 | |
| |
TechnologyDaily Mobile
States Make Privacy An Issue
By Liza Porteus
Although privacy as it relates to Internet transactions, particularly those involving medical records or personal finances, is a hot issue on Capitol Hill, the issue also continues to attract the attention of state legislators and attorneys general who make and enforce the law in the world of consumer protection.
Action In The State Legislatures
As of Feb. 19, there were 314 privacy-related bills pending in 42 states, according to the Internet Alliance. Only legislators in Louisiana, North Carolina, West Virginia, Ohio, Kentucky, Delaware, Nebraska and Iowa had not introduced privacy legislation.
In eight states — Kansas, New York, Ohio, Washington, Hawaii, Massachusetts, New Jersey and Pennsylvania — lawmakers have introduced 23 bills to address the issue of unsolicited commercial e-mail, or "spam." Legislators in 11 states, meanwhile, have introduced 36 Internet-specific privacy bills. Those states are Arizona, Massachusetts, Maryland, Missouri, Montana, New Hampshire, Nevada, New York, New Jersey, Tennessee and Virginia.
"I think it's a big issue. ... I think the Internet changes everything," Internet Alliance State Policy Director Emily Hackett said of the privacy debate.
Efforts to protect financial privacy online appear to be paramount in state legislatures at this point, according to state lawmakers and industry watchers.
On The Financial Side
States have been scrambling to set state standards for financial privacy since the late-1999 enactment of the federal Financial Services Modernization Act, also known as the Gramm-Leach-Bliley Act. The measure left room for states to interpret their own individual laws in this area.
Legislatures in Massachusetts, New York and California have considered particularly tough legislation, while Vermont laws have been viewed as some of the most comprehensive. That state's laws, which predate the federal statute, give consumers almost total control over the release of their private information, including credit reports, by requiring businesses to obtain affirmative written consent every time they want to share or sell the information.
Wisconsin, meanwhile, is considering similar legislation that would require businesses within the state that collect personal information and distribute it to third parties to provide written policies as to what the information is used for. There is also a measure before the Texas Senate that suggests that privacy laws applicable to the insurance industry include, among other things, the principles of notice, choice, security and consumer access to their own records.
One source in the data-marketing industry noted that "the public tends to be more" hesitant when it comes to conducting transactions on the Internet, but that there also is "a lot of misunderstanding" on what is done with the information. "Maybe the industry needs to be more up front on what they are doing."
But at the same time, the source said, there are "privacy zealots out there" who may view privacy differently from most consumers. "To me, an invasion of privacy is someone peeping in my window or reading my mail."
The Broader Side Of Privacy
State legislatures are considering more than the narrow issue of financial privacy, however. In Maryland, for example, state Del. Anthony Brown, D, recently introduced a bill that would require Web-based businesses that collect personal information beyond that necessary for a transaction to notify customers how they plan to use the data and ask permission to do so. The bill is part of Democratic House Speaker Casper Taylor's leadership legislative package.
People in the financial industry and telecommunications field have been quick to slam such bills, saying that more stringent regulations would not allow them to conduct business as effectively and would increase their operating costs. Brown said there was an "onslaught of opposition" to his bill despite backing from groups like the Electronic Privacy Information Center (EPIC), the Consumer Federation of America, as well as from the state attorney general.
"I don't think a privacy provision will come out of the General Assembly this year," Brown said. "Internet privacy is not really on the radar screen at the state level."
Brown added that another obstacle is that many lawmakers in Maryland — which generally is viewed as a state that welcomes the high-tech community — want to be seen as "tech friendly." "Anytime you want to defeat something in Maryland," Brown said, "all you have to say is, 'Maryland isn't going to be tech-friendly.' You scare a lot of people away."
Washington state Attorney General Christine Gregoire faced a similar situation last year when she made Internet privacy a priority during her term as head of the National Association of Attorneys General (NAAG) last year. "The outcry [against any legislation] was huge," said the Internet Alliance's Hackett.
Edmund Mierzwinski, the consumer program director for the U.S. Public Interest Group (USPIRG), said that with all of the money and political muscle industries allied against stronger privacy protections have, there is a slim chance that states will muster the legislative determination to pass stronger bills.
"There is a lot of action out there in the states, but the industry groups that fought for the passage of Gramm-Leach-Bliley have reinvented themselves as an anti-privacy coalition and have sent people from K Street all over the country to speak against this legislation," Mierzwinski said. "Industry is pulling out all the stops to beat this legislation. We're all wondering how much money is involved."
The strongest argument those in industry have been making is one of uniformity. Businesses do not want to have to obey a patchwork of varying state privacy laws when they conduct business across state lines.
"E-commerce is not a single-state product or channel. ... To suggest there should be different substantive regulations state by state makes no sense whatsoever," said Richard Fischer, a partner with the Morrison and Foerster law firm.
"I don't look at this as preemption," Fisher added in arguing against privacy-related legislative action in the states. "I look at this as uniformity."
AGs Tackle Privacy, Too
Privacy advocates have found friends among the state attorneys general as they urge state lawmakers to act on the issue. NAAG members are still in the process of drafting privacy principles. The group recently revised its first draft in an effort to address some concerns technology groups were having with some of the principles.
At an NAAG Internet law conference next month in Boston, attorneys general will address the recent draft of its privacy principles in which members acknowledge the concerns raised about two principles: providing consumers access to the information businesses collect about them and guaranteeing the security of that information.
The "access" section of the draft includes a statement absent from the first draft that the NAAG released last December. "We recognize that this issue is particularly complex and defies easy solution, especially with respect to online interactions," the draft says.
"We're trying to develop some policy perspectives that would provide guidance to AGs as either state or federal legislation is under consideration," California Attorney General Bill Lockyer told National Journal's Technology Daily before the latest draft of the principles was debated. "We can't easily change the tradition ... and they [industry] seem to understand our role."
NEW FEATURE
-Advertisement-
-Advertisement-
-Advertisement-
