NCR's heritage in providing solutions for retail and financial industries goes back almost 120 years to its founding as the National Cash Register Company.  Today, NCR is one of the world's largest suppliers of solutions that enable transactions between consumers and businesses, whether in stores, through self-service terminals, or over the Internet.   

Mister Chairman, NCR's corporate slogan, "Transforming Transactions Into Relationships", speaks to the importance we place on consumer protections in our solutions.  So, the subject of today’s hearing is important to NCR, as it is to all of us since we are all consumers. 

I am also the Working Chair of the privacy task force of the Computer Systems Policy Project, or CSPP.  CSPP is the nation's leading advocacy organization comprised exclusively of CEOs of the information technology industry.  We have worked closely with the Chairman and Committee staff in the formation of HR 4678.  We commend the Chairman on the deliberative process used to craft this legislation.   

Businesses collecting information about their customers is not new.  Your grandmother’s butcher probably knew not only her name and her favorite cuts of meat, but how the children were doing in school, as well.  We used to call it “friendly, personal service” at a time when businessmen and their customers were also neighbors. 

Today, technology makes it possible for companies thousands of miles away to also serve their customers better.  The growth in data collecting is fueling the global debate over privacy; creating a tension between consumers’ sharing personal information and business' attempt to serve them more effectively and personally. 

The benefits to consumers of personalized service and the protection of their personal data are not incompatible; consumers should and must have control over the use of their personal data. 

The protection and appropriate use of personal information, is a growing concern for consumers and businesses alike.  To ensure continued success and growth, it’s important for companies to address privacy as an important consumer expectation.  One fundamental necessity of commerce, both traditional as well as e-commerce, is trust.  Without trust, businesses cannot survive.  Businesses that do not heed the expectations of their customers will quickly lose trust, and ultimately their viability.  Quite simply, the business of privacy is "good business". 

Consumers in control of their data may freely choose the release of their personal information in return for better choices or services.  I suspect that you as an airline passenger would not mind being offered an upgrade at the gate because the airline agent knows you experienced a flight cancellation days earlier.   

Most companies are doing the right thing in providing privacy options.  But as long as there is potential short-term gain in abusing personal information, can we count exclusively on company voluntarism to prevent abuse?  While many company executives shudder at the thought of more regulation, their companies and their customers alike will be better served if industry and government work together toward rational and uniform rules that are fair to all.  NCR believes that the right legislation built on top of market-driven solutions can assure that all consumers are afforded this protection. 

Presently, federal privacy laws exist which govern specific industry sectors, protect sensitive information, and target specific harmful or fraudulent behaviors. But in the U.S. there is currently no single, broad-based law that affects the use of personal data, which is why we are here today. 

But what type of legislation can work?  CSPP advanced a set of core principles for such legislation.  I would like to comment on two of those principles. 

First, legislation must be comprehensive and apply, with appropriate flexibility, to personal data, whether collected online, over the telephone or in face-to-face commercial transactions. To enact legislation that applies only to online activities would mislead the American consumer.  As a supplier of business intelligence solutions, NCR knows that click-and-mortar firms do not distinguish between personal data obtained through different channels.  Further, online transactions account for only a small fraction of consumer transactions, last year less than one percent.  Also, as technologies merge, such as the Internet and wireless technologies, the distinction between online and offline is blurring. 

Simply put, when it comes to consumers' rights, data is data.  

Secondly, legislation must recognize that markets, particularly on the Internet, are national in scope.  One only need recall the endless mailings from banks implementing Gramm-Leach-Bliley to imagine the morass and legal uncertainty that would ensue if both State and federal legislation purported to govern consumers' right for personal data protection.  Federal legislation in this area should preempt State and local law. 

Mister Chairman and Ranking Member Towns, while I have commented on only two principles, I am proud to say that your bill overall effectively balances consumer and business interests.  HR 4678 requires clear and conspicuous disclosure of business' privacy practices and enables individuals to make informed choices about sharing their personal information.  

During NCR’s long history, a lot of things have changed, but its philosophy has not – if you want your customers’ trust, you have to respect your customers’ privacy.  In summary, NCR is pro-privacy.  HR 4678 is a step in the right direction and we look forward to working with the Subcommittee toward the bill's enactment.  

Thank you, Mister Chairman, for holding this hearing today and thank you for your hard work on drafting HR 4678.