[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
New USG Privacy Initiative
The Administration has issued today for public comment a
major new paper on privacy:
"Options for Promoting Privacy on the National Information
Infrastructure"
Opening paragraphs:
This Options Paper explores the growing public concern
about personal information privacy. The paper describes
the status of electronic data protection and fair
information practices in the United States today,
beginning with a discussion of the Principles for
providing and using personal information issued by the
Information Infrastructure Task Force in 1995. It then
provides an overview of new information technologies,
which shows that personal information is currently
collected, shared, aggregated, and disseminated at a
rate and to a degree unthinkable just a few years ago.
Government is no longer the sole possessor of extensive
amounts of personal information about U.S. citizens; in
recent years the acquisition of personal information by
the private sector has increased dramatically.
We next consider in more detail the laws and policies
affecting information privacy in four specific areas:
government records, communications, medical records, and
the consumer market. This examination reveals that
information privacy policy in the United States consists
of various laws, regulations and practices, woven together
to produce privacy protection that varies from sector to
sector. Sometimes the results make sense, and sometimes
they do not. The degree of protection accorded to personal
information may depend on the data delivery mechanism
rather than on the type of information at issue. Moreover,
information privacy protection efforts in the United States
are generally reactive rather than proactive: both the
public and the private sector adopt policies in response
to celebrated incidents of nonconsensual disclosure
involving readily discernable harm. Sometimes this
approach leaves holes in the fabric of privacy protection.
We then turn to the core question: in the context of the
GII, what is the best mechanism to implement fair
information practices that balance the needs of government,
commerce, and individuals, keeping in mind both our interest
in the free flow of information and in the protection of
information privacy? At one end of the spectrum there is
support for an entirely market-based response. At the other
end of the spectrum, we are encouraged to regulate fair
information practices across all sectors of the economy.
In between these poles lie a myriad of options.
In response to public concern, both government and private
industry seem to be taking a harder look at privacy issues.
As government and consumers become more aware of the GII's
data collection, analysis and distribution capabilities,
demand could foster a robust, competitive market for
privacy protection. This raises the intriguing possibility
that privacy could emerge as a market commodity in the
Information Age. We recognize ongoing efforts to enhance
industry self regulation to carry out the IITF Privacy
Principles. We also discuss ways this self regulation might
be enforced, and discuss a number of ways that government
could facilitate development of a privacy market.
We then consider a number of options that involve creation
of a federal privacy entity. We discuss some of the many
forms that such an entity could take and consider the
advantages and disadvantages of the various choices. We also
consider the functions that such an entity might perform,
as well as various options for locating a privacy entity
within the federal government.
This paper presents a host of options for government and
private sector action. Our ultimate goal is to identify
the means to maintain an optimal balance between personal
privacy and freedom of information in the digital
environment. The next step is to receive and respond to
public comment on the report in order to develop consensus
regarding the appropriate allocation of public and private
sector responsibility for implementation of fair
information practices.
---------
http://www.iitf.nist.gov/ipc/privacy.htm (216K)
We've mirrored it at:
http://jya.com/privacy.htm