Eight years ago, shortly after President Obama’s privacy bill of rights was passed, a group of guidelines that companies could follow for their privacy, Amy Krebs, an Ohio resident, received a disturbing phone call. The credit card company she used to pay for her cards informed her that her financial and name had been stolen.
” “I was shocked that such a thing could have happened,” she said. Frau Krebs was the victim. She used her information to make credit card purchases and even subscribe to the local paper.
Ohio resident knows all too well the dangers that privacy invasions can cause. People like Amy Krebs are one of the reasons Congress is moving to pass a federal law.
Consumer challenges with data privacy have only grown since then, and polling finds strong public support for Congress to pass a federal law on the issue. Although bipartisan support for legislation has grown, there are still partisan disagreements.
Privacy experts believe that a federal law would provide broad protections. It could also reconfigure power dynamics between companies and consumers, who historically treated people’s personal information as corporate property. California, Virginia and Colorado have all passed data privacy laws which, in fact, state otherwise.
” The key Republican and Democratic bills are all within reach of one another,” said Cameron Kerry, privacy expert at The Brookings Institution. “Congress should act .”
Who are your “friends online?” You can check. What are your shopping habits? You should check. Check. You can check. Check.
American consumers are ambivalent about this and will sign up to no-fee web apps that make money using their data to target ads.
The public is concerned about online privacy and has voted to support legislation. The urgency is heightened by the increasing number of data breaches. T-Mobile and Neiman Marcus, two retailers that have been hacked into data systems involving millions of customers are just two examples of recent targets.
Why We Created This
Ohio resident knows all too well the dangers that privacy invasions can cause. People like Amy Krebs are an example of why Congress is moving forward with a federal law.
Amy Krebs, a resident of Ohio, has witnessed firsthand how personal information can be stolen. 8 years ago, shortly after the Obama administration had passed the privacy bill , which was a voluntary set of guidelines that companies should follow to safeguard consumers’ privacy and to prevent any future breaches, Krebs received a call from her credit union. She had her name and financial data stolen.
” I couldn’t believe this could have happened,” she said. Frau Krebs was the victim. She used her information to purchase credit cards and even subscribed to the local paper.
Despite the difficulties of enacting legislation in such polarized Congresses, there is momentum for the creation of a national consumer privacy law. According to privacy experts, a federal law would provide broad protections for Americans and change the power dynamics between companies and consumers. Companies have historically used personal information of people as their own. California, Virginia and Colorado have passed data privacy laws which, in essence, state otherwise.
SOURCE: The International Association of Privacy Professionals
“We have always behaved in the U.S.A as though the data didn’t belong to us,” said James E. Lee chief operating officer of the Identity Theft Resource Center. “So this is a huge shift that’s underway.”
Multiple data privacy bills have been proposed in Congress over the past couple of years to clean up the mess, and at least 30 states have considered their own legislation.
Support has bipartisan support. “Americans deserve to have their data protected,” said Mississippi Republican Sen. Roger Wicker, at a hearing on data privacy Sept. 29.
” “I think the moment has arrived,” said Democratic Senator Maria Cantwell, Washington on Oct. 6.
Rising pressure for Big Tech
The push to pass a law comes at a time when technology companies are facing criticism from multiple sides. On Oct. 5, a whistleblower testified before Congress that Facebook had ignored evidence that its business model of content sharing was causing harm to users. A privacy law would not only address one concern about Big Tech, but it is an important one. Mr. Wicker, the top Republican on the Senate Committee on Commerce, Science, and Transportation, introduced a federal data privacy bill earlier this year. Ms. Cantwell, who now chairs the committee, introduced a bill of her own in 2019.
Democratic Sen. Maria Cantwell of Washington speaks with Roger Wicker of Mississippi, then-chairman of the U.S. Senate Commerce, Science, and Transportation Committee, during a hearing on Capitol Hill, Jan. 26, 2021. Now, Ms. Cantwell chairs the committee. Mr. Wicker serves as the ranking Republican. Both are in favor of a federal bill on data privacy.
The conversation has become more complex over the past couple of years which is beneficial,” states Stacey Gray (senior counsel, Future of Privacy Forum). “There’s room for compromise.”
One point of contention is whether a federal law should preempt, or override, state laws. Many Democrats favor allowing states to pass more stringent laws. The bill must also include the right for private action to allow individuals to sue businesses that break the law. If the scope of these actions is not limited, Mr. Wicker doesn’t like it.
However, all bills at state and federal levels “come down the same basic principles,” Mr. Lee of the Identity Theft Resource Center says.
” You have the right of inquiry about who and what data is being collected. Based on the reason for the information being collected you may request it to be removed or corrected.
Those steps could be a big help for people like Ms. Krebs, who works for a nonprofit community foundation and now runs a blog to help others who face identity theft. She also stresses the importance for corporations to maintain accurate records.
“Before we can go and talk about privacy laws, either at the federal or the state level,” she says, “we need to talk about accuracy.”
In her case, fictitious identity-verification data from the criminal denied her access to her own credit reports. She estimates that the criminal used her information at about 80 places. Ms. Krebs didn’t know how to respond when she was called about her personal information being stolen. She did some research online and found very few people who had publicly spoken out about identity theft.
” One of your natural reactions is to hide more because you experience a surge of emotions,” Krebs said. Ms. Krebs decided to file a police report by calling North Canton, Ohio.
Accessing her credit report was the next step. However, the thief already had changed confirmation questions and added incorrect information to the reports. “The consumer should be able to dispute information if it is incorrect,” she states.
The number of identity theft reports went from about 650,000 in 2019 to over 1.3 million a year later, according to data from the Federal Trade Commission, the nation’s privacy enforcer. This may explain the widespread support across party lines for federal privacy legislation.
More than 8 in 10 voters said Congress should prioritize privacy legislation, according to an April Morning Consult poll. That included 86% of Democrats and 81% of Republicans who said Congress should make privacy a “top” or “important but lower” priority in 2021.
Some companies including Facebook, which had over 500 million users’ information posted in a hacking forum, are calling for a federal law instead of a patchwork of state statutes.
The president, apart from a couple of lines in a July executive order, has been largely silent on the data privacy issue since taking office, but he did nominate a privacy advocate to a seat on the FTC last month.
“Within shouting distance of each other”
Cameron Kerry, who served as acting secretary of the Commerce Department during the Obama administration, says the United States is an outlier as a major economy without a data privacy law.
” The key Democratic and Republican bills lie within shouting distance.” Mr. Kerry is now a Brookings Institution visiting fellow. “Congress should act.”
On Sept. 29, Senator Wicker called for the president to appoint a specific senior staff person in the administration to work with Congress to pass a law this year. And last month, nine Senate Democrats urged FTC Chair Lina Khan to begin a rule-making process to protect consumer privacy “in parallel to congressional efforts to create federal privacy laws.”
Ms. Gray, of the Future of Privacy Forum, says federal legislation could have both visible and invisible benefits. The consumer could be able to see the data held by a company. Companies would be required to secure customers’ data by law.
Data limitation and minimization requirements would also reduce data stored on corporate servers, or used for purposes other than the original purpose of collection.
“The success or failure of [a new], law will also require people to use the rights they get,” Mr. Lee says. .”
Even eight years after the incident, Ms. Krebs still has to deal with its effects, even though the suspect was caught and charged with a crime by local detectives.
” It’s amazing how many hours go into it,” she said.