Commerce Department opens a public discussion on private data

Department wades into complex questions about online data privacy protections

Online commerce offers terrific conveniences for consumers and massive growth opportunities for retailers. But it also poses complex issues for online businesses and consumer advocates alike, particularly over the role that the federal government should play in regulating how companies handle people’s personal data.

Privacy advocates, banks, data brokers, software companies, the makers of search engines and information technology security firms all have strong opinions on the subject, some of which are rooted in ideology while others are the result of heavy investments in their business models. Complicating the matter even further is the often-conflicting approaches that federal and state regulators take.

Thus, the debate over federal data privacy laws is complex, layered and almost impossible for policy-makers to arbitrate. The differing perspectives might explain why data breach notification bills seem to languish each year in Congress and why Congress hasn't seriously considered comprehensive consumer privacy legislation in years. What’s been missing so far is an honest broker among the competing stakeholders. In recognition of the importance of that discussion, the Commerce Department has moved to enter the debate.

The department is actively soliciting input from Internet users — consumers and businesses alike — on the current regulatory framework. In just the past several weeks, Commerce has formed an Internet policy task force, held a conference and issued a public notice of inquiry, and Secretary Gary Locke has given speeches on the subject. The department is gathering public comments through June 7, and those comments will contribute to the Obama administration’s domestic policy and international engagement on Internet privacy.

People can comment on a range of topics, such as the country's legal framework for protecting privacy and ways to improve it, how the various state-level and international privacy laws affect companies and consumers, and the jurisdictional conflicts companies and regulators must deal with as a result of the plethora of data privacy laws and how that affects trade.

Big companies in particular spend a lot of money complying with the privacy laws of different jurisdictions, said Fred Cate, director of the Center for Applied Cybersecurity Research at Indiana University’s law school. As a result, he said, corporate leaders tend to establish policies stating that, when given a choice, the company must adhere to the state law that has stricter requirements.

That dynamic explains why many IT businesses, unlike many privacy and consumer advocates, favor a national law for data breach notification that would pre-empt the patchwork of state laws, some of which are stringent. They want to avoid the costs and confusion of complying with different state requirements.

Mark Bregman, Symantec’s chief technology officer, gave an example to describe the situation during a recent Capitol Hill briefing by the Internet Security Alliance and American National Standards Institute. “I live in California," Bregman said. "The servers that contain my personal data might be in North Dakota. The bank might be headquartered in New York. That leads to tremendous confusion and enormous added costs.”

Of course, there are reasons privacy advocates want to protect state prerogatives. Congress can take a long time to act, said Lillie Coney, associate director of the Electronic Privacy Information Center, while states are often good at identifying problems as they emerge.

It’s not at all clear that Commerce’s intervention will resolve this debate. But its focus on data privacy represents a marked shift from the previous administration.

“A lot of the discussions on privacy inside the government in the Bush administration were led by [the Homeland Security Department], and so you had a homeland security view on privacy,” said Ari Schwartz, vice president and chief operating officer of the Center for Democracy and Technology. Having Commerce more involved should help internationally in data privacy discussions, he said.

To be sure, Commerce — as is the case with any executive branch agency — is limited in the impact it can have on federal regulations. But with lawmakers unable to settle the matter, the department represents a much-needed forum for open discussion.

“We need to take a fresh look at the policy framework that underpins the Internet economy,” Locke said in prepared remarks for the Business Software Alliance in April. “We need to ask: Are there policy nudges that can reduce impediments to e-commerce or that can spread its benefits more broadly?"


About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group