From: darek milewski <darekm@cmeasures.com>
http://www.computerworld.com/home/print.nsf/CWFlash/990111priv
U.S. firms gird for privacy rules
Practices face scrutiny on two continents
By Sharon Machlis
01/11/99 Governments on both sides of the Atlantic are focusing on
computer privacy practices this year. And that could have major
implications for the way U.S. companies handle data and interact with
consumers online -- especially for businesses enticed to expand their
European operations in light of the launch of the new euro currency.
In the U.S., the Federal Trade Commission expects to participate in
another sweep of U.S. Web sites, probably in March, to see if there has
been progress on posting adequate privacy policies. The government wants
consumers to know how their personal information is being used.
"Anything that will bolster consumer confidence is going to bode well for
E-commerce," said Chet Dalzell, a spokesman for the Direct Marketing
Association (DMA) in New York. "It's perception that matters." The DMA is
leading efforts to produce the new Web site study in cooperation with the
FTC and other organizations, possibly including privacy groups.
Meanwhile, the U.S. Commerce Department is negotiating with European Union
officials on how U.S. companies can comply with the new EU Directive on
Data Protection.
The directive, which went into effect in October, bars the transfer of
data about EU citizens of any of the 15 member nations to any country
deemed not to have "adequate" privacy protections -- potentially affecting
everything from human resources and medical records to travel reservations
and online shopping.
"Frankly, most of us don't like what the Europeans are doing, but we
understand [their reasons]," said Jim Clawson, CEO of JBC International, a
Washington-based consulting firm that has represented a coalition of
businesses and professionals involved in overseas trade.
Why worry? Even before the EU directive, Fort Worth, Texas-based Sabre
Group Inc. tried to register with Western European countries to ensure
that it complied with national privacy laws. The result in Sweden: The
Data Inspection Board ruled that travel agents who used the Sabre
reservation system needed written consent from all of their customers for
their data to be transmitted to Sabre's Tulsa, Okla., data center. The
case is under appeal.
Meanwhile, businesses "are expressing concern about the lack of
predictability" in Europe, said Barbara Wellbery, counselor to the
undersecretary for electronic commerce in Washington.
U.S. and EU officials are slated to meet again this month to try to
negotiate a so-called Safe Harbor proposal -- a set of rules that U.S.
companies could pledge to adopt that the EU would consider adequate
privacy protection. European governments aren't expected to act against
U.S. companies while talks continue.
But individual citizens are free to sue under the directive -- and members
of Privacy International in London already have pledged to monitor the
activities on and off the Net of two dozen large U.S. firms.
To gauge the state of Internet privacy in the U.S., the FTC surveyed about
1,400 Web sites last March. It concluded that the online industry has
"fallen short of what is needed to protect consumers." For example, 97% of
financial sites took data from their users, but only 16% stated how that
information would be used.
Political and industry officials warned then that new federal regulations
were likely if the situation didn't improve.
The DMA said there has been major movement since then, with many more
sites posting their privacy policies and joining organizations that
provide privacy assurances. The Electronic Privacy Information Center in
Washington, though, maintains that there still aren't enough protections
in place -- and even if sites post policies, there's little assurance
those rules are being followed.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
Received on Thu Mar 11 16:59:44 1999