Home | Databases | WorldLII | Search | Feedback Privacy Laws and Business International Report

US privacy initiatives [1998] PLBIRp 24; (1998) 45 Privacy Laws and Business International Report 15

US takes last minute privacy initiatives

THE UNITED STATES is now concentrating on creating new privacy protection measures before the EU Data Protection Directive is in force. Special attention is being given to online privacy and medical records.

Vice President Al Gore’s call for an

“electronic bill of rights” in May set the agenda for the recent develop- ments. He stressed that individuals’ need to be protected online, and the privacy of medical records have to be secured. Previously, the administra- tion has been a strong supporter of self-regulation (PL&B Sep ’97 p.13-15). Now it seems, however, that the industry’s efforts have not been enough. The Vice President returned to the topic at the end of July with an even stronger message. He backed the Federal Trade Commission’s propos- al to enact new laws in the field of data protection and privacy to pro- hibit the collection of childrens’ data on the Internet (PL&B Sep ’96 p.2-7).

“Privacy is a basic American value, in the information age and in every age,” Gore said. He still considered indus- try to have a large part to play in ensuring privacy protection, but warned of government intervention if the industry does not act quickly.

TWO PRIVACY INITIATIVES ...

Vice President Gore declared that a privacy advisor will be appointed to the White House. It is not yet clear how important a role the advisor will be able to have. He/she will be placed in the Office of Information and Regulatory Affairs.

The Vice President’s second privacy measure was to oppose a planned identification number for medical records until there are sufficient privacy protection measures. Plans to protect medical records have since progressed. The Health and Human

Services Secretary, Donna E. Shalala, on 11th August proposed the creation of privacy protection for individual health information which is main- tained or transmitted electronically.

“It is crucial to have these stan- dards, but it is also not enough. In addition, we urgently need new legal protections to safeguard the privacy of medical records in all forms,” Shalala said. The proposed standards would protect electronic health infor- mation from improper access or alteration, and against loss of records.

... AND A DEADLINE

Under the Health Insurance Porta- bility and Accountability Act of 1996, the Congress has until August 1999 to enact privacy protection measures. If it fails to do so, the Health and Human Services Secretary can intro- duce privacy protection by regulation. The proposal includes both tech- nical and administrative measures. It is suggested that health care providers and organisations must use encryption and message authentica- tion controls to ensure that the data transferred cannot be accessed or vio- lated. It is recognised, that different sizes of organisations will have differ- ent needs. The proposals include an electronic signature standard for digital signatures which verify the identity of a person signing and the authenticity

of an electronic document.

FTC URGES PRIVACY LEGISLATION

The Federal Trade Commission’s evaluation of the industry’s self-regu-latory efforts was heard in June when the organisation released a paper on Internet privacy. The FTC regarded the results as insufficient to protect consumers’ privacy. Later, when testi- fying before the White House Commerce Subcommittee, the FTC’s Chairman Robert Pitofsky outlined a model privacy law for commercial transactions on the Internet.

What will happen next is difficult to foresee. The industry is still working on self-regulatory schemes, and hopes to produce something that could provide mechanisms for compliance. Robert Belair, of Privacy & American Business, predicted at the PL&B Conference that there would be no regulatory agency, but a White House Office. He saw it as unlikely that there would be an omnibus privacy law. Instead, new state and federal sector-specific laws may emerge.

In fact, the 105th Congress had devoted over 25 days in the first seven months of the year to privacy issues. Robert Belair said that the key areas have been Internet privacy, identifica- tion fraud, financial privacy, childrens’ privacy, social security numbers, encryption, digital signatures, telecom- munications and health privacy.

More information about US privacy issues is available on the following websites: http:/www.ntia.doc.gov http://www.ftc.gov

http://www.epic.org