The Federal Government Moves Toward Increasing Privacy Online
Insight February 11, 2011
The tides of online privacy are changing quickly. Businesses may be collecting more information than they need and sometimes sharing it without the informed consent of consumers. The federal government intends to curb this by modifying current protection for consumers, offering more precise guidelines for businesses, and creating greater transparency in consumer-business relations.
Online privacy is more complicated than simply avoiding questionable websites or using secure passwords. While there is a big problem with identity theft by individuals who steal personal information, there are risks associated with information gathered by companies or information available to the government. It is difficult to know just how much data is collected and who is collecting it.
User privacy agreements vary drastically and can change over time. Privacy agreements may be wordy and difficult to understand. This is the situation that the Federal Trade Commission (FTC) and Department of Commerce (DOC) seek to improve.
The FTC works to protect consumers, creating and enforcing laws relating to the way businesses obtain and protect individuals’ personal information. The Gramm-Leach-Blily Act governs financial privacy notices, requires plans for safeguarding personal information and forbids the use of false pretenses to obtain personal financial information. It impacts companies that are significantly engaged in certain financial activities such as non-bank mortgage lenders and tax-preparers. The privacy notice requirement depends on the type of relationship between the individual and the company.
Everyone has the right to opt-out of having their information shared with third parties under the Gramm-Leach-Blily Act. The privacy notice must clearly explain how to opt-out. There are very few exceptions, including situations where third parties process data for the company, the disclosure is legally required, or customer data is shared with outside companies that do marketing for the company. Information received by such third parties may only be used for limited purposes. Other FTC efforts in this arena include the Fair Credit Reporting Act and the Children’s Online Privacy Protection Act.
This imposes serious responsibilities on businesses both big and small. The FTC advises that businesses keep track of the type of information they store, take care to keep only what they need, protect the information, purge any unnecessary data and create a comprehensive response plan in the event something goes awry.
The FTC protects the rights of individuals by springing into action where consumers have been unlawfully harmed. They conduct investigations and, when necessary, file suit.
The Electronic Communications Privacy Act (ECPA) was originally enacted in 1986 to standardize law enforcement access to electronic communications. Technology has boomed in the 25 years since the Act was passed and now many criticize it as difficult to apply in an age where so much information is transferred electronically and stored remotely. Additionally, the Patriot Act modified protections afforded under the ECPA and several court decisions have sought to protect individuals’ privacy with respect to electronic communications such as e-mail and cellular phone location.
Both the FTC and the DOC recently stated that current privacy protections are inadequate. The DOC feels that with increasing awareness of the lack of adequate protection, consumers are refraining from adopting new technology. The DOC wants to promote consumer confidence while maintaining an environment that encourages innovation in e-commerce. Thus, businesses must do more to earn consumer trust.
Also, the government must help by creating guidelines and enforcing them. One possibility is implementation of a baseline law incorporating the Fair Information Practice Principles, considered a “Privacy Bill of Rights.” Another possibility provides for implementation of rules on an industry-by-industry basis, allowing flexibility for the varying needs of different industries, adopting rules created by business, government and public advocates. Either way, it will include consideration of the current state of the ECPA.
The FTC produced a report discussing its ideal framework for protecting consumers’ privacy, disallowing slow-moving industry self-regulation and bolstering consumer trust. Consumers should be aware of information that is being collected, giving them the ability to make informed choices as to what they wish to share.
New laws may lead to more work for businesses needing to comply with the government’s requirements for consumer protection. Consumers should have a better understanding of what information is collected and what can be done with it, allowing more educated decisions in dealings with companies (both online and offline). The FTC requests that parties interested in the future of regulations submit written comments to guide development and refinement.
If you have concerns regarding the way that current or future policies may affect you or your business, consult an experienced attorney at Rimon Law Group.
This information serves as general information about the subject matter and is not a substitute for specialist advice.