Consumers remain justifiably apprehensive about the privacy and security of the information they divulge online. Meanwhile, high-tech scams involving spyware and phishing continue to increase in sophistication, causing so much disruption and financial risk that some consumers have abandoned the Internet altogether.
There is no more urgent public policy task in the Internet space than to ensure trust in the online world. Internet users need to know that the data they divulge to companies will be protected. Likewise, government agencies must be held to strict standards in the handling of citizens' data. At the same time, law enforcers at all levels must continue their aggressive pursuit of the Internet's most malicious scammers to protect their victims and deter future online crimes. In all of these areas, Congress is well positioned to help create a digital environment that consumers can use with confidence.
Congress Should Enact Comprehensive Consumer Privacy Legislation: In 2006, key technology companies joined privacy advocates in calling for a comprehensive consumer privacy law. Based on hearings and dialogue among all stakeholders, the 110th Congress should develop and enact a technology-neutral, workable privacy law that establishes meaningful safeguards for the personally identifiable information that companies collect from consumers.
CDT/CAP Report, "Protecting Consumers Online" (July 2006)
Congress Should Update the Aging Privacy Act: Lawmakers should address significant gaps in the privacy and security regime applicable to data held or used by the government. Such legislation should: require all federal agencies to notify individuals when their personal information has been lost or stolen; expand the number, independence and authority of agency chief privacy officers; increase the number of privacy audits at agencies; create rules for the use of commercial data by the government; and address other weaknesses in the Privacy Act. Already in the 110th Congress, the House has passed, as part of H.R. 1, a provision increasing the independence of the privacy officer at the Department of Homeland Security. CDT supports this measure. Last Congress, the Specter-Leahy bill, S. 1789, which would have strengthened the Privacy Act, and CDT will support similar legislation this year.
CDT Testimony, "Securing Electronic Personal Data" (April 2005)
Congress Should Explore Methods to Help Law Enforcers Fight Spyware: Congress should continue to monitor spyware enforcement developments at the state and federal levels. Specifically, lawmakers should explore whether federal legislation allowing the FTC to seek higher penalties in its spyware cases would increase the effectiveness of prosecuting spyware purveyors. Some observers have noted that the penalties sought from spyware companies are small in comparison to the companies' profits. Giving the FTC the authority to seek civil damages, rather than merely disgorgement, may be one way for Congress to help forestall the spread of spyware.
CDT Report, "Spyware Enforcement" (December 2006)
Congress Should Enact Strong Data Breach Legislation: Lawmakers should pass meaningful legislation to protect consumers who have their personal information compromised by data security breaches. Such protection could be included in broad privacy legislation or in a freestanding bill that builds on the efforts of several committees in the 109th Congress. It must, however, represent a meaningful step forward over what states are already doing to protect consumers. A bill that preempts state laws without preserving the strong protections those laws established would be worse than no law at all. Bills from the 109th Congress that had positive elements include S. 1789, H.R. 4127, and S. 1408. A fourth bill, H.R. 3997, provides an example of the kind of backwards step that should be avoided.
Joint Letter Opposing Weak Data Breach Bill (July 2006)
CDT List of Key Elements for Data Security Legislation (January 2007)