Brad Smith, Microsoft’s senior VP-general counsel and corporate secretary, speaking at a congressional luncheon today, added some new wrinkles into the privacy debate. He said federal legislation, besides preempting state laws, should cover offline as well as online privacy; should give consumers the right to inspect or correct information companies collect; and should require companies to take “reasonable steps” to protect information.
Confidence is key
“This is the time. This is the place for this government to adopt privacy legislation on a national basis,” Mr. Smith said. He said the Internet depends on retaining the confidence of the public and “that confidence isn’t what it was a few years ago.”
With the switch, Microsoft joins Hewlett-Packard and eBay in supporting national legislation. In the past most technology companies had opposed federal laws, arguing that private companies themselves acting together could take voluntary action to improve security. The Direct Marketing Association has called for setting national standards on privacy, but hasn’t specifically called for a national law.
The comments came on the same day a panel of the House Energy and Commerce Committee moved forward legislation that would enact a privacy law covering data aggregator privacy breaches, but Mr. Smith said Microsoft advocates broader legislation that treats a far wider range of data.
He said the company believes consumers should have access to personal information and correct or alter incomplete information when possible and have a right to be notified in the case of a breach “that could reasonably result in the misuse of unencrypted sensitive financial information.”
Mr. Smith also suggested that federal legislation needs to be more consistent across sectors.
Jerry Berman, president of the Center for Democracy and Technology, a group that tracks federal technology issues, said Microsoft’s move will increase the pressure for Congress to act next year on a broader privacy measure.
“This brings some momentum for aggressive action,” he said. “Some of the major companies are coming to the conclusion that self- regulation will not work and that we have incredible gaps and creating a federal floor is necessary.”
Some Democrats have worried that national privacy legislation would weaken current state laws. At a meeting today of the House committee panel, Rep. Ed Markey, D-Mass., complained that legislation pushed by committee Republicans would ease standards adopted by Illinois and California for notifying consumers of privacy breaches and eliminate state enforcement while giving the Federal Trade Commission new authority to fight privacy violations. He called the legislation “a joke” and complained “company exposure to risk is almost negligible.”