DNA is so tiny, only a few microns across, that we often don’t spend much time thinking about how much of our most personal and private information it contains. Yet each individual’s DNA also offers an intimate look into family history, risk for illness, behavior, internal clock, propensity for thrill seeking, and countless other aspects of a person’s life, personality, behavior, and place in the world. Accessing this treasure trove of genetic information has some amazing benefits, but it also comes with some serious concerns.

While DNA may be small, it’s packed with information that has the potential to cause some pretty big problems. Uncontrolled access to this information, whether in a medical or law enforcement setting, could set individuals up for violations of privacy and discrimination, and as genetic testing becomes more common and inexpensive, the issues surrounding the protection of genetic information will become ever more pressing concerns in the larger public discourse.

Genetic privacy may not yet be a concern for most Americans, but as technology develops and practices change, it’s critical to know what risks you face as well as your rights, the laws that protect you, and how you can ensure your DNA isn’t be accessed and analyzed without your knowledge and consent.

DNA Law and Policy

While the structure and makeup of DNA has been known since the late 1950s, it was not until the 1970s that DNA was sequenced. It would would be nearly two decades before an efficient method of sequencing DNA would be developed, allowing it to be used outside of the scientific setting. Because the use of DNA profiling has only recently became practical for use in medicine and law enforcement, there aren’t yet that many laws that address the privacy and discrimination risks posed by genetic information. Here are just a few that have passed or are on the docket for the coming year that play a major role, or have the potential to, in the security of your DNA.

• Genetic Information Nondiscrimination Act:Enacted in 2008, GINA prohibits the use of genetic information in health insurance and employment. This means that health insurers and group health plans cannot deny coverage or charge higher premiums to an individual based on a genetic predisposition for developing a particular illness. It also ensure that employers cannot make any decisions with regard to hiring, firing, promotion, or job placement based on genetic data.In light of the recent growth of genetic testing, however, many think GINA needs amending. Provisions have been proposed that will help protect genetic information from being used to discriminate in life or long-term care insurance coverage and will ensure that data from genetic testing is not disseminated in research studies or other ways without an individual’s consent.The state of California has already passed state-specific laws of this nature that will ensure DNA can’t be used to discriminate in the areas of housing, education, public accommodations, life insurance, mortgage lending, and elections, so it may only be a matter of time before federal laws follow suit.
• DNA Identification Act of 1994: The DNA Identification Act was among the first laws to address the establishment of federal databases of DNA information, passed into law in 1994. The act authorized the creation of CODIS, a national database of DNA identification records of persons convicted of crimes, the analysis of DNA samples recovered from crime scenes, and the analysis of DNA samples taken from identified human remains. The act was modified in 2004 by the Justice for All Act, which expanded the offenses for which DNA could be collected, created a new system of indexing, and required national accreditation for forensic laboratories.
• DNA Fingerprinting Act of 2005: The DNA Fingerprinting Act allowed the national CODIS database to include samples from any individual from whom collection was authorized under state law. It also made it permissible for DNA to be collected from federal arrestees and from non-U.S. detainees. As a result, criminal DNA databases have rapidly expanded, with nearly all states and the federal government maintaining their own systems today. It has not been legislation without criticism, however. Some argue that it has unjustly allowed for the cataloging not only of convicted individual’s DNA but also that of those accused or arrested for a crime.
• California Genetic Privacy Law: One state that is working hard to protect the genetic privacy of its constituents is California. Authored by state senator Alex Padilla, the law would help protect genetic information from being used without consent, requiring research and health organization to acquire consent to collect, share, and retain genetic material and information. In 2006, Minnesota passed a similar law and over the past year South Dakota, Alabama, Massachusetts, and Vermont have all proposed related bills that would define genetic materials as personal property. As of yet, none of those bills have become law.

Also important to note are state laws on when and why DNA information can be forcibly collected. In all 50 states, those who have been convicted of a felony of any kind must submit DNA to both the national CODIS database and state databases. Yet policies differ from state to state with regard to when DNA evidence can be collected from those who are accused or arrested for a crime and have not yet been convicted. In 28 states, arrestees can be subject to DNA collection. Thirteen of those states collect samples for anyone arrested for a felony while the rest limit collection to violent crimes, including sexual assaults. Seven states also collect DNA for certain misdemeanors.

While this might help in solving crimes, it also poses some privacy issues. Probable cause is only required in 11 states to obtain or analyze a sample from an individual who has been arrested for a crime. More troubling, perhaps, is that even if an individual is acquitted of the charges, DNA information remains in the system unless the accused requests for it to be expunged; the state does not take responsibility for removing DNA evidence from those who have been judged innocent.

Court Cases on DNA

Laws regarding DNA and the collection of genetic materials have been hotly contested over the past decade. Many believe that current state laws infringe on the Fourth Amendment and are tantamount to unreasonable search and seizure. Others have argued that DNA laws violate the Fifth Amendment, with the obligation to provide DNA evidence acting as witness against the accused him or herself. To date, many major cases involving DNA are still being addressed by the Supreme Court. Here are just a few that may shape federal and state law over the coming years or that have already impacted DNA privacy, criminal law, and genetic policy nationwide.

