By Jason Llorenz, Esq.
April 21, 2011

The Epsilon data breach is the latest high-profile security failure driving policy makers to address the issues of online privacy and identify security.  Since the beginning of the year, the Administration and Congress have taken action on these issues.

Most recently, the White House recognized the growing need to ensure the integrity of the individual American’s online identity and to fix the broken process of online identification for users that has come to be described as “increasingly cumbersome and complex.”  Last week, the Obama Administration held an event at the US Chamber of Commerce to reveal its strategy to improve the security of online transactions.

The National Strategy for Trusted Identities in Cyberspace plan hopes to create an “identity ecosystem” that provides digital identity credentials and allows users to log into any website with that credential.  This colossal task will take the cooperation of both the public and private sectors to find an approach that solves problems rather than causes more of them – a real possibility given the ever-changing environment of the digital world and the creativity of internet criminals who are on constant lookout to exploit security weaknesses.

In a prepared statement announcing the initiative, President Obama said: “The Internet has transformed how we communicate and do business, opening up markets, and connecting our society as never before.  But it has also led to new challenges, like online fraud and identity theft, that harm consumers and cost billions of dollars each year.”

While still years away from consumer use, the plan relies on market-driven solutions with the government bringing businesses together to create the system.  The NSTIC report envisions a future with smart cards, cell phones, USB security sticks, and similar applications solving our identification needs.

The program will be coordinated by a Commerce Department agency, the National Institute of Standards and Technology (NIST), which has been setting national standards since 1901.  NIST will coordinate the new strategy with the business leaders working to ensure consumer privacy.  Public meetings on NSTIC begin in June, and funding for pilot projects by 2012.

The NSTIC plan seems to go hand in hand with the National Broadband Plan’s focus on bringing Americans universal Internet coverage.  The NSTIC proposes a system to create basic tools needed for online commerce to thrive just as universal broadband is seen as a prerequisite for achieving a 21st Century economy and ensuring our global competitiveness.  As the NSTIC report states: “A secure cyberspace is critical to our prosperity.”

On Capitol Hill, four major bills were introduced from Members of both parties and chambers.  The Washington Post provided a concise summary of the separate proposals:

In February, Reps. Bobby Rush (D-Ill.) and Jackie Speier (D-Calif.) each introduced privacy legislation.  Earlier this week, Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.) and Reps. Cliff Stearns (R-Fla.) and Jim Matheson (D-Utah) offered privacy bills for each chamber.

The privacy bills have some key differences. Stearns’s bill promotes industry self-regulation and requires companies to notify consumers about privacy policies and data use.  The bill from Kerry and McCain encourages self-regulation but also requires an opt-in measure to share sensitive personal information, or information that could harm a person if released, depending on the situation.

Rush’s reintroduced bill requires companies to provide an opt-out option before they can share data with other companies.  Speier’s privacy package includes the only proposed legislation with a do-not-track measure; the other bill is aimed at protecting financial information.

Privacy and security are of even more acute importance to Latinos, the poor, and more vulnerable emerging online users, who are not only lagging in digital skills, but also tend to have fewer protections from loss of wealth or credit standing when victimized online.  The key for all consumers will be the development of a system that drives confidence in a secure environment that facilitates business, learning and life online.

Jason Llorenz is Executive Director of the Hispanic Technology and Telecommunications Partnership