(Approved by the IEEE-USA
Board of Directors, Sept. 2003)

This position statement comments on recent as well as potential legislation which addresses privacy issues applying to a wide variety of our life experiences.

IEEE-USA commends the recent enactment of sectoral privacy legislation including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the financial services legislation Graham-Leach-Bliley, U.S. Department of Commerce European Union “Safe Harbor” Regulations and the Children’s Online Privacy Protection Act. These efforts begin to address concerns individuals have about the use and abuse of their personal information including their personal health information. However, much work remains to be done. Studies show that fear over disclosure of their personal information, identity theft and spam continue to present barriers to consumer participation. Recent laws such as The Patriot Act and the development of a national super database have served to raise individual concerns about the protection of their privacy. Building trust is a cornerstone for sharing personal information.

Against this backdrop, IEEE-USA recommends the following practices be observed in future legislation:

• Identity theft legislation should be enacted providing both civil and criminal penalties with funding appropriated for rigorous enforcement.
• Congress should enact legislation requiring businesses to have and disclose their privacy practices based on the Fair Information Practice Act.
• Government should mandate the use of a concise notice at the front of the privacy policy that allows individuals to understand privacy practices quickly across business sectors.
• Individuals should be offered a clear choice about access, use and/or disclosure of personal information about themselves.
• Individuals should be made aware of who is able to access their information and be able to limit that access. Appropriate and necessary exceptions to the limitation being imposed on viewing personal medical records should be allowed to avert serious threats to health or safety.
• Individuals should be notified of unauthorized access or disclosure.
• Opt-in authorization should be established as the Federal standard for use or disclosure of personal health information even when not covered by HIPAA privacy regulation.
• Regulations governing creation of “Do Not Call” lists should be expanded to limit other forms of inappropriate communication such as e-mail spam.
• Federal guidelines should be established for business use of an individual’s personal information and limitations should be imposed on the distribution of this information even when authorized for use by a business.
• Funding should be provided for support of innovative engineering research and development of techniques and systems for protection of privacy.

This statement was developed by the IEEE-USA Medical Technology Policy Committee and the Committee on Communications Policy and represents the considered judgment of a group of U.S. IEEE members with expertise in the subject field. IEEE-USA is an organizational unit of The Institute of Electrical and Electronics Engineers, Inc., created in 1973 to advance the public good, while promoting the careers and public-policy interests of the more than 235,000 electrical, electronics, computer and software engineers who are U.S. members of the IEEE. The IEEE is the world’s largest technical professional society.

The Institute of Electrical and Electronics Engineers, Inc.--United States of America
1828 L Street, N.W., Suite 1202
Washington, DC 20036-5104
Phone: 202-785-0017, Fax: 202-785-0835.

| Top of Page | Position Statements | Policy Forum | IEEE-USA |

Last Update:  24 June 2008
Staff Contact: Deborah Rudolph, d.rudolph@ieee.org