR INFORMATION PRACTICE PRINCIPLES
Date CapturedFriday October 30 2009, 11:08 AM
Over the past quarter century, government agencies in the United States, Canada, and Europe have studied the manner in which entities collect and use personal information -- their "information practices" -- and the safeguards required to assure those practices are fair and provide adequate privacy protection. The result has been a series of reports, guidelines, and model codes that represent widely-accepted principles concerning fair information practices. Common to all of these documents [hereinafter referred to as "fair information practice codes"] are five core principles of privacy protection: (1) Notice/Awareness; (2) Choice/Consent; (3) Access/Participation; (4) Integrity/Security; and (5) Enforcement/Redress.
Education Marketing Group/ECRA LAWSUIT RE: SALE OF STUDENT INFORMATION
Date CapturedFriday October 30 2009, 10:15 AM
Parties Subject to Order ORDERED, ADJUDGED AND DECREED that this Consent Order and Judgment shall extend to Student Marketing Group, Inc. (“SMG”) and Educational Research Center of America, Inc. (“ERCA”), their successors, assignees, officers, agents, representatives, affiliates and employees and any other person under their direction or control, whether acting individually or in concert with others or through any corporate entity or device through which they may now or hereafter act or conduct business (collectively “respondents”).
FTC Settles with Six Companies Claiming to Comply with International Privacy Framework
Date CapturedWednesday October 07 2009, 9:28 PM
[For Release: 10/06/2009 - Six U.S. businesses have agreed to settle Federal Trade Commission charges that they deceived consumers by falsely claiming they were abiding by an international privacy framework that provides a means for U.S. companies to transfer data from the European Union to the United States in keeping with EU and U.S. law. According to six separate complaints filed by the FTC, the six companies deceptively claimed they held current certifications under the EU/U.S. Safe Harbor framework. The framework is a voluntary program administered by the U.S. Department of Commerce in consultation with the European Commission. To participate, a company must self-certify annually to the Department of Commerce that it complies with a defined set of privacy principles. The FTC complaints charge World Innovators, Inc.; ExpatEdge Partners LLC; Onyx Graphics, Inc.; Directors Desk LLC; Collectify LLC; and Progressive Gaitways LLC with representing that they held current certifications to the Safe Harbor program, even though the companies had allowed their certifications to lapse. Under the proposed settlement agreements, which are subject to public comment, the companies are prohibited from misrepresenting the extent to which they participate in any privacy, security, or other compliance program sponsored by a government or any third party. Consumers who want to know whether a U.S. company is a participant in the Safe Harbor program can go to http://export.gov/safeharbor to see if the company holds a current self-certification. These cases are being brought with the invaluable assistance of the U.S. Department of Commerce. The Commission vote to approve the administrative complaints and proposed settlement agreements was 4-0. The FTC will publish an announcement regarding the agreements in the Federal Register shortly. The agreements will be subject to public comment for 30 days, beginning today and continuing through November 5, 2009, after which the Commission will decide whether to make them final. To file a public comment, please click on the following hyperlink: http://www.ftc.gov/os/2009/10/sixcasespubliccomment.pdf and follow the instructions at that site. Copies of the complaints, the proposed settlement agreements, and the analyses of the agreements to aid in public comment are available from both the FTC’s Web site http://www.ftc.gov and the FTC’s Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, DC 20580.]
Americans Don't Like Being Tracked on Web
Date CapturedMonday October 05 2009, 6:21 PM
[The Times notes that Representative Rick Boucher, Democrat from Virginia, is planning to introduce privacy legislation that will address on-line tracking, while David Vladeck, head of consumer protection for the The Federal Trade Commission (FTC), is indicating that he is keeping a close watch on consumer privacy protection as well.]
