NEWS FROM
North Central Florida's Congressman
CLIFF STEARNS
FOR IMMEDIATE RELEASE
October 12, 2001
CONTACT: PAUL FLUSCHE
(202) 225-5744
STEARNS PRESENTS OUTLINE FOR FEDERAL STATEMENT
ON INFORMATION PRIVACY
INTENDS TO SHARE HIS PRIVACY CONCEPTS WITH
INTERESTED PARTIES FOR COMMENT
WASHINGTON, OCT. 12, 2001 - Today, Rep. Cliff Stearns (R-FL), Chairman of
the Commerce, Trade & Consumer Protection Subcommittee, presented his ideas
that could serve as a federal statement on information privacy. "The
Subcommittee has held six hearings on the matter of information privacy," said
Stearns, "and the breadth and scope of our inquiry have yet to be matched. After
many discussions and deep consideration, I have developed a structure for general
information privacy, both online and offline, that would be useful in formulating a
legislative statement on information privacy." A summary of these general
principles is attached.
"I have begun to share these thoughts with key House members for their input and
starting today, I will share these concepts with interested parties to gain their
views and insights," added Stearns. Committee Chairman Billy Tauzin (R-LA),
Rep. Rick Boucher (D-VA), and Rep. Bob Goodlatte (R-VA) joined Stearns at the
news conference.
Honorable Clifford Stearns THOUGHTS ON INFORMATION PRIVACY
1. Preempt State laws in so far as that law relates to the collection, processing,
use, disclosure/dissemination, and sale of personally identifiable information in
the stream of commerce and as described in this Act.
2. Preclude any private right of action. FTC enforcement under Section 5 of the
FTC Act. Doubling FTC Act penalties for privacy violations.
3. General Rule Applicable to both Online & Offline - If a non-governmental
organization whether for-profit or not-for-profit collects [both online and offline],
processes [by automated means], and uses personally identifiable information
("PII") it must notify the data subject/consumer of its data collection activities, if
the data collected is used for purposes unrelated to the consumer transaction.
a. Privacy Notice - The organization shall provide notice as to where a consumer
may obtain the organization's privacy statement at the first instance of data
collection. Small organization exemption to apply.
b. Privacy Statement - The Statement shall be simple, easily to read, concise, clear
and conspicuous. Statement shall only include the organization's practices as they
relate to the collection, processing and use of PII.
c. Opportunity to Limit Sale of Information - The data collecting organization
must accord the consumer [at no cost] an opportunity to limit the sale or
disclosure for consideration of his/her PII to a non-affiliate third party.
d. Security Statement - The organization must provide, as a component of its
privacy statement, a notice as to whether it takes reasonable precautions to
prevent collected information from being obtained by non-authorized parties.
e. Safe Harbor - An organization shall be in compliance with federal baseline
privacy rules, if it complies with self-regulatory guidelines of a self-regulatory
organization (SRO) approved by the FTC and consistent with federal baseline
principles. The FTC shall approve a SRO only if it meets, at minimum, certain
criteria, as enumerated in the federal privacy principles.
4. ID Theft & Social Security Number Misuse Provision - Different and discrete
steps have been recommended designed to enhance existing Id theft protections.
In addition, no person may publicly display or sell another person's social security
number without the affirmative consent of that person.
5. .PII Security Provision - An organization should demonstrate support for, and
commitment to, information security through the issue and maintenance of an
information security policy for treatment of PII across the organization.
Go to Cliff Stearn's Home page