A Call for a Federal Office to Guide Online Privacy

/867aca44&sn1=d81fa373/98b77b32&camp=foxsearch2010_emailtools_1225563c_nyt5&ad=127hrs_120x60_GG&goto=http%3A%2F%2Fwww%2Efoxsearchlight%2Ecom%2F127hours" target="_blank">

A Commerce Department task force called for the creation of a “Privacy Bill of Rights” for online consumers and the establishment of an office within the department that would work to strengthen privacy policies in the United States and coordinate initiatives with other countries.

The department’s Internet Policy Task Force, in a report released on Thursday, said the “Privacy Bill of Rights” would increase transparency on how user information was collected online, place limits on the use of consumer data by companies and promote the use of audits and other forms of enforcement to increase accountability.

The new protections would expand on the framework of Fair Information Practice Principles that address data security, notice and choice — or the privacy policies many users agree to on Web sites — and rights to obtaining information on the Internet.

“The simple concept of notice and choice is not adequate as a basis for privacy protections,” said Daniel J. Weitzner, the associate administrator for the office of policy analysis and development at the Commerce Department’s National Telecommunications and Information Administration.

Consumer and privacy advocates said they were encouraged by the idea to expand on the fair practice principles. The report comes at a time when Internet privacy is a big priority in Washington with the release of a similar report by the Federal Trade Commission this month, the establishment of a White House subcommittee on privacy and Internet policy and the pending revision of the privacy directive of the European Union.

The F.T.C., in its report on online privacy this month, also called for improvements to the practice principles, but focused on installing a “do not track” mechanism that would allow computer users to opt out of having their information collected surreptitiously by third-party companies.

That recommendation caused concern in the online advertising industry, which has said that such a mechanism would hamper the industry’s growth and could potentially limit users’ access to free content online.

The task force report made little mention of a “do not track” option, but its members did recommend the creation of voluntary codes of conduct that would address emerging technologies and issues not covered by an expanded set of practice principles. The codes would be created by technology companies in the industry and would be approved by the Federal Trade Commission.

The new Privacy Policy Office proposed by the task force would work with the administration, the F.T.C. and other agencies on issues surrounding international and commercial data privacy issues. The office would not have enforcement authority.

“America needs a robust privacy framework that preserves consumer trust in the evolving Internet economy while ensuring the Web remains a platform for innovation, jobs and economic growth,” the commerce secretary, Gary F. Locke, said in a statement. “Self-regulation without stronger enforcement is not enough. Consumers must trust the Internet in order for businesses to succeed online.”

During a conference call after the announcement, however, representatives from the World Privacy Forum, the Consumer Federation of America and other organizations said they were concerned that a privacy policy office would be part of the Commerce Department and not an independent agency.

The report recommends that the F.T.C. remain the lead enforcement agency for consumer privacy issues. It also recommends that the United States continue to discuss privacy frameworks with other countries.

“Today’s report is a road map for considering a new framework that is good for consumers and businesses,” Mr. Locke said. “And while our primary goal is to update the domestic approach to online privacy, we are optimistic that we can take steps to bridge the different privacy approaches among countries, which can help us increase the export of U.S. services and strengthen the American economy.”

Mike Zaneis, the senior vice president and general counsel at the Interactive Advertising Bureau, said he was encouraged by the report. “It gives us an opportunity as an industry to prove that we can continue to move the ball forward on consumer privacy,” Mr. Zaneis said.

According to a statement issued by the department, global online transactions are estimated at $10 trillion a year. Data from a 2009 study commissioned by the Interactive Advertising Bureau reported that interactive ads were responsible for $300 billion of economic activity annually.

The department will seek comment on the report through Jan. 28 and will publish questions from the report next week. No date has been set for the publication of final recommendations.

View the original article here

Federal government moves forward with 'cloud-first' plan for new technology

The General Services Administration's decision last week to move its e-mail program to a Web-based system modeled on Google's popular Gmail program is part of a major government drive to increase federal use of cloud computing.

