The federal government had generally taken a hands-off approach to Internet privacy in the hopes that the industry would self-regulate. To facilitate this process, the Federal Trade Commission (FTC) established a set of criteria called "fair information principles" which privacy policies must adhere to. It comprises of the following components:
- notice: data collectors must disclose their information practices before collecting personal information from customers
- choice: consumers must be given options with respect to whether and how personal information collected from them may be used for purposes beyond those which the information was provided
- access: consumers should be able to view and contest the accuracy and completeness of data collected about them
- security: data collectors must take reasonable steps to ensure that information collected from consumers is accurate and secure from unauthorized use
In a survey of the most-visited sites conducted in May 2000, Federal Trade Commission (FTC) investigators examined two groups, a random sample of all Web sites with at least 39,000 unique monthly visitors and the 100 most popular US commercial Web sites. Although approximately two-thirds have privacy policies, only 20% of the random sample and 40% of the most popular sites had privacy policies that met all four fair information policies. Furthermore, there is nothing preventing companies from changing their privacy policies without notifying users nor is there an agency that holds the company accountable for meeting the specifications laid out in the policy. This led to attempts by the FTC to obtain regulatory control over Internet privacy protection from Congress. Most political analysts believed that Congress would pass some sort of Internet privacy guidelines in 2001 regardless of who won the election. This has not yet been done to date.
|