Institute Submits Comment Letter on Department of Commerce Data Privacy Principles

Washington, DC, November 20, 1998 - On November 19, the Institute submitted a comment letter on proposed privacy principles developed by the Department of Commerce. The proposed Commerce Department principles will form the basis for discussions with the European Union over a safe harbor for US companies from the EU Data Protection Directive. The privacy directive, which took effect on October 25, has the potential to disrupt flows of data from the EU to the US. Briefly, the Commerce Department principles discuss the need for (1) consumer awareness of data collection, (2) access to information collected, (3) choice about how the data is used, (4) assurance of data security, and (5) recourse to complaint resolution. In addition, there should be (6) independent verification of privacy practices among companies that collect data and (7) sanctions for noncompliance.

In its letter, the Institute strongly urged that an organization should qualify for the safe harbor on the basis of requirements established by its regulator with respect to the protection of personal information privacy for that industry. This should be the case even if the requirements do not precisely mirror each of the seven specific principles outlined in Commerce's draft of the safe harbor.