Advisory Committee on Online Access and Security

For Release: January 21, 2000

Online Privacy Committee Members Named

Advisory Committee on Online Access and Security to Initiate Review in February

The Federal Trade Commission has named the members of its Advisory Committee on Online Access and Security and announced that the Advisory Committee's first meeting will be held February 4. The Committee will provide advice and recommendations to the Commission regarding the costs and benefits, to both consumers and businesses, of implementing the fair information practices of access and security online. Providing consumers access to the information collected from and about them and providing security for that information are two of four core fair information practice principles described in the Commission's 1998 report, Privacy Online: A Report to Congress. The other two principles are "notice," and "choice." The Commission also regards "enforcement" as an essential component of effective self-regulatory programs. In a follow-up report to Congress last year, the Commission noted that access and security are important privacy safeguards, but that they may raise a number of implementation issues.

In a Federal Register Notice published yesterday, the FTC announced that the first meeting of the Advisory Committee, which will be open to the press and public, will be held Friday, February 4, 2000, at FTC headquarters in Washington, D.C. The meeting will explore the issues of what constitutes "reasonable access" to data collected from and about consumers and what exemplifies "adequate security" for that information. Subsequent Advisory Committee meetings will be held February 25, March 31, and April 28, at FTC headquarters. Those, too, will be open to the public and press. The Advisory Committee will present a written report to the Commission describing options for the implementation of access and security online, and the costs and benefits of each option, no later than May 15, 2000, and will conclude its work no later than May 31, 2000. The Commission encourages the public to submit comments for the Advisory Committee's consideration during the period in which the Committee is performing its work.

"The roster of distinguished members of this Advisory Committee represents a broad cross-section of e-commerce experts, online businesses, security specialists, and consumer and privacy advocates" said Robert Pitofsky, Chairman of the FTC. "The Commission is gratified that the members have agreed to serve on the Advisory Committee as we address the challenges of assuring consumer privacy online."

In selecting the members of the Advisory Committee, the Commission considered over 180 nominations received from a broad array of interested parties. According to the Committee's charter, members will consider, among other things, whether the extent of access provided by Web sites should vary with the sensitivity of the personal information collected and/or the purpose for which such information is collected; whether the difficulty and costs of retrieving consumers' data should be considered, whether consumers should be provided access to enhancements to personal information (e.g., inferences about their preferences or purchasing habits); appropriate and feasible methods for verifying the identity of individuals seeking access; whether a reasonable fee may be assessed for access, and if so, what a reasonable fee would be; and whether limits could be placed on the frequency of requests for access, and if so, what those limits should be. The Advisory Committee will also consider how to define appropriate standards for evaluating the measures taken by Web sites to protect the security of personal information; what might constitute reasonable steps to ensure the accuracy of this information; and what measures should be undertaken to protect this information from unauthorized use or disclosure.

The Advisory Committee members are:

Mr. James C. Allen, Vice President of Development and Operations, eCustomers.com

Stewart A. Baker, Esq., Steptoe & Johnson LLP

Mr. Richard Bates, Vice President of Government Relations, The Walt Disney Company

Ms. Paula J. Bruening, Director of Compliance and Policy, TRUSTe

Mr. Steven C. Casey, Director of Government Affairs, RSA Security, Inc.

Fred H. Cate, Esq., Professor of Law, Indiana University School of Law - Bloomington

Mr. Jerry Cerasale, Senior Vice President for Government Affairs, Direct Marketing Association, Inc.

Steven J. Cole, Esq., Senior Vice President and General Counsel, Council of Better Business Bureaus, Inc.

Dr. Lorrie Faith Cranor, Senior Technical Staff Member, AT&T Labs-Research

Dr. Mary J. Culnan, Professor, McDonough School of Business, Georgetown University

Mr. E. David Ellington, Co-Founder, Chairman, President and CEO, NetNoir, Inc.

Ms. Tatiana Gau, Vice President of Integrity Assurance, America Online, Inc.

Alexander Gavis, Esq., Assistant General Counsel, Fidelity Investments

Mr. Rob Goldman, Executive Vice President of Customer Experience, Dash.com, Inc.

Mr. Robert T. Henderson, Vice President, Warehouse Outsourcing Solutions, NCR Corporation

David Hoffman, Esq., Intel Corporation

Dr. Lance J. Hoffman, Professor of Computer Science, School of Engineering and Applied Science, George Washington University

Mr. Josh Isay, Director of Public Policy and Government Affairs, DoubleClick, Inc.

Mr. Daniel Jaye, Chief Technology Officer, Engage Technologies, Inc.

Dr. Eric J. Johnson, Professor of Business, Columbia University

Dr. John Kamp, Senior Vice President, American Association of Advertising Agencies

Mr. Rick Lane, Director of Congressional and Public Affairs, U.S. Chamber of Commerce

James W. Maxson, Esq., Delta Air Lines, Inc.

Mr. Michael R. McFarren, Chief Executive Officer, Bellerophon, Ltd.

Mr. Gregory Miller, Chief Internet Strategist, MedicaLogic, Inc.

Deirdre Mulligan, Esq., Staff Counsel, Center for Democracy and Technology

Deborah Pierce, Esq., Staff Attorney, Electronic Frontier Foundation

Ronald Plesser, Esq., Piper, Marbury, Rudnick & Wolfe LLP

Dr. Lawrence A. Ponemon, Partner, Global Leader for Compliance Risk Management, PricewaterhouseCoopers, LLP

Mr. Richard Purcell, Director, Corporate Privacy Group, Microsoft Corporation

Mr. Arthur B. Sackler, Vice President for Law and Public Policy, Time Warner, Inc.

Dr. Daniel Schutzer, VP and Director of External Standards and Advanced Technology, e-Citi, Citigroup

Mr. Andrew Shen, Policy Analyst, Electronic Privacy Information Center

Dr. Jonathan M. Smith, Professor, Department of Computer and Information Science, University of Pennsylvania

Mr. Richard Smith, Internet Security Consultant

Ms. Jane Swift, Lieutenant Governor of Massachusetts, The Commonwealth of Massachusetts

Frank C. Torres III, Esq., Legislative Counsel, Consumers Union

Mr. Thomas Wadlow, Vice President of Security Research and Development, Pilot Network Services, Inc.

Mr. Ted Wham, Director, Membership, Excite@Home Network

Ms. Rebecca Whitener, Principal, Global Services Security and Consulting Group, IBM Corporation

Copies of the Federal Register notice are available from the FTC's web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580; 877-FTC-HELP (877-382-4357); TDD for the hearing impaired 1-866-653-4261. To find out the latest news as it is announced, call the FTC NewsPhone recording at 202-326-2710.

MEDIA CONTACT:: Claudia Bourne Farrell; Office of Public Affairs; 202-326-2181

STAFF CONTACT:: Jessica Rich; Bureau of Consumer Protection; 202-326- 2148

(FTC File No. P004807)
(a&s)