WASHINGTON, May 17 (UPI) -- A pro-consumer privacy bill to regulate the collection and use of personal data passed the Senate Committee on Commerce, Science, and Transportation Friday after the vote was delayed for a day by Senate Minority Leader Trent Lott.
Republicans Ted Stevens of Arkansas and Conrad Burns of Montana joined with 13 democrats to pass the bill on a vote of 15 to 9. Passage of the bill had been put off 24 hours when Lott invoked the Senate's arcane 2-hour rule cutting off committee action two hours after the Senate started work for the day.
The bill would require that individuals grant specific permission before online companies, such as Internet providers or companies with Web sites, could collect or use sensitive personal data. Such data would include financial information, ethnicity, sexual orientation, or political party affiliation. Nonsensitive data, like a list of items purchased, could be shared without advance permission but customers could still "opt-out" of having their data exchanged.
The legislation also gives consumers the right to sue if their personal data is revealed and mandates that they be allowed, under "reasonable" circumstances, to see information kept about them. They can also ask to have erroneous items corrected.
Originally written to apply only to Internet-related activities, the bill now includes provisions to eventually expand its protections to data gathered from other sources as well such as frequent-customer cards or magazine subscriptions.
The provisions are controversial. Some see them as essential to fairness while others believe extending the protections is a tactic aimed at tying up debate and keeping the bill from passing before the end of the congressional session this year.
"The short-term impact is that (adding off-line data) got more support for the bill. There were a few members that skeptical who felt as though they could not support a bill that did not also do off-line information, Ari Schwartz associate director of the Center for Democracy and Technology told United Press International.
Long-term there may be a deeper examination of how extending the protections would work and what the impact of any delays involved would mean.
Also, said Schwartz, "it could mean there there's going to be a much higher focus on privacy generally in the Congress. That's really what we're hoping it will mean."
In addition to language on data collection and usage, the bill requires that reasonable efforts be made to protect data security. An amendment was proposed Thursday that would have protected companies from liability if they adopted certain security practices even if there was a subsequent security breach.
The amendment would set up a loophole, objected Committee Chairman Ernest Hollings, D-S.C., the sponsor of the bill. "It lets a company set up a procedure then say that such procedures shall be deemed reasonable without regard to whether such procedures have prevented a breach of network security."
The amendment was defeated on a 14 to 9 vote.
The need for such security was brought sharply into focus by the revelation this week that the Detroit office of the FBI is investigating the apparent theft of information on some 13,000 people from a credit reporting agency's database.
Ford Motor Credit Co. warned the possible victims that thieves, posing as Ford Credit personnel, apparently gained access to the database of the Experian credit reporting agency. About 400 of the suspected victims were Ford Credit customers.
The files were compromised between April 2001 and February 2002. Experian alerted Ford Credit when it noticed the software being used by the apparent thieves differed from that normally used by Ford Credit. The bogus queries appeared to have come from Ford Credit's Grand Rapids, Mich., office and targeted people with good credit ratings living in affluent areas.
Ford Credit sent 13,000 registered letters alerting the possible victims, urging them to contact Experian to have their credit histories corrected.
(With reporting by Scott Burnell in Washington and Marcy Kreiter in Chicago)
