The Commerce Department’s Latest Privacy Initiative on Data Privacy Day

Submitted on January 28, 2011 - 5:00pm
Categories:
Printer-friendly version

Today is Data Privacy Day, an annual international celebration to raise awareness and generate discussion about information privacy designated by both the U.S. Senate and U.S. House of Representatives in 2009. In honor of Data Privacy Day, here’s an update on the latest Commerce Department initiative to protect the privacy of the American people.

On Jan. 7 at a discussion forum with business and academic leaders at Stanford University, Secretary of Commerce Gary Locke and White House Cybersecurity Coordinator Howard A. Schmidt unveiled plans to establish a National Program Office at the Commerce Department to help implement the National Strategy for Trusted Identities in Cyberspace, an administration initiative that aims to foster private-sector development of new technologies that can improve both the privacy and the security of sensitive online transactions.

Cybercrime and identity theft cost U.S. consumers hundreds of millions of dollars annually. So the idea is that the private sector would lead the development of better technologies for consumers and businesses to establish their identities before they conduct sensitive transactions like banking, shopping or downloading health care records. The Commerce Department would facilitate the process by building consensus on standards and managing collaborative efforts with other federal agencies.

These technologies could be devices like a smart card or fob that generate one-time passwords. They could be software or devices on your smart phone or personal computer that match a digital certificate issued by your computer or phone with a personal pin number. Because these technologies would require both something you have, like your cell phone, and something you know, like your pin number, an identify thief or hacker could not pretend to be you simply by guessing your password to your bank’s website.

We’re not talking about a national ID card, a mandated digital identity, a centralized identity database or an Internet driver’s license… not even a learner’s permit. Individuals who want a secure Internet credential would be able to choose among multiple identity providers, both private and public, and among multiple digital credentials. And people could continue to communicate anonymously online if they choose.

For additional information on this privacy-enhancing initiative, visit www.nist.gov/nstic.

Comments Closed

Due to increased spam, comments have been closed on this content. If you wish to comment about the content, we encourage you to email webmaster@doc.gov.

An inalienable right to one's personal data...

Submitted on February 25, 2011 - 1:34pm.

...as it has been commanded by the European Union in 1995 would be a start. The private sector will never do "for the good of the consumer" what it does not have to do.

Simply force every and all businesses dealing with personal data to
- inform
- correct
- delete
one's personal data upon request of the owner of the data.

These simple rights do not restrict private business. But they finally gave the last word on what happens with one's personal data to the owner.

To give a practical example : I was shocked, as a European customer, how a business situated in California, was able to deny deletion of my personal data after all contractual obligations had been completed. There is no further contact required between them and me, yet they simply say "we are sorry, but state in the Terms of Service that we never delete your data".

THAT is cyber crime starting in the private sector.

This is a very important

Submitted on April 1, 2011 - 7:05pm.

This is a very important concern. I have dealt with U.S. businesses which consequently started to annoy me with frequent ad mails that I had no interest in, and swamped my mailbox. Some even forwarded my address to their "partners" to spam me as well. As a European citizen, I was shocked to find out that there is no U.S. law that would allow me to request the companies in question to delete my address.

I live in Switzerland, and I can say from experience that the day a law was passed to give the people these rights, was the day that domestic spam stopped dead in its tracks. It allows people to "opt out" of any scheme, database, or communication, and legally back this demand. There is no more unsolicited mail coming from countries who have passed and enforce such laws.

I would be interested to learn about further developments in the U.S. regarding this issue.