[Federal Register Volume 62, Number 44 (Thursday, March 6, 1997)]
[Notices]
[Pages 10271-10276]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 97-5562]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Public Workshop on Consumer Information Privacy

AGENCY: Federal Trade Commission.

ACTION: Notice Requesting Public Comment and Announcing Public 
Workshop.

-----------------------------------------------------------------------

SUMMARY: The Federal Trade Commission has determined to hold a public 
workshop devoted to consumer information privacy. The workshop will be 
divided into three sessions.
    Session One is intended to gather information as part of a 
Commission study of the collection, compilation, sale, and use of 
computerized data bases that contain what consumers may perceive to be 
sensitive identifying information, often referred to as ``look-up 
services.'' These data bases typically are used to locate individuals 
or develop individual background information. Interested parties are 
encouraged to submit written comments concerning the subject of this 
study, which is described more fully in the Supplementary Information 
section of this Notice. Any person who wishes to apply for 
participation in Session One must file a written comment addressing one 
or more of the questions set forth below under the heading: ``Session 
One: Computerized Data Bases Containing Sensitive Consumer Identifying 
Information.'' However, the Commission will consider comments of all 
persons, including non-participants in Session One.
    Sessions Two and Three follow upon the Bureau of Consumer 
Protection's June 1996 public workshop on Consumer Privacy on the 
Global Information Infrastructure (``June 1996 Workshop''), which was 
held to provide an opportunity for public dialogue on the complex 
privacy issues posed by the emerging online marketplace. Sessions Two 
and Three are intended to update the Commission on the current status 
of the collection, compilation, sale, and use of personal information 
online, and on self-regulatory efforts and technological developments 
since June 1996. Session Two will address recent developments in the 
collection, compilation, sale, and use of personal information online 
generally, including self-regulatory efforts, technological 
innovations, and unsolicited commercial e-mail. Session Three will 
address the same developments as they pertain to children's personal 
information.
    Interested parties who wish to apply for participation in Session 
Two must file a written comment addressing one or more of the questions 
listed below under the heading ``Session Two: Consumer Online 
Privacy.'' Interested parties who wish to apply for participation in 
Session Three must file a written comment addressing one or more of the 
questions listed below under the heading ``Session Three: Children's 
Online Privacy.'' However, Commission staff will consider comments of 
all persons, including non-participants in Session Two or Session 
Three, in determining what further Commission action, if any, it will 
recommend in the area of online privacy protections.

DATES: Written comments and notifications of interest in participating 
in the workshop must be submitted on or before April 15, 1997. Parties 
may apply to participate in more than one workshop session. 
Notifications of interest must specify the session(s) in which 
participation is sought. Requesters will be notified as soon as 
possible after May 15, 1997, if they have been selected to participate. 
The workshop will be held on June 10-13, 1997 in Room 432 of the 
Commission's headquarters building, Sixth Street & Pennsylvania Avenue, 
N.W., Washington, D.C. 20580. The tentative

[[Page 10272]]

schedule for workshop sessions is as follows: Session One--June 10, 
1997 (9:00 am--5:00 pm); Session Two--June 11, 1997 (9:00 am--5:00 pm) 
and June 12, 1997 (9:00 am--noon); Session Three--June 12, 1997 (1:30--
5:00 pm) and June 13, 1997 (9:00 am--5:00 pm).

ADDRESSES: Six paper copies of each written comment and each request to 
participate in the workshop should be submitted to: Secretary, Federal 
Trade Commission, Room H-159, Sixth Street & Pennsylvania Ave., N.W., 
Washington, D.C., 20580. Comments for Session One should be captioned 
``Data Base Study--Comment, P974806.'' Requests to participate in 
Session One should be identified as ``Data Base Workshop--Request to 
Participate, P974806.'' Comments for Sessions Two and Three should be 
captioned as ``Consumer Privacy 1997--Comment, P954807.'' Requests to 
participate in Sessions Two and Three should be identified as 
``Consumer Privacy 1997--Request to Participate, P954807.''
    To enable prompt and efficient review and dissemination of the 
comments to the public, comments also should be submitted, if possible, 
in electronic form, on either a 5\1/4\ or a 3\1/2\ inch computer disk, 
with a disk label stating the name of the commenter and the name and 
version of the word processing program used to create the document. 
(Programs based on DOS or Windows are preferred. Files from other 
operating systems should be submitted in ASCII text format to be 
accepted.) Individuals filing comments in electronic form need submit 
only one computer disk.

