Forwarded From: Dan Moniz <dnm@unix-security.net> Tackling E-Privacy in New York by Chris Oakes If the federal government won't get tough with the issue of online consumer privacy, New York state is determined to do it. The New York State Assembly has passed the part of a legislative package designed to erect unprecedented privacy safeguards for consumer information in the information age. "The more you learn about computers and email and ordering and passing information by email and the Internet, the more people realize that laws that protect them in different venues are not in place on the Internet," said Assemblywoman Audrey Pheffer. Pheffer, a Democrat from Queens, is head of the Consumer Affairs and Protections Committee and author of several measures in the legislative package, considered the most comprehensive state action on consumer privacy to date. Fourteen bills passed last week are expected to pass committee and reach the assembly floor as early as this week. The New York Senate plans to present its own privacy package this summer. The broad-ranging measures grew out of the increasing availability of personal information. The bills target privacy invasions that the assembly said could lead to everything from personal financial loss and damaged credit ratings to discrimination. The authors blame the new risks on computers and Internet use, and modern technology in general, which threaten privacy with everything from DNA advances to the widespread selling and distribution of digital information. "We had to do this because three to five years ago we never thought when we passed legislation that this would be something we'd have to deal with -- the theft of identity, the selling of email information, the selling of digital photo images," Pheffer said. The bills require confidentiality of personal records, prevent the selling of email addresses without consent, and prohibit various sophisticated telemarketing tricks enabled by modern technology. "We tried to deal with the many issues we and the attorney general have received complaints on," Pheffer said. Whereas consumers used to worry about the theft of a credit card or a driver license, Pheffer said that the dangers of information theft are much greater. "[A thief] can steal everything so that they [can] become you. We've had stories where people had automobiles ordered [in their name] and just by luck were able to actually stop the delivery of the car. It's much more than the stealing of a credit card." Identity theft is enabled by electronic access to home addresses, social security numbers, and the like, Pheffer said. The new legislation isn't just targeted at data collected by thieves. It places companies under scrutiny, too. "As technology provides more efficient ways for commercial enterprises to gather and distribute information to consumers, it is vital that the laws of the state be modernized to ensure personal privacy," said Attorney General Eliot Spitzer in statement. Spitzer is one of the primary authors and presenters of the legislative package. Spitzer said that the legislation he authored will strengthen the individual's control over personal information. Privacy experts and advocates are enthused. "The New York legislation package is very, very exciting," said Paul Schwartz, a law professor at Brooklyn Law School. "I think that this is something that is going to shift power to people on the Internet, and increase the transparencies of [privacy] policies [online]." "It's not surprising that states are moving when Washington policy legislators are largely sitting on their hands," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. Existing federal measures to protect consumer privacy are largely directed at children. The Federal Trade Commission is charged with protecting privacy, but it can only bring limited civil actions. Critics charge that the US Commerce Department has failed to put its teeth behind consumer privacy because the Internet industry has successfully lobbied the agency that the associated costs of such a move would threaten the nation's lead in global e-commerce. In a privacy hearing in Washington last week, Rotenberg said that Congress showed itself to be inactive on the issue. "Everyone sat back and said 'Oh, it looks like self-regulation is working [and we] don't need to do anything.... By and large, I think the states have not been very impressed. So now they're dealing with wide range of issues." New York has been a state leader in areas of consumer protection and privacy protection, Rotenberg said. But Rotenberg noted that the potential impact of the various bills on Internet activity is still unclear. "By and large, the bills really target activity off the Internet," Rotenberg said. "[They] treat the Internet as one of many privacy issues." Still, one of the measures in the package would add a prohibition of the sale, lease, or exchange of any consumer's email address and any other personal identifying information that might be obtained online without a consumer's consent. Jason Catlett, of the online privacy watchdog group Junkbusters, is especially pleased with that measure. But he and others caution that the statewide reach of the legislation is one caveat for anyone hoping for far-reaching impact. "Most privacy advocates and experts would prefer to see broad federal legislation for the protection of personal data," said Catlett. "But some of these piecemeal measures may prevent some very specific injuries that consumers are suffering daily." Still, he said that some of the bills have a "private right of action, which allows individual consumers to sue companies that invade their privacy." That principle has worked well in telemarketing legislation and deserves to be extended to personal data protection, he said. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: OSAll [www.aviary-mag.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:24:23 PDT