• Maryland v. King: This case is currently under review by the Supreme Court after the justices agreed it to hear it late last year. Previously, Maryland’s top court ruled that taking DNA from individuals arrested, but not convicted, for a serious crime was a breach of the Fourth Amendment right against unreasonable search and seizure. If this decision is upheld, laws in 21 states and federal law enforcement practices could be impacted, and in the future, law enforcement officials would be required to procure a warrant prior to obtaining DNA evidence from suspects in a case.
• Bearder v. State of Minnesota: The Minnesota Supreme Court found the state’s own department of health in violation of the law for failing to dispose of blood samples routinely used to screen newborns for serious illnesses. In some cases, the samples were used to validate new genetic tests, a clear violation of the state’s Genetic Privacy Act.
• Washington University School of Medicine v. Catalona: In 2008, the Supreme Court ruled that tissue and serum samples donated to the school could continue to be used for cancer research and that donors could not require that the samples be transferred elsewhere, as former Washington University surgeon William Catalona had argued. This is significant for DNA privacy, as it acknowledges that once samples are donated that they become the property of the institution, not the donor.
• Kohler v. Englade: DNA dragnets faced a major legal challenge with this Louisiana case. In 2003, Shannon Kohler was asked to submit a DNA sample by Baton Rouge police. His refusal led to him being named as the primary suspect in a serial rape and murder case. Kohler eventually provided DNA and was cleared of the charges, but alleged that the police didn’t have probable cause to compel him to give up his DNA. The Circuit Court of Appeals agreed, saying that the probable cause provided by law enforcement was so broad that it would have encompassed thousands in the Baton Rouge area. This decision helped to toughen the circumstances under which a warrant for DNA evidence could be granted, at least in the state of Louisiana.
• District Attorney’s Office v. Osborne: Oddly enough, while the courts have largely upheld the right of law enforcement to compel those who have been arrested or convicted of a crime to give DNA, once individuals are convicted of a crime, they do not have a constitutional right to their own DNA evidence nor that collected from the crime scene. In older cases, this means that DNA evidence cannot be reanalyzed using better, more accurate methods; a practice that has already exonerated many behind bars. According to the Supreme Court ruling in 2009, individuals do not have the right to post-conviction access to State’s evidence for DNA testing, making it impossible to exonerate those who may have been convicted falsely. Luckily, while the federal government does not mandate this, many states do allow for post-conviction DNA analysis.

This is hardly a complete list of all the major cases involving DNA testing and genetic privacy. For a great history on the subject, read a breif summary of major cases from Rhode Island College. For more information about major court cases on DNA around the world as well as some older cases here at home, check out the Electronic Privacy Information Center’s collection of important cases that have impacted genetic privacy all over the world.

When Your Genetic Privacy Is at Risk

While much of DNA law has to do with those who’ve committed a crime or been accused of committing a crime, the reality is that your genetic privacy can be at risk even if you’re a law abiding citizen. There are a number of cases when your DNA can be collected, analyzed, or retained without your consent.

• DNA dragnets:You don’t have to be accused of a crime in some cases to have your DNA requested by law enforcement. DNA dragnets occur when law enforcement officials as hundreds, sometimes thousands, of (presumably) innocent people to give samples of their blood or saliva in the hopes that one will be connected to a crime. While individuals can refuse to give DNA, in some cases the courts have forced compliance and most who refuse have faced increased scrutiny as a suspect in a crime, despite the fact that many see the request as an invasion of privacy.DNA dragnets aren’t especially common in the U.S., but in other places, like the U.K. and Germany, they have become common practice. In one case, DNA was collected from 16,000 individuals. While dragnets have been helpful in identifying the perpetrators of several high profiles cases, some who’ve been forced to partake say the dragnets have had unexpected consequences and have petitioned to have their DNA returned after being cleared.
• Discarded DNA: Directly giving a sample isn’t the only way for law enforcement officers to get a sample of your DNA. If your saliva is transferred onto another object, which you then discard, that object can be legally collected and used to analyze your DNA. While this practice has been challenged, it has held up in court because law enforcement officials state that there can be no reasonable expectation of privacy with regard to items that have been discarded. Not worried that the police will come after your DNA? Be aware that stray DNA could also be accessed by others looking for genetic information, like family members or those seeking to establish paternity.
• Family member searches: Another occasion when an innocent person may have their DNA requested by law enforcement is when a member of your family is suspected to be guilty of a crime, but no DNA can be gathered from that person because he or she can’t be found. In these cases, sometimes close family members are asked to submit their DNA to look for matching elements. If you wish to aid law enforcement, make sure that your DNA sample will be destroyed after it is analyzed, not stored.
• Participation in studies: Currently, few states have laws that protect genetic data once it has been collected and analyzed for research. This means that genetic material can be reused in future studies, transferred between institutions, or disseminated without the permission of the original donor. This doesn’t mean that individuals shouldn’t participate in research, but they should find out in writing before the study what will be done with their genetic information. Studies have shown that DNA data alone can easily be used to figure out an individual’s actual identity, a fact that could influence insurance and employment opportunities.
• Elective genetic testing: Many worried about genetic condition opt to have their DNA sequenced by a private company. This can be beneficial, but it does come with risks. Not all DNA testing facilities have airtight privacy policies and some may do little to ensure your information stays confidential. If you submit to testing from a service, you may also be opening yourself up to these records being obtained by insurance companies or other outside sources. Once those records are out there, it’s very hard to get them back.

How to Protect Your DNA

While it’s useful to know what laws protect your genetic information and when it’s at risk, it is perhaps more important to know what you can do to ensure that your genetic information is kept safe and confidential, unless you choose to share it, that is.

