The column I wrote last month devoted to online privacy sparked a fair bit of comment. If you didn’t happen to catch that one, I attempted to poke a little fun at the kind of telemarketing that sometimes goes on with low-end consumer products, particularly by marketers that play fast and loose with the personal information they collect.
Trouble was, I pretty effectively botched things. It was easy to get the idea from my comments that I lumped all companies that talk to potential customers over the phone together with those that use Asian phone banks for less discriminating public contact. Well, mea culpa. All I can say is that’s not what I meant and I should have been clearer.
The events that prompted my writing that ill-fated piece were actually quite noteworthy from the standpoint of privacy. In December, a nonprofit called the Electronic Privacy Information Center asked the Federal Trade Commission to force the Facebook Web site to change its privacy policy. You might think the travails of a social networking site associated with keeping in touch with old classmates would be of little concern to other kinds of businesses. But Facebook’s handling of user information could end up serving as a benchmark for Web sites of all kinds, including those within the industrial sector.
The crux of EPIC’s gripe is that Facebook treats user privacy in ways users probably don’t expect. Some of this information gets disclosed not only to search engines, but also to applications and Web sites with no connection to Facebook.
It appears that controversy about the use of personal data entered online has gotten the attention of politicians. Among the first salvos is H.R.2221, the Data Accountability and Trust Act. Among other things, it sets security policies for consumer information and regulates what are called information brokers. The Senate is considering something similar.
There are aspects of the Act that could end up affecting almost anyone who collects data on a Web site. For one thing, it requires the FTC to issue regulations forcing anyone engaged in interstate commerce that possesses electronic data containing personal information to establish security policies. It also puts other requirements on firms considered information brokers.
The tricky part is the kind of businesses that could be considered information brokers. Depending on how the legislation ultimately is worded, it’s possible the term may apply to any firm that funnels personal information to a third party. That could include ordinary businesses sending Web site queries to distributors or resellers. All in all, a lot of sites engaged in marketing industrial goods could find themselves enmeshed in proving they have a secure way of dealing with information they collect.
If history is a guide, one result of this and similar kinds of legislation could be measures resembling those now in place for fax machines. There are penalties for businesses that send faxes without permission, and it is not unimaginable that phone calls or other kinds of contact could eventually be treated the same way.
All this stems from problems with social networking sites and a few consumer-oriented marketers with questionable ethics. Unfortunately, it also means life may get more complicated for businesses that wouldn’t dream of hassling the public this way.
— Leland Teschler, Editor