[ISN] U.S. firms gird for privacy rules

From: mea culpa (jerichoat_private)
Date: Thu Jan 14 1999 - 15:49:08 PST

  • Next message: mea culpa: "[ISN] IRS Computers Vulnerable"

    From: darek milewski <darekmat_private>
    U.S. firms gird for privacy rules
    Practices face scrutiny on two continents
    By Sharon Machlis
    01/11/99 Governments on both sides of the Atlantic are focusing on
    computer privacy practices this year. And that could have major
    implications for the way U.S. companies handle data and interact with
    consumers online -- especially for businesses enticed to expand their
    European operations in light of the launch of the new euro currency. 
    In the U.S., the Federal Trade Commission expects to participate in
    another sweep of U.S. Web sites, probably in March, to see if there has
    been progress on posting adequate privacy policies. The government wants
    consumers to know how their personal information is being used. 
    "Anything that will bolster consumer confidence is going to bode well for
    E-commerce," said Chet Dalzell, a spokesman for the Direct Marketing
    Association (DMA) in New York. "It's perception that matters." The DMA is
    leading efforts to produce the new Web site study in cooperation with the
    FTC and other organizations, possibly including privacy groups. 
    Meanwhile, the U.S. Commerce Department is negotiating with European Union
    officials on how U.S. companies can comply with the new EU Directive on
    Data Protection. 
    The directive, which went into effect in October, bars the transfer of
    data about EU citizens of any of the 15 member nations to any country
    deemed not to have "adequate" privacy protections -- potentially affecting
    everything from human resources and medical records to travel reservations
    and online shopping. 
    "Frankly, most of us don't like what the Europeans are doing, but we
    understand [their reasons]," said Jim Clawson, CEO of JBC International, a
    Washington-based consulting firm that has represented a coalition of
    businesses and professionals involved in overseas trade. 
    Why worry? Even before the EU directive, Fort Worth, Texas-based Sabre
    Group Inc. tried to register with Western European countries to ensure
    that it complied with national privacy laws. The result in Sweden: The
    Data Inspection Board ruled that travel agents who used the Sabre
    reservation system needed written consent from all of their customers for
    their data to be transmitted to Sabre's Tulsa, Okla., data center. The
    case is under appeal. 
    Meanwhile, businesses "are expressing concern about the lack of
    predictability" in Europe, said Barbara Wellbery, counselor to the
    undersecretary for electronic commerce in Washington. 
    U.S. and EU officials are slated to meet again this month to try to
    negotiate a so-called Safe Harbor proposal -- a set of rules that U.S.
    companies could pledge to adopt that the EU would consider adequate
    privacy protection.  European governments aren't expected to act against
    U.S. companies while talks continue. 
    But individual citizens are free to sue under the directive -- and members
    of Privacy International in London already have pledged to monitor the
    activities on and off the Net of two dozen large U.S. firms. 
    To gauge the state of Internet privacy in the U.S., the FTC surveyed about
    1,400 Web sites last March. It concluded that the online industry has
    "fallen short of what is needed to protect consumers." For example, 97% of
    financial sites took data from their users, but only 16% stated how that
    information would be used. 
    Political and industry officials warned then that new federal regulations
    were likely if the situation didn't improve. 
    The DMA said there has been major movement since then, with many more
    sites posting their privacy policies and joining organizations that
    provide privacy assurances. The Electronic Privacy Information Center in
    Washington, though, maintains that there still aren't enough protections
    in place -- and even if sites post policies, there's little assurance
    those rules are being followed. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:15:48 PDT