• Always know the privacy policies of genetic testing companies. Getting genetic testing done through a private company is increasingly common, as prices have plummeted and access to these companies has increased. While these businesses do provide an opportunity to learn more about your health, they also pose a risk to your privacy if you’re not careful. Before submitting any samples to a company, carefully examine their privacy policy to see what it says and check out the business through the Better Business Bureau and TRUSTe.
• Know your rights under the law. We’ve outlined the major legislation that protects your genetic privacy above, but it doesn’t hurt to do additional research as well. The better you know what your rights are under state and federal laws, the better you can protect your personal and private health information. For additional information on privacy as a patient, learn more about HIPPA, which while not DNA specific does ensure that knowledge of your health issues can’t be shared.
• Don’t freely give out health information. Unless you are protected under law, do not share your personal family history or genetic information with others. In some cases, like when applying for life or long-term care insurance, this information can be used to discriminate against you. While GINA and other laws may protect you, there is no guarantee that sharing your genetic information won’t result in discrimination, so it’s best to always keep it to yourself unless absolutely necessary.
• Keep records about your DNA in a secure location. If you opt for DNA testing of any kind, especially that which looks at your risk for certain conditions, make sure to keep these records in a secure location that can’t be accessed by others. While you hardly need to worry about thieves, you do want to keep anyone who may be snooping around your home from finding out private information about you.
• Ensure that any research studies you participate in will keep data confidential. Sometimes, those suffering from certain diseases will choose to participate in research studies that collect genetic data. This can be an incredibly beneficial way to make strides in understanding and treating these conditions and others like them, but it does compromise DNA privacy. While not everyone will care about this, those who do will want to ensure that any studies requesting this kind of information will keep it confidential and, in some cases, you may even want to request that genetic material not be retained after the study is complete.
• Ask questions. You don’t have to agree to take part in a study for genetic information to be gathered on you. That’s why you should ask your doctor or health care professional if certain medical procedures will require genetic testing and find out in advance what his, her, or the medical facility’s policy is on personal genetic information.
• Seek legal recourse. If you believe your genetic information has been compromised in a way that violates your personal privacy and the law, contact a lawyer who can help you address these issues. You can also file a complaint with federal and state agencies for certain violations as well.

Much of the legislation and public policy regarding genetic privacy is still in its early stages, but as technology evolves and genetic testing becomes increasingly more common, how genetic data is handled, who has access to it, and the privacy rights of individuals will become increasingly more important. If you haven’t considered the risks posed by unsecured DNA information before, now is the time to look into protecting yourself and ensuring that your information isn’t being used, shared, or stored in ways that put your privacy at risk. While you may never face a serious issue with regard to your genetic privacy, it never hurts to be cautious and know your rights.

The post How Secure Is Your DNA? appeared first on BackgroundCheck.org.

Technology is changing how we do everything, from connecting with friends to investigating our family history. While most of these changes are for the better, the reality is that many of these new technologies expose us to serious privacy risks, especially as legislation has struggled to keep up. Yet both here in the U.S. and around the world, that could soon change. There are numerous new and pending laws that are starting to seriously tackle the challenges posed by modern technology, helping close gaps in legislation and enforcement that open you up to online stalking, medical data breaches, and disclosure of your online data. Even if you don’t realize it, many of these laws can have a major impact on your life, from how you buy insurance to which bits of personal information are gathered while you shop online, go to the bank, or talk on the phone. What follows is a brief guide to many of the newer and upcoming laws regarding privacy in the United States. You’ll learn what the bills propose, how they’ll affect your life, and when they’ll go into effect, if they haven’t already.

Digital Life

These laws and proposals are designed to protect your privacy in the online and mobile spheres, ensuring that you and those you care about aren’t tracked, subject to data seizures, or the victims of online predators. The Protecting Children from Internet Pornographers Act of 2011Proposed by Rep. Lamar Smith of Texas, this bill is designed to increase the enforcement of laws related to child pornography and child sexual exploitation, specifically by requiring Internet service providers (ISPs) to provide data about subscribers to law enforcement officials. While still on the table for debate, the law has attracted a lot of attention from those who believe it has serious implications with regard to consumer privacy.

• How It Will Affect You: This law doesn’t just affect those who create and distribute child pornography. If passed, all Internet users would see a reduction in privacy. The law would require ISPs to retain user IP addresses and subscriber information for one year, even in the event service is cancelled. This information would include names, addresses, telephone numbers, and account numbers, with no limits on the scope of subscriber information that can be retained and accessed by the government. What’s more, this collected information could be used to prosecute for any issue with probable cause and a warrant. This not only poses problems for the misuse of data by law enforcement; it could also result in serious security issues if information is hacked. It also opens up that information to gross violations of personal privacy and security.
• Timeline: The bill passed the United States House Judiciary Committee on July 28, 2011, but hasn’t gone much further since then, despite garnering 39 co-sponsors by January 2012. It seems to have stalled, and little has been heard of it since it garnered widespread backlash. That’s no guarantee, however, that similar legislation won’t pop up in the future.

Electronic Communications Privacy Act The Electronic Communications Privacy Act is almost 30 years old, so why does it appear on this list? Because it’s likely going to see some major revisions to reflect the increased variety and prevalence of electronic communications. The original act was designed to help expand federal wiretapping and electronic eavesdropping provisions, as well as protect communications that occur via wire, oral, and electronic means and to balance the right to privacy of citizens with the needs of law enforcement. In the years since, the law has been under increased scrutiny for being out of date and failing to protect all communications and consumer records. For example, under current law, government agencies can demand ISPs hand over personal consumer data stored on their servers that is more than 180 days old without a warrant. This wasn’t an issue in the past, when most emails were downloaded to individual computers, but with the advent of webmail programs like Gmail and Yahoo, now nearly all consumer email communications are fair game. Major tech companies, like Google, Facebook, Verizon, and Twitter, have advocated for greater privacy and reform of the law.

• How It Will Affect You: If reforms to the ECPA go through, law enforcement and government officials will no longer be able to access your personal emails stored on a server without a warrant, regardless of their age. This is a strong first step towards updating the bill and ensuring the privacy concerns are addressed for present day technology.
• Timeline: No changes have gone through to update ECPA yet, but in November 2012, the Senate Judiciary Committee approved a bill that would strengthen privacy protection for emails by requiring a warrant to access them. It is set to debate in the Congress early this year. Other legislation will likely be needed to deal with privacy issues related to mobile phones, text messages, and social media but no bills reflecting this type of data have been proposed.

Children’s Online Privacy Protection Act COPPA isn’t new, either, but it has seen some significant amendments over the past year that are worth mentioning. COPPA, which went into effect in early 2000, protects children under 13 from the online collection of personal information. As a result, many sites today often disallow children under 13 from using their services or require parental permission for disclosure of any personal information. In September 2011, the FTC announced proposed revisions to COPPAthat expand the definition of what it means to collect data from children. These new rules would include regulations on data retention and deletion and would require any third parties to whom a child’s information is disclosed to have policies in place to protect the information.