FOR FURTHER INFORMATION CONTACT: For questions concerning Session One: 
Steven Silverman, Attorney, Division of Credit Practices, Bureau of 
Consumer Protection, Federal Trade Commission, Sixth Street & 
Pennsylvania Avenue, N.W., Washington, D.C. 20580, telephone 202-326-
2460. For questions concerning Session Two: Martha Landesberg, 
Attorney, Division of Credit Practices, Federal Trade Commission, Sixth 
Street & Pennsylvania Avenue, N.W., Washington, D.C. 20580, telephone 
202-326-2825. For questions concerning Session Three: Toby Milgrom 
Levin, Attorney, Division of Advertising Practices, Federal Trade 
Commission, Sixth Street & Pennsylvania Avenue, N.W., Washington, D.C. 
20580, telephone 202-326-3156.
    To obtain a copy of the Commission Staff Report Consumer Privacy on 
the Global Information Infrastructure (1996), contact the Commission's 
Public Reference Section, Room H-130, 6th Street and Pennsylvania 
Avenue, N.W., Washington, D.C. 20580, (202) 326-2222, or visit the 
Commission's home page at http://www.ftc.gov for instructions on 
obtaining an electronic copy.

SUPPLEMENTARY INFORMATION:

Session One: Computerized Data Bases Containing Sensitive Consumer 
Identifying Information

Background

    In light of widespread concern and Congressional interest, the 
Commission has determined to conduct a study of the collection, 
compilation, sale, and use of computerized data bases that contain what 
consumers may perceive to be sensitive identifying information, often 
referred to as ``look-up services.'' Examples of such sensitive 
identifying information may include some or all of the following: 
social security numbers, mothers' maiden names, prior addresses, and 
dates of birth. Some data bases provide significantly more information, 
such as information about physical characteristics, property holdings, 
and the subject individual's family members and neighbors. Session One 
is intended to gather information as part of this study.
    The study will assess the types of information that consumers 
perceive to be sensitive, as well as their level of concern regarding 
the maintenance of and access to such information. In addition, the 
study will evaluate the risks associated with the lawful and unlawful 
use of data bases containing sensitive identifying information, and the 
benefits offered by such data bases. Finally, the data base study will 
explore consumers' privacy concerns regarding the collection, sale and 
use of their identifying information. The study will not address data 
bases used primarily for direct marketing purposes; medical and student 
records; or the use of consumer credit reports for employment purposes. 
The study will culminate in a report to Congress.

Invitation To Comment

    Interested parties are requested to submit written comments on any 
issue of fact, law or policy that may inform the Commission's study of 
the collection, compilation, sale, and use of computerized data bases 
that provide sensitive consumer identifying information, often referred 
to as ``look-up services.'' Please provide copies of any studies, 
surveys, research, or other empirical data referenced in responses. The 
Commission seeks comment on the following questions:

Information Collection and Use

    1.1  What is the number and the identity of such data bases?
    1.2  What information is contained in the data bases? Please 
provide specific examples.
    1.3  What is the source of the information in the data bases?
    1.4  What information is currently used to identify individuals? 
What types of information might be used to identify individuals in the 
future?
    1.5  Do the data bases contain identifying information that 
consumers regard as sensitive? What identifying information is 
considered to be sensitive? Why is such information regarded as 
sensitive? Please provide specific examples.
    1.6  Do the data bases contain identifying information that 
consumers regard as non-sensitive? What identifying information is 
considered to be non-sensitive? Why is such information regarded as 
non-sensitive? Please provide specific examples.
    1.7  Who has access to the information in the data bases?
    1.8  How is the information in the data bases accessed? What are 
the charges for accessing the information?
    1.9  What are the uses of the information in the data bases? Are 
there beneficial uses of the information in these data bases? If so, 
please describe. Are there risks associated with the compilation, sale, 
and use of this information? If so, please describe.
    1.10  Do these data bases create an undue potential for theft of 
consumers' credit identities? How is such potential for theft created? 
Please provide specific examples. What is the extent to which these 
data bases (as opposed to other means) contribute to consumer identity 
theft? Is this likely to change in the future? If so, please describe.
    1.11  How do the risks of the collection, compilation, sale, and 
use of this information compare with the benefits?
    1.12  Are there means that are currently available to address the 
risks, if any, posed by these data bases? If so, please describe.
    1.13  What means might be considered in the future to address any 
risks posed by these data bases? What impact will potential solutions 
have on the beneficial uses of these data bases?
    1.14  What are consumers' perceptions of (1) the benefits and risks 
associated with the collection, compilation, sale, and use of this 
information and (2) appropriate uses of such information?
    1.15  Are consumers' privacy interests implicated by the 
collection,

