From privacy@cv.vortex.com Fri Oct 9 03:32:10 1992 Return-Path: Received: from cv.vortex.com by csrc.ncsl.nist.gov (4.1/NIST) id AA28029; Fri, 9 Oct 92 03:31:44 EDT Posted-Date: Thu, 8 Oct 92 23:49 PDT Received-Date: Fri, 9 Oct 92 03:31:44 EDT Received: by cv.vortex.com (Smail3.1.26.7 #2) id m0mdEAP-0001YWC; Thu, 8 Oct 92 23:49 PDT Message-Id: Date: Thu, 8 Oct 92 23:49 PDT From: privacy@cv.vortex.com (PRIVACY Forum) Subject: PRIVACY Forum Digest V01 #22 To: PRIVACY-Forum-List@cv.vortex.com Status: RO PRIVACY Forum Digest Thursday, 8 October 1992 Volume 01 : Issue 22 Moderated by Lauren Weinstein (lauren@cv.vortex.com) Vortex Technology, Topanga, CA, U.S.A. ===== PRIVACY FORUM ===== The PRIVACY Forum digest is supported in part by the ACM Committee on Computers and Public Policy. CONTENTS More on credit reports etc. for sale (Bruce Jones) Genetic Infomation and Privacy (Gary Chapman) Personal Data Law approved in Spain (Rafael Fernandez Calvo) Sacramento, CA privacy conference (Bruce R. Koball) *** Please include a RELEVANT "Subject:" line on all submissions! *** *** Submissions without them may be ignored! *** ----------------------------------------------------------------------------- The PRIVACY Forum is a moderated digest for the discussion and analysis of issues relating to the general topic of privacy (both personal and collective) in the "information age" of the 1990's and beyond. The moderator will choose submissions for inclusion based on their relevance and content. Submissions will not be routinely acknowledged. ALL submissions should be addressed to "privacy@cv.vortex.com" and must have RELEVANT "Subject:" lines. Submissions without appropriate and relevant "Subject:" lines may be ignored. Subscriptions are by an automatic "listserv" system; for subscription information, please send a message consisting of the word "help" (quotes not included) in the BODY of a message to: "privacy-request@cv.vortex.com". Mailing list problems should be reported to "list-maint@cv.vortex.com". All submissions included in this digest represent the views of the individual authors and all submissions will be considered to be distributable without limitations. The PRIVACY Forum archive, including all issues of the digest and all related materials, is available via anonymous FTP from site "cv.vortex.com", in the "/privacy" directory. Use the FTP login "ftp" or "anonymous", and enter your e-mail address as the password. The typical "README" and "INDEX" files are available to guide you through the files available for FTP access. PRIVACY Forum materials may also be obtained automatically via e-mail through the listserv system. Please follow the instructions above for getting the listserv "help" information, which includes details regarding the "index" and "get" listserv commands, which are used to access the PRIVACY Forum archive. For information regarding the availability of this digest via FAX, please send an inquiry to privacy-fax@cv.vortex.com, call (310) 455-9300, or FAX to (310) 455-2364. ----------------------------------------------------------------------------- VOLUME 01, ISSUE 22 Quote for the day: "Everything has an end." -- Anonymous Masai saying ---------------------------------------------------------------------- Date: Mon, 28 Sep 92 09:17:59 -0700 From: bjones@weber.ucsd.edu (Bruce Jones) Subject: More on credit reports etc. for sale Dan Ellis mentions a "Geoffrey Rothvader" as the author of a book on computer access to private records. For those of you who might want to follow up on the book, the correct spelling of his name is Jeffrey Rothfeder, and he is an editor for Business Week magazine. Mr. Rothfeder was interviewed on a WGBH/PBS NOVA special called "We Know Where You Live" (1990) where he talked about getting access to Quayle's records. It should be pointed out that Rothfeder was able to gain access because he is in fact an employee of McGraw Hill (which ownes Business Week) - not that this makes his observations any less chilling. His sound bites on the NOVA special sounded like he was pretty critical of the information "super-bureaus" so his book might be worth reading. According to "melvyl" - the Univ. of Calif library catalog, Roghfeder is also the author of *Minds over Matter* - a book on computers and artificial intelligence. bj ------------------------------ Date: Tue, 29 Sep 1992 09:39:30 -0400 From: "(Gary Chapman)" Subject: Genetic Infomation and Privacy The New York Times reports today (9/29, page C2) that a survey commissioned by the March of Dimes reveals that a majority of the people surveyed do not consider genetic information to be exclusively private. Respondents apparently said, in the majority, that information about potential defects in a person's genetic makeup should be revealed not only to spouses and other family members, but also to insurance companies and employers. The article says that the public appears "extremely optimistic" about the prospects for gene therapy, or the ability to treat genetic disorders with biotechnology. Over 80 per cent of the respondents were enthusiastic about the concept of gene therapy, although the article notes that about 60 per cent admitted they knew nothing about it. A little over 40 per cent of people surveyed said that they would welcome the use of genetic alteration to "improve the physical characteristics that children would inherit," or