• How It Will Affect You: You will likely only be directly affected by this law if you own or operate a website or have children under 13 who use the Internet. The new amendment is largely positive for parents and children, preventing abuses of data, laying out guidelines for stricter parental approvals, and ensuring that children’s information stays secure. A number of tech giants, however, have pushed back against this legislation. Apple, Facebook, Google, Microsoft, and Twitter, as well as Viacom and Disney, have all objected to several aspects of the new FTC rules stating that they make it nearly impossible for companies to create and disseminate child-focused material.
• Timeline: In late 2012, nearly a year after revisions were proposed, the FTC adopted the final amendments to COPPA, and they are currently in effect.

The GPS ActThe GPS Act, proposed by Representative Jason Chaffetz and Senator Ron Wyden, seeks to give government agencies, commercial entities, and private citizens specific guidelines to when and how geolocation information can be accessed and used. At present, there are no U.S. laws that directly address GPS tracking data, and with the proliferation of trackable devices like cell phones and GPS systems, the act is aiming to update regulations and guidelines to reflect modern sources of privacy concerns.

• How It Will Affect You: If passed, the act will detail the legal procedures and protections that apply to electronic devices that use GPS, will require warrants for the release of GPS data, will make it illegal for individuals to be tracked without their knowledge, and will create criminal and civil penalties for violating these new GPS regulations. This could be a big boon to protecting your personal privacy and security, as it will make it illegal for others to track you (including family members) and will prevent data about your activities from being disseminated without your knowledge, consent, or a court order.
• Timeline: The GPS Act was introduced to the Senate on June 15, 2011. It has not passed, in part because of opposition to two major court decisions, United States v. Jones and United States v. Knotts, which have ruled in favor of allowing law enforcement to place GPS trackers on cars, as well as opposition from the Obama administration. Yet a more recent case addressed by the Supreme Court, United States v. Jones , found that such measures violated the Fourth Amendment, which may help strengthen its passage as it waits to be considered by the Senate Judiciary Committee and the House.

Back to Top ↑

Digital Commerce

Much like your social activities, your consumer habits and activities are also subject to privacy violations, especially when they occur online or through a mobile device. The following are laws that seek to address a number of major issues related to consumer privacy rights. Commercial Privacy Bill of Rights On April 12, 2011, Senators Kerry and McCain introduced the Commercial Privacy Bill of Rights to establish a baseline code of conduct for how personal information can be used, stored, and distributed. The bill of rights has since been picked up by the Obama administration and adapted in a report titled “Consumer Data Privacy in a Networked World: A Framework for Protecting Privacy and Promoting Innovation in the Global Digital Economy.” In both instances, the bill of rights lays out principles that would work to protect personal data and to improve consumer security. It is not a piece of legislation in itself, but a guidelinefor building and enacting future regulations and laws that will impact tech companies and online retailers.

• How It Will Affect You: While nothing has been passed yet, this outline could help protect your personal data from abuse by retailers and ensure that it’s not sold to a third party or in any other way compromised.
• Timeline: First proposed in early 2011, it could be quite some time before this bill of rights is translated into any real kind of legislation, especially if there is major pushback from Congress or tech companies themselves. If companies begin to better self-regulate privacy issues, no additional legislation may be needed.

Application Privacy, Protection, and Security Act of 2013 Congressman Hank Johnson proposed the APPS Act early this year. The act is designed to address concerns with the data collection being done through applications on mobile devicesand would require that app developers provide greater transparency about their data collection practices, ensure reasonable levels of data security, and allow users to opt out of data collection or have the option to delete data that has been collected on them.

• How It Will Affect You: The APPS Act would ensure that apps on your phone aren’t gathering, storing, or sharing information about you without your knowledge or consent. It doesn’t mean that data can’t or won’t be collected, just that consumers will have greater knowledge and potentially the ability to opt out of certain aspects of this process.
• Timeline: The draft of the bill was released in January 2013 and is currently just a discussion draft, meaning that it hasn’t be formally introduced for passage just yet. It’s likely that discussions with app developers and consumer advocates will help to shape the final draft and it could be a couple of years before any final decisions are made on the legislation.

Location Privacy Protection Act of 2011 Worried about the potential risks for stalking posed by cell phones loaded with GPS and apps that gather information about a user’s location, Senator Al Franken, along with several co-sponsors, proposed this bill to fill in loopholes in federal law that allow companies to obtain location-based information on consumers and to share that information with third parties. While some app developers have complained that this hinders location-based advertising, others agreethat privacy needs to be protected and that location-based tracking should only be allowed within apps that consumers have given consent to do so.

• How It Will Affect You: The Location Privacy Protection Act, if passed, with protect you from having mobile data on your whereabouts tracked, stored, or shared without your knowledge or consent. It would not eliminate the ability of mobile technologies to track your location but would only ensure transparency and greater security, though it may be cumbersome with some existing systems of location-based advertising.
• Timeline: The bill has been under development since 2011 and is still being refined and tailored take into consideration the needs of all involved parties. Franken is expected to push the measure later this year and if passed the bill could see enforcement as early as 2014.

Cyber Intelligence Sharing and Protection Act (CISPA)Proposed by Rep. Michael Rogers and co-sponsored by 111 other House members, CISPA is designed to help the government better investigate cyber threats and ensure that large networks are secure against the threat of cyberattack. To do that, the act would allow for the sharing of Internet traffic information between the U.S. government and certain technology and manufacturing companies. While noble in its intention, the act has been widely criticized for endangering privacy and civil liberties, though some large technology companies (Microsoft and Facebook) favor it as a simple and effective way of sharing important cyber threat information with authorities.

