[Federal Register Volume 64, Number 244 (Tuesday, December 21, 1999)]
[Notices]
[Pages 71457-71459]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 99-33015]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION


Establishment of the Federal Trade Commission Advisory Committee 
on Online Access and Security and Request for Nominations

AGENCY: Federal Trade Commission.

ACTION: Notice and request for nominations.

-----------------------------------------------------------------------

SUMMARY: The Federal Trade Commission (``Commission'' or ``FTC'') has 
established an Advisory Committee on Online Access and Security 
(``Advisory Committee''). The purpose of the Advisory Committee is to 
provide advice and recommendations to the Commission regarding 
implementation of certain fair information practices by domestic 
commercial Web sites--specifically, providing online consumers 
reasonable access to personal information collected from and about them 
and maintaining adequate security for that information. The Commission 
also seeks nominations of individuals for appointment to the Advisory 
Committee.

DATES: The Advisory Committee will meet on February 4, 2000; February 
25, 2000; March 31, 2000; and April 28, 2000. Nominations for Advisory 
Committee membership must be submitted on or before January 5, 2000.

ADDRESSES: The Advisory Committee will meet in Room 432, Federal Trade

[[Page 71458]]

Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580. Advisory 
Committee meetings will be open to the public. Parties interested in 
submitting nominations should send an original and two copies to the 
Secretary, Federal Trade Commission, Room H-159, 600 Pennsylvania 
Avenue, NW, Washington, DC 20580. Nominations should be captioned 
``Advisory Committee on Online Access and Security--Nomination, 
P004807.'' To enable prompt review and public access, paper submissions 
should be accompanied by a version on diskette in ASCII, WordPerfect 
(please specify version) or Microsoft Word (please specify version) 
format. Diskettes should be labeled with the name of the submitter, the 
Advisory Committee caption, and the name and version of the word 
processing program used to create the document. Alternatively, 
nominations may be submitted to the following email address: 
[email protected]. The public may also submit comments in the 
manner designated for nominations.

FOR FURTHER INFORMATION CONTACT: Laura Mazzarella, Division of 
Financial Practices, Federal Trade Commission, 600 Pennsylvania Avenue, 
NW, Mail Stop 4429, Washington, DC 20580, telephone (202) 326-3424, 
email [email protected]; or Hannah Stires, Division of Financial 
Practices, Federal Trade Commission, 600 Pennsylvania Avenue, NW, Mail 
Stop 4429, Washington, DC 20580, telephone (202) 326-3178, email 
[email protected].

SUPPLEMENTARY INFORMATION:

    Authority: 15 U.S.C. 41 et seq.; 5 U.S.C. App. Secs. 1-15; 16 
CFR Part 16.

    In accordance with the requirements of Section 9 of the Federal 
Advisory Committee Act, 5 U.S.C. App. Sec. 9(a)(2), and Part 16 of the 
Commission's regulations, 16 CFR 16.5(d), the Commission has directed 
publication of this notice that it has established an Advisory 
Committee on Online Access and Security. The Commission certifies that 
creation of the Advisory Committee is necessary and in the public 
interest because it will further the Commission's work in fostering and 
evaluating self-regulatory efforts to protect consumer privacy online. 
By this Notice, the Commission is also requesting nominations for 
members to serve on the Advisory Committee.

1. Background

    The Commission has been involved in addressing online privacy 
issues for almost five years.1 Throughout its online privacy 
efforts, the Commission's goal has been to understand the emerging 
online marketplace and its information practices, to assess the impact 
of these practices on consumers, and to encourage and facilitate 
effective self-regulation as the preferred approach to protecting 
consumer privacy online.
---------------------------------------------------------------------------

