« July 2009 | Main | September 2009 »

August 2009 Archives

August 5, 2009

Privacy Scorecard For The Obama Administration

"Privacy Scorecard for the Obama Administration" Lillie Coney, EPIC Associate Director Privacy Coalition Event National Press Club Washington, DC September 9, 2009

August 6, 2009

Senate Confirms Sotomayor for Supreme Court

The United States Senate voted 68-31 to confirm Judge Sonia Sotomayor to be an Associate Justice of the United States Supreme Court. The full Senate vote was held after the Senate Judiciary Committee approved her nomination, 13-6, at an executive business meeting on July 28, 2009. As a judge on the Second Circuit, Judge Sotomayor has ruled on various cases affecting privacy. EPIC has an extensive page on Judge Sotomayor's view on privacy and other related issues. For more information, see EPIC Sotomayor and Privacy.

August 7, 2009

Senators Consider PATRIOT Act Reforms

Senators Russ Feingold (D-WI) and Dick Durbin (D-IL) are drafting legislative reforms to revise the USA PATRIOT Act. The USA PATRIOT Act allows authorities to conduct surveillance without judicial review through the use of National Security Letters. The Senators asked the Attorney General and the Chairmen of the Senate Judiciary and Intelligence Committee to consider two previous bills that add protections to PATRIOT ACT. Pursuant to a EPIC lawsuit, a federal judge had ordered the Justice Department to provide for independent judicial inspection of documents relating to warrantless wiretapping. For more information, see EPIC USA PATRIOT Act, EPIC FISA, EPIC Wiretapping, and EPIC National Security Letters.

August 11, 2009

EPIC Urges Administration to Maintain Cookie Ban, Uphold Privacy

EPIC submitted comments to the Office of Management and Budget recommending that the existing ban on the use of cookies at federal government websites be maintained. The OMB is considering a policy change that will encourage tracking of users who visit government websites. EPIC also proposed several safeguards if the new framework on persistent identifiers is adopted. For more information, see EPIC Cookies and EPIC Privacy and Consumer Profiling.

August 12, 2009

EPIC Forces Disclosure of Government Contracts with Social Media Companies, Privacy Terms Missing

In response to an EPIC Freedom of Information Act Request, the Government Services Administration released several contracts between the federal government and web 2.0 companies, including agreements with Blip.tv, Blist, Google (YouTube), Yahoo (Flickr), and MySpace. EPIC also obtained amendments to agreements with Facebook, Slideshare.net, Vimeo.com, and AddThis.com. The contracts do not address the privacy obligations of social media companies. The GSA letter to EPIC explained that “no specific Web 2.0 guidance currently exists,” but provided EPIC with Training Slides that raise privacy issues. The GSA Agreement with Google actually states that, “to the extent any rules or guidelines exist prohibiting the use of persistent cookies in connection with Provider Content applies to Google, Provider expressly waives those rules or guidelines as they may apply to Google.” Some of the agreements also permit companies to track users of government web sites for advertising purposes. For more information see EPIC Social Network Privacy, EPIC Facebook, and EPIC Cloud Computing.

August 17, 2009

Canadian Privacy Commissioner's Deadline for Facebook Arrives, Some Changes are Made at the Social Network Company

In mid-July, the Canadian Privacy Commissioner released a report recommending several changes to Facebook's business practices. The Commissioner's Office advised the social networking firm to limit application developers' access to user information, and inform users specifically about the nature and use of shared information. The Office also said that deactivated account information should be deleted, and that the privacy policy be amended to include all intended uses of personal information. Facebook was given 30 days. Facebook updated its privacy policy last week and has asked application developers to respect user privacy settings. See also EPIC Facebook and EPIC Social Network Privacy.

August 21, 2009

FTC Issues Final Breach Notification Rule for Electronic Health Information

The Federal Trade Commission issued a final rule requiring breach notification by vendors of medical records and related entities. In June, EPIC submitted comments recommending that all entities handling electronic health records be subject to the regulation and that the FTC should establish a central location to track and announce breaches. The FTC modified the rule accordingly. EPIC had also recommended that information "accessed" be treated as "acquired", substitute media notices be used as supplemental notification, verification of data breach notices be required, minimum security standards be created, penalties for violations be assessed, and the creation of "safe-harbors" for de-identified data be opposed. The rule was mandated under the American Recovery and Reinvestment Act. See EPIC Medical Privacy and EPIC Identity Theft.

August 28, 2009

Following Canadian Investigation, Facebook Upgrades Privacy

The Canadian Privacy Commissioner issued a report last month raising concerns over Facebook business practices. The Office asked the social networking firm to cease the sharing of user information with application developers, clarify the policy on deactivation and deletion of accounts, protect the personal information of non-users, and "memorialize" the account of deceased users. In complying with the Commissioner's report, Facebook will include new notifications, update its Privacy Policy, and implement technical changes to enable more user control over information accessed by third-party applications. EPIC had previously raised similar concerns about the use of Facebook data by application developers. See also EPIC Facebook and EPIC Social Network Privacy.

Homeland Security Privacy Office Okays Suspicionless Seizure of Personal Information Stored on Digital Devices of US Citizens

The Department of Homeland Security released a Privacy Impact Assessment for searching electronic devices possessed by travelers, including US citizens, at US borders. The agency determined that laptops and cell phones are equivalent to briefcases and backpacks and granted itself broad authority to seize these devices from travelers and to copy stored data whether or not wrongdoing is suspected. The DHS policy fails to comply with the intent of the federal Privacy Act and leaves US citizens returning to the United States subject to surveillance by government and an enhanced risk of identity theft. See EPIC Traveler Privacy.

Trade Commission Prohibits Robocalls

The Federal Trade Commission is prohibiting commercial telemarketing calls to consumers after September 1, 2009. The agency amended the Telemarketing Sales Rule, which imposes a penalty of $16,000 per call, to cover sellers and telemarketers who transmit prerecorded messages to consumers who have not agreed in writing to accept such messages. The Telemarketing Rule is authorized under the Telemarketing and Consumer Fraud and Abuse Prevention Act. The new rule does not prohibit informational messages or calls by politicians, banks, telephone carriers, and charities. EPIC has urged the FCC to require strong privacy safeguards for telephone customers' personal information, and protect wireless subscribers from telemarketing. See also EPIC Telemarketing and Telephone Consumer Protection Act.

About August 2009

This page contains all entries posted to epic.org in August 2009. They are listed from oldest to newest.

July 2009 is the previous archive.

September 2009 is the next archive.

Many more can be found on the main index page or by looking through the archives.