• How It Will Affect You: If CISPA becomes law, it would make it harder for cybercriminals to execute major attacks on networks. However, it may also mean that the government could also easily, and without warrant, track any individual’s browsing history. As the bill is presently worded, there are few limits on when or how the government can monitor an individual, and it may even make certain kinds of spyware legal if it is being used in good faith for a cybersecurity purpose.
• Timeline: CISPA was introduced in late 2011 and was passed by the House of Representatives in mid-2012. While gaining early support, Obama’s advisors have argued that the bill could be a major risk to confidentiality and civil liberties and it is likely he would veto it if it passes.

Back to Top ↑

Work and Employment

Here, you can learn more about privacy laws that affect life in the workplace, from how you’re hired to what information is fair game for employers. Social Media Privacy Act Increasingly, employers have turned to social media as a way to learn more about potential employees. However, this has also meant that in some cases privacy boundaries were crossed, with potential employers requiring applicants to turn over passwords to social media accounts. To help job seekers protect their online privacy, California, Delaware, Illinois, Maryland, Michigan, and New Jersey have all passed social media privacy laws. What’s more, 11 other states (including New Mexico and Texas) have legislation of this nature pending.

• How It Will Affect You: The legislation will only affect you if you live in a state that has passed an Internet privacy law, though over time it’s likely that most, if not all, states will follow suit. These acts make it illegal for employers to require applicants or current employees to hand over passwords to private accounts, which will help protect your personal accounts and private interactions when seeking employment. Some laws, like those of Delaware and New Jersey, focus on colleges and not employers, banning admissions officers and college employees from requiring password information.
• Timeline: All states that have passed legislation with regard to the privacy of social media passwords have gone into effect, some as recently as January. Over the course of 2013, it’s likely that many other states will pass and begin enforcing similar laws, though there are no guarantees: in some states, like Pennsylvania, similar measures never even made it out of committee.

Genetic Information Nondiscrimination Act of 2008 The Genetic Information Nondiscrimination Act (GINA) isn’t new legislation. Passed in 2008, it prohibits the use of genetic information in health insurance and employment. That means that employers can’t making hiring, firing, job placement, or promotions decisions based on genetic information, nor can insurers raise premiums or deny coverage to those with a genetic predisposition for a disease. While GINA itself is just five years old, it may soon see some updates. A recent report from the U.S. Presidential Commission for the Study of Bioethical issues recommended that the law be expanded to include security measures whole-genome sequence data rather than just focusing on issues of discrimination. New regulations would likely update the consent forms individuals sign when they agree to take part in research studies, helping protect their genetic information and preventing misuse of this data. Additionally, under recommendations by the committee, GINA would be expanded to include comprehensive national rules on how genetic privacy is protected.

• How It Will Affect You: Should the act be expanded, individuals will enjoy greater protection of their genetic data. Research studies must be more transparent about security risks and genetic data itself will see greater protection under law to ensure that fewer privacy breaches occur and that discrimination cannot occur. Currently, GINA does not protect individuals from discrimination when applying for life or long-term care policies. Greater protections on genetic data could make it possible for this information to be off limits to anyone outside the individual or his or her immediate family.
• Timeline: The report from the commission was just released in February 2013, so it will likely be quite some time before amendments to the legislation, if they are decided as being warranted, are crafted. In lieu of amending GINA, legislators may opt to create new laws on genetic privacy. In these early stages, however, there are no guarantees and no new legislation may be passed for several years, if at all.

Back to Top ↑

Personal Information

These highly important laws address issues of personal information, including medical data, private phone conversations, and video watching history. FISA Amendments Act of 2008/ FISA Amendments Act Reauthorization Act of 2012 The Foreign Intelligence Surveillance Act (FISA) was passed in 1978 but has undergone some major restructuring in recent years. Originally, FISA, signed into law by Jimmy Carter, proscribed basis procedures for physical and electronic surveillance and the collection of foreign intelligence information. It also provides strict judicial and congressional oversight of any covert surveillance activities. The first changes to the act occured under the Patriot Act, and though they expired in 2008, many of those changes were extended by the FISA Amendments Act of 2008. Under this act, the government is authorized to get year-long orders to conduct surveillance of Americans’ international communications, including phone calls, emails, and Internet records. Currently, these orders do not need to specify who is being spied on or the reasons for doing so. Why is this important to you today? Originally, the amendment to FISA was only designed to last five years, expiring at the end of 2012. Overwhelmingly, however, the U.S. Senate voted in December 2012 to extend the FISA Amendments Actthrough the end of 2017.

• How It Will Affect You: The amendment to FISA could potentially already be having an effect on you as it has already been in place for five years, but this most recent extension means that Americans will face another five years under the law. With little oversight, it is now possible for government agents to gather information on any foreign communications, which many individuals and privacy protection groups have consistently argued is a gross violation of privacy and civil liberties. If for any reason the government suspects you may be a threat or may be connected to someone who is, your phone calls, email, and internet browsing history are subject to monitoring.
• Timeline: The FISA Amendment Act has been in force since 2008, and the most recent FISA Amendments Act Reauthorization Act of 2012 was signed into law by Obama in late 2012.

Video Privacy Protection Act The Video Privacy Protection Act was signed into law in 1988 by President Reagan. It was designed to prevent the wrongful disclosure of video tape rental or sale records or similar audio visual materials. While over two decades old, the law has been in the news regularly over the past five years thanks to streaming technology and online video rental subscription programs, such as Netflix and Blockbuster, who have often integrated with social media sites. This has resulted in some major lawsuits, including one case in 2012 that required Netflix to change its privacy rules so that members who have left the site no longer have records with the company. Yet while the law has been at odds with online media providers in the past, recent changes to the legislation in the form of an amendment make it legal for streaming servicesto share details of the content viewed after consumers have given blanket permission, making it possible for greater integration into social media sites like Facebook.

• How It Will Affect You: How the VPPA amendment will affect you will depend on how you watch movies and use the Internet. If you do not subscribe to an online movie provider, the law will not impact you or make any additional information about your rental history public. Even if you do subscribe to a service like Netflix, you must give permission to allow your information to be disclosed publicly, either once every two years or each time disclosures are sought.
• Timeline: The amendment to VPPA was signed into law by President Obama in January 2013. It is expected that video streaming and rental services will begin creating social media integrated apps later this year, taking advantage of the freedom the new amendment allows.

