[Federal Register: February 26, 2003 (Volume 68, Number 38)]
[Notices]
[Page 8904-8906]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr26fe03-63]
-----------------------------------------------------------------------
FEDERAL TRADE COMMISSION
Public Workshops: Workshop 1: Technologies for Protecting
Personal Information: The Consumer Experience; Workshop 2: Technologies
for Protecting Personal Information: The Business Experience
AGENCY: Federal Trade Commission (FTC).
ACTION: Notice announcing two public workshops and requesting public
comment and participation.
-----------------------------------------------------------------------
SUMMARY: The FTC is planning to host two public workshops to explore
the role of technology in helping consumers and businesses protect the
privacy of their personal information, including the steps taken to
keep their information secure. Workshop 1 will focus on technological
tools available to consumers and whether and how consumers are using
them. Workshop 2 will focus on how businesses use technology to manage
their information practices and provide security.
DATES: Workshop 1, The Consumer Experience, will be held on Wednesday,
May 14, 2003, from 8:30 a.m. to 5 p.m., in the Federal Trade
Commission's Satellite Building now located at 601 New Jersey Avenue,
NW., Washington, DC. Workshop 2, The Business Experience, will occur on
Wednesday, June 4, 2003, also in the Satellite Building. The events are
open to the public and attendance is free of charge. Pre-registration
is not required.
Requests to Participate as a Panelist: As discussed below, written
requests to participate as a panelist in either or both of the
workshops must be filed on or before Wednesday, March 26, 2003. Persons
filing requests to participate as a panelist will be notified on or
before Wednesday, April 9, 2003, if they have been selected to
participate.
Written Comments: Whether or not selected to participate, persons
may submit written comments on the Questions to be Addressed at the
workshop. Such comments must be filed on or before Wednesday, April 23,
2003. For further instructions on submitting comments and requests to
participate, please see the ``Form and Availability of Comments'' and
``Requests to Participate as a Panelist in the Workshop'' sections
below. To read our policy on how we handle the information you may
submit, please visit http://www.ftc.gov/techworkshop.
submit, please visit http://www.ftc.gov/techworkshop.
ADDRESSES: Written comments and requests to participate as a panelist
in the workshop should be submitted to: Secretary, Federal Trade
Commission, Room 159, 600 Pennsylvania Avenue, NW., Washington, DC
20580. Alternatively, they may be e-mailed to techworkshop@ftc.gov.
FOR FURTHER INFORMATION CONTACT: Toby Milgrom Levin, Division of
Financial Practices, 202-326-3713, or James A. Silver, Division of
Financial Practices, 202-326-3708. The above staff can be reached by
mail at: Federal Trade Commission, 600 Pennsylvania Avenue, NW.,
Washington, DC 20580.
SUPPLEMENTARY INFORMATION:
Background and Proposed Agenda
Since 1995, the FTC has sought to understand the many consumer
issues raised by the collection and use of consumers' personal
information in our fast-changing information economy. Commission
workshops have examined the privacy issues raised by the use of this
information and, more recently, the important and complementary role
that security plays in providing meaningful protections for it. The
Commission has also undertaken a wide variety of education and
enforcement initiatives to reduce the harms caused by the disclosure of
personal information, such as identity theft, unwarranted intrusions,
violations of privacy promises, and breaches of customer databases. As
part of this ongoing examination, the Commission is announcing two
workshops designed to explore the role of technology in protecting
personal information.
Technology has been widely heralded as a promising solution to
challenges that the collection and use of information present. A number
of
[[Page 8905]]
products promise to help consumers control their sensitive information
and guard against internal and external threats. Similarly, there are
an increasing number of products designed to help businesses manage the
consumer information they maintain and ensure that it is secure.
Despite the widespread availability of these products, however, it is
unclear just how much consumers and businesses are using them and
whether they are meeting consumer and business needs in this area.
Therefore, as more and more consumers share personal information online
and use ``always on'' Internet connections, it is useful to examine the
current role that technology plays in protecting consumers' personal
information.
The workshops being announced will examine, first, the role
technology plays for consumers seeking to protect their own information
and, second, the role it plays for businesses seeking to protect the
consumer information that they maintain. Both workshops will also
examine the changes that have been made in the security area since the
Federal Trade Commission's May 2002 workshop on consumer information
security.
Questions to be addressed at the workshops may include:
A. Workshop 1
Technologies for Protecting Personal Information: The Consumer
Experience
1. Are consumers using technology to help manage the collection and
use of their personal information? Why or why not?
[sbull] What types of technologies are available or under
development to help consumers manage the collection and use of their
personal information?
[sbull] Which of these technologies are consumers using, which are
not being used, and why?
[sbull] What factors influence consumers' willingness to use these
technologies?
[sbull] Is there empirical data showing which technologies
consumers are using and why?
[sbull] Is consumer education needed to make consumers aware of
these technologies and to help them use them?
[sbull] What types of technologies do consumers want that do not
yet exist?
2. What role can automated privacy notices, such as P3P, play to
help consumers manage the collection and use of their personal
information?
[sbull] What technologies are available or under development that
automatically match consumer preferences to businesses' information
practices? What is their current status of development and/or
implementation?
[sbull] What are the strengths and limitations of these
technologies?
[sbull] Are there obstacles to widespread adoption of these
technologies, and if so, how could they be addressed?
[sbull] How do automated privacy notices interface with the various
types of privacy notices--e.g., short, layered, full accountability--
currently in use? Do automated notices raise any special liability
concerns?
