US must protect privacy better

The United States has lagged behind other countries in protecting personal data, and the Obama administration’s new online privacy bill is a step in the right direction. If President Obama’s proposed privacy bill is passed, it will put U.S. citizens on par with other nations in terms of privacy. Nevertheless, it will be only the first step toward protecting consumers.

Identity theft is rampant in the United States, and it is clear that more legislation to protect consumer data is needed. Traditionally, the European Union’s draconian legislation staunchly protects consumer data from being shared by big business. Legislation currently being debated by the European Parliament proposes strict new privacy laws for online consumers with substantial fines for online companies that fail to comply. Large multinational online companies have already been scrutinized by EU countries.

ADVERTISEMENT
The problem is, there is very little protection for U.S. consumers. Under the Gramm-Leach-Bliley Act, financial institutions must inform their customers of their privacy policy or any changes thereafter. Nevertheless, consumers can in no way prevent their personal data from being shared with third parties. The California Security Breach Information Act and other comparable state acts provide consumers with an assurance that they will be contacted if their information has been compromised, but there is no protection for consumers if they subsequently become victims of identity theft. Moreover, the act does not penalize companies for poor computer security. The Health Insurance Portability and Accountability Act has really been the only noticeable privacy protection legislation but is essentially limited to medical records.

Some might view the Obama administration’s new proposal as a ploy to gain greater support in an election year, but the online privacy bill should be viewed as a continuation of an existing effort to limit the control of big business over personal data. Last year’s Federal Trade Commission’s Do Not Track proposal, with the bipartisan support of Sens. John McCain (R-Ariz.) and John Kerry (D-Mass.), illustrates that the president has for some time been serious about protecting consumers online.

Obama has two young daughters, so the proposed legislation could also be somewhat personal. Anyone with young children is well aware of the heightened use of the Internet by our youth, and protecting our children online is a growing concern. Many worry how data are being collected about us and especially about our children, who generally never read an End User License Agreement or fully understand the implications of protecting their personal information.

Many consumers will hope that the proposed legislation in its current format will pass, although it will be vehemently challenged by legislators in Congress and by the lobbyists with substantial financial clout. Data mining and selling personal information to third parties is simply too big to begin scaling back on without a fight. Debates are already beginning to rage over Google’s new privacy policy, which is scheduled to be rolled out on March 1.

There are still unanswered questions with this proposed legislation, like its impact on applications. The links between our cellphones and online services are becoming stronger, and it will be interesting to see how this legislation will affect consumers who have Android devices with applications that integrate or communicate with online services.

The Obama administration’s online privacy bill closely mimics EU privacy legislation currently being considered. Although stiff opposition is likely from many online service providers, it could actually benefit businesses and improve their image. We might end up witnessing something similar to what happened to the anti-spam legislation, which was modified after pressure on Congress and ironically ended up being supported by spammers.

According to one recent report, annual losses from cybercrime are estimated to be $388 billion, which is close to being on par with the illicit drug industry. Yet most don’t consider cybercrime and network breaches as an epidemic. Greater security of personal information is desperately needed. Consumers must be given greater control over their information and the sharing of that sensitive data.

For this legislation to be effective, stiff fines must be levied on companies that fail to comply. Privacy policies need to become more comprehensive — consumers do not read lengthy End User License Agreements, and how many people actually understand them? In order for the United States to remain in line with the EU and other nations, the hope is that the main tenets of this legislation will not become diluted.

Hayes chairs the computer information systems program at New York’s Pace University.