- The new chairman of the Federal Trade Commission today called for a "pause" in the pursuit of privacy legislation, saying the emphasis should be on "more law enforcement, not more laws."
And to show that his enforcement message wasn't just talk, Timothy J Muris, in his first policy statement on privacy issues since his appointment by President Bush earlier this year, said the agency would increase the number of staff members dedicated to privacy issues from 36 to 60.
Muris' plan to better enforce online privacy, spam and identity theft laws won general praise from the privacy experts, advocates and corporate officials to whom he spoke at the Privacy 2001 conference here.
The message for businesses was clear.
"The companies that haven't given privacy any due consideration -- those are the ones that should now be getting concerned," says Peter Reid, a privacy expert at Plano, Texas-based Electronic Data Systems.
But in pushing aside the consideration of new privacy regulations, Muris opened the door for criticism that he is taking an easy way out of a difficult issue.
"It's a pretty clear retraction of where the FTC was before," says Sol Berman, a technology legal expert at the Columbus, Ohio-based Ohio Supercomputer Center's Technology Policy Group, which sponsored the conference.
Muris' predecessor at the FTC, Robert Pitofsky, a Democrat, believed that the private sector wasn't doing enough to safeguard consumer privacy and felt some baseline legal standards were needed.
Although he didn't rule out future privacy legislation, Muris says the FTC should first step up enforcement of current laws.
"I'm not saying 'No how, never, no legislation.' I think, however, given all of the recent legislation ... we at least need to pause, to figure out how to effectively enforce the legislation we have," he said in response to questions after his talk. "I'm convinced that there's a lot that we can do to protect consumer privacy."
The Information Technology Association of America (ITAA), a technology industry trade group, praised Muris's stand in a statement last week. The group's president, Harris N Miller, said he agreed that there are enough laws already on the books to safeguard consumers; now they need to be enforced.
The Association for Competitive Technology (ACT), an industry trade group that has been a frequent defender of Microsoft, a founding member, also issued a statement applauding the FTC's latest stance. ACT President Jonathan Zuck said in the statement that consumers will be better served by focusing on current laws rather than creating new ones. Most proposed privacy legislation today focuses on regulating new technology rather than protecting sensitive information, Zuck said.
Although Muris was expressing his own views, two Republicans who serve on the five-member FTC commission are also opposed to government online privacy regulation.
Any position taken by the FTC wouldn't preclude Congress or the states from adopting privacy rules. But Muris' opposition to regulation will affect the congressional debate on the issue. A number of privacy bills were pending prior to the September 11 terrorist attacks on the U.S., but it's no longer clear when Congress, now focused on security issues, will resume debate on privacy legislation.
Muris defended his position by outlining some of the issues that must be solved before regulation is possible, including access and security requirements. The access issue, in particular, worries many in corporate IT because it could require developing a way to give customers access to data kept in disparate databases.
The FTC chief also acknowledged industry complaints that privacy rules will cost companies money. "We need much better data than we have about the benefit/cost trade-off before we proceed," he said.