[Politech] Hoofnagle, Solove release Politech-improved v2.0 of Privacy Protection Plan [priv]

From: Declan McCullagh (declan@private)
Date: Wed Apr 06 2005 - 20:11:48 PDT


Previous Politech debate:
http://www.politechbot.com/2005/03/18/catos-jim-harper/
http://www.politechbot.com/2005/03/21/eric-grimm-debate/
http://www.politechbot.com/2005/03/11/request-for-critique/

-Declan

-------- Original Message --------
Subject: Model Privacy Regime Update
Date: Wed, 06 Apr 2005 09:28:34 -0700
From: Chris Hoofnagle <hoofnagle@private>
To: declan@private

Hi Declan,

Dan Solove and I are releasing version 2.0 of our Model Regime of
Privacy Protection.  We received many comments from the Politech
crowd, and incorporated them into this version.  We're continuing to
seek input, and I'd appreciate it if you sent this version onto
Politechbot.

Regards,
Chris

http://papers.ssrn.com/sol3/papers.cfm?abstract_id=699701

Model Regime of Privacy Protection (Version 2.0)
DANIEL J. SOLOVE
George Washington University Law School
CHRIS JAY HOOFNAGLE
Electronic Privacy Information Center West Coast Office

April 5, 2005

Abstract:
VERSION 2.0

This version incorporates and responds to the many comments that we
received to Version 1.1, which we released on March 10, 2005.

Privacy protection in the United States has often been criticized,
but critics have too infrequently suggested specific proposals for
reform. Recently, there has been significant legislative interest at
both the federal and state levels in addressing the privacy of
personal information. This was sparked when ChoicePoint, one of the
largest data brokers in the United States with records on almost
every adult American citizen, sold data on about 145,000 people to
fraudulent businesses set up by identity thieves. Other companies
announced security breaches, including LexisNexis, from which
personal information about 32,000 people was improperly accessed.
Senator Schumer criticized Westlaw for making available to certain
subscribers personal information including Social Security Numbers
(SSNs).

In the aftermath of the ChoicePoint debacle and other major
information security breaches, both of us have been asked by
Congressional legislative staffers, state legislative policymakers,
journalists, academics, and others about what specifically should be
done to better regulate information privacy. In response to these
questions, we believe that it is imperative to have a discussion of
concrete legislative solutions to privacy problems.

What appears below is our attempt at such an endeavor. Privacy
experts have long suggested that information collection be
consistent with Fair Information Practices. This Model Regime
incorporates many of those practices and applies them specifically
to the context of commercial data brokers such as ChoicePoint. We
hope that this will provide useful guidance to legislators and
policymakers in crafting laws and regulations. We also intend this
to be a work-in-progress in which we collaborate with others. We
have welcomed input from other academics, policymakers, journalists,
and experts as well as from the industries and businesses that will
be subject to the regulations we propose. We have incorporated
criticisms and constructive suggestions, and we will continue to
update this Model Regime to include the comments we find most
helpful and illuminating.

Notice, Consent, Control, and Access

1. Universal Notice
2. Meaningful Informed Consent
3. One-Step Exercise of Rights
4. Individual Credit Management
5. Access to and Accuracy of Personal Information

Security of Personal Information

6. Secure Identification
7. Disclosure of Security Breaches

Business Access to and Use of Personal Information

8. Social Security Number Use Limitation
9. Access and Use Restrictions for Public Records
10. Curbing Excessive Uses of Background Checks
11. Private Investigators

Government Access to and Use of Personal Data

12. Limiting Government Access to Business and Financial Records
13. Government Data Mining
14. Control of Government Maintenance of Personal Information

Privacy Innovation and Enforcement

15. Preserving the Innovative Role of the States
16. Effective Enforcement of Privacy Rights

Commentary

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Wed Apr 06 2005 - 20:44:38 PDT