EPIC DIGEST 04.17.01

---------------------------------------------------------------
EPIC DIGEST AT PRIVACY.ORG

EPIC-DIGEST is a weekly update of news, information, and action
items posted on privacy.org.

April 11-17, 2001

TOC------------------------------------------------------------

NEWS
Truste: Companies in Flux Should Hire Privacy Auditor  
Amtrak Sharing Rider Information, Profit from Seizures, with DEA  
HHS Will Implement Health Privacy Regulations  
Government Purchasing Personal Info from Private Sector  
Microsoft .Net Proposal Draws Fire  
FTC Trumps Trans Union in Credit Report Marketing Case  
Government Web Sites Still Using Cookies  
Advocate Crusades Against Spam  

ACTION
Support the Privacy Coalition's Privacy Pledge

NEWS-----------------------------------------------------------

Truste: Companies in Flux Should Hire Privacy Auditor

Truste, an industry privacy group, announced that companies undergoing a
merger, acquisition, or bankruptcy should hire an auditor to prevent
violations of privacy policies.

TRUSTe Guidelines on Personally Identifiable Information Uses in
Mergers, Acquisitions, Bankruptcies, Closures, and Dissolutions of Web
Sites, Truste Web Site. 
http://www.truste.org/bus/spotlight.html

Firms In Flux Should Seek Outside Privacy Counsel, Group Says,
Newsbytes, April 11, 2001. 
http://www.newsbytes.com/news/01/164411.html
---------------------------------------------------------------

Amtrak Sharing Rider Information, Profit from Seizures, with DEA

Amtrak is providing the DEA with ticketing information about passengers
in an effort to stem the flow of illegal drugs. DEA agents have direct
access to an Amtrak computer that contains information on passenger
names, origination points, destinations, and payment information. In
exchange for access to the database, Amtrak receives 10% of whatever
seizures the DEA makes using the information.

Amtrak Helps DEA Hunt Drug Couriers, Albuquerque Journal, April 11,
2001. 
http://www.abqjournal.com/news/301438news04-11-01.htm

Amtrak shares passenger info with DEA for drug prosecutions, Declan
McCullagh's politechbot.com, April 11, 2001.
http://www.politechbot.com/p-01909.html

Your Rights Online: Keeping DEA In The Loop About Amtrak Travelers,
Slashdot, April 15, 2001. 
http://slashdot.org/yro/01/04/16/0147238.shtml

Amtrak 'Sharing' Information With D.E.A., New York Times, April 15, 2001
(registration required).
http://partners.nytimes.com/2001/04/15/weekinreview/15BOXA.html
---------------------------------------------------------------

HHS Will Implement Health Privacy Regulations

The Department of Health and Human Services (HHS) has announced that
federal health privacy regulations will take effect on April 14, 2001,
as previously scheduled. Previous reports indicated that HHS Secretary
Thompson would delay or weaken the protections. Instead, changes in the
regulation will be made after its implementation.

President Bush's Statement on HIPAA Medical Privacy Regulations, White
House Web Site, April 12, 2001.
http://www.whitehouse.gov/news/releases/2001/04/20010412-1.html

Statement by HHS Secretary Tommy G. Thompson Regarding the Patient
Privacy Rule, HHS Web Site, April 12, 2001.
http://www.hhs.gov/news/press/2001pres/20010412.html

Medical Privacy Rules to Take Effect, CNN.com, April 12, 2001.
http://www.cnn.com/2001/HEALTH/04/12/medical.privacy/index.html?s=2

Bush Won't Delay Medical-Privacy Rules, New York Times, April 12, 2001
(registration required).
http://www.nytimes.com/aponline/national/AP-Health-Privacy.html

Privacy Coalition Letter to HHS Secretary Tommy Thompson, Privacy
Coalition Web Site. 
http://www.privacypledge.org/hipaa.html

Text of Medical Privacy Regulations, HHS OCR Web Site.
http://www.hhs.gov/ocr/hipaa/index.html

Health Privacy Project Web Site. 
http://www.healthprivacy.org/
---------------------------------------------------------------

Government Purchasing Personal Info from Private Sector

The FBI, IRS, and numerous other agencies are purchasing personal
information from private-sector brokers such as Choicepoint and
Lexis-Nexis. The information includes personal assets, aliases,
birthdate, social security number, addresses, driving records, phone
numbers, and other information. Government agencies purchase this
information from outside sources in order to evade internal policies and
the Privacy Act of 1974.