Commission Extension of Deferral of Enforcement of the Identity Theft Red Flags Rule Until August 1, 2009
Date CapturedMonday May 04 2009, 4:43 PM
[The Federal Trade Commission (the “FTC” or “Commission”) is extending its deferral of enforcement of the Identity Theft Red Flags Rule to August 1, 2009.2 This rule was promulgated pursuant to § 114 of the Fair and Accurate Credit Transactions Act (“FACTA”). Congress directed the Commission and other agencies to develop regulations requiring “creditors”3 and “financial institutions”4 to address the risk of identity theft. The resulting Identity Theft Red Flags Rule requires any of these entities that have “covered accounts” to develop and implement written identity theft prevention programs. The identity theft prevention programs must be designed to help identify, detect, and respond to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. This rule applies to all entities that regularly permit deferred payments for goods or services, including entities such as health care providers, attorneys, and other professionals, as well as retailers and a wide range of businesses that invoice their customers.]
FTC Will Grant Three-Month Delay of Enforcement of ‘Red Flags’ Rule Requiring Creditors and Financial Institutions to Adopt Identity Theft Prevention Programs
Date CapturedMonday May 04 2009, 4:38 PM
[The Fair and Accurate Credit Transactions Act of 2003 (FACTA) directed financial regulatory agencies, including the FTC, to promulgate rules requiring “creditors” and “financial institutions” with covered accounts to implement programs to identify, detect, and respond to patterns, practices, or specific activities that could indicate identity theft. FACTA’s definition of “creditor” applies to any entity that regularly extends or renews credit – or arranges for others to do so – and includes all entities that regularly permit deferred payments for goods or services. Accepting credit cards as a form of payment does not, by itself, make an entity a creditor. Some examples of creditors are finance companies; automobile dealers that provide or arrange financing; mortgage brokers; utility companies; telecommunications companies; non-profit and government entities that defer payment for goods or services; and businesses that provide services and bill later, including many lawyers, doctors, and other professionals. “Financial institutions” include entities that offer accounts that enable consumers to write checks or make payments to third parties through other means, such as other negotiable instruments or telephone transfers.]
IE8's Cumbersome Privacy Controls May Discourage Use
Date CapturedMonday March 23 2009, 4:06 PM
Patricia Resende writes [Microsoft's new IE8 features follow a warning to Internet browser makers from the Federal Trade Commission to self-regulate privacy issues or face regulation. Microsoft came under fire for its Passport feature as the Electronic Privacy Information Center and 14 other groups asked the FTC in 2001 to force a revision of the security Relevant Products/Services standard on Passport. The groups alleged Microsoft violated the law by linking Windows XP with requests to sign up for Passport and misleading users to believe that Passport protected privacy when it instead tracked, profiled and monitored users.]
An Icon That Says They’re Watching You
Date CapturedThursday March 19 2009, 6:20 PM
NY Times Saul Hansell writes [Mr. Turow has developed a plan that is simpler and more comprehensive: Put an icon on each ad that signifies that the ad collects or uses information about users. If you click the icon, you will go to what he calls a “privacy dashboard” that will let you understand exactly what information was used to choose that ad for you. And you’ll have the opportunity to edit the information or opt out of having any targeting done at all. “I don’t think ‘Ads by Google’ is enough,’” he said. “The problem with the whole rhetoric Google is using is that it is designed to stop you from wanting to learn more and do something.” ]
Before the Federal Trade Commission Washington, DC 20580 In the Matter of Google, Inc. and Cloud Computing Services
Date CapturedTuesday March 17 2009, 6:48 PM
EPIC President Marc Rotenberg on Google and Cloud Computing [The recent growth of Cloud Computing Services signals an unprecedented shift of personal information from computers controlled by individuals to networks administered by corporations. Data breaches concerning Cloud Computing Services can result in great harm, which arises from the centralized nature of the services and large volume of information stored "in the cloud." Past data breaches have resulted in serious consumer injury, including identity theft. As a result of the popularity of Cloud Computing Services, data breaches on these services pose a heightened risk of identity theft. The FTC should hold accountable the purveyors of Cloud]
Behavioral Targeting: Not that Bad?! TRUSTe Survey Shows Decline in Concern for Behavioral Targeting
Date CapturedWednesday March 04 2009, 3:05 PM
Behavioral advertising still represents un-charted territory, without clearly applicable laws or regulations. In February, the Federal Trade Commission (FTC) published a set of guidelines (titled “Self-Regulatory Principles for Online Behavioral Advertising”) for companies collecting information on the actions of Internet users for the purpose of providing targeted advertising to them. The principles encourage self-regulatory action on the part of the companies themselves, specifically encouraging transparency and customer control, reasonable security and limited data retention for customer data. These principles have been criticized by privacy advocates, who assert that government should impose stricter laws rather than relying on companies to self regulate.
