ad info  technology > computing
    Editions | myCNN | Video | Audio | Headline News Brief | Feedback  




Consumer group: Online privacy protections fall short

Guide to a wired Super Bowl

Debate opens on making e-commerce law consistent



More than 11,000 killed in India quake

Mideast negotiators want to continue talks after Israeli elections


4:30pm ET, 4/16










CNN Websites
Networks image

Regardless of presidential outcome, online privacy law anticipated

Network World Fusion

WASHINGTON, D.C. (IDG) -- Despite uncertainty in the outcome of the 2000 presidential election, privacy advocates expect the next Congress to pass a law providing basic protections for consumer privacy online.

A general-purpose online privacy law would affect all Web sites run by U.S. companies and nonprofit organizations, and it could require significant investments in network security, database management and auditing systems, experts say.

"Whether Bush or Gore is elected makes very little difference on this issue," says Christine Varney, a former commissioner of the Federal Trade Commission and a partner at Hogan & Hartson. "We have a 2-year Congress that is very committed to getting itself re-elected...Privacy legislation will happen."

"Privacy is high on the list of bipartisan bills with support in both houses," agrees Jerry Berman, executive director of the Center for Democracy and Technology. "There is a chance to do something that is both bipartisan and balanced."

  Network World Fusion home page
  Free Network World Fusion newsletters
  Privacy complexity boggles users's networking page
  Reviews & in-depth info at
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for network experts
  Search in 12 languages
  News Radio
  * Fusion audio primers
  * Computerworld Minute

Berman and Varney made their remarks at a conference on privacy and business held this week.

Privacy advocates expect the 107th Congress to pass an online privacy law that includes such principals as notice, choice, access and integrity. Notice means Web site operators must explicitly notify consumers about personal information being gathered and how that information is used. Choice means consumers can opt-out of information collection. Access means consumers can see the information gathered about them and correct errors. Integrity means Web site operators must ensure that consumer information is protected from unauthorized use.

An online privacy law also would include enforcement mechanisms, such as fines. The FTC wants to be the government agency that enforces a general-purpose online privacy law, as it does an existing law governing Web sites for children.

"The Internet will not evolve to its full potential unless privacy is protected," FTC Chairman Robert Pitofsky says. Pitofsky says that 97% of U.S. Web sites collect personally identifiable information from consumers, but only 20% of those Web sites provide notice, choice, access and integrity.

"We can't rely entirely on the free market and self regulation," he asserts.

Privacy advocates want a federal online privacy law to include a preemption clause to ensure that it overrules related state laws. They also want to prevent class action lawsuits being filed against Web site operators for privacy violations. However, these two demands are controversial and may not gain bipartisan support in Congress, experts say.

Berman warned privacy advocates not to kill a good online privacy bill because it isn't perfect. At a minimum, he says, a federal law should require notice and choice.

"There is opportunity for moderation and for deadlock," Berman says. "Deadlock is a disaster because the states are ready to roll, and then companies will have to deal with a crazy patchwork of privacy laws."

Even a moderate online privacy law will have major ramifications for corporate IT departments, says Steven Lucas, chief information officer and senior vice president of Persona, which sells a privacy-enabled permission marketing system.

"The IT departments of companies that plan to collect information about consumers are going to have to protect that information," Lucas says, pointing to investments in firewalls, network sniffers and encryption software. "They need to be very focused on security."

Lucas says IT departments also must provide:

  • Database management systems that can be purged easily and regularly to accommodate consumers that want to opt-out of information gathering.

  • Authentication systems to ensure that people requesting access to information gathered about them are entitled to the information.

  • Either online database access or an e-mail system that allows authenticated people to view the information gathered about them and make changes to it.

  • Auditing systems that track access to consumer information and changes made.

Lucas recommends that Web site operators take an opt-in approach to the information they gather about consumers. An opt-in approach means consumers go through a registration process to approve the specific information the company can gather about them and how that information can be used.

"We see a dramatic increase in the amount of information gathered by opt-in systems, and a dramatic decrease in the cost of gathering that information," Lucas says.

Harriet Pearson, the just-named chief privacy officer of IBM, warned that companies involved in the collection and management of consumer data on their Web sites need to focus on privacy regardless of whether Congress passes an online privacy law.

"This is not a choice between regulation and self regulation," Pearson says. "This is about business being responsible and doing the right thing."

FTC commissioner on the Web privacy debate
October 24, 2000
Privacy group critical of first release of 'Carnivore' data
October 5, 2000
Congress won't take up Web privacy until 2001
October 5, 2000
Analysis: Who cares about's privacy policy?
October 2, 2000
Analysis: Protect online privacy with these tools
August 18, 2000

New occupant of White House to face much IT homework
(NW Fusion)
Security key to 'next-generation' Internet
(NW Fusion)
IBM appoints its first Chief Privacy Officer
Panel wants more Carnivore data
Encryption proposal faces long journey
(NW Fusion)
FTC to collect $72,000 from spam pyramid artists
Privacy-law push comes from all sides
Complete guide to do-it-yourself privacy
(PC World)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.