The Future of Privacy Forum has released a consumer privacy agenda that it urges the new administration to follow. (The Forum began in November and includes on its board people from Facebook, LexisNexis, and privacy experts such as Peter Swire.) The Forum suggests the administration:
1. Appoint a Chief Privacy Officer to Promote Fair Information Practices in the Public and Private Sectors.
The Forum states, “Although many federal agencies have privacy officers, the fact that data is increasingly available across government entities demonstrates the need for a central figure to lead U.S. efforts to respect citizen data.” I agree and have joined the privacy community in its long-term effort to convince the federal government to create such a position.
3. Establish a Standard Definition of Personal Information.
This is a difficult endeavor. There are numerous definitions of personal information, and strong arguments for many differing definitions.
The Department of Homeland Security defines (pdf) personally identifiable information “as any information that permits the identity of an individual to be directly or indirectly inferred, including any information which is linked or linkable to that individual regardless of whether the individual is a U.S. citizen, lawful permanent resident, visitor to the U.S., or employee or contractor to the Department.”
The European Data Protection Directive states: “(a) ‘personal data’ shall mean any information relating to an identified or identifiable natural person (‘data subject’); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity.” Personally, I support this definition.
The OECD Guidelines state: “b) “personal data” means any information relating to an identified or identifiable individual (data subject).”
Google has said, “We . . . are strong supporters of the idea that data protection laws should apply to any data that could identify you.”
And these are just a few of the definitions out there.
4. Increase Technology and Research Support for the Federal Trade Commission
5. Enhance Criminal Law Enforcement Support for the Federal Trade Commission
In December, Privacy Lives and 29 members of the Privacy Coalition sent a letter (pdf) to President-Elect Obama explaining the need for stronger consumer privacy protection and urging Obama to take steps such as strengthening the privacy protection authority of the Federal Trade Commission and ensuring Homeland Security databases are used only for limited purposes.
6. Provide National Leadership to Resolve the Conflict between Privacy and Online Safety for Youth.