Cable Companies Target Commercials to Audience
Date CapturedWednesday March 04 2009, 2:53 PM
NY Times STEPHANIE CLIFFORD [Cablevision matches households to demographic data to divide its customers, using the data-collection company Experian. Experian has data on individuals that it collects through public records, registries and other sources. It matches the name and address of the subscriber to what it knows about them, and assigns demographic characteristics to households. (The match is a blind one: advertisers do not know what name and address they are advertising to, Cablevision executives said.) Advertisers can also give their existing customer lists to Experian, and Experian can make matches — so G.M., for example, could direct an ad based on who already owns a G.M. car. Advertisers are willing to pay premiums for ads that go only to audiences they have selected.]
YouTube's new 'nocookie' feature continues to serve cookies
Date CapturedTuesday March 03 2009, 3:20 PM
CNET -- Chris Soghoian says [ Those in the privacy community will likely pounce on this as evidence of Google's hypocrisy, while Google will likely respond by carefully parsing the definition of the phrase "non-session cookie" to not include Flash-cookie objects. Google might even even argue that its Flash-based cookies do not contain unique tracking information (something this blogger is unable to verify, since the Adobe Flash Manager only allows you to delete, but not view the contents of a Flash cookie). One thing is clear. YouTube has advertised a new delayed cookie feature, and stated that it "does not send a cookie until the visitor plays the video." That message is further reinforced by the fact that the new cookie-lite embedded video players are served from a different domain name, youtube-nocookie.com. Yet a user visiting a page that includes one of these "delayed cookie" videos still ends up with a long term, non-session Flash cookie hidden away in the depths of their browser. Technical definitions of "cookie" versus "Flash cookie" aside, YouTube's "delayed cookie" feature simply fails to deliver on the company's promises.] ]
Children's Online Privacy Protection Act of 1998
Date CapturedTuesday March 03 2009, 3:14 PM
TITLE XIII-CHILDREN'S ONLINE PRIVACY PROTECTION ***NOTE INCONSISTENCY BETWEEN DEFINITIONS OF PERSONAL INFORMATION AND PARENTAL CONSENT BETWEEN COPPA AND FERPA COPPA DEFINITION (LINK HAS FULL COPPA TEXT) (8) PERSONAL INFORMATION.—The term "personal information" means individually identifiable information about an individual collected online, including— (A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph. (9) VERIFIABLE PARENTAL CONSENT.—The term "verifiable parental consent" means any reasonable effort (taking into consideration available technology), including a request for authorization for future collection, use, and disclosure described in the notice, to ensure that a parent of a child receives notice of the operator's personal information collection, use, and disclosure practices, and authorizes the collection, use, and disclosure, as applicable, of personal information and the subsequent use of that information before that information is collected from that child.
Protect Your Kids’ Privacy Online
Date CapturedTuesday March 03 2009, 3:06 PM
The Children’s Online Privacy Protection Act – COPPA – gives parents control over what information websites can collect from their kids. Any website for kids under 13, or any general site that collects personal information from kids it knows are under 13, is required to comply with COPPA. The Federal Trade Commission, the nation’s consumer protection agency, enforces this law.
Center for Digital Democracy
Date CapturedFriday February 13 2009, 1:22 PM
FTC Online Privacy Guidelines Faulted
Date CapturedFriday February 13 2009, 1:11 PM
Business Week -- Douglas MacMillan -- [On Feb. 12, the U.S. Federal Trade Commission issued guidelines designed to give consumers more information about how advertisers collect and use data about their Web surfing habits. Among the recommendations: Every site that follows Web-use patterns to tailor marketing messages, a practice known as behavioral targeting, should spell out how it is collecting data and give consumers the ability to opt out of targeting. The report also urges sites to keep collected data "as long as is necessary to fulfill a legitimate business or law enforcement need," inform users of any changes made to privacy policies, and only collect sensitive personal data—such as financial and health records—in cases where the user opts in.]
