|
|
Medical Privacy Makes List of
Top Ten Privacy Stories of 2000
December 28, 2000, Denver -- The phenomenal rise, and technological
sophistication, of workplace surveillance leads the list of the
Top 10 privacy stories of the year 2000, according to a Privacy
Foundation analysis.
Also in the Top 10 are proposed new medical privacy rules; the FBI’s
controversial use of the Carnivore email wiretap; DoubleClick’s
stalled plan to track consumers online; and the arrival of chief
privacy officers in corporate boardrooms.
"The rise of the Internet has sent a flood tide of privacy
concerns through business and society, and the waves are breaking
big-time in the workplace," said Stephen Keating, executive
director of the Privacy Foundation. "Two-thirds of major American
firms now do some type of in-house electronic surveillance, while
an estimated 27 percent of firms monitor email."
The Privacy Foundation has deployed a team of business, law and
technical researchers to study workplace surveillance issues and
will have more to report in the first quarter of 2001. Based at
the University of Denver, the Privacy Foundation is a non-profit
and non-partisan organization dedicated to research on privacy issues
and efforts to educate the public.
Following is a list of the Top 10 privacy stories for the year 2000,
as well as forecasts, and a partial list of source material.
1) Workplace Surveillance Heats Up: "Employees
are Toast"
2) Patient Privacy Rules
3) Carnivore Attacked
4) DoubleClick Unplugged
5) Rise of the CPO
6) Amazon.com Surveys the Data Mine
7) The Urge to Merge Financial Information
8) Wireless Privacy Battles Loom
9) Microsoft Crumbles on Cookie-Blocking
10) A New Kind of Public Record
The Top 10 Privacy Stories of 2000
1) Workplace Surveillance Heats Up: "Employees are Toast"
Millions of employees in the U.S. and worldwide are now subject
to electronic monitoring by employers – a stealthy trend fueled
by relatively cheap technology (like mini-surveillance cameras and
keystroke monitoring software) and employer paranoia about unauthorized
use of email and the Internet by employees. Two-thirds of major American
firms now do some type of in-house electronic surveillance, and 27
percent of all firms surveyed monitor email, according to the American
Management Association. Dozens of companies including Xerox, Dow Chemical
and The New York Times (and government agencies including the Central
Intelligence Agency) fired and disciplined employees in 2000 because
of alleged bad behavior in using the companies’ communications
networks. "Employees are toast," one chief privacy officer
told the Privacy Foundation, noting that employers have substantial
economic, legal - and now, technical - clout over employees in this
area.
LOOK FOR: "Workplace privacy rights" to become a negotiated
fringe benefit, with New Economy companies leading the way.
SOURCES:
More
U.S. Firms Checking Email , American Management Association,
4/14/00
Dow
Chemical Fires 24 [and disciplines 235] in Email Controversy,
CNET, 9/15/00
Big
Boss is Watching, Yahoo Internet Life, 10/00
Narcware,
Forbes, 5/1/00
TOP OF PAGE
2) Patient Privacy Rules
Widespread public concerns about disclosing personal medical information
to doctors and hospitals - for fear the records will end up in the
hands of databanks, insurance companies and prospective employers
- led to new federal rules proposed in late December. Six years in
the making, the revisions to the Health Insurance Portability and
Accountability Act (HIPAA) will oblige doctors to seek patient consent
to use medical records in routine matters, and give patients greater
access to their own records. The 1,553 pages of new patient privacy
rules, proposed by the U.S. Department of Health and Human Services,
will take two years and billions of dollars in private sector costs
to implement. In February, President Clinton signed an executive order
prohibiting the use of genetic information in federal employment practices.
The genetic screening issue is still unsettled in the private sector.
LOOK FOR: Changes and delays in the proposed patient privacy rules,
as health care lobbyists target Congress and the Bush Administration.