to improve intelligence. The article mentions that scientists attributed this figure to the widely shared view that intelligence is an inherited trait, although there is little evidence for this view, and no identified gene for intelligence. Fifty-eight per cent of the people interviewed believed that an insurer has a right to know about genetic abnormalities, and 33 per cent believed that an employer has the same right. Only eight states have passed laws that prohibit discrimination against people with abnormal results on a genetic test, and, the article says, most of those are directed only at people with sickle cell anemia. Gary Chapman Coordinator The 21st Century Project Computer Professionals for Social Responsibility Cambridge, Massachusetts chapman@lcs.mit.edu ------------------------------ Date: Tue, 06 Oct 1992 00:25:37 EDT From: "Rafael Fernandez Calvo" Subject: Personal Data Law approved in Spain CCCCC LL II CC LL II CC LL II -- N E W S FROM S P A I N --- Oct. 5, 92 CCCCC LLLLLL II COMMISSION for LIBERTIES and INFORMATICS (*) PERSONAL DATA PROTECTION LAW APPROVED BY THE SPANISH PARLIAMENT --------------------------------------------------------------- Spain, one of the last countries in Western Europe that lacked of legislation on personal data protection, has since October 1st a law that covers this matter. It is called Organic Law on Regulation of Automated Processing of Personal Data, aka LORTAD according to its Spanish initials. That date it was finally approved by the Senate with the solitary votes of the ruling Spanish Workers' Socialist Party (the reader should not worry about such an impressing name: it is a moderate socialdemocratic party), that holds an absolute majority in both Houses of the Parliament since its first swapping victory in 1982. Being reborn to democracy in 1977, Spain is one of the very few countries all over the world whose Carta Magna foresees the dangers that can stem from misuse of Information Technology. In fact, its Constitution establishes that a "law will limit the use of Information Technologies in order to protect citizens' honour and personal and family privacy as well as the unrestricted exercise of their rights" (article 18.4). In a Press Conference held today, Oct. 6, in Madrid CLI has made public Madrid its position about the law. Summarizing, the Commission: - Considers that this law does not fulfill the expectations arisen, although it is a step forward in comparison with the current situation of "allegality" that has been source of severe abuse against privacy. - The good side of the law is the regulation of personal data files in the hands of companies and private entities. Citizens will have wide rights to access, modification and cancellation of this kind of records. - The bad side stems from the following facts: a) The bill would give excessive and uncontrolled power to Policy Forces over collection and computerization of highly sensitive data: ideology, religion, beliefs, racial origin, health and sexual orientation. b) Computerized personal data records in the hands of all branches of Public Administrations would be in many cases excluded from the rights (access, modification, cancellation) given to citizens with regard to the same kind of data in the hands of private companies. c) The Data Protection Agency that will watch over proper observance of the law would have scarce autonomy from the Government, that will nominate and dismiss its Director. CLI has announced that it will put in practice the following actions: - Will promote an appeal before the Constitutional Court against the article 20.3 of the law (the one that gives excessive and uncontrolled power to Policy Forces over computerization of highly sensitive data). In order to achieve this goal CLI will contact the Spanish Ombudsman, the opposition parties and the Regional Parliaments. - Will promote awareness of the citizens with regard to the rights this new law gives to them. - Will encourage Regional Parliaments to establish the Regional Data Protection Agencies forecast by the law. To obtain more information about the law you can contact CLI (*) * SOME WORDS ABOUT CLI The --Commission for Liberties and Informatics, CLI-- is an independent and pluralistic organization that was officially constituted in April '91. Its mission is to "promote the development and protection of citizens' rights against misuse of Information Technologies". As of September '92, CLI is composed by ten organizations, with a joint membership of about 3,000,000 people. They cover a very wide spectrum of social interest groups: associations of computer professionals, judges, civil rights leagues, trade unions, consumers groups, DP industry collectives, etc. CLI is confederated with similar bodies created in some other Spanish Regions such as Valencia, Basque Country and Catalonia, and has fluid working relationships with many public and private Data Protection bodies and entities all over the world, including CPSR and Privacy International. CLI has its headquarters in: Padilla 66, 3 dcha. E-28006 Madrid, Spain Phone: (34-1) 402 9391 Fax: (34-1) 309 3685 E-mail: rfcalvo@guest2.atimdr.es ------------------------------ Date: Wed, 30 Sep 1992 16:42:12 -0700 From: Bruce R Koball Subject: Sacramento, CA privacy conference. Privacy in the Information Age: Balancing the Right to Privacy and the Right of Access Sponsored by