[[Page 10273]]

compilation, sale, and use of information from these data bases? If so, 
please describe. Are other legal interests implicated? If so, please 
describe.
    1.16  Are there means to address any privacy or other legal 
interests implicated by the collection, compilation, sale, and use of 
information from these data bases? If so, please describe.
    1.17  How should the benefits of the collection, compilation, sale, 
and use of information from these data bases be balanced against 
privacy or other legal interests implicated by such practices? Are 
there other ways to obtain these benefits without implicating privacy 
or other legal interests? If so, please describe.
    1.18  Is the ultimate use of the information disclosed to the 
subject individuals? At what point in time is the use of the 
information disclosed? What is the content of such disclosures? Is 
there any information that should be added to these disclosures? If so, 
please describe.
    1.19  Do data base operators permit consumers to choose whether and 
how their personal identifying information will be collected and used? 
If so, please describe the choices provided to consumers.
    1.20  Is there an effective mechanism for an individual to remove 
his or her name from a data base or otherwise control the use of their 
personal identifying information? If so, please describe.
    1.21  Do subject individuals have access to their data and the 
ability to correct errors? If so, please describe.
    1.22  Have data base operators instituted procedures to maintain 
the security of identifying information that they collect? What is the 
nature of such procedures? Are the procedures adequate? Please provide 
specific examples.
    1.23   Are there additional procedures that are used or available 
to assure the accuracy of the data and to limit use of the data to its 
intended purpose? What is the nature of such procedures? Are the 
procedures adequate? Please provide specific examples.
    1.24  Is the collection, compilation, sale, and use of this 
information subject to any federal laws or regulations? If so, please 
describe.
    1.25  Is the collection, compilation, sale, and use of this 
information subject to any state laws or regulations? If so, please 
describe.
    1.26  Should the collection, compilation, sale, and use of 
information from these data bases be subject to additional regulations 
or laws? If so, what regulatory or legal requirements are appropriate?

Self-Regulation

    1.27  Have data base operators undertaken self-regulatory efforts 
to address concerns raised by the collection, compilation, sale, and 
use of sensitive consumer identifying information?
    1.28  What is the content of principles, recommendations, or 
guidelines that have emerged? To the extent that industry associations 
have developed principles, recommendations, or guidelines, are they 
permissive or mandatory for association members? What sanctions are 
imposed for non-compliance? How many association members have 
implemented them? Please provide case studies, member surveys, or other 
quantitative data wherever possible.
    1.29  Have such principles, recommendations or guidelines been 
effective in addressing concerns associated with the collection, 
compilation, sale, and use of sensitive consumer identifying 
information? How can the effectiveness of self-regulation in this area 
best be measured?

Technological Developments

    1.30  Has technology evolved that could address concerns raised by 
the collection, compilation, sale, and use of sensitive consumer 
identifying information? Please describe any such developments.
    1.31  What are the costs and benefits of employing such technology?
    1.32  What are consumers' perceptions, knowledge and expectations 
regarding the risks and benefits of using such technology?

Consumer and Business Education

    1.33  What efforts are underway to educate consumers about data 
bases containing sensitive consumer identifying information?
    1.34  What are or should be the principle messages of such efforts?
    1.35  How can education efforts best be implemented?

