X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.
It’s all about framing the issue. Say privacy, and most people think: the American Civil Liberties Union, Roe v. Wade and liberal dogma. But try saying identity theft, spammers, phishing, cyberstalking and hackers. Are these data-security issues purely liberal, or purely conservative, concerns? Recent polls show that Americans are very concerned about the security of their personal information. This concern, moreover, does not proceed from a petty political perspective. There is, for example, no liberal or conservative case in favor of identity theft. There is only the question of what combination of government and private efforts will most effectively control this and other forms of attack on data security. The theoretical libertarian view could be advanced that government should adopt a minimal role in the establishment of data security. Yet the United States left that view behind years ago, when the myth of the new-frontier “Wild West” Internet gave way to commercialism, pornography and consumer abuses. Comprehensive regulation The question today is not whether government should be involved in protecting data security, but, instead, how much government, in what form and at what level, will provide optimal security. Even if your aim is principally to promote business interests, the wisdom of some comprehensive form of data-security regulation should be apparent. Absent comprehensive regulation, businesses must guess at what new obligations may be imposed by state legislatures enacting a hodgepodge of measures, by consumer activist attorneys bringing class actions for breaches of privacy and by the Federal Trade Commission pursuing claims under the amorphous standards of unfair and deceptive trade practices. This swirl of regulation, sometimes conflicting, and often confusing, is not simply evidence of poor planning. In effect, it disadvantages small and medium-sized businesses, which cannot afford the lawyers, management resources and technology purchases necessary to implement some of these regulations. Lack of effective controls on private information gathering and information sharing, moreover, should trouble those who fear Big Government. As the National Security Agency telephone-records case reveals, even if safeguards are imposed to prevent abuse of civil liberties by the government itself, similar problems may occur when government can purchase or otherwise obtain personal information from private sources. No government program of data-security protection can be perfect. Technology and data-management practices change so rapidly that a static, one-size-fits-all approach is destined to fail. Yet there are certain fundamental principles on which all parties should agree. These principles should form the basis for creating and implementing improved forms of data-security protections. Protecting personal information The most personal forms of information deserve the most protection. The Health Insurance Portability and Accountability Act and Gramm-Leach-Bliley initiatives, for example, properly proceed from the recognition that highly personal information (about health and financial status) deserves particular protection. By contrast, there are many types of information that most people will willingly provide for legitimate purposes, such as marketing research and targeted advertising. The protection of sensitive information should not, if possible, intrude upon such proper uses. The entire data life cycle deserves attention. There is more to data security than data collection. Even if a business takes proper steps in collecting information, the methods by which information is analyzed, communicated to others, stored, updated and eventually destroyed all can affect the security and proper use of the information. Regulation that aims solely at the front-end of the cycle-indeed, any isolated phase of the cycle-is bound to be inadequate. Control of personal information is key. The essence of effective data security is the ability of the individual to determine when and how his or her personal information will be collected and used. Mere posting of data-privacy policies cannot ensure that individuals will retain adequate control over their personal information. Improper uses must be limited directly, whenever necessary. At present, more than a dozen data-security bills are in various stages of review in Congress. Many bills, such as the Personal Data Privacy and Security Act, sponsored by senators Arlen Specter, R-Pa., and Patrick Leahy, D-Vt., hold the potential to develop bipartisan support. Such legislative initiatives confirm one simple truth: Effective data-security measures are good for the country as a whole. Business development cannot obtain its full potential when consumers mistrust those charged with safeguarding their information, and when government provides only reactive, and episodic, guidance for data-security best practices. Steven C. Bennett is a partner in the New York office of Jones Day, and teaches privacy law at Hunter College in New York.

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.