Firms' laxity on consumer privacy adds to sentiment for regulations Use of sensitive data for marketing lessens faith in self-policing


WASHINGTON -- The failure of many U.S. companies to ensure consumer privacy as they gather personal and often sensitive information about millions of people for marketing purposes is raising pressure for federal action.

By early summer, as part of an assessment of how the Internet is progressing as a place to buy and sell, Commerce Secretary William M. Daley must report to President Clinton on how well firms are policing themselves in handling personal information.

If he had to grade them now, they would likely get a failing grade. "It's not going very well," he said of self-regulation efforts.

The administration perceives a lack of urgency on the part of the private sector despite numerous calls for corporate officials to act to protect privacy. "Basically, nothing has happened," said a senior administration official who asked not to be identified. "American business is not the most pro-active animal in the world."

The administration had expected the private sector to establish rules to address privacy concerns. Those include the collection of personal information from children at certain Web sites or the frequent inability of consumers to know what information is gathered about them, its accuracy and how it is used.

The private sector's inertia, the official said, would likely lead the administration to conclude July 1, when the report to Clinton is due, that "it doesn't look like self-regulation worked. We have to consider other alternatives, [which] would be a shame," he said, referring to the prospect of government regulation.

In October, a stringent privacy law is to take effect in the European Union. The European Directive on the Protection of Personal Data requires member nations to pass legislation to shield data about individuals. One provision bans personal data from being exported to nonmember countries where security measures are considered inadequate.

This might bar U.S. companies from collecting and transmitting data about European consumers, placing them at a disadvantage with their European counterparts.

While European nations view government action as the best safeguard for personal information, the U.S. government prefers self-regulation.

"Nearly 10,000 Web sites a week are coming and going. The ability to enforce a law that said, 'Thou shalt not collect information from anybody without telling them exactly what you're going to do with it,' would not realistically be enforceable," said Becky Burr, acting associate administrator in the Commerce Department's National Telecommunications and Information Administration.

"If you pass a law that you can't enforce, you give people a false sense of security and you eliminate incentives that they have to protect themselves," Burr said.

But with the U.S. approach so far yielding unimpressive results, the Clinton administration will likely have a difficult time persuading the Europeans that personal data is adequately protected in the United States.

Some privacy advocates viewed Vice President Al Gore's call at New York University's commencement this month for an "electronic bill of rights" to protect privacy as largely aimed at the Europeans.

Beyond satisfying the Europeans, U.S. companies are going to have to satisfy Americans, too.

In a Business Week/Louis Harris survey of 999 adults in February, 61 percent of non-Internet users said they would be more likely to use it if they were assured that their personal information would be kept private.

About 53 percent of those surveyed felt lawmakers needed to take immediate action to control what personal data businesses collect and how it is used.

Some public sentiment is fueled by disclosures of how companies are using personal information.

The CVS drugstore and Giant Food supermarket chains drew the ire of customers after reports that the companies sold personal medical information gleaned from filling prescriptions to a marketing company, Elensys Inc. of Woburn, Mass. Knowing what customers were prescribed helped Elensys market other drugs for the same condition.

The uproar caused Giant Food to stop sending such information to Elensys, while CVS offered customers the chance to opt out.

To reassure Americans in the information age, Ira Magaziner, the president's adviser on electronic commerce issues, suggests companies with strong privacy policies adopt something like a "Good Housekeeping Seal of Approval." Besides giving consumers confidence, it would give companies with such policies a competitive advantage.

Pub Date: 5/26/98

Copyright © 2019, The Baltimore Sun, a Baltimore Sun Media Group publication | Place an Ad