Just a couple of months ago, the passage of a national online privacy law this year seemed inevitable.
Consumers rising concerns over Internet safety and privacy, and industrys worries over identity theft and fraud, were to make privacy a key Congressional issue. But the Bush administration hasnt taken kindly to regulation, as the well-publicized overturn of federal ergonomics directives attests. And on the privacy front, the Department of Health and Human Services has put the brakes on a "final" rule on health-care information privacy.
How does this bode for a national online privacy law? Hill observers still expect to see a number of privacy bill introductions and hearings over the next few months. But lawmakers may not be in quite the same hurry to push legislation through.
"Before, there was a sense of urgency," notes Tom Santaniello, public policy manager at the Computing Technology Industry Association (CompTIA). Now, the mood in Congress is to get the privacy job done right, rather than quickly, he adds.
Patience isnt a bad watchword when it comes to crafting privacy legislation. Some industry executives fear that a sweeping, "one-size-fits-all" privacy statute could create compliance costs injurious to small businesses. On the other hand, passing a toothless statute for the sake of having a privacy law on the books will do nothing to inspire consumer confidence.
The Privacy Leadership Institute (PLI), which sponsors research in online privacy, describes a "trust gap" between consumers and businesses. Confidence in the government as a guardian of personal information is low, the group contends.
"The public, on average, does not really trust either industry or government to use their personal information safely and properly," states a PLI study of American consumers sponsored by Harris Interactive. "On a 10-point scale where 1 represents do not trust at all and 10 represents trust completely, online users rate business a 4.5 while they rate government a 4.1."
Nor did the studys respondents hold the ability of industry and government to set privacy standards in high esteem. Business received a 5 rating, while government scored a 4.5.
Nevertheless, the House Energy and Commerce committee has been holding privacy hearings. On the Senate side, John McCain (R-Ariz.) is soon expected to re-introduce a privacy bill he sponsored last year, which met with generally favorable response from industry.
"Lack of strong privacy laws has resulted in continued intrusions into consumer privacy, little accountability, and no assurance that other firms will not engage in similar practices in the future," said Frank Torres, legislative counsel for Consumers Union, in a House hearing earlier this month. "Strong protections" will curb privacy intrusions and boost consumer confidence, he said.
But at the same hearing, Jonathon Zuck, president of the Association for Competitive Technology, urged lawmakers to consider the small-business perspective when debating "whether to enact sweeping privacy laws."
"I still think its inevitable," says CompTIAs Santaniello of a privacy law. "Its a question of how it all transpires."
The answer for now: more slowly.