Congress, FTC Look at Online Privacy

A new buzz phrase is emerging in this area called, “privacy by design” which is thoroughly considered by the Information Law Group in this post.  Here are some highlights:

• Know how and when your business interacts with consumers and the implications on the privacy of the information they provide
• Consider the demographic of your company’s products or market – certain segments will be more concerned about privacy protections than others
• Stay abreast of what the FTC and Congress is doing in this area as it’s pretty fluid right now
• Keep in mind data collection, security and retention when drafting the appropriate policies

WSJ – Facebook sharing IDs with Apps

Back in December I posted about Facebook’s weak attempt to prevent third party applications like Farmville and other online games from sharing personal information.  Here is what I wrote then:

““Blocked Applications

You have blocked the following applications. This means they cannot access any information about you or contact you. They may still appear on your friends’ profiles. This option is available from the Requests page. If you want to remove the block for any of these applications, click remove.”

What does “they” mean?  That the application I blocked will still be associated with me on my friends page?  Doesn’t that mean that this information is still publicly available?”

Walls Street Journal Uncovers Similar Problem Today:

“Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.”

Breach Risk?

The companies who receive this “identifying information” claim that they don’t store or share this information with third parties.  Even if that’s  true, how easy is it for data mining companies to gather this information independently?  Can Facebook guarantee that it’s transmitting this information in a completey secure fashion?

Google’s privacy policy improvements

This post explains how Google has made its privacy policy more readable by trimming out the extraneous bits, creating a privacy tools page and FAQ are all positive moves.  However, it’s disappointing that the Google lawyer doesn’t spell out what Google is attempting to achieve with it’s privacy policy which is hopefully to build trust with Google users about how their information is protected.

Google Settles “Buzz” lawsuit for $8 million

Earlier this year I posted about this lawsuit.  Seems like Google took it pretty seriously, agreeing to donate more than $8 million to various educational and privacy non-profits.

Debt collectors & social media – privacy issues?

Social networking reaches its tentacles through so many areas of commercial life that increasingly rules about business use of social networking is coming under greater scrutiny

Whats the line for debt collectors?

Right now this is a subject of debate in the industry.  If a debt collector is just trolling for location information, its probably not a violation under the Fair Debt Collection Practices Act but if they are seeking private information (friending someone on Facebook?) that could be a problem.

New HITECH rules broaden HIPAA reach

According to the great team at Information Law Group, the new proposed HITECH rules, broaden the concept of business associates who are required to comply with HIPAA.  They cite as an example, a company hired to shred documents including medical records would be required to comply with the applicable requirements of HIPAA’s Security Rule.

Proposed rules make written policies and procedures critically important

If a covered entity under HIPAA gets investigated and can’t point to written policies and procedures about handling disposal of hardware or requests from individuals to restrict the use and disclosure of his or her protected health information, then this could be viewed as “willful neglect” and subject the entity to a higher category of civil penalties.

More on privacy

After Senator Schumer and others requested the FTC step into the debate over Internet privacy what with the ongoing Facebook defaults for sharing private information, the agency has said it will be developing Internet privacy “framework.” 

Will it have any teeth?

More trouble for Google over “Buzz”

11 lawmakers have requested that the FTC launch an investigation into Google Buzz for breaching consumer privacy.  In one flagrant example of the breach a nine year old girl unintentionally shared her contact list with someone with a sexually “charged” username.

Netflix calls off million dollar contest sequel

Netflix was so thrilled by the results of its first online contest offering a million dollars to people who figured out how to improve the service’s movie recommendation algorithm, that they announced a follow-up contest.  However, a lawsuit and FTC investigation revealed that Netflix gave the folks participating in the contest access to some member rental history to see what ways they could improve their suggestions. 

The lawsuit by a closeted lesbian whose rental history was revealed (I’m guessing without her consent) sued claiming that she could be identified by her rental history and that the disclosure of her closeted status could impact her kids at school.  Thus, Netflix announced it would be cancelling the contest much to the disappointment to all those who want to be millionaires.

Social networking privacy – no big deal?

Here is an article by Declan McCullagh who basically subscribes to Mark Zuckerberg’s view of privacy which is that people have grown more comfortable with more self-disclosure on the Internet.  He backs this claim up by citing how people have accepted social networking websites and technologies without complaint.  But I think this is a misleading view of how people feel about privacy.

Have people gotten comfortable with their banks adding fees for ATM transactions?  Millions use their cards and incur these fees.  Therefore they must be “comfortable.”  I would argue that acceptance of the downside to new technology is different than comfort.  When people get burned by identity theft or having personal information actually used against them, they aren’t likely to respond with indifference.  People will still react powerfully and perhaps incoherently to actual invasions of their privacy which is why they need to be actively engaged in setting privacy settings and standards.