Workshop Sessions Two and Three

Background

    The June 1996 Workshop identified key issues raised by information 
practices of commercial sites on the World Wide Web (the ``Web''), 
privacy concerns raised by those practices, and interactive 
technology's potential for addressing information privacy online. 
Participants in the June 1996 Workshop discussed a wide array of 
subjects, including the collection and use of personal information 
online; the necessary elements of self-regulatory efforts to enhance 
consumer privacy online; developments in interactive technology that 
could enhance online information privacy; consumer and business 
education efforts; the role of government in protecting online 
information privacy; and the special issues raised by the online 
collection and use of information from and about children. On January 
6, 1997, the Commission published the staff report Consumer Privacy on 
the Global Information Infrastructure (1996), which summarized the 
workshop testimony. The report recommended that the Commission hold a 
follow-up workshop.
    Unlike the June 1996 Workshop, which was convened primarily to 
provide a forum for the expression of views on online privacy issues, 
Workshop Sessions Two and Three are designed to collect empirical data 
relevant to those issues. Specifically, staff now seeks written 
commentary to document developments in four areas: (1) Web sites' 
current actual practices in the collection, compilation, sale, and use 
of consumers' personal information; (2) current implementation of self-
regulatory efforts to address online privacy, including industry 
proposals presented at the June 1996 Workshop; (3) current design and 
implementation of technologies intended to enhance online information 
privacy; and (4) unsolicited commercial e-mail. Interested parties are 
requested to submit written comments on any issue of fact, law or 
policy that may inform the Commission on these subjects.

Session Two: Consumer Online Privacy

Invitation To Comment

    To supplement and update the record developed at the June 1996 
Workshop, the Commission seeks new evidence and additional comment on 
the following questions, a number of which were discussed generally at 
that Workshop. Responses should provide specific examples, models, case 
studies, surveys or other research, and quantitative and empirical data 
wherever possible. Please provide copies of any studies, surveys, 
research, or other empirical data referenced in responses.

Information Collection and Use

    2.1  What kinds of personal information are collected by commercial 
Web sites from users who visit those sites and how is such information 
subsequently used? Among other things, is clickstream data being 
collected and

[[Page 10274]]

tied to personally identifying information?
    2.2  To what extent is the collection, compilation, sale or use of 
personally identifying, as opposed to aggregate, personal information 
important for marketing online and for market research? What privacy 
concerns, if any, are raised by the collection or use of aggregate 
personal information in this context?
    2.3  What are the risks, costs, and benefits of collection, 
compilation, sale, and use of personal consumer information in this 
context?
    2.4  What surveys, other research, or quantitative or empirical 
data exist about consumers perceptions, knowledge and expectations 
regarding (1) whether their personal information is being or should be 
collected by Web site operators and the extent of such collection; (2) 
the benefits and risks associated with the collection and subsequent 
use of this information; (3) appropriate uses of such information; and 
(4) whether certain categories of information should never be collected 
or disclosed to others?
    2.5  How many commercial Web sites collect, compile, sell or use 
personal information? Of these, how many give consumers notice of their 
practices regarding the collection and subsequent use of personal 
information? With respect to these Web sites, describe (1) how and when 
such notice is given, (2) the content of such notice, and (3) the costs 
and benefits, for both consumers and commercial Web sites, of providing 
such notice.
    2.6  Of the commercial Web sites that collect, compile, sell or use 
personal information, how many provide consumers choice with respect to 
whether and how their personal information is to be collected and 
subsequently used by those sites? With respect to such Web sites, 
describe (1) what choices are provided to consumers and how such 
choices are exercised; and (2) the costs and benefits, for both 
consumers and commercial Web sites, of providing such choices.
    2.7  Of the commercial Web sites that collect, compile, sell or use 
personal information, how many provide consumers access to, and an 
opportunity to review and correct, personal information about them that 
is collected and retained by those sites?
    2.8  Of the commercial Web sites that collect, compile, sell or use 
personal information, how many have procedures to maintain the security 
of personal information collected from consumers online, and what are 
those procedures?

