FC: Republicans ask FTC to investigate .gov privacy practices

[Declan McCullagh <declan () well com>]

********
http://www.uspsoig.gov/warning.htm
YOU HAVE NO EXPECTATION OF PRIVACY USING THIS SYSTEM. In
order to ensure compliance with applicable federal law and Postal
Service policies, all uses of this system, and all data contained or
transferred through this system may be monitored, read, captured,
recorded or copied in any manner and disclosed in any manner, by
authorized personnel. There is no right to privacy on this system.
*********

Date: Fri, 16 Jun 2000 11:50:14 -0400
From: "Diamond, Richard" <Richard.Diamond () MAIL HOUSE GOV>
Subject: Congressional Letter on FTC Privacy Regs

Forgive the length of this...
Congressional members today sent a letter (below) to the President and Vice
President about the FTC's privacy recommendations. In sum the letter asks,
"shouldn't the government have its own house in order on privacy before
suggesting rules be imposed on the private sector?" A second letter was sent
initiating a GAO study of whether the federal government meets the FTC's
criteria.

If you want a good example of an "interesting" government privacy notice,
take a look at the USPS Office of the Inspector General website. You just
have to read it for yourself. It's at the bottom of the page.
http://www.uspsoig.gov/
http://www.uspsoig.gov/warning.htm


         June 16, 2000

The Honorable William Jefferson Clinton
1600 Pennsylvania Avenue, NW
Washington, DC 20500

The Honorable Albert Gore
Old Executive Office Building
Washington, DC 20501


Dear President Clinton and Vice President Gore:

         The Federal Trade Commission (FTC) recently voted 3-2 to make a
legislative recommendation to Congress regarding online privacy.  Protecting
personal privacy is obviously an important priority that deserves
significant attention and thoughtful consideration.

         The 3-2 recommendation by the FTC called for legislation requiring
commercial Web sites that collect personal identifying information from or
about consumers online to comply with what they call "four widely-accepted
fair information practices."  According to the FTC report, these
requirements would include:

1)      Notice - Web sites would be required to provide consumers clear and
conspicuous notice of their information practices, including what
information they collect, how they collect it (e.g., directly or through
non-obvious means such as cookies), how they use it, how they provide
Choice, Access, and Security to consumers, whether they disclose information
collected to other entities, and whether other entities are collecting
information through the site.

2)      Choice - Web sites would be required to offer consumers choices as
to how their personal identifying information is used beyond the use for
which the information was provided (e.g., to consummate a transaction).
Such choice would encompass both internal secondary uses (such as marketing
back to consumers) and external secondary uses (such as disclosing data to
other entities).

3)      Access - Web sites would be required to offer consumers reasonable
access to the information a Web site has collected about them, including a
reasonable opportunity to review information and to correct inaccuracies or
delete information.

4)      Security - Web sites would be required to take reasonable steps to
protect the security of the information they collect from consumers.

Congress will be carefully reviewing both the supporting and dissenting
opinions of the Commissioners on this recommendation.  As we do, it would be
helpful to have some information about how the Federal government meets the
criteria outlined by this recommendation.  It would be hypocritical for the
Federal government to mandate a standard on the private sector that it
cannot itself meet.

As you know, the Federal government collects and stores far more personal
information than the private sector.  There is much more personal financial
data stored on IRS databases than will ever be collected by Amazon.com  -
and I'm not sure that the federal government has as good a record at
protecting personal privacy.

In fact, the IRS recently had to issue apologies to 1300 families for
improperly disclosing personal financial information - offering checks of
$1000 per family for the error.  I'd be much more concerned about the IRS
disclosing my personal financial information that about the GAP.com knowing
how many pairs of jeans I've bought this year.

Therefore, I would appreciate hearing from you both on the following
questions:

*       What percentage of Web sites maintained by federal departments and
agencies currently meet the privacy criteria outlined by the FTC's
legislative recommendation?

*       Do you support having those criteria apply to the federal
government?
*
*       Will you commit to having the Federal government lead by example by
meeting (or even exceeding) these standards before advocating their
imposition on commercial sites?

As we promised in the Contract with America, this Congress is committed to
making the federal government live under the same laws it imposes on
everyone else.

As we consider this legislative recommendation from the FTC, it will be
helpful to have a thorough understanding of how well the federal government
currently complies with the standards it is asking us to impose on
commercial Web sites.

Sincerely,
DICK ARMEY
House Majority Leader   Chairman,

W.J. TAUZIN
Subcommittee on Telecommunications, Trade and Consumer Protection

ROBERT GOODLATTE
Co-Chairman, House Internet Caucus

CC:     The Honorable Robert Pitofsky, Chairman, Federal Trade Commission
Commissioner Sheila Anthony
Commissioner Mozelle Thompson
Commissioner Tom Leary
Commissioner Orson Swindle 

--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe, visit http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
--------------------------------------------------------------------------