Microsoft Corp. is supporting federal data privacy legislation, saying the "time has come" for a strong national standard for privacy protection that will benefit consumers and set clear guidelines for businesses while allowing commerce to flourish.
Brad Smith, senior vice president and general counsel for Microsoft, explained recently to the Congressional Internet Caucus in Washington that Microsoft supports a comprehensive federal legislative response for three reasons:
An increasingly complex patchwork of state, federal and international laws related to data privacy and security;
The potential for consumer fears about identity theft and other online dangers to diminish online commerce;
The increasing consumer desire for more control over the collection and use of online and offline personal information.
"The growing focus on privacy at both state and federal levels has resulted in an increasingly rapid adoption of well-intended privacy laws that are at times overlapping, inconsistent and often incomplete," Smith said. "This is not only confusing for businesses, but it also leaves consumers unprotected. A single federal approach will create a common standard for protection that consumers and businesses can understand can count on."
Smith pointed out that Americans increasingly are wary about online identity theft.
"Individuals will not take full advantage of the Internet or any commercial medium if they believe that their information or data could be compromised or disclosed in unexpected ways," Smith said. "There is a causal link here: protecting consumers promotes commerce, and that's good for everyone."
In response to the escalating tactics of computer criminals, consumers want more control over the collection and use of their personal information.
"We've seen a spate of legislative activity in the aftermath of several highly publicized data breaches, but for consumers the reality is still pretty daunting," Smith said. "They do not necessarily have a better experience and in many cases still do not clearly understand how companies are collecting, using and disclosing their personal information in the first place. We have to make this more transparent and manageable for consumers."
Peter Cullen, Microsoft's Chief Privacy Strategist and an IAPP board member, reinforced the need for and value of a uniform approach that complements technological advances.
"Microsoft's overarching goal for privacy continues to be to create a trusted environment for Internet users," Cullen said. "We have woven privacy into the DNA of Microsoft, from product development to deployment, and decisions are made with privacy in mind. A comprehensive legislative approach to privacy that applies across the country would be a part of the solution to give all consumers strong privacy and security protection, and allow everyone to realize the full potential that the Internet and technology can provide."
Smith described four core principles that Microsoft believes should be the foundation of any federal legislation on data privacy:
Create a baseline standard across all organizations and industries for offline and online data collection and storage, which would pre-empt state laws.
Increase transparency regarding the collection, use and disclosure of personal information.
Provide meaningful levels of control over the use and disclosure of personal information.
Ensure a minimum level of security for personal information in storage and transit.
Barbara Lawler, HP's Chief Privacy Officer and an IAPP board member, supports Microsoft's efforts.
"HP believes a uniform federal approach to data privacy would provide a consistent level of expectation for consumers and business continuity for corporations," Lawler said. "HP believes that upholding the highest standards for the protection of personal information is a business imperative and, through our "Design for Privacy" initiative, we integrate privacy into every facet of our business processes, products and services."