January 09, 2001, 11:35 AM — COLUMBUS, OHIO -- For companies worried that the potential approval of new privacy laws could affect their data-collection practices, it may not matter who wins next week's presidential election. The reason is simple, according to attendees at a privacy conference here: The push for privacy legislation is coming from all sides of the political spectrum.
The U.S. Congress and individual state legislatures next year are all but certain to consider a wide range of privacy-related legislation that could affect many industries next year, said privacy experts and corporate officials at this week's Privacy2000 conference. And while many e-commerce companies and industry groups have been urging government officials to favor self-regulation over new regulations, that sentiment may be changing because of the potential for conflicts between federal and state privacy laws.
The ability of the federal government to override state law is one of the reasons why the Walt Disney Internet Group in North Hollywood, Calif., backs a bill proposed last summer by U.S. Sen. John McCain (R-Ariz.) and two other senators. The bill, which isn't expected to win approval this year, would require Web sites to disclose what they plan to do with the personal data they collect and compel them to give customers a chance to limit how the information is used.
"We're supporting that legislation more because of business predictability than . . . the fact that we don't think self-regulation is working," said Alden Schacher, privacy director at the Walt Disney Internet Group, an independently operated company that manages The Walt Disney Co.'s Internet businesses.
The proliferation of proposed state-level privacy bills "creates a very unpredictable environment [in which] to operate," Schacher said. Federal legislation preempting state laws would make the privacy issue less complicated for companies to manage, she added during an interview at Privacy2000.
But federal legislation doesn't automatically preempt state laws: Congress has to choose to include that provision in the bills it passes. The Gramm-Leach-Bliley Act, a sweeping financial deregulation bill that was approved last year, wasn't preemptive -- a fact that's creating problems for some companies looking to use its provisions.
For example, Kirk Herath, chief privacy and public policy officer at Nationwide Financial Services Inc., said 17 states have prohibitions on data sharing among financial services firms that remain in force after the passage of the Gramm-Leach-Bliley Act. Included on the list is Ohio, the corporate home of Columbus-based Nationwide Financial.