Self-Regulation

    2.9  What industry principles, recommendations or guidelines have 
emerged since the June 1996 Workshop? Please discuss whether they are 
permissive or mandatory, whether they include sanctions for non-
compliance, and the extent to which they have been implemented within 
the industry.
    2.10  What steps have individual commercial Web sites taken since 
June 1996 to address online privacy issues? How many have employed the 
procedures for notice and choice set forth in the Joint Statement on 
Online Notice and Opt-Out presented at the June 1996 Workshop by the 
Direct Marketing Association and the Interactive Services Association?
    2.11  How many online services have implemented the procedures set 
forth in the Interactive Services Association's Guidelines for Online 
Services: The Renting of Subscriber Mailing Lists submitted for 
inclusion in the June 1996 Workshop record?
    2.12  How many marketers have implemented the provisions of the 
Coalition for Advertising Supported Information and Entertainment's 
(CASIE) Goals for Privacy in Marketing on Interactive Media presented 
at the June 1996 Workshop?
    2.13  What privacy concerns, if any, are not adequately addressed 
by existing guidelines?

Technological Developments

    2.14  Has interactive technology evolved since June 1996 in ways 
that could address online privacy issues? To what extent is it 
currently available and being used by consumers and commercial Web 
sites?
    2.15  What are the risks and benefits, to both consumers and 
commercial Web sites, of employing such technology? What are consumers' 
perceptions about the risks and benefits of using such technology to 
address online privacy issues?

Unsolicited Commercial E-mail

    2.16  How widespread is the practice of sending unsolicited 
commercial e-mail? Are privacy or other consumer interests implicated 
by this practice? What are the sources of e-mail addresses used for 
this purpose?
    2.17  What are the risks and benefits, to both consumers and 
commercial entities, of unsolicited commercial e-mail? What are 
consumers' perceptions, knowledge, and expectations regarding the risks 
and benefits of unsolicited commercial e-mail?
    2.18  What costs does unsolicited commercial e-mail impose on 
consumers or others? Are there available means of avoiding or limiting 
such costs? If so, what are they?
    2.19  Are there technological developments that might serve the 
interests of consumers who prefer not to receive unsolicited commercial 
e-mail? If so, please describe.
    2.20  How many commercial entities have implemented the Principles 
for Unsolicited Marketing E-mail presented at the June 1996 Workshop by 
the Direct Marketing Association and the Interactive Services 
Association?
    Documents referenced in the above questions may be found in 
Appendix C to the Commission staff report Consumer Privacy on the 
Global Information Infrastructure (1996).

Session Three: Children's Online Privacy

Invitation To Comment

    The June 1996 Workshop identified key issues raised by information 
practices of commercial Web sites that are directed to children 
(``children's commercial Web sites''), privacy concerns raised by those 
practices, and interactive technology's potential for addressing 
children's information privacy online. To supplement and update the 
record developed at the June 1996 Workshop, the Commission seeks new 
evidence and additional comment on the following questions, a number of 
which were discussed generally at that Workshop. Responses should 
provide specific examples, models, case studies, surveys or other 
research, and quantitative and empirical data wherever possible. Please 
provide copies of any studies, surveys, research, or other empirical 
data referenced in responses.

Information Collection and Use

    3.1  What kinds of personal information are collected by children's 
commercial Web sites from children who visit those sites and how is 
such information subsequently used? Among other things, is clickstream 
data being collected and tied to personally identifying information 
about children; is information being collected from children to create 
lists for sending unsolicited e-mail?
    3.2  To what extent is the collection, compilation, sale or use of 
personally identifying, as opposed to aggregate, children's personal 
information important for marketing online or for marketing research? 
What privacy concerns, if any, are raised by the collection or use of 
aggregate children's personal information in this context?
    3.3  What are the risks, costs and benefits of the collection, 
compilation,

[[Page 10275]]

