[IP] Model Privacy Regime
------- Original message -------
From: Chris Hoofnagle <hoofnagle@xxxxxxxx>
Sent: 7/4/'05, 9:44
Hi Dave,
For IP, if you'd like--
Dan Solove and I have written a model regime for privacy protection
to address commercial data brokers, such as Choicepoint. It's
currently in version 2.0, and we're continuing to solicit comments
from the public on the document. It's available at:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=699701
Regards,
Chris
A Model Regime of Privacy Protection (Version 2.0)
DANIEL J. SOLOVE
George Washington University Law School
CHRIS JAY HOOFNAGLE
Electronic Privacy Information Center West Coast Office
April 5, 2005
GWU Law School Public Law Research Paper No. 136
Abstract:
This version incorporates and responds to the many comments that we
received to Version 1.1, which we released on March 10, 2005.
Privacy protection in the United States has often been criticized,
but critics have too infrequently suggested specific proposals for
reform. Recently, there has been significant legislative interest at
both the federal and state levels in addressing the privacy of
personal information. This was sparked when ChoicePoint, one of the
largest data brokers in the United States with records on almost
every adult American citizen, sold data on about 145,000 people to
fraudulent businesses set up by identity thieves. Other companies
announced security breaches, including LexisNexis, from which
personal information about 32,000 people was improperly accessed.
Senator Schumer criticized Westlaw for making available to certain
subscribers personal information including Social Security Numbers
(SSNs).
In the aftermath of the ChoicePoint debacle and other major
information security breaches, both of us have been asked by
Congressional legislative staffers, state legislative policymakers,
journalists, academics, and others about what specifically should be
done to better regulate information privacy. In response to these
questions, we believe that it is imperative to have a discussion of
concrete legislative solutions to privacy problems.
What appears below is our attempt at such an endeavor. Privacy
experts have long suggested that information collection be
consistent with Fair Information Practices. This Model Regime
incorporates many of those practices and applies them specifically
to the context of commercial data brokers such as ChoicePoint. We
hope that this will provide useful guidance to legislators and
policymakers in crafting laws and regulations. We also intend this
to be a work-in-progress in which we collaborate with others. We
have welcomed input from other academics, policymakers, journalists,
and experts as well as from the industries and businesses that will
be subject to the regulations we propose. We have incorporated
criticisms and constructive suggestions, and we will continue to
update this Model Regime to include the comments we find most
helpful and illuminating.
Notice, Consent, Control, and Access
1. Universal Notice
2. Meaningful Informed Consent
3. One-Step Exercise of Rights
4. Individual Credit Management
5. Access to and Accuracy of Personal Information
Security of Personal Information
6. Secure Identification
7. Disclosure of Security Breaches
Business Access to and Use of Personal Information
8. Social Security Number Use Limitation
9. Access and Use Restrictions for Public Records
10. Curbing Excessive Uses of Background Checks
11. Private Investigators
Government Access to and Use of Personal Data
12. Limiting Government Access to Business and Financial Records
13. Government Data Mining
14. Control of Government Maintenance of Personal Information
Privacy Innovation and Enforcement
15. Preserving the Innovative Role of the States
16. Effective Enforcement of Privacy Rights
Commentary
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/