SOURCES:
Clinton's
Health Privacy Rules Await Congress' Perusal, Associated
Press, 12/21/00
$17.6 Billion over 10 Years to Protect Medical Files, Boston Globe,
12/21/00
President to Bar Genetic Discrimination, CNN, 2/8/00
TOP OF PAGE
3) Carnivore Attacked
Acknowledgment by the FBI of an email surveillance technology
named Carnivore set off alarm bells among privacy advocates, who called
for more public disclosures about Carnivore’s capabilities, and
restraint in its use. The FBI’s claim that Carnivore had only
been used 25 times, primarily in national security cases, did little
to allay concerns. Carnivore operates under existing wiretap laws
- laws that have been broadened through court orders to allow an estimated
two million phone conversations to be monitored annually by law enforcement.
A technical review of Carnivore, done by an Illinois institute that
was hand-picked by the U.S. Justice Department, was seen by critics
as a whitewash. The broad fear is that the FBI could use Carnivore
to tap the data pipes of Internet Service Providers and cast a wide
net for emails, not just those sent and received by the targets of
specific investigations.
LOOK FOR: Increased scrutiny of law enforcement surveillance technologies
by civil libertarian groups and activists.
SOURCES:
Carnivore
Eats Your Privacy, Wired News, 7/11/00
Critics
Blast FBI's First Release of Carnivore, CNET, 10/2/00
EPIC's
Carnivore Archive, Electronic Privacy Information Center
TOP OF PAGE
4) DoubleClick Unplugged
The merger of database marketer Abacus Direct with online ad company
DoubleClick hit front pages and sparked a federal investigation in
January 2000 when it was revealed that the company had compiled profiles
of 100,000 online users – without their knowledge – and
intended to sell them. The resulting outcry stymied the plan, which
was shelved later in the year as DoubleClick and combative chairman
Kevin O'Connor endured the steep decline among Internet ad stocks.
In the press and in the public square, the name "DoubleClick"
became synonymous with Internet privacy breaches. Nonetheless, the
matching of consumers’ web-surfing habits with traditional "offline"
personal data (name, address, income) remains a lucrative lure for
marketers. Avenue A and MatchLogic were two online marketers hit with
proposed class-action lawsuits alleging that they track customers
without permission.
LOOK FOR: The biggest online/offline direct marketing experiment
in history: the operational merger of AOL and Time Warner.
SOURCES:
DoubleClick Sued for Privacy Violations, CNN, 1/28/00
DoubleClick
Postpones Data-Merging Plan, CNET, 3/2/00
Kevin
O'Connor Gives People the Willies, eCompany, 10/00
Online
Ad Companies Hit With Privacy Suits, CNET, 9/22/00
TOP OF PAGE
5) Rise of the CPO
Microsoft, IBM, American Express and dozens of other firms, ranging
from the Fortune 500 to start-up e-commerce firms, created and filled
a new executive position called Chief Privacy Officer. With no clear
career path to the job, the first CPOs have backgrounds ranging from
law to marketing. Job duties are best described as Chief Flak Catcher,
heavy on public relations, with fledgling attempts to coordinate their
company’s strategic, legal and technical teams to protect consumers
– or at least enforce the company’s own posted privacy policies.
At the federal level, law professor Peter Swire wrapped up his two-year
tenure as the nation’s first chief privacy counselor to the president.
LOOK FOR: Certification programs for CPOs, as exemplified by Alan
Westin’s Privacy and American Business initiative, evolving
into graduate classes and degree programs at Universities.
SOURCES:
CPOs
Make Boardroom Debut, Infoworld 12/15/00
IBM Appoints Chief Privacy Officer, Computerworld, 11/29/00
Privacy and American Business
TOP OF PAGE
6) Amazon.com Surveys the Data Mine
Amazon.com, a bellwether of the Internet economy with 20 million
customers, changed its privacy policy in September to warn that customer
data will be considered a marketable asset if the company is ever
acquired, or sells off operations. The move, made as Amazon faced
scrutiny from Wall Street about its financial prospects, underscored
criticisms about the way that dot-com companies revise privacy policies
to capitalize on customer data. Several other high-profile cases made
the news in 2000. A company called Toysmart.com went bankrupt and
its customer database went up for auction – until the Federal
Trade Commission blocked the deal.