Health Information Technology for Economic and Clinical Health (HITECH) ActMost Americans are familiar with the Health Insurance Portability and Accountability Act (HIPAA), but many may not realize that the protections they enjoy under HIPAA got an update in the form of the HITECH Act. Part of the American Recovery and Reinvestment Act of 2009, HITECH contains incentives to expand the adoption of health information technology, including the establishment of a nationwide network of health records. What does this have to do with privacy? HITECH also requires that major security breaches be reported to Health and Human Services as well as the media; it increases enforcement of HIPAA and the resulting penalties; and it ensures that any individual can request a copy of his or her public health record. Most importantly, it expands HIPAA regulations to include any business associates or providers to medical facilities, requiring vendors of any kind of keep private records private.

• How It Will Affect You: HITECH will ensure that your health records are even more secure than they were under HIPAA. Despite expanding electronic health records, which make many nervous, the act also ensures that anyone having any contact with your records cannot disclose information about them without your knowledge. It also makes it an even more serious offense if this is done.
• Timeline: HITECH was signed into law on February 17, 2009. It fully went into effect in January 2011 and will provide funding and support for electronic health records through 2015. Other areas of protection will stay in effect.

Protect Our Health Privacy Act of 2012Some don’t think that HITECH went far enough in protecting patient privacy. In June 2012, a bill was proposed that would amend the American Recovery and Reinvestment Act. The new act would require health providers to encrypt any mobile device containing health information, restrict business associates’ use of protected health information, improve congressional oversight of HIPAA, and provide additional measures that would protect patient privacy and safety when using health information technology.

• How It Will Affect You: The POHP Act generally just strengthens the provisions already in place from HITECH, but it does take things one step further with regard to mobile medical devices. Under this bill, those devices would all need to be secured to ensure that they are no breaches of privacy. The act would also help individuals ensure that HIT is to their benefit and that new innovations do not compromise their health, safety, or privacy.
• Timeline: The bill was introduced in mid-2012 and was referred to Senate committee and then the Committee on Health, Education, Labor, and Pensions. It is still pending.

As privacy becomes and ever larger concern in an increasingly connected world, new legislation is likely to continually pop up, and there may be many new laws that see proposal and passage in addition to those we’ve listed here in the next few years. The best thing you can do to protect yourself is to stay informed.

The post The Legislation of Privacy: New Laws That Will Change Your Life appeared first on BackgroundCheck.org.

While you might not be able to erase an arrest or criminal charge, you can help ease its impact on a potential employer’s decision to hire you by being open, honest, and forthcoming about your past. Follow these general guidelines for handling issues about your past infractions:

• Don’t lie.

  If information comes up on a background check, there’s no sense in lying about what really happened. Be honest with your potential employer about the circumstances and assure them that nothing similar will happen in the future. Failing to do so could hurt you more than it helps you. Just remember to keep your version of events succinct and to take responsibility for your own actions.

• Do your own background check.

  The only thing worse than having to explain a criminal offense on your record is being blindsided by it. In some cases, you may not even realize when things wind up on your record (like ticketed offenses), so you might not expect those things to become issues when you’re looking for a job. If you have even the slightest feeling that your past might come back to haunt you, do a background check on yourself to see what comes up before applying for jobs.

• Know the details.

  If you have to explain why you have an offense on your record, make sure you know how to easily and clearly explain it to a potential employer. Know when it happened, why it happened, and circumstances that led to the situation. You also may want to obtain copies of any documents that relate to your offense, just in case you need them to back up what you’re saying.

• Look into getting your records expunged.

  Certain criminal offenses can sometimes be expunged from your record, especially if they shouldn’t appear there at all (for instance, in a case where you were accused but not convicted). It’s worth speaking to a lawyer to determine which offenses can be expunged and which you’ll have to live with.

• Know the laws in your state.

  Not every state has identical laws when it comes to background checks, and knowing the unique laws regarding them in your state can be a big help. Some states may limit the ability of your employer to check up on your past, and some even make it illegal to discriminate based on minor offenses. Additionally, if you are part of a minority group, you may be able to find help from the Equal Employment Opportunity Commission, which has been fighting against background checks for employment because they very often disproportionately hurt minority groups.

Of course, there are things you can do to help you moderate the impact of more specific kinds of charges, too. Here are some of common (and often minor) criminal charges that you may have to address with employer, as well as some tips on how to explain and minimize their impact.

• Assault and Battery.

  Assault sounds like a serious charge, and it can be, but it’s not always the result of unjustified violence. Historically, laws treated the threat of physical injury as “assault” and the completed act of physical contact or offensive touching as “battery,” but many states no longer differentiate between the two. A drunken bar fight could result in this kind of charge, and you don’t actually have to hurt anyone, just make someone feel like they might be hurt by you. Whether you made poor decisions under the influence or never laid a finger on anyone, you’ll need to explain to employers that you do not have a history of violence. Proving that you’ve taken anger management classes (likely required if you were convicted) and explaining the circumstances of your offense can help as well.

• Bouncing a Check.

  Bouncing a check can result in either civil or criminal penalties, though they usually do not become a criminal matter unless it appears that there has been an intent to defraud, and even then should only show up as a misdemeanor (provided it was under your state’s limit for felony check fraud). Having this kind of offense on your record could be a major knock against you with employers, as it implies that you aren’t trustworthy. Be honest about your wrongdoing and make sure to demonstrate that you’ve been trustworthy in the time since, either through work or volunteer opportunities. It’s important to keep in mind that bounced checks can also hurt your credit score, which could be another obstacle in your job search.

