PUBLICATIONS & RESOURCES
The OMB's Federal Enterprise Architecture Security and Privacy Profile mentioned in our article entitled "OMB Issues Guide to Security and Privacy" is available at http://cio.gov/documents/FEA%20Security%20Profile%20Phase%20IFINAL07-29-04.doc
A new study, conducted by Pam Dixon of the World Privacy Forum, states that professional job search web sites are not the only ones violating privacy laws, even some internship and scholarship web sites may be breaking the rules in their collection of personal information. The study raises questions regarding possible privacy violations such as distribution of information to third parties and specifically cites web sites USAJOBS.gov, FastWeb.com and Eliyon.com. http://www.michigandaily.com/vnews/display.v/ART/2003/11/13/3fb320e3dc262
The Information and Privacy Commissioner/Ontario and Deloitte & Touche have issued a joint report entitled "The Security-Privacy Paradox: Issues, Misconceptions, and Strategies." The report includes sections on the "Overlaps Between Security and Privacy," "The Economics of Privacy,""Are Privacy and Security One and the Same?," "Roadmap for Successful Strategies." Ordering information is available online at www.ipc.on.ca.
Privacy Journal has published the latest supplement to its Compilation of State and Federal Privacy Laws, which shows a huge increase in state anti-spam and Do-Not-Call (DNC) telemarketing laws. According to Privacy Journal, a total of 34 states have passed new laws limiting bulk electronic-mail advertising. The Supplement notes 26 state laws requiring telemarketers to consult a state-maintained DNC list and shows additional state privacy laws prohibiting discrimination based on genetic testing or punishing ID theft. Ordering information for Privacy Journal's book and 2003 supplement is available by contacting 401-274-7861 or online at: http://www.privacyjournal.net
The Direct Marketing
Association's 2002 Statistical Fact Book assesses the state of the multi-faceted
direct marketing industry, including the impact of new technologies. The Fact
Book aims to broaden awareness of the many aspects of the direct marketing industry
and provide statistical support to help marketers become more effective. The
Book is organized into the following broad categories:
The Fact Book provides some overall statistics about each particular category, such as average salary, in addition to almost 500 charts and their sources. Detailed Table of Contents and Topic and Source Contact Indexes make the 300+ page Fact Book easy to navigate. For more information, visit the Direct Marketing Association's Web site at: http://www.the-dma.org.
Ernst & Young has
created a P3P Dashboard to illustrate the current P3P-adoption rates of the
top 100 and top 500 domains visited by U.S. Internet users. The Web sites chosen
for review are based on the comScore Media Metrix "netScore" list of the top
500 most trafficked Web sites for July 2002. The P3P Dashboard also uses comScore's
domain segmentation to report on adoption rates by the major categories of Web
sites represented. The Dashboard indicates the level of P3P adoption by domain
category and whether there was an increase in adoption in that category in the
latest month. E&Y's first monthly report was issued in August 2002. The October
2002 results show that 26% of the top 100 Web sites and 18% of the top 500 Web
sites are P3P enabled. By domain category, P3P adoption was found in 11% of
the 27 Finance and Investing Web sites, 24% of the 33 Reference and Directories
Web sites, and 17% of the six Health sites reviewed. Increases in P3P adoption
from September occurred in the following categories:
one of the authors of P3P, has recently published Web Privacy with P3P,
to introduce the Platform for Privacy Preferences standard, encourage P3P adoption
by Web sites, and educate consumers about online data privacy. Web Privacy
with P3P is written for a widespread audience, including privacy advocates,
webmasters, software developers and other technologists, policymakers, and individuals
concerned about online privacy. The book is written in four parts:
American Express' Consumer Affairs division has published a brochure to educate consumers about identity theft. Identity Theft: Reduce Your Risk lists the most common causes of identity theft, tips for preventing it, and the important steps to take once an identity theft occurs. The brochure is particularly helpful in that it includes phone, online, and, in some cases, mailing address contact information for the three major credit bureaus (Equifax, Experian, and Trans Union), federal government agencies and non-profit organizations that can provide additional information to consumers and assist identity theft victims. This contact information is also consolidated on a detachable rolodex card that consumers can file for future reference. Identity Theft: Reduce Your Risk was developed in cooperation with the Privacy Rights Clearinghouse, the Identity Theft Resource Center, and the Federal Trade Commission. For additional information or to request a brochure, write to: American Express Company Att: Donita Mitchell 801 Pennsylvania Avenue, NW, Suite 650 Washington, DC 20004.
The Telemarketing Law Guide is a compilation of the laws and regulations that primarily govern the telemarketing industry. The one-volume loose-leaf reporter contains sections covering all 50 states, the District of Columbia, and the federal government. For each jurisdiction, the Guide opens with a general overview that explains what entities are covered by the jurisdiction�s telemarketing laws, what organizations those laws exempt, and other important details, such as registration requirements, time restrictions, and whether the state possesses a "do-not-call" list. The Guide goes on to include the text of the most important laws and regulations affecting the telemarketing industry. The Guide also contains sections on new legal developments affecting telemarketing, including the text of recent court cases, and on administrative decisions. Finally, subscribers receive quarterly updates, keeping them informed of changes and developments to laws affecting telemarketing. The Telemarketing Law Guide is published by CCH, a respected publisher well known for its tax and legal reference materials. Ordering information is available at: http://www.cch.com.
