Microsoft, HP, eBay to weigh in on U.S. privacy laws
The move could lead to a standard federal breach-notification law
IDG News Service - A group of U.S. companies, led by technology giants Microsoft, Hewlett-Packard and eBay, is set to outline recommendations for new federal data-privacy legislation that could make life easier for consumers and lead to a standard federal breach-notification law.
The recommendations, which were developed by a group of industry players called the Consumer Privacy Legislative Forum, are set to be released at a privacy conference six weeks from now, according to Peter Cullen, Microsoft Corp.'s chief privacy officer.
The companies have been working for the past three years to encourage the adoption of federal consumer data-privacy laws and to answer the question of what federal legislation should look like, Cullen said in an interview. Other forum members include Google, Oracle, Procter & Gamble and Eli Lilly.
One idea is that laws should make it easier for consumers to understand what they're getting into when they share their personal data with Web sites, Cullen said. "The whole focus on consent really puts an unfair burden on the consumer," he said. "My mom doesn't know what an IP address is."
The recommendations will cover rules around data use and the ability of consumers to correct inaccurate data. And they will cover data breach notification, which is now covered by a patchwork of state laws.
"We need to think about much more of a framework approach," Cullen said.
Congress has passed some laws covering consumer data privacy, such as the 1996 Health Insurance Portability and Accountability Act (HIPAA), but existing laws do not comprehensively cover consumer privacy in general.
Bills have been proposed, but they have all died in committee or on the House floor, said Ari Schwartz, chief operating officer of the Center for Democracy and Technology (CDT), a public-policy advocacy group.
Schwartz said he expects new legislation to be put forward again this year. Whether it will pass is another question. "By the end of this year, we'll be able to determine whether this Congress can deal with it," he said. "There's a lot going on right now because of the economy, but there are members who have said they want to see privacy legislation."
Although the CDT was a charter member of the Consumer Privacy Legislative Forum, the group dropped out about six months after its creation when members decided to focus on working with industry rather than public-interest groups, Schwartz said. The split was amicable, he said.
"They're people that are clearly committed to legislation," he said. "A lot of them put their necks out to support it at a time when it would not be as popular as it would be right now."
One academic who follows the topic said it's significant that the industry has agreed in principle that there should be some sort of baseline privacy law.
"That's interesting, because prior to 2006, these groups were pumping money into the libertarian machine, and now the tune is a bit different and more open to different options," Chris Hoofnagle, director of the Berkeley Center for Law & Technology's information privacy programs, said via e-mail.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts