Internet privacy legislation emerges: new legislation could bring U.S. privacy protection laws into step with those of the European Union. (Legislative & Regulatory Update).Despite overwhelming concerns about the threat of terrorism, the unethical conduct Behavior that falls below or violates the professional standards in a particular field. In law, this can include Attorney Misconduct or ethics violations. The standards for conduct to be observed by attorneys can be found in the Code of Professional Responsibility; members of of corporate America, and the recent floundering of Wall Street, privacy remains an important issue among consumers in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and worldwide. Key committee members from both chambers of the U.S. Congress have introduced privacy legislation. Sen. Ernest Hollings Ernest Frederick "Fritz" Hollings (born January 1 1922) served as a Democratic United States Senator from South Carolina from 1966 to 2005. Early life Hollings was born in Charleston, South Carolina. He went to The Citadel and received a B.A. (D-S.C.), chairman of the Senate Commerce Committee, introduced S.2201, the Online Personal Privacy Act, on April 18. The Senate Commerce Science and Transportation Committee held hearings shortly after its introduction and reported the bill with amendments on May 17. Rep. Cliff Stearns Clifford Bundy "Cliff" Stearns, Sr. (born April 16 1941), American politician, has been a Republican member of the United States House of Representatives since 1989, representing Florida's At-large congressional district (map). He was born in Washington, D.C. (R-Fla.), chairman of the House Commerce Committee's Subcommittee on Consumers and the Internet, introduced H.R.4678, the Consumer Privacy Protection Act of 2002, on May 8. The bill is currently under consideration by the House Energy and Commerce Committee, as well as the House Committee on International Relations The Committee on International Relations, also known as CIR, is a one year Masters degree graduate program in the Division of Social Sciences at the University of Chicago. It is the oldest international affairs graduate program in the United States. . No hearings have been held on the H.R.4678. If passed, S.2201 would require records managers to protect databases against unauthorized use and guarantee that sensitive data not be collected and shared with third parties without explicit consumer permission. Hollings' measure calls for a hybrid approach to privacy regulation. The bill seeks an "opt-in" approach, requiring businesses to obtain consumer consent to collect and disclose sensitive personal information such as political party, religious affiliation, and sexual orientation sexual orientation n. The direction of one's sexual interest toward members of the same, opposite, or both sexes, especially a direction seen to be dictated by physiologic rather than sociologic forces. . For less-sensitive information such as name, address, and telephone number, businesses would be required to provide notice to "opt-out" of the collection of such data. It would require the Federal Trade Commission (FTC FTC See Federal Trade Commission (FTC). ) to create regulations for new privacy requirements and to report annually on the progress of the law. One of the most contentious items in the bill would allow consumers the right to sue if their personal information is mishandled or improperly collected from online transactions. Service providers also would be responsible for providing utilities for users to access their information, allowing them to delete or correct any personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. . This bill would supercede Verb 1. supercede - take the place or move into the position of; "Smith replaced Miller as CEO after Miller left"; "the computer has supplanted the slide rule"; "Mary replaced Susan as the team's captain and the highest-ranked player in the school" any state law or regulation regarding privacy and would apply to federal agencies so long as the regulations would not compromise law enforcement activities. Provisions of the legislation would apply only to online operations. From a global viewpoint, passage of S.2201 would bring privacy laws in the United States closer to those of the European Union European Union (EU), name given since the ratification (Nov., 1993) of the Treaty of European Union, or Maastricht Treaty, to the European Community (EU) and might resolve the conflict regarding data transfer between the United States and the EU. In April, the Commerce Committee held a hearing on S.2201. Panelists included Paul Misener, vice president of global public policy for Amazon.com, and John Dugan of Covington and Burling Burling may refer to:
This page or section lists people with the surname Burling. If an internal link for a specific person referred you to this page, you may wish to add the given name(s) to that , a law firm representing the financial industry. Both witnesses shared the concerns of Sen. George Allen George Allen may refer to:
Other dissenters dissenters: see nonconformists. included Sen. John McCain For McCain's grandfather and father, see John S. McCain, Sr. and John S. McCain, Jr., respectively John Sidney McCain III (born August 29, 1936 in Panama Canal Zone) is an American politician, war veteran, and currently the Republican Senior U.S. Senator from Arizona. (R-Ariz.) and Sen. Ron Wyden Ronald Lee Wyden (born May 3, 1949) is Oregon's senior United States Senator. He is a member of the Democratic Party. Early career and personal life Wyden was born in Wichita, Kansas to Edith Rosenow and Peter H. (D-Ore.). McCain opposed the provisions in the bill creating a right for consumers to sue for privacy violations, as well as potentially cumbersome requirements to permit customers to access their personal information. Wyden stated that the bill should include a "safe harbor Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. " for companies that adopt self-regulatory privacy standards. Two panelists in support of the legislation were Marc Rotenberg Marc Rotenberg is a law professor and the Executive Director of the Electronic Privacy Information Center (EPIC). He teaches at Georgetown University Law Center. He has won a number of awards, including the EFF Pioneer Award in 1997, the Norbert Wiener Award for Social and , executive director of the Electronic Privacy Information Center Electronic Privacy Information Center or EPIC is a public interest research group in Washington D.C.. It was established in 1994 to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values in the , and Frank Torres Frank Joseph Torre (born December 30, 1931 in Brooklyn, New York) is a former first baseman in Major League Baseball. Torre, who batted and threw left-handed, played for the Milwaukee Braves (1956-60) and Philadelphia Phillies (1962-63). , legislative counsel for the Consumers Union. Torres said that the Consumers Union could support the bill with its combined "opt-in, opt-out" approach if the right to sue is preserved. Rotenberg said that the right to sue should be broadened and suggested that the exemption from the privacy standards for law enforcement should be eliminated. At markup (text) markup - In computerised document preparation, a method of adding information to the text indicating the logical components of a document, or instructions for layout of the text on the page or other information which can be interpreted by some automatic system. of S.2201, the Hollings Committee included the addition of a safe harbor provision for small businesses, further limitations on private rights of action, and the addition of a requirement for the FTC to create similar rules for the offline marketplace following passage of the bill. The Stearns measure would require businesses to provide notice of their privacy practices at the point of collection and provide consumers with the ability to "opt-out" of sharing any data unrelated to fulfilling the transaction. This bill would apply to all consumer information collection, both online and off. However, H.R.4678 does not create a consumer's right to sue for violations of the law and would direct the FTC to oversee voluntary self-regulatory programs for privacy practices. While the legislation would require businesses to provide an opportunity for consumers to preclude the sale or disclosure of personally identifiable information, it would allow businesses to provide incentives to consumers for the right to sell that data. H.R.4678 also includes provisions that better define the role of the FTC's Identity Theft Clearinghouse and provides for the improvement of current identity-theft procedures by the Commission. The legislation would supercede any state law or regulation but would not modify or limit any other international or federal privacy laws. The difference between the two bills and the lack of full support for either in their respective committees may preclude the passage of privacy legislation this year. The current measures have provided additional dialogue in the public policy arena but, more than likely, the issue will not be revisited until 2003. Comparison of Hollings (S.2201)/Stearns (H.R.4678) Privacy Legislation Opt-in/Opt-out S.2201 Opt-in: Would require businesses to obtain consent for the collection and disclosure of sensitive personally identifiable information (including health, race, political party, religious belief, sexual orientation, Social Security number, or financial information). Opt-out: Would require businesses to provide robust notice (at point of collection) of the opportunity to opt-out of the collection or disclosure of personally identifiable information. H.R.4678 Opt-out: Would require businesses to provide "notice" of their privacy practices at the point that personally identifiable information is collected and give consumers the ability to opt-out of sharing any data unrelated to fulfilling the transaction with a third party. Would require data-collection organizations (excluding a government agencies, nonprofit entities not using information for commercial purposes, and very small businesses) to establish "clear and conspicuous" privacy