Many worry that legislation to protect online consumer privacy would be costly and unenforceable.
Legislation to protect online consumer privacy is moving forward in the U.S. Senate, gathering majority support in its commerce panel last week. But it faces vigorous opposition from the IT industry, which sees it as discriminatory against e-commerce.
The Online Personal Privacy Protection Act, sponsored by committee chairman Ernest Hollings, D-S.C., would require commercial Web sites and ISPs to obtain opt-in consent from consumers before collecting sensitive personal information, such as financial, medical, religious and political data.
Before collecting nonsensitive information, operators would have to provide "robust notice" that describes how the information will be used or disclosed. Operators would also have to provide access to the information that is collected and ensure that it is reasonably secure.
Lawmakers are trying to walk a tightrope between growing consumer concern over privacy and industry fears about costly mandates for recording and retaining customer data.
The committee vote was largely partisan, with Democrats supporting the measure and Republicans expressing deep reservations about it. The bill was slated to be reported out of the committee by the end of the week, according to staffers.
Noting that the Senate has considered four online privacy bills and the committee has held five hearings on the subject, Hollings said the pending measure will promote consumer confidence in the Internet.
"If companies want to trade and profit in these sensitive areas, [then] get consumers consent. Its that simple," Hollings said.
IT managers, however, are skeptical about how effective any government regulation of online privacy can be.
"It still takes people of integrity to make certain that any legislation gets implemented and interpreted in the spirit it was conceived in," said Dave Taylor, a senior systems analyst at T. Rowe Price Group Inc., in Baltimore.
Opponents also complain that the legislation puts a heavier privacy burden on online retailers than offline counterparts.
"This disparate treatment serves only to punish certain sectors of industry because they use advanced technology," said Sen. John McCain, R-Ariz. McCains amendment to impose the same obligations offline as online for collecting and using personal information was shot down in the committee.
Echoing a major concern in the high-tech industry, committee opposition also noted that some of the bills requirements may conflict with privacy mandates in other statutes, including the Health Insurance Portability and Accountability Act of 1996 and the Gramm-Leach-Bliley Act, which set privacy mandates on the insurance and financial sectors.
According to the American Insurance Association, in Washington, the Hollings legislation would be so costly that many insurers may choose to close their Web sites rather than comply.
The committee is also promoting legislation to combat the growing problem of unsolicited e-mail.
The Controlling the Assault of Non-Solicited Pornography and Marketing, or CAN SPAM, Act would ban spammers from disguising the source of their messages and give consumers the choice to stop receiving them. It would require all unsolicited commercial e-mail to include an identifier, the physical address of the sender and an opt-out feature.
The bill was scheduled for a committee vote Friday.
Senate Panel OKs Bill with Security Standard Mandates
Congress Looks to Amend Security Bill
Info Sharing Bill Advances
Bill Gives Govt Greater Access to E-Mail