Data Debate

Online marketers should give consumers access to personally identifiable information, but may have trouble assuring that others won’t see it. Letting consumers see the personal information Web sites have collected may discou rage marketers from collecting more data than they need.

That’s the top line of a new report from the Federal Trade Commission’s Advisory Committee on Online Access and Security. The committee was formed last December to advise the FTC on how commercial Web sites can best provide consumers with access to their own information and how best to make that information secure. It released its report in late April after hearings and testimony from both site managers and consumers.

The report sums up wide-ranging opinions of the 30-member task force, and isn’t intended as a recommendation for legislation (although some committee members say access and security should be legislated immediately).

The committee defined “personally identifiable information” as all data that can be connected to an individual by name, address, or “unique identifier” such as screen name or browser cookie. Giving consumers broad access to that info “may promote awareness of business information practices as much as they promote accuracy,” the report says.

The trouble is security, because it’s application-specific and “different types of data warrant different levels of protection,” the study says. The committee suggests five potential solutions: a government-established sliding scale of security standards; a standard set by what’s “appropriate under the circumstances,” similar to medical malpractice guidelines (which change as technology changes); industry-specific standards; requiring all sites to maintain a security program; or relying on existing remedies and letting market pressure induce sites to set security. For more information, visit www.ftc.gov.