• PC World
• »Security

WASHINGTON--Another bill designed to guard consumers' privacy, though it targets real-world transactions as well as online ones, debuted in Congress and was greeted with derision by privacy advocates.

The Consumer Privacy Protection Act of 2002, introduced by Rep. Cliff Stearns (R-Florida), would require any business to give customers a clear option to protect "personally identifiable information" such as name, e-mail or physical address, and financial and medical information. It requires only an opt-out notice, and Stearns says he hopes the bill will encourage companies to adopt voluntary privacy standards.

It contrasts with a similar measure introduced in April by Senator Ernest "Fritz" Hollings (D-South Carolina) that addresses only online privacy. The Hollings bill distinguishes among levels of information sensitivity and gives customers both opt-in and opt-out choices at various levels.

Stearns contends that Hollings' approach would overregulate businesses and slow the market. He says that his legislation, in contrast, would simultaneously increase consumer confidence and give technology companies the breathing room they need to advance. In fact, Stearns has already garnered support from industry groups like the Computer Systems Policy Project, a coalition of technology chief executives including Michael Dell of Dell Computer and Christopher Galvin of Motorola.

The measure requires companies to comply in order to maintain good standing with the Federal Trade Commission. Companies would need to maintain privacy standards "the same as or greater than those" in the bill. The FTC would monitor compliance through random audits.

Mixed Reaction

The bill has already met staunch opposition from privacy groups like Privacyrightsnow.org, Junkbusters, and the Electronic Privacy Information Center. Chris Hoofnagle, EPIC's legislative counsel, describes the Stearns bill as "the weakest piece of privacy legislation ever."

Hoofnagle is wary of the provision in Stearns' bill that encourages companies to implement self-regulation. He calls the bill "a vessel for businesses who want preemption from state laws." He prefers the Hollings bill's approach because, unlike the Stearns bill, it guarantees to consumers the private right of access, meaning that they can retrieve previously submitted online information whenever they choose.

Mark Uncapher, vice president and counsel of the Information Technology Association of America, disagrees with Hoofnagle. He particularly likes the bill's proposal to preempt state privacy laws.

The Hollings bill actually opens the door to rampant identity theft, Uncapher says. He contends that if a hacker stole a consumer's identity, the private right of access would leave the real owner's information vulnerable. He also says that a provision in the Hollings bill mandating that businesses track the origin of all consumer information, online or offline, establishes an unfairly difficult standard.

"Hollings' bill focuses on information collection methods, but Stearns' [bill] approaches the issue of the harm or use of the information," Uncapher says. "That's a more balanced approach to addressing the issue of identity theft."

A representative of one consumer watchdog group also believes the Stearns bill is a step in the right direction, but thinks it may not go far enough to protect consumers from privacy breeches of their sensitive information.

"This bill shows [its supporters] put a lot of effort into addressing some of the issues in a serious way," says Ari Schwartz, associate director of the Center for Democracy and Technology, an Internet civil liberties public interest group. "But the bill could be taking a step back on sensitive information issues," which most consumers are concerned with protecting, Schwartz said.

Guidelines Preferred

Stearns says that he deliberately took a minimalist approach to privacy, providing guidelines and giving businesses some options.

He says that the bill takes a "do no harm" approach to industry by enhancing rather than replacing existing privacy acts, such as a 1999 law that addresses the privacy of financial information. Stearns stresses that the best privacy legislation is a "general and minimalist" kind rather than an "overreaching" federal statute.

"This measure serves as a floor, certainly not a ceiling" to privacy standards, says Representative Rick Boucher (D-Virginia), a co-sponsor of the bill.

Boucher predicts an overall increase in Internet commerce if the bill becomes law. He says this would result not from its provisions, but from higher standards of privacy protection that companies would voluntarily put in place.

No hearings have yet been set for the measure, though bills on such topics are typically referred to the House Committee on Energy and Commerce.

Cara Garretson of the IDG News Service contributed to this report.

• See more like this:
• privacy,
• legislation,
• congress,
• bill,
• law,
• stearns,
• hollings,
• house of representatives