om Staff Writer. A Republican U.S. Representative plans
to introduce long-awaited privacy legislation Wednesday that would
require companies to disclose how they collect consumer information.
House Energy and Commerce Consumer Protection Subcommittee
Chairman Cliff Stearns (R-Fla.) has enlisted 19 co-sponsors for a bill
he outlined in October, which would set minimum privacy standards for
businesses.
"Congress needs to address the American people's concern with the
online and offline collection and use of personal information,"
Stearns said in a statement.
The legislation would require companies to provide "notice" of their
privacy practices, as well as a description of how information is
collected.
The bill also would preempt tougher state privacy laws, and would
allow consumers to remove their personal information from customer
marketing lists often traded or sold to other companies.
In addition, the measure would toughen existing laws on identity
theft and prohibit the sale of Social Security numbers and would
give sole enforcement authority to the Federal Trade Commission.
The legislation also would grant companies "safe harbor" from civil
lawsuits for privacy violations, provided they join an FTC-approved
self-regulatory agency - such as Truste or BBBOnline - that meets
the federal baseline privacy principles.
Stearns has removed a controversial provision that would have barred
U.S. authorities from enforcing European privacy laws, said sources
familiar with the bill.
But privacy groups say the bill does not go far enough to protect
consumers' most private information, such as health and financial
data.
"It seems as though this bill does not address some of the major
concerns that most Americans have about privacy," said Ari Schwartz,
a policy analyst with the Center for Democracy and Technology.
In that regard, the Stearns bill contrasts with legislation
introduced last month by Senate Commerce Committee Chairman Ernest
"Fritz" Hollings (D-S.C.), which would require Internet businesses to
obtain consumers' consent before collecting or sharing their
"sensitive" personal information. Such data might include financial
and medical information, or religious or political affiliation.
Stearns' measure leaves the protection of consumers' medical and
financial information to privacy provisions in laws already on the
books, such as the Gramm-Leach-Bliley financial services
modernization law and the Health Insurance Portability and
Accountability Act.
Critics say the bill's reliance on existing enforcement laws is
hypocritical, given that opponents of more restrictive measures have
derided Gramm-Leach-Bliley as a hastily crafted, ill-conceived
vehicle for protecting consumer privacy.
That law gave consumers the right to opt out of having their
financial information shared with affiliates and marketers. While the
opt-out notices that banks mailed to consumers this summer cost
millions of dollars to process, most were so complicated that
consumers simply threw them away unread, critics said.
Chris Hoofnagle, legislative counsel for the Electronic Privacy
Information Center, said the Stearns bill would offer consumers little
protection without a right-of-private action against companies that
violate their own privacy policies. That right is guaranteed in the
Hollings bill.
"This is an awful proposal that gives consumers nothing," Hoofnagle
said of the Stearns proposal. "I challenge anyone to find something
that this bill would remedy."
U.S. Chamber of Commerce spokesman Joe Rubin said the legislation was
a welcome contrast to the Hollings bill. But he also questioned the
need for additional privacy regulations.
"It's certainly a more thoughtful approach than the Hollings bill,
but we still have some questions about whether privacy legislation is
even necessary," he said.
Reported by Washtech.com, http://www.washtech.com .
11:33 CST
(20020507/WIRES TOP, ONLINE, LEGAL, BUSINESS/PRIVACY2/PHOTO)