|Editions | myCNN | Video | Audio | Headline News Brief | Feedback||
Regardless of presidential outcome, online privacy law anticipated
WASHINGTON, D.C. (IDG) -- Despite uncertainty in the outcome of the 2000 presidential election, privacy advocates expect the next Congress to pass a law providing basic protections for consumer privacy online.
A general-purpose online privacy law would affect all Web sites run by U.S. companies and nonprofit organizations, and it could require significant investments in network security, database management and auditing systems, experts say.
"Whether Bush or Gore is elected makes very little difference on this issue," says Christine Varney, a former commissioner of the Federal Trade Commission and a partner at Hogan & Hartson. "We have a 2-year Congress that is very committed to getting itself re-elected...Privacy legislation will happen."
"Privacy is high on the list of bipartisan bills with support in both houses," agrees Jerry Berman, executive director of the Center for Democracy and Technology. "There is a chance to do something that is both bipartisan and balanced."
Berman and Varney made their remarks at a conference on privacy and business held this week.
Privacy advocates expect the 107th Congress to pass an online privacy law that includes such principals as notice, choice, access and integrity. Notice means Web site operators must explicitly notify consumers about personal information being gathered and how that information is used. Choice means consumers can opt-out of information collection. Access means consumers can see the information gathered about them and correct errors. Integrity means Web site operators must ensure that consumer information is protected from unauthorized use.
An online privacy law also would include enforcement mechanisms, such as fines. The FTC wants to be the government agency that enforces a general-purpose online privacy law, as it does an existing law governing Web sites for children.
"The Internet will not evolve to its full potential unless privacy is protected," FTC Chairman Robert Pitofsky says. Pitofsky says that 97% of U.S. Web sites collect personally identifiable information from consumers, but only 20% of those Web sites provide notice, choice, access and integrity.
"We can't rely entirely on the free market and self regulation," he asserts.
Privacy advocates want a federal online privacy law to include a preemption clause to ensure that it overrules related state laws. They also want to prevent class action lawsuits being filed against Web site operators for privacy violations. However, these two demands are controversial and may not gain bipartisan support in Congress, experts say.
Berman warned privacy advocates not to kill a good online privacy bill because it isn't perfect. At a minimum, he says, a federal law should require notice and choice.
"There is opportunity for moderation and for deadlock," Berman says. "Deadlock is a disaster because the states are ready to roll, and then companies will have to deal with a crazy patchwork of privacy laws."
Even a moderate online privacy law will have major ramifications for corporate IT departments, says Steven Lucas, chief information officer and senior vice president of Persona, which sells a privacy-enabled permission marketing system.
"The IT departments of companies that plan to collect information about consumers are going to have to protect that information," Lucas says, pointing to investments in firewalls, network sniffers and encryption software. "They need to be very focused on security."
Lucas says IT departments also must provide:
Lucas recommends that Web site operators take an opt-in approach to the information they gather about consumers. An opt-in approach means consumers go through a registration process to approve the specific information the company can gather about them and how that information can be used.
"We see a dramatic increase in the amount of information gathered by opt-in systems, and a dramatic decrease in the cost of gathering that information," Lucas says.
Harriet Pearson, the just-named chief privacy officer of IBM, warned that companies involved in the collection and management of consumer data on their Web sites need to focus on privacy regardless of whether Congress passes an online privacy law.
"This is not a choice between regulation and self regulation," Pearson says. "This is about business being responsible and doing the right thing."
FTC commissioner on the Web privacy debate
RELATED IDG.net STORIES:
New occupant of White House to face much IT homework
Note: Pages will open in a new browser windowExternal sites are not endorsed by CNN Interactive.
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.