sale, and use of children's information in this context?
    3.4  What surveys, other research, or quantitative or empirical 
data exist about parents' perceptions, knowledge and expectations 
regarding (1) whether their children's personal information is being or 
should be collected by Web site operators and the extent of such 
collection; (2) the benefits and risks associated with the collection 
and subsequent use of such information; (3) appropriate uses of such 
information; and (4) whether certain categories of children's 
information should never be collected or disclosed to others?
    3.5  How many children's commercial Web sites collect, compile, 
sell or use children's personal information? Of these, how many give 
parents notice of their practices regarding the collection and 
subsequent use of personal information? With respect to these Web 
sites, describe (1) how and when such notice is given; (2) the content 
of such notice; and (3) the costs and benefits, for both parents and 
children's commercial Web sites, of providing such notice.
    3.6  Of the children's commercial Web sites that collect, compile, 
sell or use children's personal information, how many provide parents 
choice with respect to whether and how their children's personal 
information is collected and subsequently used by those sites? With 
respect to such Web sites, describe: (1) what choices are provided to 
parents and how such choices are exercised; and (2) the costs and 
benefits, for both parents and children's commercial Web sites, of 
providing such choices.
    3.7  Of the children's commercial Web sites that collect, compile, 
sell or use children's personal information, how many provide parents 
access to, and an opportunity to review and correct, personal 
information about their children that is collected and retained by 
those sites?
    3.8  Of the children's commercial Web sites that collect, compile, 
sell or use children's personal information, how many have procedures 
to maintain the security of personal information collected from 
children online, and what are those procedures?
    3.9  Do children's information practices in the online context 
differ from those implemented in other contexts? If so, describe the 
differences. Do the risks, costs, and benefits of these practices 
differ depending on the context? If so, describe the differences.
    3.10  Do schools, libraries, and other settings in which children 
may have access to the Web, have a role to play in protecting 
children's privacy? What role do they currently play, and what role 
could they play in the future?

Self-Regulation

    3.11  What industry principles, recommendations or guidelines have 
emerged since the June 1996 Workshop? Please discuss whether they are 
permissive or mandatory, whether they include sanctions for non-
compliance, and the extent to which they have been implemented within 
the industry.
    3.12  What steps have children's commercial Web site operators 
taken since June 1996 to address children's online privacy issues? To 
what extent have they adopted the principles outlined in the following 
documents submitted at the June 1996 Workshop: (1) the Joint Statement 
on Children's Marketing Issues presented by the Direct Marketing 
Association and Interactive Services Association; (2) Self-Regulation 
Proposal for the Children's Internet Industry presented by Ingenius, 
Yahoo and Internet Profiles Corporation; and (3) Proposed Guidelines 
presented by the Center for Media Education and Consumer Federation of 
America?
    3.13  What privacy concerns, if any, are not adequately addressed 
by existing guidelines?

Technological Developments

    3.14  Has interactive technology evolved since June 1996 in ways 
that could address children's online privacy issues? To what extent is 
it (a) readily available; (b) currently in use; (c) easy to use; and 
(d) effective in preventing children from disclosing personally 
identifiable information?
    3.15  What are the costs and benefits, to both parents and 
children's commercial Web sites, of employing such technology? What are 
parents'' perceptions, knowledge and expectations of the risks and 
benefits of using such technology?

Unsolicited Commercial E-mail

    3.16  How widespread is the practice of sending children 
unsolicited commercial e-mail? Are privacy or other consumer interests 
implicated by this practice? What are the sources of e-mail addresses 
used for this purpose?
    3.17  What are the risks and benefits, to children, parents and 
commercial entities, of unsolicited e-mail directed to children? What 
are parents' perceptions, knowledge and expectations of the risks and 
benefits?
    3.18  What costs does unsolicited commercial e-mail directed to 
children impose on children, parents, or others? Are there available 
means of avoiding or limiting such costs? If so, what are they?
    3.19  Are there technological developments that might serve the 
interests of parents who prefer that their children not receive 
unsolicited commercial e-mail?
    3.20  How many children's commercial Web sites have implemented the 
Principles for Unsolicited Marketing E-mail presented at the June 1996 
Workshop by the Direct Marketing Association and the Interactive 
Services Association?
    Documents referenced in the above questions may be found in 
Appendix C to the Commission staff report Consumer Privacy on the 
Global Information Infrastructure (1996).

Form and Availability of Comments

    Comments should indicate the number(s) of the specific question(s) 
being answered, provide responses to questions in numerical order, and 
use a new page for each question answered.
    Written comments will be available for public inspection in 
accordance with the Freedom of Information Act, 5 U.S.C. 552, and 
Commission regulations, 16 C.F.R. Part 4.9, on normal business days 
between the hours of 8:30 a.m. and 5:00 p.m. at the Public Reference 
Room 130, Federal Trade Commission, Sixth Street & Pennsylvania Avenue, 
N.W., Washington, D.C. 20580. The Commission will make this notice and, 
to the extent technically possible, all comments received in response 
to this notice available to the public through the Internet at the 
following address: http://www.ftc.gov. The Commission cannot currently 
receive comments responding to this notice over the Internet.