policies to be accessible at the Web site. Bricks vs. Clicks S.2201: Would treat online and offline information collection differently. Bill is applies to Internet service providers Internet service provider (ISP) Company that provides Internet connections and services to individuals and organizations. For a monthly fee, ISPs provide computer users with a connection to their site (see data transmission), as well as a log-in name and password. (ISPs), online service providers (OSP (Online Service Provider) See online service. OSP - Optical Signal Processor ), or operators of a commercial Web site. Also includes third-party operators such as advertising networks that use an ISP (1) See in-system programmable. (2) (Internet Service Provider) An organization that provides access to the Internet. Connection to the user is provided via dial-up, ISDN, cable, DSL and T1/T3 lines. , OSP, or commercial Web site operator to collect information about users of that service or Web site. H.R.4678: Would treat online and offline information collection the same. Bill is applicable to "data collection organizations." That term does not include: * governmental agencies * non-profit entities where personally identifiable information is not used for commercial purposes * businesses 1. with an annual revenue of less than $1 million 2. with fewer than 25 employees 3. that collect or use personally identifiable information from fewer than 1,000 consumers for a purpose unrelated to a transaction with the consumer 4. that do not process personally identifiable information of consumers 5. that do not sell or disclose for consideration such information to another person Enforcement (Private Right to Sue, FTC Role, and Whistleblowers) S.2201: Would allow consumers the right to sue if an ISP, OSP, or commercial Web site operator collects, discloses, uses, or fails to provide reasonable access to, or reasonable security for, sensitive personally identifiable information. The consumer would be entitled to the greater of the actual monetary loss associated with the violation or $5,000. Would make the FTC responsible for creating regulations to enforce the new privacy requirements of the act within 90 days of enactment and will complete that process 270 days after the beginning of the rulemaking. The FTC also would be responsible for reporting the progress of law to the Senate Commerce Science and Transportation Committee and the House Committee on Commerce 18 months after enactment and annually after that. Would provide legal protections to any "whistleblower whis·tle·blow·er or whis·tle-blow·er or whistle blower n. One who reveals wrongdoing within an organization to the public or to those in positions of authority: "The Pentagon's most famous whistleblower is . . " who provides information to any federal or state agency, to the U.S. Attorney General, or any state attorney general, regarding a violation of any provision of Title I, so long as that employee did not cause or participate in the alleged violation or provide substantially false information. H.R.4678: Would not allow consumers the right to sue for violations of the federal law or to find civil action standing under any state law. Would have the FTC oversee voluntary self-regulatory programs for "data collection organizations." The FTC would receive applications and approve program parameters. The "data collection organizations" would be required to conduct an initial self-review and self-certification to ensure compliance, and then conduct subsequent periodic self-reviews to be submitted to the FTC. Each program would be subject to random and regular compliance testing by the FTC. Each violation would be subject to fines under 1S U.S.C. 45(a)(1) not to exceed $500,000 for all related violations by a single violator. There are no "whistleblower" provisions. Access S.2201: Would require ISPs, OSPs, and the operator of commercial Web sites to provide a user with access to information that the provider has collected. Would require the provider to give a user the opportunity to correct or delete any personally identifiable information. H.R.4678: Would require the "data collection organization" to provide a consumer with the opportunity to preclude any sale or disclosure of personally identifiable information. A data collection organization has the right to offer benefits to the consumer in exchange for the privilege of selling or disclosing information. A preclusion remains in effect for five years or until the consumer indicates otherwise, whichever occurs sooner. Security S.2201: Would require an ISP, OSP, or commercial Web site operator to establish and maintain reasonable procedures necessary to protect the security, confidentiality, and integrity of personally identifiable information. H.R.4678: Would require the FTC to develop and provide an "Identity Theft Affidavit" for consumers who feel that they are victims of identity theft. The FTC also would be responsible for the timely resolution of identity theft disputes and for providing improvements to the currently operative FTC Identity Theft Clearinghouse, which is the federal government's centralized cen·tral·ize v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es v.tr. 1. To draw into or toward a center; consolidate. 