The F.T.C. Talks Tough on Internet Privacy
Date CapturedThursday February 12 2009, 7:20 PM
NY Times - Saul Hansell -- [In another rather striking challenge to industry dogma, the commission rejected the idea that if an Internet site doesn’t collect a user’s name or other “personally identifiable information,” it isn’t a threat to the user’s privacy. Advertising companies have defended their systems by saying they only associate data with cookies, the random identifying numbers they place in the browsers of users, and with Internet Protocol addresses, the numbers used in routing information to specific computers. “This kind of information can be a key piece to identifying an individual,” Ms. Harrington said. Internet companies, she added, “should be really clear in telling the consumer what is being collected, treat that information with care and probably treat it as information that can be used to identify a user.” ]
Response to the 2008 NAI Principles: The Network Advertising Initiative’s Self-Regulatory Code of Conduct for Online Behavioral Advertising
Date CapturedThursday February 12 2009, 6:43 PM
[CDT believes the 2008 NAI Principles, while late in addressing new trends in the industry, demonstrate clear progress over the original code of conduct adopted in 2000. The transparency of the NAI’s revision and compliance process, the approach to sensitive information, and the coverage of advertising practices beyond behavioral advertising all represent important steps forward. While robust self-regulation in the behavioral advertising space does not obviate the need for a baseline federal privacy law covering data collection and usage of all kinds, the NAI has made advances in several areas, yielding what we hope will be better protections for consumer privacy. However, the 2008 NAI Principles still come up short in crucial respects including the opt-out choice requirement, the notice standard, the NAI member accountability model, the failure to address ISP behavioral advertising, the lack of a choice requirement for multi-site advertising, and the data retention principle. Some of these are outstanding issues that have existed within the NAI framework since its inception, while others are new concerns raised by the updates to the principles.]
FTC Staff Revises Online Behavioral Advertising Principles
Date CapturedThursday February 12 2009, 6:19 PM
The report discusses the potential benefits of behavioral advertising to consumers, including the free online content that advertising generally supports and personalization that many consumers appear to value. It also discusses the privacy concerns that the practice raises, including the invisibility of the data collection to consumers and the risk that the information collected – including sensitive information regarding health, finances, or children – could fall into the wrong hands or be used for unanticipated purposes. Consistent with the FTC’s overall approach to consumer privacy, the report seeks to balance the potential benefits of behavioral advertising against the privacy concerns it raises, and to encourage privacy protections while maintaining a competitive marketplace.
Ad groups to develop voluntary marketing privacy guidelines
Date CapturedWednesday January 14 2009, 7:46 PM
Daily News Alert - [The announcement of the joint effort took place on the same day that two consumer advocacy groups, the Center for Digital Democracy and the U.S. Public Interest Research Group, asked the FTC to investigate behavioral targeting practices aimed at users of mobile phones and requested regulations to make it easier for mobile phone users to control how information about them is used.]
Security In Numbers: Social Security Numbers and Identity Theft: A Federal Trade Commission Report Providing Recommendations On Social Security Number Use In the Private Sector
Date CapturedThursday December 18 2008, 5:57 PM
(December, 2008) Conclusion -- Since the creation of the SSN in 1936, the private sector increasingly has utilized it for various purposes – both as an identifier and an authenticator – because it is the only permanent, unique piece of information that most Americans have about themselves. The SSN’s use has expanded as organizations have adapted their business and record-keeping systems to utilize increasingly sophisticated automated data processing. The SSN has, over time, become an integral part of our financial system. As the private sector’s use of the SSN has grown, so too has its availability and value for identity thieves. The Commission believes that a number of actions could be taken to reduce the role of SSNs in identity theft, with emphasis on reducing the demand for SSNs by minimizing their value to identity thieves through improved authentication processes. Most importantly, the Commission recommends that Congress consider establishing national authentication standards for businesses that have consumer accounts and are not already subject to authentication requirements from other federal agencies. Because authentication can never be perfect, however, the Commission also recommends carefully targeted actions to limit the supply or availability of SSNs to identity thieves. Specifically, the Commission recommends that Congress consider prohibiting the display of SSNs on publicly-available documents, identification cards, and other materials that could potentially fall into the hands of identity thieves. The Commission also recommends that Congress set national safeguards and breach notification standards, because better-protected SSNs are less likely to fall into the hands of criminals. Finally, the Commission is committed to educating consumers on protecting their SSNs and businesses on reducing their use of SSNs, and recommends that the government and private sector entities explore information sharing and other cooperative efforts to achieve these goals. Together, these actions could substantially reduce the misuse of SSNs by identity thieves, while at the same time preserving the beneficial uses of SSNs in our economic system.
