In its second THINKPolicy perspective, IBM calls on the U.S. Congress to pass a series of bills intended to strengthen privacy protections for the digital age.
By Christina Peters, Chief Privacy Officer, IBM Corporation
In our first THINKPolicy perspective, IBM asserted that legislation to promote more sharing of cyber threats is necessary to better protect the data of citizens and organizations. In our second installment, we are looking at the privacy of that data.
Rapid, data-driven innovation should not spell the end of individual privacy. People must be confident in how their information can be used, by whom, and under what conditions.
IBM has long been committed to protecting the privacy of our clients, and citizens. In a 2014 open letter, IBM spoke clearly to its clients worldwide on the subject of governmental access to data. We laid out the steps we have always taken to ensure the integrity of our solutions, how we safeguard our clients’ data, and the steps we would take should governments seek access to that data.
In 2015, we are once again stepping out and strongly calling on governments to modernize privacy protections for the 21st century.
IBM offers the following recommendations to modernize privacy laws for the age when postal mail is no longer a dominant form of communication, and data lives in the cloud:
- Modernize ECPA – when Congress passed the Electronic Communications and Privacy Act (Act), Internet access came through CD-ROM’s sent in the mail, and services like instant messaging, Twitter or Instagram were decades away. Congress should update ECPA to provide a consistent standard for judicial access to data no matter its form, or how and where it is stored.
- Extend Overseas Warrant Requirements – revelations of government access to data have complicated America’s relationship with some of our most valued allies. A critical step in normalizing those ties is to pass legislation that sets clear rules on how, when and under what circumstances the U.S. government can access the data of non-Americans that is stored overseas. The LEADS – or Law Enforcement Access to Data Stored Abroad – Act – would do just that, and we urge Congress to pass this bill, which enjoys broad bipartisan support in both the House and Senate.
- Broaden People’s Control Over How Their Data is Used – Privacy should be respected regardless of the passport one carries. Just as ECPA reform and cybersecurity legislation will help strengthen privacy protections for Americans, citizens of foreign countries, especially America’s close European friends and allies, deserve the same basic privacy protections afforded to U.S. citizens. These include the right to rectify any wrongful disclosure or misuse of their personal data that is lawfully collected by U.S. government agencies. By passing the Judicial Redress Act, Congress can help strengthen the bonds of trust and cooperation between America and the European Union.
Many of the basic legal concepts needed to protect privacy in the digital age are already on the books. They don’t need to be thrown out and rebuilt from scratch. Rather, what’s needed is an expansion and update of existing legal frameworks to ensure data policy on privacy is keeping up with the rapid pace at which data is transforming business and society.
With that pace showing no signs of letting up, the time to act is now.
Adam R. Pratt
Ph: (202) 551-9625