The 2002 edition
of Privacy Journal's Compilation of State and Federal Privacy Laws is
a comprehensive resource that reflects the multiple and diverse privacy protections
that are available at the state and federal levels in the U.S. As the nation's
only single source of information about confidentiality statutes, the Compilation
contains citations and descriptions of state and federal laws relating to privacy,
surveillance and data collection. The laws are organized into categories, such
as "Bank and Financial Records," "Social Security Numbers," and "Mailing Lists."
For easy reference, a chart illustrates which states have laws applicable to
each category and whether federal law applies. The Compilation is meant
for a broad audience, including lawyers, policymakers, consumers, journalists
and the business community. The 2002 edition features a new chapter on identity
theft as well as new laws relating to genetic testing and video surveillance.
The Compilation also includes the following:
As part of efforts to promote a "culture of security," the FTC has added an information security section to its Web site to provide information about computer security and safeguarding personal information. The site features "Dewie the e-Turtle," who always wears his 'security shell' when using the Internet. While primarily geared towards consumers and children, the site does contain a Business Information page, which includes tips on e-mail marketing, maintaining secure networks, and complying with the Gramm-Leach-Bliley Act and the Children's Online Privacy Protection Act. A special Resources section provides links to other government agency and non-profit Web sites that offer useful information regarding cybersecurity. The FTC's Consumer Information Security page may be accessed at: http://www.ftc.gov/bcp/conline/edcams/infosecurity/index.html.
In its second edition,
Web Security, Privacy & Commerce examines threats to consumer online
security and privacy and discusses ways that users can protect themselves while
using the Internet. Web Security was written by Simson Garfinkel with
Gene Spafford and published by O'Reilly & Associates in January 2002. As use
of the Internet has increased, particularly from an economic standpoint, so
have the vulnerabilities of computers, networks, and the personal information
that flows through them. Web Security, Privacy & Commerce speaks to three
In October 2001, Bruce Kasanoff's Making It Personal: How to Profit from Personalization without Invading Privacy was published by Perseus Publishing. Targeted at members of the business community, Making it Personal discusses ways in which technology is changing the relationships between companies and individuals, both internally and externally. Kasanoff offers personalization as the new business model and the most effective way for businesses to protect privacy and manage the flood of personal data collected by new and powerful technology. Making It Personal gives the reader an overview of the privacy invasive practices of traditional firms, frames the debate over national data protection legislation, and promotes the principles of Fair Information Practices as a useful guide for companies working to respect the privacy of individuals. To underscore his belief that privacy is the natural byproduct of healthy business relationships, Kasanoff provides an additional set of guidelines to show companies how to go about earning the loyalty of customers and employees and why privacy is a valuable investment. 217pp. Ordering information is available at www.perseuspublishing.com.
The May 2002 Edition of the Freedom of Information Act Guide & Privacy Act Overview, prepared by the U.S. Department of Justice, Office of Information and Privacy's attorney staff, is now available. Further information may be accessed at:http://www.usdoj.gov/04foia/index.html.
John Wiley & Sons, Inc. has recently published two books that address privacy in the computing age. World Without Secrets: Business, Crime and Privacy in the Age of Ubiquitous Computing by Richard Hunter looks, in part, at the use of technology in such areas as data mining and law enforcement. Biometrics: Identity Verification in a Networked World by Samir Nanavati, Michael Thieme, and Raj Nanavati introduces biometrics and the growing use of authentication technologies in society. This book is aimed at helping professionals make informed decisions about the role that biometrics can play in their organizations. More information on both books is available at: http://www.wiley.com.
Thompson Publishing Group, Inc. offers Workplace Privacy: Real Answers and Practical Solutions by David M. Safon, Esq. Though published in 2000, this resource is valuable in helping companies understand state and federal laws that address the competing rights of employer monitoring and employee privacy. For more information, e-mail email@example.com.
The National Consumer Law Center, a nonprofit corporation that assists consumers, advocates, and public policy makers nationwide, publishes a 16-title Consumer Credit and Sales Legal Practice Series, designed to be an attorney's primary practice guide and legal resource. The manuals are updated annually and are accompanied by a CD-Rom. The 1998 Fourth Edition and 2001 Supplement and CD-Rom of the Fair Credit Reporting Act manual are currently available for $110. For more information visit http://www.consumerlaw.org or call 617-523-8089.
Social Law Library Web site provides research materials, training and services to the judiciary and practicing bar of Massachusetts. The Social Law Library is a member-managed, dues-supported legal research institution. The Web site features a Link of the Week, and the PrivacyExchange Web site was chosen for the week of February 4-10, 2002. Available at http://www.sociallaw.com/
The DMA has established a Safe Harbor Program to assist those companies that wish to comply with the Safe Harbor enforcement requirements by providing an independent third-party dispute resolution mechanism. The program is available to DMA members and European consumers at no cost. The DMA has also developed educational materials for companies and consumers interested in finding out more about the Safe Harbor framework and the DMA Safe Harbor Program. For more information visit http://www.the-dma.org/safeharbor/
The Health Insurance
Association of America (HIAA) has published The
2001 Conference Proceedings are available on the
If you would like
a new privacy publication or resource to appear in the