    \1\ The Commission held its first public workshop on privacy in 
April 1995. Since then, the Commission has held a series of hearings 
and workshops focusing on online privacy, including most recently a 
public workshop on Online Profiling sponsored jointly with the 
Department of Commerce on November 8, 1999. The Commission and its 
staff have also issued several reports addressing consumer 
protection issues, including online privacy, in the electronic 
marketplace. See, e.g., Individual Reference Services: A Federal 
Trade Commission Report to Congress (December 1997); FTC Staff 
Report: Public Workshop on Consumer Privacy on the Global 
Information Infrastructure (December 1996); FTC Staff Report: 
Anticipating the 21st Century: Consumer Protection Policy in the New 
High-Tech, Global Marketplace (May 1996).
---------------------------------------------------------------------------

    The Commission has issued two reports to Congress describing the 
status of domestic commercial Web sites' implementation of fair 
information practices. In Privacy Online: A Report to Congress (June 
1998) (``1998 Report''), the Commission described the well-settled fair 
information practice principles of (1) Notice/Awareness; (2) Choice/
Consent; (3) Access/Participation; (4) Integrity/Security; and (5) 
Enforcement/Redress. The 1998 Report assessed existing self-regulatory 
efforts in light of these fair information practice principles and set 
out findings of the Commission's extensive survey of commercial Web 
sites' information practices. The 1998 Report concluded that an 
effective self-regulatory system had yet to emerge and that additional 
incentives were required in order to ensure that consumer privacy would 
be protected.2
---------------------------------------------------------------------------

    \2\ With respect to the protection of children's privacy online, 
the Commission recommended that Congress enact legislation. 1998 
Report at 42-43. Congress subsequently enacted the Children's Online 
Privacy Protection Act of 1998, 15 U.S.C. Sec. 6501 et seq., and 
authorized the Commission to promulgate regulations implementing the 
Act. The Commission's final rule was issued in October 1999. 16 CFR 
Part 312 (1999).
---------------------------------------------------------------------------

    In a follow-up report entitled Self Regulation and Privacy Online: 
A Report to Congress (July 1999) (``1999 Report''), the Commission 
noted that a recent Georgetown University study had found a significant 
improvement in the number of Web sites meeting the fair information 
practice principle of notice/awareness. The Commission also noted that 
significant challenges remain for industry self-regulation, 
particularly the full implementation of all fair information practice 
principles identified in the 1998 Report. Recognizing that providing 
reasonable access to and adequate security for personal information 
collected from and about online consumers raises a number of 
implementation issues for online businesses, the Commission announced 
its intention to convene a task force to examine these 
issues.3
---------------------------------------------------------------------------

    \3\ 1999 Report at 14.
---------------------------------------------------------------------------

2. The Advisory Committee

    Pursuant to Section 9 of the Federal Advisory Committee Act, 5 
U.S.C. App. Sec. 9(c), the Commission has charged the Advisory 
Committee with providing advice and recommendations to the Commission 
regarding implementation of certain fair information practices by 
domestic commercial Web sites--specifically, providing online consumers 
reasonable access to personal information collected from and about them 
and maintaining adequate security for that information. The Advisory 
Committee will consider the parameters of reasonable access to personal 
information and adequate security and report to the Commission on 
options for implementation of these information practices.
    The Advisory Committee will consider, among other things, whether 
the extent of access provided by Web sites should vary with the 
sensitivity of the personal information collected and/or the purpose 
for which such information is collected; whether the difficulty and 
costs of retrieving consumers' data should be considered; whether 
consumers should be provided access to enhancements to personal 
information collected directly from them, such as inferences about 
their preferences and information about them derived from other 
databases; appropriate and feasible methods for verifying the identity 
of individuals seeking access; whether a reasonable fee should be 
assessed for access, and if so, what a reasonable fee would be; and 
whether limits should be placed on the frequency of requests for 
access, and if so, what those limits should be.
    The Advisory Committee will also consider how to define the 
standards by which the adequacy of measures taken by Web sites to 
protect the security of personal information collected online may be 
judged; what might constitute reasonable steps to assure the integrity 
of this information; and what managerial and technical measures should 
be undertaken to protect this information from unauthorized use or 
disclosure.
    The Advisory Committee will conduct its work in accordance with the 
provisions of the Federal Advisory Committee Act. The agency will 
provide