FBI turns to private sector for data, MSNBC.com (WSJ), April 13, 2001.
http://www.msnbc.com/news/558876.asp?cp1=1

FBI's Reliance on the Private Sector Has Raised Some Privacy Concerns,
Wall Street Journal, April 13, 2001 (subscription required).
http://interactive.wsj.com/articles/SB987107477135398077.htm

How Choicepoint serves up your personal info to the FBI, Declan
McCullagh's politechbot.com, April 13, 2001.
http://www.politechbot.com/p-01917.html

ChoicePoint Online for the FBI, Choicepoint Web Site.
http://www.cpfbi.com

Choicepoint Online for the INS, Choicepoint Web Site.
http://www.cpins.com/

Choicepoint Online for HUD, Choicepoint Web Site. http://www.cphud.com/

Choicepoint Online for the Government, Choicepoint Web Site.
http://www.cpgov.com
---------------------------------------------------------------

Microsoft .Net Proposal Draws Fire

Microsoftąs .Net system calls for consumers to store their data in a
central database on the companyąs computers. While Microsoft has urged
consumers to trust their data with the company, Microsoft has lobbied
against privacy legislation that would extend consumers rights in law.

In Microsoft Do You Trust?, Interactive Week, April 16, 2001.
http://www.zdnet.com/intweek/stories/news/0,4164,2707840,00.html
---------------------------------------------------------------

FTC Trumps Trans Union in Credit Report Marketing Case

An appeals court has upheld an FTC order compelling Trans Union to stop
using consumer report data for marketing. Trans Union, one of the major
credit reporting agencies, was selling targeted marketing lists of
persons who recently received automobile loans, mortgages, and credit
cards. The company claimed a First Amendment right in using this
information for marketing purposes.

Trans Union v. FTC, PACER.
http://pacer.cadc.uscourts.gov/common/opinions/200104/00-1141a.txt

Financial Privacy, Tech Law Journal Daily Report, April 16, 2001.
http://www.techlawjournal.com/alert/2001/04/16.asp

Credit Firm Told to Stop Selling Data, Washington Post, April 17, 2001.
http://washingtonpost.com/wp-dyn/articles/A24939-2001Apr16.html
---------------------------------------------------------------

Government Web Sites Still Using Cookies

Preliminary results from a congressional report shows that government
web sites are still employing cookies, contrary to a Clinton
administration rule banning the practice. The report examines 16
agencies, and shows that 64 federal web sites plant cookies on usersą
hard drives. The report is being conducted by the Inspector General
Office.

Report: Online privacy not protected, Nandotimes (AP), April 16, 2001.
http://www.nandotimes.com/technology/story/0,1643,500473969-500727151-504111916-0,00.html

Senator Raises Privacy as Federal Web Site Issue, New York Times, April
17, 2001 (registration required).
http://www.nytimes.com/2001/04/17/technology/17PRIV.html
---------------------------------------------------------------

Advocate Crusades Against Spam

This story details the activities of David Ritz, a crusader against
unsolicited commercial e-mail. Ritz is one of a number of activists that
attempt to free the net from spam, especially as the unwelcome e-mail
clogs Usenet groups.

Lone Guns Set Sites on Spam, Los Angeles Times, April 16, 2001.
http://www.latimes.com/business/cutting/lat_spam010416.htm


ACTION---------------------------------------------------------

Support the Privacy Coalition's Privacy Pledge

The Privacy Coalition, a nonpartisan coalition of consumer, civil
liberties, educational, library, labor, and family-based groups
unveiled the Privacy Pledge last week.  The Pledge calls upon
legislators to promulgate laws that effectively protection
personal privacy.

The Privacy Pledge 
http://www.privacypledge.org/
---------------------------------------------------------------

Privacy.org is a joint project of the Electronic Privacy
Information Center (http://www.epic.org) and Privacy
International (http://www.privacyinternational.org). For more
information, e-mail Chris Hoofnagle at digest-editor@privacy.org.
---------------------------------------------------------------

How to unsubscribe from EPIC-DIGEST:

You can leave the EPIC-DIGEST by entering the subscription e-mail
address at http://www.privacy.org/digest.php and selecting
"unsubscribe." Or, you can send a blank e-mail message to
EPIC-DIGEST@lists.epic.org from the subscribed address with the
following text in the subject line: unsubscribe

If you experience difficulty with subscription issues, send a
message to digest-editor@privacy.org.
---------------------------------------------------------------

EPIC-DIGEST Privacy Policy: http://www.privacy.org/privacy.php
---------------------------------------------------------------
END EPIC-DIGEST