by Robert J. Wagman
If you do business on the Internet and collect information about customers, you’d better pay attention. A number of bills passed and pending in Congress will limit how you will be able to use that information, how you can gather it, and what you must tell your customers.
* The Children’s Online Privacy Protection Act of 1998 has been the law since May of this year. If you operate a Web site and children under the age of 13 log on, whether as customers or as visitors seeking information, playing, or just surfing, you may not “collect, use, or gather” personal information about them including e-mail addresses without the specific and individual consent of their parents. Moreover, the law requires businesses to post very specific and detailed information about what information will be gathered with parental consent, and to maintain rigid safeguards to ensure the child’s parents are who they say they are.
At least three pending bills would broaden the scope of this law to cover older minors, or in one case, adult Web users.
* The “Electronic Privacy Bill of Rights Act of 1999” would require the operator of any Web site or online service that collects personal information to provide “clear and conspicuous notice” on the Web site of the specific types of personal information collected, how such information will be used, and the disclosure practices for such information.
* The “Children’s Privacy Protection and Parental Empowerment Act of 1999” would prohibit the sale or commercial use of customer information about children under any circumstances, including with parental permission.
* The “Freedom and Privacy Restoration Act” would prohibit a business from using customers’ Social Security numbers as identifiers or from linking customer identification numbers to Social Security numbers.
* The “Consumers Internet Privacy Protection Act of 1999” would sharply limit what customer information you can gather and how you can use it. Likewise, an amendment to the Consumer Credit Protection Act will restrict your ability to share or sell customer information for telemarketing purposes.
* If you deal in the medical arena, more than two dozen bills are pending that would limit your ability to gather or disseminate any information about your customers that could be considered medical or patient information.
Already, some on Capitol Hill are becoming concerned about businesses’ technical abilities to comply with some of the requirements of these laws. For instance, some of the “clear and conspicuous notice” posting requirements are so broad as to fill much of a home page on a full Web site, and would have the Web site operator breaking the law if the site is being viewed with a smaller, handheld device.
