|
Good Morning. I welcome our distinguished witnesses to this
legislative hearing on H.R. 4678, The Consumer Privacy Protection Act of 2002.
Over one and half years ago, the Commerce, Trade and
Consumer Protection subcommittee began creating the most exhaustive record on
the issue of information privacy in Congress. After holding six hearings on
privacy and hearing from and speaking with countless constituents and experts on
the issue, I decided, after careful thought and consideration, that a general
and minimalist federal statement on information privacy in the context of
consumer commercial transactions was indeed necessary. Nonetheless, I was
concerned that an ill devised and overreaching federal legislation would
engender serious negative consequences, both economic and non-economic.
Therefore, I set out to draft a balanced and bi-partisan
bill informed by the underlying principle of: Do no harm. Federal information
privacy legislation should both insure that no harm comes to consumers’ from
unwanted breaches of their information privacy and at the same it should not
harm economic growth by stymieing information sharing. The result is H.R. 4678,
which I believe goes a long way in establishing that balance.
There is no question that the American people cherish their
privacy. Ayn Rand viewed privacy as a mark of advancement writing,
“Civilization is the progress toward a society of privacy. The savage's
whole existence is public, ruled by the laws of his tribe. Civilization is
the process of setting man free from men.” Here in America we enjoy an
open society -- yet we cherish our privacy.
With the advent of online data collection, the American
consumer’s information privacy concerns have rightfully been heightened.
As individuals and businesses turn to computers and computer networks for
commercial and personal reasons, massive volumes of personal information are
generated, collected, and stored for personal, governmental, and commercial
activities. All of those activities generate a footprint of sorts: personal
data. That footprint, in turn, has heightened consumers’ concerns over their
personal information privacy. Still, the fact is that personal data is
collected both online and offline. The collection of consumer data online is
just a new dimension of a very old practice, although an increasingly
significant one. Moreover, consumer information, whether collected online or
offline, is aggregated into the same databases and processed by the same
computers without regard for the source of the data.
The consumers’ legitimate concerns over their information
privacy must, in turn, be weighted against the fact that our economy is highly
consumer information dependent, as it is a consumer-based economy, where over
2/3 of our Gross Domestic Product (GDP) is composed of consumer spending –
that’s nearly $7 trillion. Historically consumer information has played an
important role in our economic growth. The free flow of consumer information has
served all of us, as American consumers, well throughout our modern economic
history. Any federal law or regulation that unduly burdens such information
sharing activity may bring about a substantial and negative impact on our
economy.
Therefore, any federal legislation intended to be
responsive to the public’s information privacy concerns must include within
its scope protections from both unwanted online and offline data collection and
use activities and balance those protections against the legitimate need for
consumer information gleaning and sharing activities of a consumer based
economy, as H.R. 4678 does.
Shortly after the conclusion of the six privacy hearings,
in October 2001, I offered the basic principles that I thought any good federal
privacy legislation should include. After seven months of meeting with and
discussing those basic principles with members and an inordinate number of
persons interested in the issue of information privacy, this past May, I
introduced H.R. 4678, The Consumer Privacy Protection Act of 2002. The bill we
are considering this morning.
In brief, H.R. 4678 mandates a privacy policy and
statement. The bill requires that any organization collecting, selling, or using
a consumer’s personally identifiable information (PII) for a purpose unrelated
to the consumer transaction must establish a privacy policy and principle
elements of that privacy policy must be accessible to the consumer at the time
the organization first collects PII and subsequently. In addition, any
data collector and user must provide the consumer with the opportunity to
preclude the sale or disclosure of his/her PII to any other data collector and
user. As noted, H.R. 4678 applies to both online and offline data collection and
use activities. Moreover, it preempts state action; forecloses private rights of
action and vests in the FTC the exclusive authority to enforce its provisions.
H.R. 4678 entails a novel cyber-security provision designed to improve the
integrity of consumer data and a provision addressing the interplay between U.S.
privacy protections and those of other nations. Finally, the bill fosters
self-regulatory programs by defining the outer parameters of what would
constitute an acceptable privacy program.
As the hearing record clearly indicates there is a myriad
of existing federal and state laws that directly or indirectly address
information privacy issues. Therefore, any information privacy bill must
take into account, learn from, and ultimately integrate well with the existing
and varied statutes addressing information privacy. That is what H.R. 4678 does
as it is limited in scope to protecting a consumer’s personally identifiable
information that is not covered under the Gramm-Leach-Bliley or the Health
Insurance Portability And Accountability Act of 1996.
In the aftermath of the September 11th terrorist attacks,
the American people and government have understandably focused on enhancing
security. Although protecting our citizens is the top priority of
Congress, I do not want to see the issue of consumer information privacy
overwhelmed by these events. Even as the nation wages war on global
terrorism, it is appropriate that Congress still considers the matter of
information privacy.
I’ll conclude by stating that I think we have a balance
bi-partisan bill. The American consumer is empowered with information about what
is done with his/her personally identifiable information, so he/she can make an
informed choice. Commerce, in turn, is spared unduly burdensome regulation.
I look forward to hearing the
witnesses testimony on H.R. 4678.
|
