Privacy Roundtables - Comment, Project No. P095416' #544506-00090

Submission Number:
544506-00090
Commenter:
John D. Stickle, D.C.
State:
CA
Initiative Name:
Privacy Roundtables - Comment, Project No. P095416'

Dear FTC, Regarding Consumer Privacy Issues: As a health care provider, I must comply with HIPPA rules and regulations. However, while all health care providers must comply with these rules and regulations that safeguard both consumer privacy and the confidentiality of their records, there are no equivalent rules and regulations that govern digital transparency. I think that we need to know when and why personal information collected about me or other internet users is being handed over to the government and/or third parties. It’s just not enough for ISP's or other companies to tell me that they care about protecting my privacy, while they are, at the same time, providing confidential information, often without benefit or requirement of either subpoena or legal justification, to the government and/or third parties. I think that every company that collects personal information should produce a report detailing: * The number of demands made by the government and third parties for information received in the previous year, broken down into the following categories: federal and state search warrants, grand jury, civil, and administrative subpoenas, and court orders, * The number and types of action taken by the company for each category of request, * The number of individuals whose personal information was disclosed by the company by category of request, * The type(s) of personal information disclosed by category of request, and * The total amount of money received by the company to fulfill each category of request Furthermore, this report should be sent to a federal agency and made publicly available, and it should also be included as a link from every privacy policy/terms of use listed on a website or online form. Just as I as a health care provider can not disclose personal and/or confidential information without authorization and acknowledgment of the individual involved, I think that these same standards should and must also apply to all information requests made by either government or third parties. Obviously, these rules and regulations must also address those times when such reporting would be counter to national security interests and/or ongoing investigations. There must also be some mechanism whereby a person can respond to what he or she reads in these reports and finds inaccurate or incorrect, so that there is accountability of the posted information. Similar to disputing false information in a credit report. Thank you for your consideration of my comments.