The Online Personal Privacy Act, sponsored by Ernest "Fritz" Hollings (D-S.C.), chairman of the Senate Commerce Committee, has been waiting for Senate floor debate all summer after receiving approval from Hollings' panel this past May. An aid in Hollings' office says even though the bill -- S. 2201 -- is on the Senate calendar, there's a great deal of doubt that it will ever actually be voted on this year. The Senate is busy wrestling with 13 appropriation bills, coming elections and work on homeland security issues.
If the online privacy bill isn't voted on this term, it would have to be reintroduced and the long process would start all over.
"I am a little disappointed it's stalling in the Senate," says Ray Everett-Church, chief privacy officer for the ePrivacy Group, an online privacy consulting firm. "The bill itself leaves a bit to be desired...but the legislation has focused debate on some of these really tricky issues. The fact it isn't likely to pass is fine. The good thing has been the debate about access, online practices and data gathering."
And those very issues have stirred up heated debate.
The online privacy bill would set a national standard for all online transactions. It's a move Hollings says will promote consumer confidence in buying online, bolster spending and give some much-needed support to the lagging high-tech industry.
But some in the e-commerce arena worry that the passage of the bill would mean expensive overhauls of e-commerce systems and databases, and create security nightmares by letting customers into the system to check -- and change -- their personal information.
The bill calls for:
- Rules governing consumers' ability to opt-in, or specifically OK, the collection of "sensitive personal data," such as race, income level and sexual preference;
- Rules giving consumers the opt-out option for the collection "non-sensitive" information, such as name, address and purchase history;
- A national standard, preempting state laws or the ability of states to pass their own online privacy rules;
- Individuals gain the right to sue over privacy breaches, opening the door to class-action lawsuits;
- "Reasonable access" or the right for consumers to view and change personal data, and
- Enforcement by the Federal Trade Commission (FTC) and state Attorneys General.
On the positive side, consumers would be able to see what information is being stored about them. Hollings and his privacy backers say the bill would help people feel more secure in trusting online companies with their personal information.
A recent study by Forrester Research Inc. reports that online businesses lost $15 billion last year due to consumer privacy concerns. More trust, Hollings says, would mean more spending.
One the opposite side, giving users that kind of access to a corporate network leaves a giant hole in security efforts. And the bill could pull IT workers off other projects and have them spending months rebuilding their e-commerce infrastructure and creating a pathway for consumers to view and change their personal information without compromising security.
"This could place some pretty heavy burdens on businesses," says Everett-Church. "The access requirements have always been a problem area. The trick has been if you're giving people access to read what you have in your database about them, how do you authenticate who is accessing that data? Can it be spoofed or faked? You don't want to give easy access to people if there's any potential that the access is a greater threat to privacy."
"It's not a perfect law so I'm not necessarily upset that it looks like it's failing," says Kelly Thompson, an independent privacy and antispam consultant with her firm, EmailAdvisors.com. "I'm hopeful for the next bill [to come along], but I'll reserve judgment until I see the actual text of it. Sometimes what knowledgeable people recommend is different from what comes out the other end in political issues."
Reprinted from Datamation.