The GSA is the first federal agency to make the Internet switch, and its decision follows the Office of Management and Budget's declaration last month that the government is now operating under a "cloud-first" policy, meaning agencies must give priority to Web-based applications and services.

Government information-technology contractors, many of them based in the Washington area, have been anticipating the shift for months, trying to position themselves for future work.

The Obama administration has said that cloud computing will allow more people to share a common infrastructure, cutting technology and support costs. But some technologists have warned that Web-based software may not be as secure as systems built for a dedicated purpose. And the programs often depend on stable network connections.

The push for Web-based computing is part of a broader government effort to consolidate its 2,100 data centers by at least 40 percent by 2015.

Last week, GSA announced its decision to adopt Google's e-mail system as part of its decision to award a $6.7 million, five-year task order to Unisys, a Pennsylvania-based contractor that has an extensive local presence. Unisys is partnering with Google, Tempus Nova and Acumen Solutions to deploy and manage the system.

Casey Coleman, GSA's chief information officer, said the urgency to shift to cloud-based e-mail was because its in-house program depended on servers that were six years old, making it hard to find replacement parts.

"We have experienced some situations where it has come close to an outage that we could not afford to have," she said.

Under the contract, GSA will migrate 17,000 e-mail accounts to the cloud. The new system is projected to cost about half as much as the existing one to manage, Coleman said. In addition, the new system will be easier to upgrade.

Michael Bradshaw, director of Google Federal, said GSA users will see some similarities between their federal e-mail and Google's consumer Gmail, which should shorten the learning curve when the new software is introduced.

Federal officials said they hope that GSA's shift will encourage more federal organizations to embrace cloud computing for e-mail and other applications. Cloud-focused contractors, whose numbers continue to grow, are also hoping that the move results in more business.

Unisys, for instance, has had a federal cloud strategy in place for several years, said Venkatapathi "PV" Puvvada, the company's vice president and managing partner for civilian agencies.

"This positions us for other cloud-based opportunities," he said.

View the original article here

Concerns raised over federal workers' health care database

performance, said reducing annual premium growth by 0.1 percent for three consecutive years would save the FEHBP $1.25 billion over 10 years. The agency, on average, picks up 70 percent of the cost of premiums; workers pay the rest.

But privacy advocates aren't assuaged. They note that the data collected by OPM will include names, birthdates and other personal identifying information. In addition, they say it's unnecessary for OPM to set up its own database, since insurers already store health information.

"One of the big concerns here is the duplication," said Chris Calabrese, legislative counsel to the ACLU. Calabrese would rather see OPM use a "pointer system" to locate the information it needs. "Instead of having all the information in one database, if you want info on Patient 'X' a?¦ go directly to the record source," he said.

OPM officials counter that the privacy concerns are overblown. The senior OPM official said researchers won't be permitted to see personal identifiers. The agency had said earlier that the health data could be subject to the "routine uses" that apply to most federal databases under the Privacy Act of 1974. That means the records could be pulled by law enforcement officials in a criminal investigation or used in a congressional inquiry. Now, the official said, the agency is considering narrowing the list of agencies that would be granted special access to its records. Within OPM, the data will only be made available to analysts with the proper clearances, the official said.

In addition, the OPM official said asking insurance companies to independently analyze their own data would defeat a key purpose of the database - which is to compare health plans. For example, one health plan might charge more than another for prescription drug programs and the data might help OPM decide whether to drop one pharmacy benefits manager in favor of another. About 30 percent of FEHBP's spending goes for prescription drugs.

OPM's plans aren't unprecedented - TRICARE, the military's health care program, has data on its participants, and the federal Centers for Medicare and Medicaid Services keeps information on Medicare beneficiaries. But TRICARE, Medicare and Medicaid are public health programs; OPM's database will be collecting health information from private plans. The California Public Employees' Retirement System maintains a database on the private health plans it manages. OPM's project would be similar.

Kaiser Health News (www.kaiserhealthnews.org) is an editorially independent news service of the Kaiser Family Foundation, a nonpartisan health care policy organization that isn't affiliated with Kaiser Permanente.

View the original article here