2. repository of consumer identity theft complaint information. Preemption preemption U.S. policy that allowed the first settlers, or squatters, on public land to buy the land they had improved. Since improved land, coveted by speculators, was often priced too high for squatters to buy at auction, temporary preemptive laws allowed them to acquire of State Laws S.2201: Would supersede To obliterate, replace, make void, or useless. Supersede means to take the place of, as by reason of superior worth or right. A recently enacted statute that repeals an older law is said to supersede the prior legislation. any state statute, regulation, or rule regulating Internet privacy Internet privacy consists of privacy over the media of the Internet: the ability to control what information one reveals about oneself over the Internet, and to control who can access that information. to the extent that it relates to the collection, use, or disclosure of personally identifiable information obtained through the Internet. H.R.4678: Would make qualified exemption for "data collection organization" if it complies with relevant provisions of other federal privacy laws. Would not modify, limit, or supersede the operation of other federal privacy laws. Would preempt pre·empt or pre-empt v. pre·empt·ed, pre·empt·ing, pre·empts v.tr. 1. To appropriate, seize, or take for oneself before others. See Synonyms at appropriate. 2. a. any statutory law, common law, rule, or regulation of a state. Agencies S.2201: Would apply to every federal agency that serves as an ISP, OSP, or operates a Web site so long as it does not compromise law enforcement activities or the administration of any investigative, security, or safety operation conducted in accordance with federal law. H.R.4678: Does not apply to federal agencies as defined by the term," data collection organization." What is Protected S.2201: Defines "personally identifiable information" as 1) name, address, e-mail address See Internet address. e-mail address - electronic mail address , telephone number, birth certificate number, any other identifier for which the Commission finds there is a substantial likelihood that the identifier would permit the physical or online contacting of a specific individual; or 2) information that an ISP, OSP, or operator of a commercial Web site collects and combines with an identifier included in this definition. Defines "sensitive financial information" as the amount of income earned or losses suffered by an individual; an individual's account number or balance information for a savings, checking, money market, credit card, brokerage, or other financial services The examples and perspective in this article or section may not represent a worldwide view of the subject. Please [ improve this article] or discuss the issue on the talk page. account; the access code, security password, or similar mechanism that permits access to an individual's financial services account; an individual's insurance policy information; or an individual's outstanding credit card, debt, or loan obligations. Defines "sensitive personally identifiable information" as individually identifiable health information, race or ethnicity, political party affiliation, religious beliefs, sexual orientation, Social Security number, or sensitive financial information. H.R.4678: Defines "data collection organization" as an entity (or an agent or affiliate of the entity) that collects (by any means, through any medium), sells, discloses for consideration, or uses personally identifiable information of the consumer. Defines "personally identifiable information" as information relating to relating to relate prep → concernant relating to relate prep → bezüglich +gen, mit Bezug auf +acc a living individual who can be identified from that information including name, address, e-mail address, telephone number, Social Security number, and any other unique identifying information that a data collector and processor collects and combines with any information previously described in this definition. This definition does not include anonymous or aggregate data, or any information that does not identify a unique living individual, information about a consumer inferred from data maintained about a consumer, or information about a consumer obtained from a public record. Bob Tillman John Robert Tillman (March 24, 1937 - June 23, 2000) born in Nashville, Tennessee was a Catcher for the Boston Red Sox (1962-67), New York Yankees (1967) and Atlanta Braves (1968-70). is Director of Public Relations public relations, activities and policies used to create public interest in a person, idea, product, institution, or business establishment. By its nature, public relations is devoted to serving particular interests by presenting them to the public in the most and Advocacy for ARMA International. He may be reached at btillman@arma.org. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion