Forwarded From: Dan Moniz <dnm@unix-security.net>
Tackling E-Privacy in New York
by Chris Oakes
If the federal government won't get tough with the issue of online
consumer privacy, New York state is determined to do it.
The New York State Assembly has passed the part of a legislative package
designed to erect unprecedented privacy safeguards for consumer
information in the information age.
"The more you learn about computers and email and ordering and passing
information by email and the Internet, the more people realize that laws
that protect them in different venues are not in place on the Internet,"
said Assemblywoman Audrey Pheffer.
Pheffer, a Democrat from Queens, is head of the Consumer Affairs and
Protections Committee and author of several measures in the legislative
package, considered the most comprehensive state action on consumer
privacy to date.
Fourteen bills passed last week are expected to pass committee and reach
the assembly floor as early as this week. The New York Senate plans to
present its own privacy package this summer.
The broad-ranging measures grew out of the increasing availability of
personal information. The bills target privacy invasions that the assembly
said could lead to everything from personal financial loss and damaged
credit ratings to discrimination.
The authors blame the new risks on computers and Internet use, and modern
technology in general, which threaten privacy with everything from DNA
advances to the widespread selling and distribution of digital
information.
"We had to do this because three to five years ago we never thought when
we passed legislation that this would be something we'd have to deal with
-- the theft of identity, the selling of email information, the selling of
digital photo images," Pheffer said.
The bills require confidentiality of personal records, prevent the selling
of email addresses without consent, and prohibit various sophisticated
telemarketing tricks enabled by modern technology.
"We tried to deal with the many issues we and the attorney general have
received complaints on," Pheffer said.
Whereas consumers used to worry about the theft of a credit card or a
driver license, Pheffer said that the dangers of information theft are
much greater.
"[A thief] can steal everything so that they [can] become you. We've had
stories where people had automobiles ordered [in their name] and just by
luck were able to actually stop the delivery of the car. It's much more
than the stealing of a credit card."
Identity theft is enabled by electronic access to home addresses, social
security numbers, and the like, Pheffer said.
The new legislation isn't just targeted at data collected by thieves. It
places companies under scrutiny, too.
"As technology provides more efficient ways for commercial enterprises to
gather and distribute information to consumers, it is vital that the laws
of the state be modernized to ensure personal privacy," said Attorney
General Eliot Spitzer in statement. Spitzer is one of the primary authors
and presenters of the legislative package.
Spitzer said that the legislation he authored will strengthen the
individual's control over personal information.
Privacy experts and advocates are enthused.
"The New York legislation package is very, very exciting," said Paul
Schwartz, a law professor at Brooklyn Law School. "I think that this is
something that is going to shift power to people on the Internet, and
increase the transparencies of [privacy] policies [online]."
"It's not surprising that states are moving when Washington policy
legislators are largely sitting on their hands," said Marc Rotenberg,
executive director of the Electronic Privacy Information Center.
Existing federal measures to protect consumer privacy are largely directed
at children. The Federal Trade Commission is charged with protecting
privacy, but it can only bring limited civil actions.
Critics charge that the US Commerce Department has failed to put its teeth
behind consumer privacy because the Internet industry has successfully
lobbied the agency that the associated costs of such a move would threaten
the nation's lead in global e-commerce.
In a privacy hearing in Washington last week, Rotenberg said that Congress
showed itself to be inactive on the issue.
"Everyone sat back and said 'Oh, it looks like self-regulation is working
[and we] don't need to do anything.... By and large, I think the states
have not been very impressed. So now they're dealing with wide range of
issues."
New York has been a state leader in areas of consumer protection and
privacy protection, Rotenberg said.
But Rotenberg noted that the potential impact of the various bills on
Internet activity is still unclear. "By and large, the bills really target
activity off the Internet," Rotenberg said. "[They] treat the Internet as
one of many privacy issues."
Still, one of the measures in the package would add a prohibition of the
sale, lease, or exchange of any consumer's email address and any other
personal identifying information that might be obtained online without a
consumer's consent.
Jason Catlett, of the online privacy watchdog group Junkbusters, is
especially pleased with that measure.
But he and others caution that the statewide reach of the legislation is
one caveat for anyone hoping for far-reaching impact.
"Most privacy advocates and experts would prefer to see broad federal
legislation for the protection of personal data," said Catlett. "But some
of these piecemeal measures may prevent some very specific injuries that
consumers are suffering daily."
Still, he said that some of the bills have a "private right of action,
which allows individual consumers to sue companies that invade their
privacy." That principle has worked well in telemarketing legislation and
deserves to be extended to personal data protection, he said.
-o-
Subscribe: mail majordomo@repsec.com with "subscribe isn".
Today's ISN Sponsor: OSAll [www.aviary-mag.com]
Received on Fri Jun 4 10:03:39 1999