- Email: [email protected]
US Privacy Law Proposals Cause Concerns
Computers & Security, Vol. 19, No. 8
A newspaper reported that the Ministry of Posts and Telecommunications is considering ordering NTT to offer lower rates to rivals, a move expected to mean lower charges for consumers and businesses. Some critics, though, suspect that politicians’ plans to shift spending away from traditional public works projects such as bridges and roads to an Information Highway are in part a smoke-screen for the old-style pork barrel spending that has come under heavy fire from the public of late.
US Privacy Law Proposals Cause Concerns For companies worried that the potential approval of new privacy laws could affect their data collection practices, it may not matter who wins the presidential election.The reason is simple, said attendees at a privacy conference here; the push for privacy legislation is coming from all sides of the political spectrum. The US Congress and individual state legislatures next year are all but certain to consider a wide range of legislation that could affect many industries, said privacy experts and corporate officials at the Privacy2000 conference. And while E-commerce companies and industry groups have urged the government to favor self-regulation over new rules, that sentiment may be changing because of potential conflicts between federal and state privacy laws.The ability of the federal government to override state law is one of the reasons why Walt Disney Internet Group in North Hollywood, Calif., backs a bill proposed last summer by Sen. John McCain (R-Ariz.) and two other senators. The bill, which isn’t expected to win approval this year, would require websites to disclose what they plan to do with the personal data they collect and compel them to give customers a chance to limit how the information is used. “We’re supporting that legislation more because of business predictability than ... the fact that we don’t think self-regulation is working”, said Alden Schacher, privacy director at the Walt Disney Internet Group, an independent company that manages the Internet businesses of Burbank, Calif.-based The Walt
Disney Co. The proliferation of proposed state-level privacy bills “creates a very unpredictable environment”, Schacher said. Federal legislation preempting state laws would make the privacy issue less complicated for companies to manage, she added during an interview. But federal laws don’t automatically preempt state legislation, Congress has to choose to include that provision in the bills it passes. The Gramm-LeachBliley Act, a financial deregulation bill that was approved last year, wasn’t preemptive — which is creating problems for companies looking to follow its provisions. For example, Kirk Herath, chief privacy and public policy officer at Nationwide Financial Services Inc., said 17 states have prohibitions on data sharing among financial services firms that remain in force after the passage of the Gramm-Leach-Bliley Act. Included on the list is Ohio, the corporate home of Columbus-based Nationwide Financial. Complying with conflicting sets of state and federal law isn’t easy for companies, Herath said. “You can’t create two different systems”, he noted. “It’s not easy to take your customer base and segment it 50 different ways, or even two or three different ways”. As a result, Herath said, the most restrictive state laws often become the de facto national standard. Companies that have spent most of their attention focusing on federal privacy legislation are going to have to start paying more attention to state legislatures, said Emily Hackett, the state policy director at the Internet Alliance, a trade group in Washington. Privacy legislation at the state level is “going to be very active”, Hackett said. “Any company that is interested in the privacy issue cannot ignore the states.” At least two-thirds of the 50 states are considering an aggregate total of privacy bills numbering in the hundreds, according to estimates made at the recent conference, which was organized by the Technology Policy Group of the Columbus-based Ohio Supercomputer Center. And data privacy has become an issue that cuts across party lines, attendees said. “If you’re in business and you think that one party is
677
Security Views/Dr. Bill Hancock
going to help you on this issue ... I think you are sorely mistaken”, said Steve Emmert, director of government affairs at London-based Reed Elsevier PLC, which owns the Lexis-Nexis information service and other businesses.
