By Lucy L. Thomson, CIPP/G
Web Site Privacy Policies
The privacy policies detail the collection of personal information in connection with online donations in order to comply with federal election law and regulations of the Federal Election Commission. They assert that they protect the security of credit card information when transmitted using SSL software.
Personal information may be used to personalize Web site and email communications. The McCain Web site will not sell individual's personal information, though information may be shared with Republican and other like-minded groups.
Three candidates, Hillary Clinton, Barack Obama and Ron Paul, have unveiled policies on privacy and technology that reflect serious efforts to address complex privacy issues.
In a major policy speech in June 2006, Hillary Clinton presented a "Privacy Bill of Rights" that she envisions as part of legislation entitled the PROTECT Act—Privacy Rights and Oversight for Electronic and Commercial Transactions (http://clinton.senate.gov/ news/statements/detail.cfm?id=257288&&). She has concluded that "at all levels, the privacy protections for ordinary citizens are broken, inadequate and out of date." Senator Clinton observed that, "Today our privacy comes into uncertain conflict with security cameras, data mining, computer hackers and identity theft. ... So therefore we need legal protections that are up to date with the technological and national security needs of our time."
She advocates for "a new set of consumer protections" consisting of three basic rights:
1. "People have the right to know, and to correct, information which is being kept about them."
2. "People have the right to know what is happening to their information when they are cooperating with a business and to make decisions about how their information is used."
3. "In a democracy, people have the right and the obligation to hold their government and the privacy sector to the highest standards of care with the information they gather."
Senator Clinton asserts that her legislation provides "clear privacy rules, and clear protections for individual's most private information," including:
o Right to sue when privacy rules have been violated. The legislation would create a tiered system of damages, exempting the smallest businesses with set minimums of $1,000 for breaches and $3,000 for actual
misuse of information. "The burden of prevention belongs on the companies that handle our data." She believes the FTC must issue a single, clear set of rules that provides
comprehensive protection against unauthorized access or security breaches.
o Right to protect phone records. Senator Clinton says her legislation will try to get ahead of the curve of technology, making sure that consumers' cell phone numbers and call records remain private.
o Right to freeze credit when someone's identity has been stolen. This will strengthen the right to know provisions. If a person's credit or identity is compromised, he or she should be notified immediately, not days, weeks or months later.
o Right to know what businesses are doing with individuals' credit and credit reports.
o Right to expect the government to use the best privacy practices with individuals' information. To oversee and enforce the government's handling of sensitive data, a privacy czar should be appointed.
Senator Barack Obama's views on privacy are revealed through his technology policy plan, unveiled in November 2007, which provides safeguards for privacy rights (www.barackobama.com/ isssues/technology).
Emphasizing the risks inherent in the "open information platforms of the 21st century," he proposed "sensible safeguards that protect privacy in this dynamic new world," and "harness the power of technology to hold government and business accountable for violations of personal privacy." Senator Obama's privacy positions are based on these principles:
- Ensuring that powerful databases containing information on Americans that are necessary tools in the fight against terrorism are not misused for other purposes. He supports information use restrictions and technology safeguards to verify how the information has actually been used.
- Updating surveillance laws and ensuring that law enforcement investigations and intelligence-gathering relating to U.S. citizens are done only under the rule of law.
- Providing robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws.
- Increasing the FTC's enforcement budget, and greater international cooperation to track down cyber-criminals so that U.S. law enforcement can better prevent and punish spam, spyware, telemarketing and phishing intrusions into the privacy of American homes and computers.
Senator Obama says he would "invest $10 billion a year over the next five years to move the U.S. healthcare system to broad adoption of standards-based electronic health information systems, including electronic health records." Part of this initiative will be to ensure that patients' privacy is protected.
Ron Paul highlights privacy and personal liberty on his Web site by stating that the "biggest threat to your privacy is the government. We must drastically limit the ability of government to collect and store data regarding citizens' personal matters." Paul emphasizes three areas of particular concern:
- We must stop the move toward a national ID card system.
- We must protect medical privacy.
- The Patriot Act must be overturned.
The aspects of the Patriot Act Paul opposes are the federal government's expanded ability to use wiretaps without judicial oversight; search warrants that are not specific to any given location nor subject to any local judicial oversight; the governmentability to monitor Internet usage; authorized "sneak and peak" warrants enabling federal agents to search a person's home, office or personal property without that person's knowledge; and requirements that libraries and bookstores turn over records of books read by their patrons.
As the field narrows going into the November elections, The Privacy Advisor will take a closer look at the privacy positions of the major party candidates.
Attorney Lucy Thomson, CIPP/G, is senior principal engineer and privacy advocate at Computer Sciences Corporation, a global IT company. She works on teams building modernized information systems for very large organizations. Thomson earned an M.S. degree from Rensselaer Polytechnic Institute in 2001, and received her J.D. degree from the Georgetown University Law Center.