LOOK FOR: More civil lawsuits against Internet retailers for alleged
violations of privacy policies – and Congressional action in
2001.
SOURCES:
Privacy
Watchdogs Blast Amazon, Ecommerce Times, 9/14/00
Privacy
Groups Call Amazon Policy "Deceptive", CNET, 12/4/00
Toysmart.com:
Back in the Middle Again, The Standard, 8/18/00
TOP OF PAGE
7) The Urge to Merge Financial Information
The Gramm-Leach-Bliley Act went into effect in November, permitting
banks, brokerages and insurance companies under the same roof to share
customer information – and potentially share it with third parties
– provided that that they notify customers how confidential information
will be used and allow them to opt-out. An extension passed earlier
in the year gives financial institutions until July 2001 to comply
with the new rules. Privacy advocates complain that the act has loopholes
and does little to protect online transfer of information.
LOOK FOR: Consumer complaints about misuse of personal data by
financial institutions.
SOURCES:
Extension
Granted on Financial-Data Privacy Law, The Standard,
5/9/00
Sharing
Secrets, The Standard, 5/8/00
Gramm-Leach-Bliley
Key Provisions, Securities Industry Association
TOP OF PAGE
8) Wireless Privacy Battles Loom
New mandates for cell phone Emergency 911 service raised a host
of questions about wireless privacy in 2000 – and appear poised
to create a new wireless advertising industry. With tens of millions
of cell phones in use, the U.S. government is mandating the deployment
of location-sensing E911 service for cell phones in 2001. Just as
telemarketers exploited the ubiquity of wireline phone service, there
are a wide range of data-service providers and marketers eager to
piggyback on the new wireless technology to send text ads and discount
offers to cell phone subscribers.
LOOK FOR: Technology companies and federal regulators warding
off wireless spam by proposing an industry-wide "opt-in"
solution for consumers to receive text messages.
SOURCES:
Talking
About Wireless Privacy, The Standard, 12/18/00
Richard
Smith's Tipsheet on E911, Privacy Foundation
FCC Press Releases on E911,
Federal Communications Commision
TOP OF PAGE
9) Microsoft Crumbles on Cookie-Blocking
In the summer, Microsoft released a software patch for Internet
Explorer that would allow a computer user to automatically block third-party
cookies, which are small software files set on computer hard drives
by Internet advertisers. Facing grumbles from the online advertising
community, Microsoft backed off the patch, and instead will support
the P3P (Platform for Privacy Preferences) standard in the upcoming
Internet Explorer 6.0. P3P is a privacy dial that will allow users
to set privacy preferences for sites while web surfing. Earlier in
the year revelations that the National Drug Control Policy Office's
Anti Drug Web placed "cookies" on user's computers led to
an executive order banning cookies on federal websites.
SOURCES:
Microsoft
Offers Tracking Alert for IE 5.5, CNET, 7/20/00
Cookie
Patch Released for I.E. 5.5, CNET, 8/31/00
Microsoft
Looks for Consensus on Security, ZDnet, 12/7/00
Memo
on Federal Website Privacy Practices, 6/22/00
TOP OF PAGE
10) A New Kind of Public Record
The emails subpoenaed from Microsoft during its federal antitrust
trial, and the email traffic to and from Florida Gov. Jeb Bush sought
by the media during the 2000 presidential election controversy, are
just the beginning. In a variety of cases, computer server logs of
government agencies and schools were sought by the media, and by individuals,
as public records. Among the incidents: a county prosecutor’s
secretary, fired in Washington state, had her email traffic disclosed
to the media; in suburban Indianapolis, a school superintendent who
resigned had his alleged web-surfing activities published in the local
newspaper.
LOOK FOR: Fishing expeditions by the media, political opponents,
and activist citizens, seeking email and computer server logs through
public open record law requests.
SOURCES:
Superintendent Who Resigned Had Viewed Sexually Explicit Material on School
Laptop Computer, Topics.com, 10/27/00
Media
Examining Jeb Bush's E-Mails, About, 11/30/00
|
 |
 |
