From: darek milewski <darekmat_private> http://www.computerworld.com/home/print.nsf/CWFlash/990111priv U.S. firms gird for privacy rules Practices face scrutiny on two continents By Sharon Machlis 01/11/99 Governments on both sides of the Atlantic are focusing on computer privacy practices this year. And that could have major implications for the way U.S. companies handle data and interact with consumers online -- especially for businesses enticed to expand their European operations in light of the launch of the new euro currency. In the U.S., the Federal Trade Commission expects to participate in another sweep of U.S. Web sites, probably in March, to see if there has been progress on posting adequate privacy policies. The government wants consumers to know how their personal information is being used. "Anything that will bolster consumer confidence is going to bode well for E-commerce," said Chet Dalzell, a spokesman for the Direct Marketing Association (DMA) in New York. "It's perception that matters." The DMA is leading efforts to produce the new Web site study in cooperation with the FTC and other organizations, possibly including privacy groups. Meanwhile, the U.S. Commerce Department is negotiating with European Union officials on how U.S. companies can comply with the new EU Directive on Data Protection. The directive, which went into effect in October, bars the transfer of data about EU citizens of any of the 15 member nations to any country deemed not to have "adequate" privacy protections -- potentially affecting everything from human resources and medical records to travel reservations and online shopping. "Frankly, most of us don't like what the Europeans are doing, but we understand [their reasons]," said Jim Clawson, CEO of JBC International, a Washington-based consulting firm that has represented a coalition of businesses and professionals involved in overseas trade. Why worry? Even before the EU directive, Fort Worth, Texas-based Sabre Group Inc. tried to register with Western European countries to ensure that it complied with national privacy laws. The result in Sweden: The Data Inspection Board ruled that travel agents who used the Sabre reservation system needed written consent from all of their customers for their data to be transmitted to Sabre's Tulsa, Okla., data center. The case is under appeal. Meanwhile, businesses "are expressing concern about the lack of predictability" in Europe, said Barbara Wellbery, counselor to the undersecretary for electronic commerce in Washington. U.S. and EU officials are slated to meet again this month to try to negotiate a so-called Safe Harbor proposal -- a set of rules that U.S. companies could pledge to adopt that the EU would consider adequate privacy protection. European governments aren't expected to act against U.S. companies while talks continue. But individual citizens are free to sue under the directive -- and members of Privacy International in London already have pledged to monitor the activities on and off the Net of two dozen large U.S. firms. To gauge the state of Internet privacy in the U.S., the FTC surveyed about 1,400 Web sites last March. It concluded that the online industry has "fallen short of what is needed to protect consumers." For example, 97% of financial sites took data from their users, but only 16% stated how that information would be used. Political and industry officials warned then that new federal regulations were likely if the situation didn't improve. The DMA said there has been major movement since then, with many more sites posting their privacy policies and joining organizations that provide privacy assurances. The Electronic Privacy Information Center in Washington, though, maintains that there still aren't enough protections in place -- and even if sites post policies, there's little assurance those rules are being followed. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:48 PDT