Government Technology Magazine, Sacramento, California Produced by Government Technology Conference, Sacramento and Riley Information Services Inc., Toronto, Canada This one day conference and training session will be held at the Sacramento Convention Centre on November 16th, 1992. The conference will deal with many of the seminal privacy issues facing society today. It will address subjects and issues of importance to both the public and private sectors. An array of privacy experts and professional from the public and private sectors in California and from Washington, D.C. and Canada will gather to debate the issues driving privacy today and offer possible solutions. The sessions will be interactive with discussion and questions from the audience urged. Following is a short synopsis of the topics and speakers for the one day agenda. Opening Session: 8:30am The State of Privacy in California Today: Speaker: A. A. Pierce, Undersecretary, Business, Transportation and Housing Agency, State of California Keynote Address: A New Privacy Balance for the 90s: What the Public Wants, What a Free Society Needs. Speaker: Alan F. Westin, Professor of Public Law and Government, Columbia University and author of Privacy and Freedom. Professor Westin will discuss recent survey data on privacy concerns of citizens and analyze the recent public attitudes to privacy as seen in relation to the forces of developing technology and society's demands for wider openness. How will all these competing demands be met so all social needs are satisfied? Panel: What are the Dangers of Eroding Privacy? The debate goes on as to what extent should there be privacy regulation in our society. If we are to do this comprehensively how will we accomplish this goal? But do we really need extensive regulation or any at all? This will be a point/counterpoint session between Professor Goeroge Trubow of John Marshall Law School in Chicago and Jim Warren, Founder of Computer, Freedoms and Privacy Conferences and Columnist for MicroTimes Panel: Balancing the Right of Acccess and the Right to Privacy. Freedom of Information laws endow on the citizen the basic right of access to government information, the right to know what it's government is doing and why. But there is also the right to protect the privacy of the individual, creating competing interests. Speakers: Ronald L. Plesser, lawyer, Piper and Marbury, Washington, D.C. and former General Counsel, US Privacy Commission. Webster Guillory, Chairman, National Organization of Black County Officials Peter Gillis, Director, Information Management Practices, Treasury Board Secretariat, Federal Government of Canada Panel: Privacy and Fair Information Practices: Practical Guidelines Professor George Trubow and privacy expert Thomas B. Riley, Toronto, Canada, will present actual Guidelines that can be used in the workplace whether it be the public or private sector. Luncheon Address: Dr. Ann Cavoukian, Assistant Commissioner/Privacy, Office of the Information and Privacy Commissioner/Ontario, Toronto, Ontario, Canada "Investigating Privacy Complaints: A Canadian Experience." In Canada there exists the Office of Privacy Commissioner which not only takes complaints and appeals from the public in their dealings with the Privacy Act but serves to act as an important forum to identify key privacy issues? What can be learned from this experience? Panel: Privacy, Security and Electronic Records: What are the Ground Rules While security is a central issue in protecting privacy, there is also the question of what constitutes an electronic record? There is much regulatory confusion on this subject and speakers will work to address the complex matrix. Speakers: Joseph Pujals, State Information Security Manager, Department of Finance, CA Robert Gellman, Chief Counsel, House of Representatives Subcommittee on Information, Washington, D.C. Panel: Data Matching and Tracking of Files: What are the Privacy Rights? How Far Should we Go? Should data matching and tracking be allowed? What is the greater good or is there an important compromise? What are specific examples of such practices and how are they being handled? Speakers: Evan Hendricks, Publisher, Privacy Times, Washington, D.C. Kathleen M. Lucas, Plaintiff Counsel for Barbara Luck - Luck vs. Southern Pacific, San Francisco Chris Hibbert, Manager, Software Development Xanadu Corporation and member, Computer Professionals for Social Responsibility. Panel: Privacy and Electronic Networks: Caller ID and Telemarketing. Junk mail, junk fax, telemarketing, caller ID. Do you want it? Do you need it? If not-what can you do about it? Speakers: Ken McEldowney, Executive Director, Consumer Action, San Francisco Evelyn Pine, Executive Director, Computer Professionals for Social Responsibility Beth Givens, Project Director, Centre for Public Interest Law, University of California, San Diego John Schweizer, Manager, Consumer Affairs, Pacific Bell Closing remarks at 4:45pm will be delivered by Tom Riley who will offer a synthesis of issues presented for the day and a prognosis for the future. Conference Cost: $199. To register for the conference or to obtain a promotional brochure with fuller information please phone: Deborah Furlow, Government Technology Conference, Sacramento, CA, (916)363-5000. ------------------------------ End of PRIVACY Forum Digest 01.22 ************************