Industry makes its case on privacy

WASHINGTON--As federal regulators open four days of hearings on consumer privacy on the Internet, industry groups today unveiled programs, products, and principles designed to show that the Net can regulate itself without government interference.

Credit and financial data providers whose Web sites let Net users look up personal information about other Net users were on the hot seat this morning at the Federal Trade Commission hearings called by Commissioner Christine Varney.

Aware that the FTC was going to hone in on this issue, eight companies in the database industry today unveiled practices and guidelines for what kind of personal information is collected and who can get at it online.

Companies participating include Lexis-Nexis, ChoicePoint, Database Technologies, Experian, First Data InfoSource/Donnelly Marketing, IRSC, Metromail, and Information America. TransUnion and Equifax also indicated that they would participate in the guidelines.

They sought to differentiate among three types of data available online: public records available from the government, publicly available data from private companies such as phone directories or news reports, and information such as survey data that belongs to a person or a company. The argument is that anything that is already publicly available through other sources should be freely available on the Net as well.

"Information on the Net should mirror what has already been publicly available," said Tim Dick, chief executive of Worldpages, which provides a "look-up service" to find people based on information in phone books.

The follow-up argument is that information that is not publicly available should be controlled. For example, the database marketing firms have suggested banning the practice of cross-referencing public data, such as phone numbers, with marketing information about individuals, such as what kind of computers or software they use.

"Data that is collected for marketing [should] only be used for marketing, not for look-up services," said Gerald Cerasale, senior vice president with the Direct Marketing Association trade group.

Evan Hendricks, editor and publisher of Privacy Times, urged "purpose tests" to determine who uses or needs to use personal information about individuals. "Americans don't know that when they fill out warranty cards that they are plugging into junk mail heaven," he said.

Congress prompted today's hearings by asking the FTC to investigate online look-up services. These database vary from Net white pages to services like Lexis-Nexis's subscription-based P-Trak, which includes information compiled from credit services and public records such as names, last two addresses, year and month of birth, and aliases.

For ten days when P-Trak launched last June, Social Security numbers were also available. They were quickly pulled but continue to be the prime example of why the government needs to regulate such databases.

Varney asked whether the voluntary guidelines suggested today would be enough. She also wants database companies to let consumers review the information on file about them.

"There may be things such as birth records that never occurred to me were public," Varney said. "Will you inform [people] what information is in [the database] and where the information came from?"

Others also doubt if self-regulation will work. "We have not yet seen voluntary self-regulation work in the privacy arena," said Marc Rotenberg of the Electronic Privacy Information Center. "If these safeguards are good, let's back them up with law so that everybody in the industry plays by the same rules."

The database group also suggested the following:

Limiting the distribution of private data such as credit reports to qualified subscribers with a legitimate business use for the information.

Informing consumers about the information available about them in online databases and how to limit it.

Banning the distribution of private data about children.

Others also came forward today to show the FTC that Web site developers are responsive to privacy concerns. As reported yesterday by CNET's NEWS.COM, TRUSTe, formerly called eTRUST, unveiled a set of logos that will inform visitors to Web sites how the information collected on that site will be used. The idea is to warn consumers beforehand that, for example, their personal data will be resold to marketing companies.

Lucent Technologies also demonstrated a "personal Web assistant" from its Bell Labs research facility that helps preserve the privacy of Web surfers.

The Web assistant lets users register at sites under an assumed identity and return under that new identity. Lucent says the Web sites won't be able to figure out who the users really are; for example, the Playboy site will no longer be able to tell how many IBM employees are logging on as they can today. This protects consumer privacy but also could skew any demographic information those sites collect.

A trial version of the software is available online.

Courtney Macavinta is reporting from the Federal Trade Commission hearings in Washington, D.C. Tim Clark is reporting from California.