• Civil Disobedience:

  Supporting a cause you’re passionate about is great, but if you take it too far and act unlawfully, no matter how peaceful you are, you may find yourself arrested and charged with civil disobedience (often translated to a more specific misdemeanor charge like trespass, failure to disperse, or disorderly conduct). Depending on the employer, this kind of charge may not pose a big issue when getting hired. Keep in mind, however, that even though it may have been a non-violent, fairly innocuous offense, it’s still a crime, and you will need to explain the circumstances under which it occurred. Stress that the actions were non-violent and that you were simply supporting a cause that means a lot to you. Hopefully, the employer will see how that passion could translate into positive performance on the job.

• Disturbing the Peace:

  Disturbing the peace, also known as breach of the peace, is a criminal offense that occurs when a person engages in some form of disorderly conduct, like fighting or threatening to fight in public, or causing excessively loud noise by shouting, playing loud music, or even allowing a dog to bark for prolonged periods of time. This isn’t necessarily a violent, dangerous, or even particularly serious offense, but it can raise a potential employer’s concerns about your suitability for the position. You’ll need to be honest about what happened and why, and take responsibility for your role in the issue.

• Fish and Game Violations.

  Even hunters trying their best to comply with the law can get charged with a fish and wildlife crime. Hunting charges can not only lead to fines, but, depending on the offense, might even result in jail time, so they’re not to be taken lightly. What can make things confusing is that sometimes hunters are only issued a ticket, but that ticket is much more than a simple violation; it’s actually a criminal charge. This kind of criminal activity shouldn’t pose a problem with most employers unless you’re trying to work in the hunting industry or with wildlife. Still, it can be helpful to explain the circumstances under which the offense took place, especially if there was a misunderstanding (e.g., perhaps your license was expired, or you didn’t realize you needed a special license for certain types of game).

• Illegal Possession of a Weapon.

  In many states, laws regarding gun ownership and registration are extremely strict. Firearm Owners Identification (FOID) cards must be kept up-to-date. If they are not, serious criminal charges may result. If you illegally obtained a weapon, this kind of charge may be hard to explain to employers in a way that won’t scare them off, unless you’ve seen been serious about staying on the straight and narrow and can demonstrate that. However, if you forgot to renew your FOID card, moved out of state and forgot to reapply, or had a gun you owned used by someone without a FOID card, then you need to explain those circumstances to employers who may be understanding about the charge.

• Simple Drug Possession.

  Drug convictions never look good when you’re trying to find a job, but some may be less hurtful than others, especially if your state has somewhat lax regulations about drugs, especially marijuana. Explaining your situation to your employer requires knowing the laws of your state because some states don’t ban drugs outright, but set limits and rules on how they can be bought, sold, and used. Others have very strict rules that penalize even the smallest amounts of drugs. Either way, if you happen to exceed or breaks these rules, even by a little, you may be charged with a crime. No matter what the circumstances are, it is critical to stress to employers that you are no longer using these substances (unless you have a prescription or live in a state where they are legal). If necessary, submit to a drug test to further emphasize your intent to stay drug-free.

• Public Intoxication.

  Public intoxication citations occur when an individual is drunk and is disturbing others in public setting, perhaps causing harm to either themselves, others, or property. This kind of charge usually does not make it to criminal court, but if it does, it can leave an lasting mark on your record. A history of reckless or dangerous behavior isn’t going to win employers over, so you’ll need to explain the circumstances as well as assure them that this isn’t a regular occurrence. Admit that you’ve made a mistake, tell them that you’ve learned from it, and don’t engage in this kind of behavior any longer.

• Unlicensed Driving.

  Driving without a valid license isn’t a minor traffic violation; it can lead to criminal charges and serious penalties, and it will likely show up on your permanent record. There are, however, a number of circumstances when this kind of offense could happen without the intent to commit any kind of crime (e.g., moving to a new state or letting an unlicensed driver borrow your car). If this applies to you, make sure employers know that it was not your intent to break the law and that you’ve since made sure all of your licensing requirements are up-to-date. If you are trying to work in a job that requires you to drive or to operate company equipment, this kind of charge may carry more of a negative impact.

• Vandalism.

  Vandalism is the destruction or defacement of someone else’s property without permission. It can include broken windows, graffiti, damage to vehicles, and even damage or destruction of a person’s website. There really isn’t an excuse for vandalizing anything, whether real or virtual, despite many young people thinking it’s a harmless prank or a way to creatively express oneself. When talking to potential employers about your infraction, let them know that you’ve paid for the damage and have taken responsibility for your actions. Experience in the intervening years that demonstrates your respect for other people’s property can also be an asset in this kind of discussion, as employers will naturally be worried about the threat you may pose to their equipment and office space .

While we might not condone criminal activity, small offenses shouldn’t ruin your life forever, keeping you from finding work and getting on with your life. You may not be able to erase the past, but you can use these tips to help you better learn from it and move on in the future.

The post Don’t Let Criminal Offenses Derail Your Job Search appeared first on BackgroundCheck.org.

According to this report by SplashData’s annual list of the 25 most common passwords, there are a lot of people who don’t quite grasp the concept of identity theft. SplashData’s list is compiled from files containing millions of stolen passwords that hackers have posted online. The next two worst and most commonly used passwords were “123456″ and, with a little more effort thrown in, “12345678.” Strangely, these were also the top three most commonly used passwords of 2011.

Common Password Mistakes

Creating an easily accessible password is a common mistake for a lot of people. Robert Siciliano, CEO of IDTheftSecurity.com, said that many people use first names as passwords, usually the names of spouses, kids, other relatives, or pets, all of which can be deduced with a little research.

“When you click the ‘forgot password’ link within a webmail service or other site, you’re asked to answer a question or series of questions,” he said. “The answers can often be found on your social media profile. This is how Sarah Palin’s Yahoo! account was hacked.”

The Federal Trade Commission (FTC) has come up with several ways consumers can be smarter about securing their identity information, including better protecting your Social Security number, surfing the Internet with more awareness of risks, and being more careful when disposing of mail that contains account information. One of the more reliable methods of identity theft is dumpster diving, which has helped some thieves find some real treasures, including banking and credit card statements. It’s often a good idea to invest in a paper shredder and to opt for email versions of financial statements.

