RealTime IT News

Privacy Rules: Business vs. Consumers

With control of the United States Congress changing hands in 2007, we can expect a number of legislative initiatives in the coming year that will affect privacy.

The business-sponsored lobbying groups are already sharpening their press release templates, the ones that predict dire consequences for any and every business if (insert regulatory proposal here) is passed by Congress.

For many businesses that are already laboring under dozens of different privacy and security regulatory schemes around the U.S. – and indeed all around the world – the prospect of new sweeping federal rules on privacy may feel that it’s just what the proverbial doctor ordered.

But they may not realize that the healthiest outcome for everyone concerned requires stronger medicine than they may be willing to stomach.

When it comes to consumer privacy laws and regulations, the current American landscape – which consists of a hodge-podge of approaches that vary wildly depending upon industry and business sector – is a veritable minefield of rules.

The kinds of privacy disclosures and security notifications you receive and your rights to access or protect your own private information may be quite different from state to state. And as complicated as it can be for you to know your rights, it can be even more complicated for businesses that have to be prepared to assist each one of their customers around the nation when any of them assert their rights.

With key lawmakers already making noises about the need for new approaches to issues such as wiretapping, identity theft, medical records privacy, and a whole host of anti-terror activities, many of the more forward-looking high-tech companies are already at work trying to guide those lawmakers toward smart solutions.

Earlier this year, Microsoft, HP, and eBay announced the formation of the Consumer Privacy Legislative Forum, a group of businesses allied to support legislation that will set standards for providing notice and choice to consumers about how their private information is used. They have since been joined by the likes of Oracle, Google, and Intel.

The goal of this effort is to define national standards for a variety of privacy and security issues and then enshrine them in federal law in such a way that they will preempt any existing state laws that might be contradictory or otherwise incompatible.

Of course, privacy advocates fear that the plans being advocated by these companies would define consumers’ rights very narrowly and define businesses’ obligations very minimally.

This is, of course, the standard approach of all business lobbyists, and it is based on the axiomatic belief that there are no good regulations and businesses must be left to do whatever they believe is best, because the market will eventually decide what is “right,” even if masses of innocent people are made miserable in the process.

Yet, we've seen an example of just how unhelpful such an approach can be.

Next page: The (very weak) CAN-SPAM Act