[[Page 71459]]

necessary support services to the Advisory Committee. The duties of the 
Advisory Committee will be solely advisory; determinations of actions 
to be taken and policy to be expressed with respect to matters upon 
which the Advisory Committee provides advice or recommendations shall 
be made solely by the Commission.
    The Advisory Committee will meet in Room 432, Federal Trade 
Commission, 600 Pennsylvania Avenue, NW, Washington, DC, on February 4, 
2000; February 25, 2000; March 31, 2000; and April 28, 2000. Meetings 
of the Advisory Committee will be open to the public. Meetings of 
subgroups of the full Advisory Committee will likely occur more 
frequently. Subgroups will report to the Advisory Committee only. The 
Advisory Committee will present its written report describing options 
for implementing reasonable access to, and adequate security for, 
personal information collected online, and the costs and benefits of 
each option, by May 15, 2000. The Advisory Committee will conclude its 
work on May 31, 2000.
    Fifteen days after publication of this notice in the Federal 
Register, a copy of the Advisory Committee's charter will be filed with 
the Secretary of the Federal Trade Commission, the Committee on 
Commerce, Science, and Transportation of the United States Senate, and 
the Committee on Commerce of the United States House of 
Representatives. A copy of the charter will also be furnished to the 
Library of Congress and posted on the Commission's Web site at 
www.ftc.gov. The charter will be available for public inspection in 
accordance with the Freedom of Information Act, 5 U.S.C. 552, and 
Federal Trade Commission regulations, 16 CFR 4.9, Monday through Friday 
between the hours of 8:30 a.m. and 5 p.m. in Room 130, Federal Trade 
Commission, 600 Pennsylvania Avenue, NW, Washington, DC 20580.
    The Commission will provide additional information about Advisory 
Committee meetings, including meeting times and agendas, in the Federal 
Register and on the Commission's Web site, www.ftc.gov.

3. Nominations for Advisory Committee Membership

    The Advisory Committee will include approximately thirty members 
who are appointed for a limited term, to begin on February 4, 2000, and 
to end on May 31, 2000, and who serve at the discretion of the 
Commission. In selecting Advisory Committee members, the agency will 
appoint individuals who can represent effectively the broad range of 
interests affected by commercial Web sites' collection of personal 
information from and about online consumers, including online 
businesses, trade associations, privacy and consumer groups, and 
experts in interactive technology.
    Nominees should have expertise in the issues and/or technologies 
relevant to the implementation of fair information practices by 
commercial Web sites. Nominees must be able to attend all Advisory 
Committee meetings and to participate in good faith in the tasks 
undertaken by the Advisory Committee. Members of the Committee will 
serve without compensation and will bear the cost of their own travel-
related expenses. Employees of the United States Government are not 
eligible to serve as members of the Advisory Committee.
    Advisory Committee members will be selected on the basis of the 
following criteria:
    1. The individual's participation would promote a balance of points 
of views represented and functions to be performed by the Advisory 
Committee.
    2. The individual has expertise in or knowledge of the issues that 
are the focus of the Advisory Committee's work.
    3. The individual adequately reflects the views of the relevant 
affected interest(s).
    Interested persons may nominate themselves or others for Advisory 
Committee membership. Nominations should include a summary of the 
nominee's qualifications and of the interests he or she can represent 
and should be submitted in the form and manner described above on or 
before January 5, 2000. At its discretion, the agency may also appoint 
Advisory Committee members according to the above criteria in order to 
insure that committee membership is balanced in terms of points of view 
and that the relevant interests are represented. The agency will notify 
members of their selection as soon as possible after January 20, 2000.

    By direction of the Commission.
Donald S. Clark,
Secretary of the Commission.
[FR Doc. 99-33015 Filed 12-20-99; 8:45 am]
BILLING CODE 6750-01-P