3. Are consumers using technology to help protect their information
security? Why or why not?
[sbull] What types of technologies are available or under
development to help consumers protect their information security?
[sbull] Which information security-enhancing technologies are
consumers using, which are not being used, and why?
[sbull] What factors influence consumers' willingness to use
information security-enhancing technologies?
[sbull] Is there any empirical data showing which technologies
consumers are using and why? For example, are consumers downloading
patches, updating virus protection, and using firewalls?
[sbull] What information security-enhancing technologies do
consumers want that do not yet exist?
[sbull] Are the available technologies adequate to address known
vulnerabilities?
[sbull] Is there a need for more ``built-in'' technology solutions
and features that are easy for consumers to access and use? Should
business make it easier for consumers with high-speed access to install
effective firewalls?
[sbull] What are business, government agencies, and others doing to
raise consumer awareness of security issues and help create a ``culture
of security''?
B. Workshop 2
Technologies for Protecting Personal Information: The Business
Experience
1. How are businesses using technology to manage their information
practices?
[sbull] What types of technologies are available or under
development to help businesses manage their information practices and
verify their website's privacy policy compliance?
[sbull] Which technologies are businesses using, which are not
being used, and why?
[sbull] Is there any empirical data showing which technologies
businesses are using and why?
[sbull] How have businesses incorporated information management
technologies into their business operations? Do such technologies
affect businesses' efforts to engage in targeted marketing? Have they
affected businesses' profits?
[sbull] What are the costs and benefits, including any costs and
benefits to competition, of implementing their technologies?
[sbull] Are there limits to technology's ability to manage consumer
information? What role do people, policies, and organizational
structure play in implementing effective information management
programs?
2. How are businesses using technology to provide security for
consumer information that they maintain? What progress has been made in
this area since the FTC's May 2002 Consumer Information Security
Workshop?
[sbull] What types of technologies are available or under
development to help businesses provide security for customer
information?
[sbull] Which of these technologies are businesses using, which are
not being use, and why?
[sbull] Is there any empirical data showing which technologies
businesses are using and why?
[sbull] What are the costs and benefits of implementing these
technologies?
[sbull] Do different types of information and information practices
warrant different types of security protection?
[sbull] Are their security tools that are low in cost and easy-to-
use, particularly for small businesses? How can we raise awareness of
security issues among small businesses?
[sbull] Do security tools work out-of-the-box? What can businesses
that do not have dedicated security personnel do to protect consumer
information?
[sbull] Are their limits to technology's ability to protect
consumer information? What role do people, policies, and organizational
structure play in implementing effective safeguards programs?
[sbull] How are U.S. agencies working with international
organizations like OECD and APEC to provide security guidance for
businesses?
[sbull] What additional steps can businesses take to help create a
``culture of security?''
Requests to Participate as a Panelist in the Workshop
Parties seeking to participate as panelists in the workshop must
notify the FTC in writing of their interest in participating on or
before Wednesday, March 26, 2003, either by mail to the Security of the
FTC or by e-mail to techworkshop@ftc.gov. Requests to participate as a
panelist should be captioned ``Technology Workshop--Request to
Participate, PO34808.''
[[Page 8906]]
Parties are asked to include in their requests a statement setting
forth their expertise in or knowledge of the issues on which the
workshop will focus and their contact information, including a
telephone number, facsimile number, and e-mail address (if available),
to enable the FTC to notify them if they are selected. An original and
two copies of each document should be submitted. Panelists will be
notified on or before Wednesday, April 9. 2003, whether they have been
selected.
Using the following criteria, FTC staff will select a limited
number of panelists to participate in the workshop. The number of
parties selected will not be so large as to inhibit effective
discussion among them.
1. The party has expertise in or knowledge of the issues that are
the focus of the workshop.
2. The party's participation would promote a balance of interests
being represented at the workshop.
3. The party has been designated by one or more interested parties
(who timely file requests to participate) as a party who shares group
interests with the designator(s).
In addition, there will be time during the workshop for those not
serving as panelists to ask questions.
Form and Availability of Comments
The FTC requests that interested parties submit written comments on
the above questions to foster greater understanding of the issues.
Especially useful are any studies, surveys, research, and empirical
data. Comments should be captioned ``Technology Workshop--Comment,
PO34808,'' and must be filed on or before Wednesday, April 23, 2003.
Parties sending written comments should submit an original and two
copies of each document. To enable prompt review and public access,
paper submissions should include a version on diskette in PDF, ASCII,
WordPerfect, or Microsoft Word format. Diskettes should be labeled with
the name of the party, and the name and version of the word processing
program used to create the document. Alternatively, comments may be
emailed to techworkshop@ftc.gov.
Written comments will be available for public inspection in
accordance with the Freedom of Information Act, 5 U.S.C. 552, and FTC
regulations, 16 CFR part 4.9, Monday through Friday between the hours
of 8:30 a.m. and 5 p.m. at the Public Reference Room 130, Federal Trade
Commission, 600 Pennsylvania Avenue, NW., Washington, DC 20580. This
notice and, to the extent technologically possible, all comments will
also be posted on the FTC Web site at http://www.ftc.gov/techworkshop.
also be posted on the FTC Web site at http://www.ftc.gov/techworkshop.
By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 03-4502 Filed 2-25-03; 8:45 am]
BILLING CODE 6750-01-M