Privacy again a hot-button issue for legislators

Computerworld - WASHINGTON -- Top federal and state privacy enforcement officials are promising aggressive action against companies that, through theft or accident, allow customer data to leak out. But there are divergent views on whether tougher privacy legislation is actually needed to protect customer data.
U.S. Rep. Clifford Stearns (R-Fla.), the leading advocate of privacy legislation in the House of Representatives, said he plans to reintroduce within a few days privacy legislation that would set an "opt-out" standard for consumers. That would give consumers some way to limit the sharing of data, but it would also protect businesses from private lawsuits and leave enforcement to federal and state authorities.
Citing the Republicans' control of Congress, Stearns said prospects for passage of his bill this session are good. He also said the possibility of an invasion of Iraq and the continuing hunt for terrorists are leading to an erosion of privacy at the same time that the aggregation of personal data is happening quickly. "In the end, we are acquiescing in many ways, giving up more of our privacy," Stearns said today at the International Association of Privacy Professionals conference.
While Congress prepares to debate the issue, New York's assistant attorney general in charge of the Internet bureau today promised "aggressive" enforcement against companies that leak customer data and otherwise violate their own consumer privacy pledges.
"There are going to continue to be hackings and exposures of databases and questions about whether they were adequately secured," said Assistant Attorney General David Stampley, who believes that there will be enough "data spills" during the next year to keep his office busy.
Actions by New York law enforcement agencies can easily have a national impact because of the high concentration of corporate headquarters in that state. New York state agencies have already proved their muscle with their recent crackdown on securities firms for misleading dot-com investors.
Officials at the Federal Trade Commission promised similar enforcement action. But one commissioner, Orson Swindle, said he doesn't think new laws are needed. Swindle said he firmly believes "that private-sector leadership and creativity are a far better solution than cumbersome and highly likely ineffective new legislation."
Joel Winston, associate director of the FTC, said he doesn't believe that Congress will approve broad privacy legislation this year. Instead, he predicted that new privacy rules would arrive as part of the extension of the preemption provision of the Federal Fair Credit Reporting Act. That provision, which keeps states from blocking the sharing of consumer credit data, is due to expire next January.
Winston said he expects the preemption to be extended, but only after provisions for tougher identity-theft protections and financial privacy provisions are included.
Stearns' privacy bill may include some new provisions, including one antispam measure that lessens the possible penalties for people who forge e-mail headers. Many of the bills introduced in previous sessions set criminal penalties for header falsification. His proposal would impose fines that, according to one person familiar with the bill, would be more in line with the actual seriousness of the action.