FTC Establishes Advisory Committee on Online Access and Security

The Federal Trade Commission today announced the establishment of the Federal Trade Commission Advisory Committee on Online Access and Security and requested nominations for committee members. Providing consumers access to information collected about them and providing security for such information are two of five core fair information practice principles described in the Commission's 1998 report, Privacy Online: A Report to Congress. The other three principles are "Notice," "Choice," and "Enforcement." In a follow-up report to Congress this year, the Commission noted that access and security are important privacy safeguards, but that they may raise a number of implementation issues.

The Advisory Committee will provide advice and recommendations to the Commission regarding options for the implementation by commercial Web sites of the access and security information practice principles, and the costs and benefits of each option. An announcement of the Advisory Committee's establishment and a request for nominations will appear shortly in the Federal Register.

The Commission will charge the Advisory Committee with (1) considering the parameters of reasonable access to personal information and adequate security to protect such information, and (2) preparing a written report presenting options for implementation of these fair information practices and the costs and benefits of each option. A copy of the Advisory Committee's charter will be filed with the Senate Committee on Commerce, Science, and Transportation, the House Committee on Commerce, and the Library of Congress by January 5, 2000.

According to its charter, the Advisory Committee will consider, among other things, whether the extent of access provided by Web sites should vary with the sensitivity of the personal information collected and/or the purpose for which such information is collected; whether the difficulty and costs of retrieving consumers' data should be considered, whether consumers should be provided access to enhancements to personal information (e.g., inferences about their preferences or purchasing habits); appropriate and feasible methods for verifying the identity of individuals seeking access; whether a reasonable fee may be assessed for access, and if so, what a reasonable fee would be; and whether limits could be placed on the frequency of requests for access, and if so, what those limits should be.

The Advisory Committee will also consider how to define appropriate standards for evaluating the measures taken by Web sites to protect the security of personal information; what might constitute reasonable steps to assure the integrity of this information; and what measures should be undertaken to protect this information from unauthorized use or disclosure.

The Advisory Committee will comprise approximately 30 members, who, as a group, will represent a broad spectrum of relevant interests. Nominees should have expertise in the issues and/or technologies relevant to the implementation of fair information practices by commercial Web sites, the agency said. They should also be able to commit to attending all of the Advisory Committee meetings, the dates of which are noted below. The Federal Register notice requests that interested parties submit nominations by January 5, 2000, and states that Commission staff will notify nominees that they have been selected to serve on the Advisory Committee as soon as possible after January 20, 2000.

Meetings of the Advisory Committee will be open to the public, and will be chaired by David Medine, Associate Director for Financial Practices, Bureau of Consumer Protection. Advisory Committee meetings will be held on February 4, 2000; February 25, 2000; March 31, 2000; and April 28, 2000, at the Federal Trade Commission's headquarters in Washington, D.C. The Advisory Committee will present its written report describing options for the implementation of access and security online, and the costs and benefits of each option, no later than May 15, 2000, and will conclude its work no later than May 31, 2000.

The Commission vote to authorize publication of the Federal Register notice and to establish the Advisory Committee on Online Access and Security was 5-0.

Copies of the Federal Register notice are available from the FTC's web site at http://www.ftc.gov and also from the FTC's Consumer Response Center, Room 130, 600 Pennsylvania Avenue, N.W., Washington, D.C. 20580; 877-FTC-HELP (877-382-4357); TDD for the hearing impaired 1-866-653-4261. To find out the latest news as it is announced, call the FTC NewsPhone recording at 202-326-2710.

(FTC File No. 004 4807)