This Could Be the Year for Privacy

Bills being introduced amid questions of potential cost, compliance, disparity

The battle over privacy legislation has begun in earnest in the states and in Congress, in what may be the pivotal year for this issue.

Last week, the first major bipartisan bill regarding online privacy was introduced in Congress. But states—which have just begun calling their legislatures into session—are seeing a flurry of privacy-related bills, many of which could affect financial service companies.

What may be the biggest problem facing some businesses is the potential hodgepodge of state legislation, with varying rules and standards for protecting privacy.

Dozens of bills are being introduced in response to the Gramm-Leach-Bliley Act—a sweeping financial deregulation bill that was approved by Congress two years ago. That legislation didn't preempt the authority of states to adopt their own financial privacy rules. "The big question is, How does a state government that has been rooted in geography deal with a medium that knows no boundaries?" said Emily Hackett, state policy director at The Internet Alliance, a Washington-based trade group.

Touting Tools, Not Laws

"It is very difficult to deal with a myriad of different types of regulation on the same issue," said Kirk Herath, chief privacy officer at Nationwide Insurance Cos. The Columbus, Ohio-based company could ultimately be forced to model its privacy rules around those states with the toughest privacy bills to ensure compliance nationally, he said.

But compliance may be expensive. For instance, if a company adopts "opt-in" policies across the board for all its business units, its systems will have to be able to easily exchange data, which isn't simple for a firm with a lot of legacy systems, said Herath. "There are some systems people [who] really hope that privacy and security will probably drive a lot of systems infrastructure investment over the next 10 years," he said.

Some key lawmakers, including the powerful House Energy and Commerce Committee chairman, Rep. W.J. "Billy" Tauzin (R-La.), have predicted that online privacy legislation will be passed, perhaps in as little as eight months.

"We're gearing up and organizing to take on this issue," said Tauzin, speaking to reporters after a recent forum sponsored by Palo Alto, Calif.-based high-tech public policy group TechNet and the Arlington, Va.-based National Venture Capital Association.

But Bob Herbold, Microsoft Corp.'s executive vice president and chief operating officer, who also spoke at the high-tech forum, urged continued self-regulatory efforts. He said the industry is deploying tools, such as the Platform for Privacy Preferences Project, that customers can trust to protect their privacy.

"We think it's better that companies like Microsoft and others in this industry provide those tools as opposed to dealing with burdensome legislation," Herbold said.

At Issue

Areas of dispute in privacy legislation that’s appearing both in states and in the U.S. Congress:

Opt-in vs. Opt-out: Some business groups argue that customers are less likely to agree to receive e-mail advertisements if they have to opt in. Many consumer groups want “opt-in” standards.
Access: Allowing customers to have access to data collected by them may be expensive and difficult to achieve. Privacy groups see access as a fundamental right.
Federal Preemption: Congress can override state privacy laws and limit a person’s ability to sue, as it did with the Y2k liability limiting legislation. These provisions are expected to bring major battles.

Copyright © 2001 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon