Microsoft Advocates Comprehensive Federal Privacy Legislation

Microsoft Advocates Comprehensive Federal Privacy Legislation

Microsoft has come out in favour of a national privacy law for the United States. Notably, this proposal calls for the federal law to pre-empt state laws that may be more onerous. From the Microsoft release:

Microsoft Advocates Comprehensive Federal Privacy Legislation: General counsel outlines framework to protect consumers and promote online commerce.:

WASHINGTON — Nov. 3, 2005 — Microsoft Corp. today announced its support for a comprehensive legislative approach at the federal level on the issue of data privacy. In a speech delivered to the Congressional Internet Caucus, Brad Smith, senior vice president and general counsel for Microsoft, told Caucus members that “the time has come” for a strong national standard for privacy protection that will benefit consumers and set clear guidelines for businesses while still allowing commerce to flourish.

Smith explained the three key factors that have led Microsoft to support a comprehensive federal legislative response: an increasingly complex patchwork of state, federal and even international laws related to data privacy and security; the potential for consumer fears about identity theft and other online dangers to dampen online commerce; and the increasing consumer desire for more control over the collection and use of online and offline personal information.

“The growing focus on privacy at both state and federal levels has resulted in an increasingly rapid adoption of well-intended privacy laws that are at times overlapping, inconsistent and often incomplete,” Smith said. “This is not only confusing for businesses, but it also leaves consumers unprotected. A single federal approach will create a common standard for protection that consumers and businesses can understand and count on.”

Smith noted an increasing level of concern from Americans on the subject of identity theft over the Internet.

“Individuals will not take full advantage of the Internet or any commercial medium if they believe that their information or data could be compromised or disclosed in unexpected ways,” Smith said. “There is a causal link here: protecting consumers promotes commerce, and that’s good for everyone.”

The third factor — consumers’ increasing desire for more control over the collection and use of their personal information — springs from the response to the increasingly aggressive tactics of computer criminals.

“We’ve seen a spate of legislative activity in the aftermath of several highly publicized data breaches, but for consumers, the reality is still pretty daunting. They do not necessarily have a better experience and in many cases still do not clearly understand how companies are collecting, using and disclosing their personal information in the first place,” Smith said. “We have to make this more transparent and manageable for consumers.”

“Microsoft’s call for strong national privacy legislation is a landmark moment in the cause of establishing and protecting individual privacy rights online,” said Jerry Berman, president of the Center for Democracy and Technology. “Microsoft’s privacy legislation commitment creates momentum for a serious effort to establish consumer privacy expectations for the digital age. While we have not reached consensus on all of the provisions of a privacy bill, we applaud Microsoft’s willingness to work actively with other high-tech companies, consumer organizations and policymakers to make serious privacy legislation a reality.”

Smith described four core principles that Microsoft believes should be the foundation of any federal legislation on data privacy:

  • Create a baseline standard across all organizations and industries for offline and online data collection and storage. This federal standard should pre-empt state laws and, as much as possible, be consistent with privacy laws around the world.

  • Increase transparency regarding the collection, use and disclosure of personal information. This would include a range of notification and access functions, such as simplified, consumer-friendly privacy notices and features that permit individuals to access and manage their personal information collected online.

  • Provide meaningful levels of control over the use and disclosure of personal information. This approach should balance a requirement for organizations to obtain individuals’ consent before using and disclosing information with the need to make the requirements flexible for businesses, while avoiding bombarding consumers with excessive and unnecessary levels of choice.

  • Ensure a minimum level of security for personal information in storage and transit. A federal standard should require organizations to take reasonable steps to secure and protect critical data against unauthorized access, use, disclosure modification and loss of personal information.


Peter Cullen, Microsoft’s chief privacy strategist responsible for managing and promoting the company’s implementation of privacy across its products, services and processes, reinforced the need for and value of a uniform approach that complements technological advances.

“Microsoft’s overarching goal for privacy continues to be to create a trusted environment for Internet users,” Cullen said. “We have woven privacy into the DNA of Microsoft, from product development to deployment, and decisions are made with privacy in mind. A comprehensive legislative approach to privacy that applies across the country would be part of the solution to give all consumers strong privacy and security protection, and allow everyone to realize the full potential that the Internet and technology can provide.”

There is growing support throughout the technology industry for a more standardized approach to data privacy. Leading companies such as HP have voiced support for a federal legislative approach and have incorporated similar ideals into their standard operating procedures.

Barb Lawler, HP’s chief privacy officer, concurs with Cullen. “HP believes a uniform federal approach to data privacy would provide a consistent level of expectation for consumers and business continuity for corporations,” Lawler said. “HP believes that upholding the highest standards for the protection of personal information is a business imperative and, through our ‘Design for Privacy’ initiative, we integrate privacy into every facet of our business processes, products and services.”

0 comments:

Post a Comment

  • Health Care Reform Explained from B... Dan Roam at the Back of the Napkin Blog sums up the current health care reform effort in this four part health care series, Healthcare Napkins All. Great back of the...
  • Why We Need A Health Care Revolutio... Dr. Val Jones' road to revolution provides her personal perspective on the current state of our health care system and why we all need to work for change.Don't miss the...
  • The important lesson from sandcastl... As I return to West Virginia after a week spent at the beach -- this post by Jim Carrol, Futurist, Trends & Innovation Expert, caught my attention. Much of my week on...
  • A little Nick: I'm a liberal an... Law blogger posts online: Don't miss reading this post by my favorite hospital blogging CEO, Nick Jacobs over at Nick's Blog. Much of what Nick has to say strikes a chord with me and this post is...
  • Executive Order Impacts Health Care... Law blogger posts online: President Bush signed an Executive Order on August 22 requiring federal agencies to do more to inform public health care consumers about the cost and quality of health...
  • eHealthWV: West Virginia EHR Public... Law blogger posts online: As a part of West Virginia's participation in the Health Information Security and Privacy Collaborative (HISPC), West Virginia Medical Institute and its partners launch...
  • Physicians vs. Patient: Rating-Perm... Interesting post from the WSJ Health Blog on Medical Justice's new ratings-permission contracts (press release on service).This new service offered by Medical Justice...
  • Just when you thought it was safe: ... Law blogger posts online: I’ve blogged previously about just how much I hate browser toolbars and nothing much has changed in the four years that have passed. Call me nosey, but when I’m...
  • Governor Manchin Approves Cardiac C...The West Virginia Health Care Authority website indicates today that Governor Manchin approved the final revised certificate of need Cardiac Catheterization Standards.
  • A Law Actually Interview with… Litt... Next up in the interview chair is Gemma from Little Tiny Pieces. Little Tiny Pieces is an interesting name?  What it inspired it; does it have any hidden meanings?...
  • Let the voting commence!... Law blogger posts online: Yes, after two long weeks of nominations, the shortlist for the 2010 Blawggies has been decided and voting for the awards can officially begin! The polls will remain...
  • Is blogging good for your health?... Law blogger posts online: Is blogging good for your health?This Boston Globe article, Cancer blogs become part of treatment, indicates that blogging about your condition has a positive impact.The...
  • ADVANCE Magazine - Article on EHRs ... Recently I was interviewed for an article looking at the legal issues involved in the developing world of EHRs and PHRs written by Beth Walsh for ADVANCE Magazine. The...