There is a Privacy Bill currently being discussed in the Senate. This bill has some good features. Some of the main points will be highlighted below.
Privacy is a very important issue to me. No information about yourself should ever be given to another person without your specific consent. This is simply a basic human right.
Some information is public record. I believe that such information should also be limited - both in what items are public record, and the means for accessing such records.
Equally as important is the following concept: any personal information which is willingly given to a company in exchange for services must not be sold to a third party without the individual's consent.
This bill addresses the issue of personal identifying information being sold to third parties. Such information includes: address, phone number, social security number, bank accounts, email accounts, passwords, and medical information.
This bill also addresses the sale of information to third parties for marketing and advertising purposes, though to a lesser extent.
Here are some of the provisions of the bill I believe are most important:
Title II stipulates that companies must clearly state how they will sell personal information.
Title II also stipulates that companies offer an Opt-Out choice for people who do not want information sold to marketing/advertising companies.
Quote regarding Opt-Out: The company must offer to individuals “a robust, clear, and conspicuous mechanism for opt-out consent for the use by third parties of the individuals’ covered information for behavioral advertising or marketing" - Title II, Section 202, p19
Title III, section 301 details the allowed use of personal data. The allowed use of personal data is mostly to deliver the service the individual requested. This includes having an email account for communication and having an Amazon account to buy books. This includes your favorite store website offering you suggested products and special deals. Indeed, this should be the only reasons the website should use your personal information.
Ads are okay as long as it is the originial company advertising products, not ads from a third party. The individual can always accept advertising from third parties in exchange for other benefits.
Title III also says companies should offer “Opt In” for people who want advertising. (At least it is their choice what they opt in for). Some people do want advertising because they know that the advertising pays for more services on the website. Some people like the ads so they can see things they might want to buy. Because of these reasons, the individual can always Opt In for ads and services from third parties.
Thus the bill wants companies to have Opt-In, Opt-Out, and a description of how the information will be sold.
Section 302 discusses Third Parties. The original company (to whom you gave your personal information) must make sure the third party is a real company, with solid security, not some thief in his garage.
Third parties must also provide opt out choices. All rules of original company apply equally to third parties.
Title V discusses enforcement. These laws will be enforced by Federal Trade Commission. The Attorney General of each state may investigate and bring the lawsuit on behalf of the FTC and the people.
These laws apply to any company which has data on 5,000 individuals. This includes non-profits, political groups, service providers, and other businesses.
The fine is $16,500 max for most offenders. Some situations maximum of $3,000,000.
I've always believed data mining and selling of information to a third party without the individual’s consent must be made illegal. This is a first step.
Read the bill here.
