Commerce Department opens a public discussion on private data

Department wades into complex questions about online data privacy protections

Online commerce offers terrific conveniences for consumers and massive growth opportunities for retailers. But it also poses complex issues for online businesses and consumer advocates alike, particularly over the role that the federal government should play in regulating how companies handle people’s personal data.

Privacy advocates, banks, data brokers, software companies, the makers of search engines and information technology security firms all have strong opinions on the subject, some of which are rooted in ideology while others are the result of heavy investments in their business models. Complicating the matter even further is the often-conflicting approaches that federal and state regulators take.

Thus, the debate over federal data privacy laws is complex, layered and almost impossible for policy-makers to arbitrate. The differing perspectives might explain why data breach notification bills seem to languish each year in Congress and why Congress hasn't seriously considered comprehensive consumer privacy legislation in years. What’s been missing so far is an honest broker among the competing stakeholders. In recognition of the importance of that discussion, the Commerce Department has moved to enter the debate.

The department is actively soliciting input from Internet users — consumers and businesses alike — on the current regulatory framework. In just the past several weeks, Commerce has formed an Internet policy task force, held a conference and issued a public notice of inquiry, and Secretary Gary Locke has given speeches on the subject. The department is gathering public comments through June 7, and those comments will contribute to the Obama administration’s domestic policy and international engagement on Internet privacy.

People can comment on a range of topics, such as the country's legal framework for protecting privacy and ways to improve it, how the various state-level and international privacy laws affect companies and consumers, and the jurisdictional conflicts companies and regulators must deal with as a result of the plethora of data privacy laws and how that affects trade.

Big companies in particular spend a lot of money complying with the privacy laws of different jurisdictions, said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University’s law school. As a result, he said, corporate leaders tend to establish policies stating that, when given a choice, the company must adhere to the state law that has stricter requirements.

That dynamic explains why many IT businesses, unlike many privacy and consumer advocates, favor a national law for data breach notification that would pre-empt the patchwork of state laws, some of which are stringent. They want to avoid the costs and confusion of complying with different state requirements.

Mark Bregman, Symantec’s chief technology officer, gave an example to describe the situation during a recent Capitol Hill briefing by the Internet Security Alliance and American National Standards Institute. “I live in California," Bregman said. "The servers that contain my personal data might be in North Dakota. The bank might be headquartered in New York. That leads to tremendous confusion and enormous added costs.”

Of course, there are reasons privacy advocates want to protect state prerogatives. Congress can take a long time to act, said Lillie Coney, associate director of the Electronic Privacy Information Center, while states are often good at identifying problems as they emerge.

It’s not at all clear that Commerce’s intervention will resolve this debate. But its focus on data privacy represents a marked shift from the previous administration.

“A lot of the discussions on privacy inside the government in the Bush administration were led by [the Homeland Security Department], and so you had a homeland security view on privacy,” said Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Having Commerce more involved should help internationally in data privacy discussions, he said.

To be sure, Commerce — as is the case with any executive branch agency — is limited in the impact it can have on federal regulations. But with lawmakers unable to settle the matter, the department represents a much-needed forum for open discussion.

“We need to take a fresh look at the policy framework that underpins the Internet economy,” Locke said in prepared remarks for the Business Software Alliance in April. “We need to ask: Are there policy nudges that can reduce impediments to e-commerce or that can spread its benefits more broadly?"


About the Author

Ben Bain is a reporter for Federal Computer Week.

The Fed 100

Save the date for 28th annual Federal 100 Awards Gala.


  • computer network

    How Einstein changes the way government does business

    The Department of Commerce is revising its confidentiality agreement for statistical data survey respondents to reflect the fact that the Department of Homeland Security could see some of that data if it is captured by the Einstein system.

  • Defense Secretary Jim Mattis. Army photo by Monica King. Jan. 26, 2017.

    Mattis mulls consolidation in IT, cyber

    In a Feb. 17 memo, Defense Secretary Jim Mattis told senior leadership to establish teams to look for duplication across the armed services in business operations, including in IT and cybersecurity.

  • Image from

    DHS vague on rules for election aid, say states

    State election officials had more questions than answers after a Department of Homeland Security presentation on the designation of election systems as critical U.S. infrastructure.

  • Org Chart Stock Art - Shutterstock

    How the hiring freeze targets millennials

    The government desperately needs younger talent to replace an aging workforce, and experts say that a freeze on hiring doesn't help.

  • Shutterstock image: healthcare digital interface.

    VA moves ahead with homegrown scheduling IT

    The Department of Veterans Affairs will test an internally developed scheduling module at primary care sites nationwide to see if it's ready to service the entire agency.

  • Shutterstock images (honglouwawa & 0beron): Bitcoin image overlay replaced with a dollar sign on a hardware circuit.

    MGT Act poised for a comeback

    After missing in the last Congress, drafters of a bill to encourage cloud adoption are looking for a new plan.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group