A group of high-tech companies including Intel, Microsoft, Oracle, eBay, Google, Sun Microsystems, HP and Symantec have formed the Consumer Privacy Legislative Forum with the goal of promoting the adoption of a nationwide privacy law.
At this early juncture, there are few specific tenets the Legislative Forum is calling for, according to a statement released by the group, which was organized by the Center for Democracy and Technology, a Washington, D.C.-based think tank.
“I anticipate that as part of this process, organizations in our group will have certain views for different provisions of a privacy law,” CDT spokesperson David McGuire told TechNewsWorld. “Now, though, we are not proposing legislative language.”
The Legislative Forum advocates legislation that would protect consumers “from inappropriate collection and misuse of their personal information, and also enable legitimate businesses to use information to promote economic and social value,” it said in a statement.
“In principle,” the statement reads, “such legislation would address businesses collecting personal information from consumers in a transparent manner with appropriate notice; providing consumers with meaningful choice regarding the use and disclosure of that information; allowing consumers reasonable access to personal information they have provided; and protecting such information from misuse or unauthorized access.”
The Question of Preemption
The Legislative Forum makes it clear that the national standard it envisions would preempt state laws. For that reason, “a robust framework is warranted,” it said.
Some privacy advocates worry that preemption of state laws might constitute an end-run around the more stringent — and to many companies, quite onerous — privacy protections that are already in place in states such as California.
Interestingly, California’s financial privacy disclosure rules were effectively emasculated a few years ago with the introduction of national legislation. Now, the few pieces from California’s original legislation that were allowed to go into effect — the ability of consumers to request a credit freeze for example — are in danger of being replaced with far weaker national legislation currently under consideration.
“A credit freeze is one of the few proactive measures a consumer can take to protect his or her credit,” Pam Dixon, executive director of the World Privacy Forum, told TechNewsWorld.
It essentially locks out any lender from viewing a consumer’s credit. It also locks out identity thieves from accessing it. Lenders make the case that the credit freeze process is too complex for consumers to understand and thus should not be an available option. Privacy advocates maintain that lenders are more concerned about the harm to their bottom lines than to their customers if credit freezes were to become a national standard.
Under one of the so-called “data breach” bills pending in Congress, credit freezes would not be permitted. The House of Representatives’ “Financial Data and Security Act,” sponsored by Rep. Steve LaTourette, R-Ohio, would also give lenders greater discretion over whether they must notify consumers in the event of a security breach — another California-mandated protection that would be neutralized by this legislation.
Robust Framework
Indeed, ever since California’s notification law went into effect last year, the number of reported security breaches has skyrocketed as companies have been forced to disclose often-embarrassing reports of lost laptops, shoddy security procedures and other mishaps.
Nor is the government immune to such incidents. Millions of veterans’ financial records were compromised with the recent theft of a laptop that contained sensitive information. Last week, ING revealed that the personal data of 13,000 Washington, D.C., workers had been similarly compromised.
It is for this reason that the Legislative Forum says it wants a strong framework in place, McGuire said. “If there had been robust protections, strong best practices or standards in place from the start, it would not have been necessary to put in place these various laws.”