Page 165 -
P. 165
164 Part One Organizations, Management, and the Networked Enterprise
The FTC’s FIP principles are being used as guidelines to drive changes in
privacy legislation. In July 1998, the U.S. Congress passed the Children’s Online
Privacy Protection Act (COPPA), requiring Web sites to obtain parental permis-
sion before collecting information on children under the age of 13. The FTC
has recommended additional legislation to protect online consumer privacy in
advertising networks that collect records of consumer Web activity to develop
detailed profiles, which are then used by other companies to target online ads.
In 2010, the FTC added three practices to its framework for privacy. Firms
should adopt “privacy by design,” building products and services that protect
privacy. Firms should increase the transparency of their data practices. And
firms should require consumer consent and provide clear options to opt out of
data collection schemes (FTC, 2010). Other proposed Internet privacy legisla-
tion focuses on protecting the online use of personal identification numbers,
such as social security numbers; protecting personal information collected on
the Internet that deals with individuals not covered by COPPA; and limiting the
use of data mining for homeland security.
Beginning in 2009 and continuing through 2012, the FTC extended its FIP
doctrine to address the issue of behavioral targeting. The FTC held hearings to
discuss its program for voluntary industry principles for regulating behavioral
targeting. The online advertising trade group Network Advertising Initiative
(discussed later in this section), published its own self-regulatory principles
that largely agreed with the FTC. Nevertheless, the government, privacy
groups, and the online ad industry are still at loggerheads over two issues.
Privacy advocates want both an opt-in policy at all sites and a national Do Not
Track list. The industry opposes these moves and continues to insist on an
opt-out capability being the only way to avoid tracking. In May 2011, Senator
Jay D. Rockefeller (D-WV), Chairman of the Senate Commerce Subcommittee
on Consumer Protection, Product Safety, and Insurance, held hearings to
discuss consumer privacy concerns and to explore the possible role of the
federal government in protecting consumers in the mobile marketplace.
Rockefeller supports the Do-Not-Track Online Act of 2011, which requires
firms to notify consumers they are being tracked and allows consumers to
opt out of the tracking (U.S. Senate, 2011). Nevertheless, there is an emerg-
ing consensus among all parties that greater transparency and user control
(especially making opt-out of tracking the default option) is required to deal
with behavioral tracking.
Privacy protections have also been added to recent laws deregulating
financial services and safeguarding the maintenance and transmission of
health information about individuals. The Gramm-Leach-Bliley Act of 1999,
which repeals earlier restrictions on affiliations among banks, securities firms,
and insurance companies, includes some privacy protection for consumers of
financial services. All financial institutions are required to disclose their policies
and practices for protecting the privacy of nonpublic personal information
and to allow customers to opt out of information-sharing arrangements with
nonaffiliated third parties.
The Health Insurance Portability and Accountability Act (HIPAA) of 1996,
which took effect on April 14, 2003, includes privacy protection for medical
records. The law gives patients access to their personal medical records
maintained by health care providers, hospitals, and health insurers, and the
right to authorize how protected information about themselves can be used or
disclosed. Doctors, hospitals, and other health care providers must limit the
disclosure of personal information about patients to the minimum amount
necessary to achieve a given purpose.
MIS_13_Ch_04_Global.indd 164 1/18/2013 10:27:40 AM
