April 05, 2001, 2:12 PM — U.S. businesses face a patchwork of privacy laws, but that may be better than writing a single, uniform law to handle all privacy concerns, a House subcommittee was told yesterday by a panel of experts and some of its own members.
The House Subcommittee on Commerce, Trade and Consumer Protection, which has been examining the adequacy of privacy laws in the U.S., turned its attention to the 30 federal statutes and many more state rules covering the issue and asked the question: Would businesses and consumers be better off with one comprehensive law?
The current patchwork of laws creates problems for some businesses, said Michael Lamb, chief privacy officer at AT&T Corp., in his testimony before the panel.
"The costs are substantial," said Lamb, who noted that in dealing with a customer who may be using multiple services, such as wireless, cable and telephony, the company has to restrict its internal use of wireless data in one way and cable data in another way to meet various privacy rules.
"We have not heard consumers telling us that they want us to tie our hands internally to any great extent on what we do with their data, but in [meeting] compliance with these statutes, we have to do exactly that," Lamb said.
But Lamb also acknowledged that a uniform law covering all industries would be difficult to develop, except for some "high-level principles," such as disclosing to consumers what is happening to their data.
U.S. privacy laws are aimed at regulated industries, principally in areas such as medicine, finance and telecommunications, and are typically developed in response to specific problems. The Video Privacy Act, for example, was enacted to protect the confidentiality of those who rent videos.
"I will be one of the first to admit that the U.S. approach toward privacy has been piecemeal," said Commerce Committee Chairman Billy Tauzin (R-La.) in a statement. But he said the alternative, which would be similar to the comprehensive regime developed by the European Union, also has problems. Tauzin has previously criticized the European data privacy protection law as overly burdensome on U.S. businesses.
Rick Fischer, an attorney at Morrison and Foerster in Washington, said it would be "extremely difficult" to develop one rule, in large part because the sensitivities that people have regarding health-related information are different from almost anything else.
The idea of what should be private varies from person to person, argued U.S. Rep. Steve Buyer (R-Ind.). Attitudes and standards of privacy are so subjective that what one person thinks should be kept private, another person may not care about, he said.