Workshop Sessions

    The workshop will be held on June 10-13, 1997 in Room 432 of the 
Commission's headquarters building, Sixth Street & Pennsylvania Avenue, 
N.W., Washington, D.C. 20580. The tentative schedule for workshop 
sessions is as follows: Session One--June 10, 1997 (9:00 am-5:00 pm); 
Session Two--June 11, 1997 (9:00 am-5:00 pm) and June 12, 1997 (9:00 
am-noon); Session Three--June 12, 1997 (1:30-5:00 pm) and June 13, 1997 
(9:00 am-5:00 pm). Those parties who wish to participate in the 
workshop must file written comments and notify the Commission's 
Secretary, in writing, of their interest in participating in Sessions 
One, Two, and/or Three on or before April 15, 1997. Parties may 
participate in more than one workshop session; notifications of 
interest must specify the session(s) in which

[[Page 10276]]

participation is sought. All workshop sessions are open to the public.
    The purpose of the workshop will not be to achieve a consensus of 
opinion among participants, or between participants and Commission 
staff, with respect to any issue raised in Sessions One, Two, or Three. 
The purpose of Session One will be to explore the issues raised by the 
Commission's study and discussed in the comments responding to this 
notice. The Commission will consider the views and suggestions made 
during Session One, as well as any written comments, as part of its 
study.
    The purpose of Sessions Two and Three will be to update the 
Commission on the current collection and use of personal information 
online, and on self-regulatory efforts and technological developments 
since June 1996. Commission staff will consider the views and 
suggestions made during these sessions, as well as any written 
comments, in determining what further Commission action, if any, it 
will recommend in the area of online privacy protections.
    If the number of parties who request to participate in Session One, 
Two, or Three is so large that including all requesters would inhibit 
effective discussion among the participants, then Commission staff will 
select a limited number of parties, from among those who submit written 
comments, to represent the significant interests affected by the study. 
These parties will participate in an open discussion of the issues. It 
is contemplated that the selected parties will ask and answer questions 
based on their respective comments, including questions posed by 
Commission staff. The discussion will be transcribed and the 
transcription placed on the public record.
    To the extent possible, Commission staff will select parties to 
represent the following affected interests. For Session One: data base 
operators and their customers; suppliers of data to data bases; 
federal, state and local law enforcement and regulatory authorities; 
consumer and privacy advocacy groups; and any other interests that 
Commission staff may identify and deem appropriate for representation. 
For Sessions Two and Three: consumer and privacy advocacy groups; 
industry groups, online service providers, Web site owners; online 
marketers; consumers who are active on the World Wide Web; interactive 
technology developers; and any other interests that Commission staff 
may identify and deem appropriate for representation.
    Parties to represent the above-referenced interests will be 
selected on the basis of the following criteria:
    1. The party submits a written comment (in the prescribed form) for 
one or more sessions and notifies Commission staff of its interest in 
participating in those sessions on or before April 15, 1997.
    2. The party's participation would promote a balance of interests 
being represented at the conference.
    3. The party's participation would promote the consideration and 
discussion of a variety of issues raised by the study.
    4. The party has expertise in or knowledge of the issues that are 
the focus of the study.
    5. The party adequately reflects the views of the affected 
interest(s) which it purports to represent, not simply a single entity 
or firm within that interest.
    6. The party has been designated by one or more interested parties 
(who timely file written comments and requests to participate) as a 
party who shares group interests with the designator(s).
    7. The number of parties selected will not be so large as to 
inhibit effective discussion among them.
    If it is necessary to limit the number of participants, those not 
selected to participate, but who submit both written comments and 
requests to participate, may be afforded an opportunity at the end of 
the session to present their views during a limited time period. The 
time allotted for these statements will be determined on the basis of 
the time necessary for discussion of the issues by the selected 
parties, as well as by the number of persons who wish to make 
statements.
    Requesters will be notified as soon as possible after May 15, 1997, 
if they have been selected to participate in workshop sessions. To 
assist Commission staff in making this notification, parties are asked 
to include in their request to participate a telephone number and 
facsimile number if available.

    Authority: 15 U.S.C. 41 et seq.

    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 97-5562 Filed 3-5-97; 8:45 am]
BILLING CODE 6750-01-P