FTC Issues Report on Social Security Numbers and Identity Theft
Date CapturedThursday December 18 2008, 5:48 PM
The Federal Trade Commission issued a report today recommending five measures to help prevent Social Security numbers from being used for identity theft. Principal among the report’s recommendations is that Congress consider taking action to strengthen the procedures that private-sector organizations use to authenticate their customers’ identities. “Identity theft continues to be a major problem in this country, with victims numbering in the millions each year and out-of-pocket losses (primarily to businesses) in the billions of dollars,” the report states.
Privacy: On Doing No Harm
Date CapturedFriday December 12 2008, 1:22 PM
Privacy: On Doing No Harm -- by Steve Smith -- [The launch of the AT&T-backed Future of Privacy Forum last month (see our own interview with principal Joel Polonetsky here ) sparked discussion about how digital media should best address the debate. Matthew Wise, CEO, Q Interactive and former senior vice president of account services at Draft, is a member of the Interactive Advertising Bureau board who takes issue with some of the early statement by FPF members. Rather than start the debate over whether data is or should be collected, Wise argues here that the argument really should surround data's proper use.]
Federal Trade Commission Identity Theft Survery Report 2006
Date CapturedFriday June 27 2008, 7:43 PM
Executive Summary Identity theft (ID theft) is an issue that continues to plague consumers, businesses, and law enforcement. To provide greater insight into the prevalence and cost of ID theft, the Federal Trade Commission (FTC) has sponsored its second ID theft survey of US adults. The specific objectives of the survey were to: • Estimate the prevalence of ID theft victimization • Measure the impacts of ID theft on the victims • Identify actions taken by victims • Explore measures that may help victims of future cases of ID theft
Comments regarding the FTC Town Hall Meeting on Behavioral Advertising, Ehavioral Advertising: Tracking, Targeting, and Technology
Date CapturedMonday June 02 2008, 10:39 PM
By Center for Digital Democracy, Center for Democracy and Technology, Consumer Action, Consumer Federation of America, Privacy Rights Clearinghouse, Privacy Times, Public Information Research, World Privacy Forum:
Senate bill aims to address web safety
Date CapturedWednesday August 08 2007, 6:20 AM
eSchoolnews reports, "Under legislation introduced by Sen. Ted Stevens of Alaska, schools receiving telecommunications discounts would have to teach students about appropriate online behavior, and the FTC would be required to carry out a nationwide public-awareness campaign on internet safety for children."
Senate Asks FTC to Oversee Internet Safety
Date CapturedMonday August 06 2007, 8:06 PM
PC Magazine reports, "The measure, introduced by the chairman and ranking member of the Senate Commerce Committee, calls on the Federal Trade Commission (FTC) to oversee a government-directed public awareness campaign, directs the Commerce Department to establish an online safety and technology working group, requires schools that receive e-rate funding to include tutorials on the detriments of 'cyberbullying' and strengthens child pornography enforcement."
Frequently Asked Questions about the Children's Online Privacy Protection Rule
Date CapturedWednesday May 23 2007, 9:28 AM
The following FAQs are intended to supplement the compliance materials available on the FTC website.
Student Surveys: Ask Yourself Some Questions
Date CapturedSunday February 04 2007, 4:07 PM
Federal Trade Commission (FTC): If an organization asks you to distribute a survey to your students, the FTC recommends that you check to see if the survey form includes a privacy statement. If there is no privacy statement, you may want to think twice about distributing the survey. In any case, it is wise to know: who is collecting the information; how the information will be used; with whom the information will be shared; and whether students will have a choice about the use of their information



Back to Top of Page