Siciliano said there are many websites meant to infect computers and other devices and that this happens commonly when using unsecured wireless connections and outdated operating systems.

“Protect yourself by updating (software for) antivirus, anti-spyware, anti-phishing, and (install) a firewall,” he said. “Update critical security patches in your OS and update your browser.”

According to Siciliano, many hackers are beginning to move away from PC hacking and focusing their attention on mobile devices, especially Android, because it’s an open-source OS and the code is readily available to have viruses created around it.

The Persistence of Identity Theft

According to the FTC, identity theft costs Americans $1.52 billion in 2011 and has been the No. 1 complaint received by the organization over the past five years. According to the Reuters report, the number of complaints jumped from 1.4 million to 1.8 million.

But it’s not just the living who have a right to complain. The deceased are being taken through the ringer as well – they just don’t have to deal with the stress like everyone else. According to a PC World report, the IRS stands to lose approximately $21 billion in profits over the next five years, largely thanks to fraudulent income tax returns filed by hackers under the names of deceased individuals.

There might not be much the deceased can do to protect their Social Security numbers, but the rest of us can still take measures to stay safe. For example, the IRS does not contact individuals via email, so don’t trust any digital correspondence claiming to be from them. Additionally, if the IRS should send a letter, it is best to reach out to the IRS before initiating any compliance with the letter’s request.

OnGuardOnline.gov also has a few tips to help avoid being scammed or becoming a victim of identity theft:

• If the prince of a Nigerian castle sends you an email pledging to honor you and your estate with $16 million, rest assured he doesn’t have that kind of money on hand, he’s not an African prince, and his pledge is just an attempt to honor your bank account with a large withdrawal.
• There are plenty of online scams even on reputable dating sites. Be careful who you talk to, and avoid those claiming love at first emoticon wink or stating they can’t enter the country for some strange reason. And never wire money to anyone you meet through the site — this is a big signal of a scam.
• Everyone would love to work from home, but not everyone can be their own boss. Online companies promising people that they can make thousands of dollars every month just from working from their laptop a few hours a week are making promises they don’t intend to keep. One thing can be promised – they will definitely be asking for your personal financial information.
• Looking for a lender? Avoid the ones guaranteeing your approval — especially if they’re asking for money upfront.

Unbeatable Password Strategies

There are a number of ways to protect your passwords. As ingenious as “password” and the elaborate “123456″ number scheme is, it may be a good idea to invest at least a little thought into protecting your privacy.

Big Think offered the idea to spell incorrectly on purpose. Just hopefully you won’t forget how you misspelled the password.

Siciliano said he doesn’t regularly change the password on most of his sites, only on the most critical ones. He added that most people don’t realize there are a number of common techniques used to crack passwords and plenty more ways we make our accounts vulnerable due to simple and widely used passwords. For those who now know they need to change their passwords as soon as possible, here are some tips from Siciliano on creating a stronger password and keeping valuable information safe:

• Protect your information by creating a secure password that makes sense to you, but not to others.
• Avoid consecutive keyboard combinations— such as “qwerty” or “asdfg.”
• Don’t use dictionary words, slang terms, common misspellings, or words spelled backward. These cracks rely on software that automatically plugs common words into password fields. Password cracking becomes almost effortless with a tool like John the Ripper or similar programs.
• Don’t use personal information such as your name, age, birth date, child’s name, pet’s name, or favorite color or song.
• Reusing passwords for email, banking, and social media accounts can lead to identity theft. Two recent breaches – HBGary and rootkit.com – showed a password reuse rate of 31% among victims.
• Make sure you use different passwords for each of your accounts.
• Be sure no one watches when you enter your password.
• Always log off if you leave your device and anyone is around — it only takes a moment for someone to steal or change the password.
• Use comprehensive security software and keep it up to date to avoid (keystroke loggers) and other malware.
• Avoid entering passwords on computers you don’t control (like computers at an Internet café or library)—they may have malware that steals your passwords.
• Avoid entering passwords when using unsecured Wi-Fi connections (like at the airport or coffee shop)—hackers can intercept your passwords and data over this unsecured connection.
• Don’t tell anyone your password. Your trusted friend now might not be your friend in the future. Keep your passwords safe by keeping them to yourself.
• Depending on the sensitivity of the information being protected, you should change your passwords periodically, and avoid reusing a password for at least one year.
• Use at least eight characters of lowercase and uppercase letters, numbers, and symbols in your password. The more, the merrier.
• Strong passwords are easy to remember but hard to guess. Iam:)2b29! — This has 10 characters and says “I am happy to be 29!”
• Use the keyboard as a palate to create shapes. %tgbHU8*- Follow that on the keyboard. It’s a V. The letter V starting with any of the top keys. To change these periodically, you can slide them across the keyboard.
• Have fun with known short codes or sentences or phrases, like 2B-or-Not_2b?
• It’s OK to write down your passwords, just keep them away from your computer and mixed in with other numbers and letters so it’s not apparent that it’s a password.
• You can also write a tip sheet that will give you a clue to remember your password, but doesn’t actually contain your password on it. For example, in the example aforementioned, your tip sheet might read “Shakespeare’s question.”
• Check your password strength. If the site you are signing up for offers a password strength analyzer, pay attention to it and make your password as strong as possible.
• In the end, it’s your responsibility to protect yourself. The rule of thumb is to change your passwords frequently, every six months.

Being untouchable online isn’t really a possibility, but taking the right measures to protect yourself will help keep a majority of hackers at bay from infiltrating your information and stealing your identity. As the complaints continue to pour in year-after-year, do your part to ensure you’re not one of the many to make that phone call to the FTC.

The post Build a Better Password: Secrets to Protecting Your Identity appeared first on BackgroundCheck.org.