Dr. Bill Hancock,Vice President of Security and Chief Security Officer of Exodus Communications, Inc., is a well known computer and network consultant, designer and engineer with thousands of network designs to his credit. In the business for over 25 years, he has designed and re-engineered networks (over 4000) for many of the Fortune 1000 as well as many international companies and governments with system counts from two to over 1.5 million systems. He has held full-time technical and management positions at various Fortune 100 companies including Standard Oil of Ohio, Digital Equipment Corporation, Texas Instruments and US governmental organizations such as the Naval Security Group Command. A prolific network architect and designer, he has designed networks for a wide variety of organizations such as the Capitol of the United States of America, 17 power companies, NASA research networks, aircraft control systems such as components of Boeing aircraft and the F-16 and F-22, manufacturing networks, R&D networks, telephone companies, banks and financial institutions, distributed control systems, various
678
governmental networks and components of the world-wide network known as the Internet. A network and system security expert, Bill has designed and developed commercial dial-up security, encryption, network firewall, authentication, digital signature and other products. As a consultant, Bill is often sought to provide guidance on security policies, procedures, technologies, strategies and actual hacker prosecutions and trackdowns. Bill often works with law enforcement professionals worldwide to identify, stop and prosecute computer criminals and offenders. Bill is an often sought speaker for keynotes at InterOP, Comdex, CEBIT, NT World, NetworksExpo, CompSec, Internet World, Mactivity and is well known for his detailed knowledge of networking and security as well as his humorous style of speaking. Bill has written 20 books on computer networking and security and has written articles for Data Communications Magazine, DEC Professional, Digital News, News 34/38,The Wall Street Journal,The Dallas Morning News, IEEE Networks, Network World, Network Security and many other publications. He currently writes a regular column in Network Security magazine. He is also a US network expert to the ISO and sits on various international standards committees. Bill is a member of many industry societies (IEEE, ACM, DECUS, etc.) and has sat on the boards of several organizations. Bill is a member of ANSI and sits on several standards committees domestically and internationally. He holds several patents in networking and security technologies and is a Certified Information Systems Security Professional (CISSP), Certified Network Designer (with Architect Endorsement) and has earned a B.A., M.S. and Ph.D. in Computer Science. Further biographical information can be found in: Who’s Who in the World, Who’s Who in America,Who’s Who in Science and Engineering, and Who’s Who in Finance and Industry.
A newspaper reported that the Ministry of Posts and Telecommunications is considering ordering NTT to offer lower rates to rivals, a move expected to mean lower charges for consumers and businesses. Some critics, though, suspect that politicians’ plans to shift spending away from traditional public works projects such as bridges and roads to an Information Highway are in part a smoke-screen for the old-style pork barrel spending that has come under heavy fire from the public of late.
US Privacy Law Proposals Cause Concerns For companies worried that the potential approval of new privacy laws could affect their data collection practices, it may not matter who wins the presidential election.The reason is simple, said attendees at a privacy conference here; the push for privacy legislation is coming from all sides of the political spectrum. The US Congress and individual state legislatures next year are all but certain to consider a wide range of legislation that could affect many industries, said privacy experts and corporate officials at the Privacy2000 conference. And while E-commerce companies and industry groups have urged the government to favor self-regulation over new rules, that sentiment may be changing because of potential conflicts between federal and state privacy laws.The ability of the federal government to override state law is one of the reasons why Walt Disney Internet Group in North Hollywood, Calif., backs a bill proposed last summer by Sen. John McCain (R-Ariz.) and two other senators. The bill, which isn’t expected to win approval this year, would require websites to disclose what they plan to do with the personal data they collect and compel them to give customers a chance to limit how the information is used. “We’re supporting that legislation more because of business predictability than ... the fact that we don’t think self-regulation is working”, said Alden Schacher, privacy director at the Walt Disney Internet Group, an independent company that manages the Internet businesses of Burbank, Calif.-based The Walt
