Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 13, 2011

Kerry-McCain privacy bill: What you need to know

A privacy bill of rights is something that tech pundits have talked about for years, but now Senators John Kerry and John McCain hope to make it a reality with a bipartisan bill in the Senate called the “The Commercial Privacy Bill of Rights Act of 2011.”  The Kerry-McCain bill would force companies to let users opt out of data collection when used for behavioral ads or transfer to third parties. ...  For sensitive information—religion, health records or other stuff that can cause physical or financial harm if made public—companies would need users’ consent through an opt-in.

If this bill becomes law, companies would have to explain why they want to collect, use and store your personal data.

The bill would forbid companies from collecting data that isn’t necessary to deliver or improve a service, or to make a transaction.  If data is transferred to a third party, that party would have to sign a contract agreeing to the terms of the bill.

Last year, the Federal Trade Commission called for a “Do Not Track” list that would prevent Internet companies from following users around the Web, and all browsers would be required to offer this feature.  The bill from Kerry and McCain ignores the FTC’s advice, leaving the issue of “Do Not Track” in the hands of individual Web browsers, all of which tackle the problem differently.  If you discover that a company was covertly gathering your personal information and sending it to who-knows-where, you wouldn’t be allowed to take the case to court.  The FTC and state attorneys general would be the only entities that could take action against a company for privacy violations.

Consumer groups that take a hard line on user privacy don’t think the Kerry-McCain bill goes far enough. ...  And they don’t like how the Commerce Department, which primarily promotes the interests of businesses, can make exceptions for businesses that come up with alternative privacy plans. ...  The consumer groups also claim that Facebook and other “social media marketers” get special treatment because they can continue to gather data without sufficient safeguards.

Posted on 04/13