By CHRISTOPHER S. RUGABER, AP Business Writer
Microsoft Corp., Hewlett-Packard Co. and other high-tech companies are
preparing to push for data-privacy legislation next year to replace
what they consider an outdated patchwork of state and federal laws
that are inconsistent and burdensome.
"We think the time has come for a comprehensive privacy bill that
would protect consumers' personal information while still allowing the
flow of information needed for commerce online," Ira Rubinstein, a
Microsoft lawyer, said this week.
Several recent high-profile breaches of consumers' personal
information have made consideration of privacy proposals more likely,
Rubinstein said. The Social Security numbers and medical data of
approximately 930,000 people were compromised this June, for example,
when computer equipment belonging to insurance provider American
International Group Inc. was stolen.
Microsoft, HP and eBay Inc. earlier this year formed the Consumer
Privacy Legislative Forum to lobby for privacy legislation. Google
Inc., Intel Corp., Oracle Corp. and other companies later joined.
The forum supports legislation that would set standards for what
notice must be given to consumers about personal information collected
on them and how it will be used, Rubinstein said. The companies are
aiming for a law that would override any existing state laws and
standardize privacy rules across industries.
The group's efforts will likely face some opposition, however.
Marc Rotenberg, executive director of the Electronic Privacy
Information Center, a consumer advocacy group, said the proposals, if
adopted, would amount to an industry drafting its own regulations.
Rotenberg also argued that the notices to consumers preferred by
Microsoft and other companies are insufficient to protect online
privacy. Instead, consumers should have access to the data that
companies have on them and have more control over how they are used,
he said, similar to the way consumers can currently access their
credit reports.
Rotenberg also opposes the pre-emption of state laws, which he said in
many cases have better protections than federal rules. Many anti-spam
experts complained when Congress in 2003 approved a measure that did
not let individuals sue spammers and that pre-empted most state laws
that did.
Meanwhile, Stuart Ingis, a partner at the law firm Venable LLP, said
that a broad privacy measure is unnecessary.
"Comprehensive privacy legislation already exists in this country," he
said, citing existing laws and regulations governing financial and
health-care privacy.
Those rules took decades to develop and provide strong protections for
consumers, said Ingis, whose firm represents several companies and
trade groups that track privacy issues.
Although high-tech companies have been seeking comprehensive federal
privacy legislation, Congress has focused on the steps companies
should take to protect data and when companies should notify consumers
of data security breaches.
But several data security bills failed to pass during the soon-to-end
congressional session, largely because of jurisdictional struggles
between different congressional committees, said Steve Adamske,
spokesman for Rep. Barney Frank (news, bio, voting record), D-Mass.
Frank, incoming chairman of the House Financial Services Committee,
said Wednesday that he plans to consider the issue of data security
next year. To avoid a repeat of the jurisdictional struggle, Frank
says he plans to propose to incoming House Speaker Nancy Pelosi that
she appoint a task force of members from committees with oversight on
privacy matters to work on the issue.
Copyright 2006 The Associated Press.
For more news and headlines, please go to:
http://telecom-digest.org/td-extra/newstoday.html
Christopher S. Rugaber, AP (ap@telecom-digest.org)