Disney Co. The proliferation of proposed state-level privacy bills “creates a very unpredictable environment”, Schacher said. Federal legislation preempting state laws would make the privacy issue less complicated for companies to manage, she added during an interview. But federal laws don’t automatically preempt state legislation, Congress has to choose to include that provision in the bills it passes. The Gramm-LeachBliley Act, a financial deregulation bill that was approved last year, wasn’t preemptive — which is creating problems for companies looking to follow its provisions. For example, Kirk Herath, chief privacy and public policy officer at Nationwide Financial Services Inc., said 17 states have prohibitions on data sharing among financial services firms that remain in force after the passage of the Gramm-Leach-Bliley Act. Included on the list is Ohio, the corporate home of Columbus-based Nationwide Financial. Complying with conflicting sets of state and federal law isn’t easy for companies, Herath said. “You can’t create two different systems”, he noted. “It’s not easy to take your customer base and segment it 50 different ways, or even two or three different ways”. As a result, Herath said, the most restrictive state laws often become the de facto national standard. Companies that have spent most of their attention focusing on federal privacy legislation are going to have to start paying more attention to state legislatures, said Emily Hackett, the state policy director at the Internet Alliance, a trade group in Washington. Privacy legislation at the state level is “going to be very active”, Hackett said. “Any company that is interested in the privacy issue cannot ignore the states.” At least two-thirds of the 50 states are considering an aggregate total of privacy bills numbering in the hundreds, according to estimates made at the recent conference, which was organized by the Technology Policy Group of the Columbus-based Ohio Supercomputer Center. And data privacy has become an issue that cuts across party lines, attendees said. “If you’re in business and you think that one party is
677
Security Views/Dr. Bill Hancock
going to help you on this issue ... I think you are sorely mistaken”, said Steve Emmert, director of government affairs at London-based Reed Elsevier PLC, which owns the Lexis-Nexis information service and other businesses.
Dr. Bill Hancock,Vice President of Security and Chief Security Officer of Exodus Communications, Inc., is a well known computer and network consultant, designer and engineer with thousands of network designs to his credit. In the business for over 25 years, he has designed and re-engineered networks (over 4000) for many of the Fortune 1000 as well as many international companies and governments with system counts from two to over 1.5 million systems. He has held full-time technical and management positions at various Fortune 100 companies including Standard Oil of Ohio, Digital Equipment Corporation, Texas Instruments and US governmental organizations such as the Naval Security Group Command. A prolific network architect and designer, he has designed networks for a wide variety of organizations such as the Capitol of the United States of America, 17 power companies, NASA research networks, aircraft control systems such as components of Boeing aircraft and the F-16 and F-22, manufacturing networks, R&D networks, telephone companies, banks and financial institutions, distributed control systems, various
678
governmental networks and components of the world-wide network known as the Internet. A network and system security expert, Bill has designed and developed commercial dial-up security, encryption, network firewall, authentication, digital signature and other products. As a consultant, Bill is often sought to provide guidance on security policies, procedures, technologies, strategies and actual hacker prosecutions and trackdowns. Bill often works with law enforcement professionals worldwide to identify, stop and prosecute computer criminals and offenders. Bill is an often sought speaker for keynotes at InterOP, Comdex, CEBIT, NT World, NetworksExpo, CompSec, Internet World, Mactivity and is well known for his detailed knowledge of networking and security as well as his humorous style of speaking. Bill has written 20 books on computer networking and security and has written articles for Data Communications Magazine, DEC Professional, Digital News, News 34/38,The Wall Street Journal,The Dallas Morning News, IEEE Networks, Network World, Network Security and many other publications. He currently writes a regular column in Network Security magazine. He is also a US network expert to the ISO and sits on various international standards committees. Bill is a member of many industry societies (IEEE, ACM, DECUS, etc.) and has sat on the boards of several organizations. Bill is a member of ANSI and sits on several standards committees domestically and internationally. He holds several patents in networking and security technologies and is a Certified Information Systems Security Professional (CISSP), Certified Network Designer (with Architect Endorsement) and has earned a B.A., M.S. and Ph.D. in Computer Science. Further biographical information can be found in: Who’s Who in the World, Who’s Who in America,Who’s Who in Science and Engineering, and Who’s Who in Finance and Industry.