In order to protect consumers in the digital age, President Obama and Congress should take specific steps, including the following:
President Obama and Congress should work together to enact a comprehensive, technology-neutral consumer privacy law to establish meaningful safeguards for the personally identifiable information that companies collect from consumers.
American consumers currently face a confusing patchwork of privacy standards that offer only weak protections for much personal information collected by businesses and that leave some information unprotected in some surprising ways. For example, financial privacy laws have major exceptions and, while there is a strong privacy law for video rental records, no law protects travel records or online purchasing data.
A single, consistent privacy law would bolster consumer trust while giving both businesses and law enforcers a comprehensive standard for protecting consumers.
The President and Congress should work together to craft a flexible baseline privacy law to protect the personal information of American consumers both online and in the "brick and mortar" world.
President Obama and Congress should work together to secure adequate funding for the Federal Trade Commission, to enable it to effectively pursue its consumer protection mission, and should nominate and confirm FTC Commissioners who will make online privacy a priority.
Consumers face an ever-increasing array of online threats, including spam, spyware, phishing, and many other types of online scams. The Federal Trade Commission is the lead federal agency for consumer protection. As the Internet evolves, the FTC's consumer protection mission is expanding and becoming increasingly complex. The Commission's jurisdiction over Internet-related issues has grown, for example, to include new laws to fight spam and identity theft. At the same time, the rapid pace of technological change, the increasing financial pay-off for malicious actors, and the transnational nature of much fraud have increased the complexity of enforcement.
While the Internet revolution and the growth of digital technologies have heightened the FTC's importance to consumer protection, the resources available to the Commission have declined. The Commission's staff in 2008 is only 62% of the size that it was almost 30 years earlier in 1979, well before the Internet explosion.
The President and Congress should pledge to provide the FTC with the resources it needs to fulfill its expanded consumer protection responsibilities.
The President should nominate, and the Congress should confirm, Commissioners who will protect consumer privacy. The President should choose an FTC Chairman with a strong consumer protection focus.
President Obama and Congress should develop and implement a comprehensive privacy and security framework for electronic personal health information.
There is broad consensus that health information technology and electronic health information exchange hold great promise for improving health quality, reducing errors, and empowering consumers. The National Health Information Network is being built to facilitate the electronic exchange of data among health care institutions across the country. At the same time, the private sector is moving ahead with the development of online Personal Health Records that can enable consumers to take more control of their health care.
However, there has been little progress at the federal level in addressing the privacy issues associated with the growing liquidity of personally identifiable health information. The lack of clear privacy rules threatens consumer support for health information technology and electronic health data exchange.
The federal health privacy rules under the Health Insurance Portability and Accountability Act (HIPAA) established the first comprehensive federal health privacy protections. However, the rules are insufficient to cover the new and rapidly evolving e-health environment and have never been adequately enforced.
The next President and Congress need to strengthen HIPAA for electronic records kept by traditional health system entities and aggressively enforce the law. The next President and Congress also will need to establish new protections to address the increased migration of health information outside of the health care system, such as through Personal health Records offered by employers and Internet companies. Extension of HIPAA rules to non-health entities would fail to address the most serious threats to privacy posed by these new consumer tools and could inadvertently promote the inappropriate sharing of personal health information.
