Privacy is heating up as a political issue, if a major conference here last week was any indication.
The more than 200 people attending the event, many from the banking and credit information industries, heard some tough talk from federal officials and strong hints that a national privacy regulator might be in their future.
But in the end, private-sector representatives seemed hardly perturbed. The government appears fragmented and uncoordinated in its approach to privacy. That suits the business community - wary of strong, centralized regulation - just fine.
Still, privacy is closer to the political front burner than it has been in years. Consumer activists complain that some corporate information practices are improper. In response, Congress has asked for investigations by the Federal Trade Commission and Federal Reserve Board.
"We are facing serious issues when it comes to privacy in the U.S.," said FTC Commissioner Christine Varney. "We are facing pressure from Europe and Congress to do something." She alluded to calls from the European Union that the United States regulate privacy more explicitly.
Much of the talk last week, at the annual conference sponsored by the newsletter Privacy & American Business, revolved around the possibility that a Privacy Protection Office will be established in the executive branch. That led to all sorts of speculation about its mandate and potential impact on banks and other organizations that use customer information in increasingly sophisticated ways.
A proposal for such an office is likely to be published for comment after the November elections. Sally Katzen, administrator of the Office of Information and Regulatory Affairs, U.S. Bureau of the Budget, said the proposal "will explore the role of a federal effort to consolidate some of the various privacy efforts in the government."
While Ms. Katzen characterized the proposal as an "option," privacy experts say the odds for the office are favorable, particularly if President Clinton wins reelection.
Ms. Katzen said any federal entity would be small and advisory in nature, helping coordinate the efforts of other agencies.
"The most important role is that of the private sector," said Ms. Katzen. "We need to look for leadership in the private sector."
But the lack of enforcement power does not sway financial industry representatives toward support of the idea.
W. Lamar Smith, Visa U.S.A.'s vice president of government relations, said, "There is a lively, healthy debate going on right now. There is no need for an oratory office."
Mr. Smith contended that a modest advisory office might not be able to grasp the implications of emerging technology. "It could actually be harmful by not understanding the complexity of issues," he said.
John Ford, vice president of privacy and external affairs for Equifax Inc., said many experts can't agree on all of the issues, which raises the question of what a small federal body can resolve.
Still others, like privacy consultant Robert Gellman, say a federal privacy office could be effective by simply being visible and providing a voice.
An executive at a major financial services company said the real fear is that the agency would fall into the common trap of viewing the issues in simplistic, black-or-white terms.
In the Louis Harris & Associates national consumer survey on privacy, sponsored by Equifax for the seventh time, 67% said they favor the current system of protecting consumer privacy over the creation of a new federal privacy office. According to the wording of the question, the majority opposed an agency with enforcement powers - something that the contemplated federal office would not have, Ms. Katzen pointed out.
Six out of 10 agreed strongly or somewhat with the proposition that government should be able to scan Internet activity to prevent crimes. But half of people who use the Internet disagreed.
Alan F. Westin, publisher of the Privacy & American Business newsletter and academic adviser to the survey, attributed the anti-regulatory attitudes, in part, to a basic distrust of government and an emphasis on individual rights and choices.
Things are different in Europe, which portends a rise in trans-Atlantic tensions.
The European Union's 1995 Data Protection Directive, which goes into effect in October 1998, could prevent U.S. companies from doing business in E.U. countries if European authorities deem the U.S. system of data protection to be below their standards.
Ulf Bruhann, who heads the effort to implement the European Data Directive, told U.S. companies at the conference "not to doubt the political will of the European Union to protect Europeans' right to privacy.
"The United States should think carefully about its response to the directive," Mr. Bruhann said.
Europeans and many Canadian government and private-sector officials find it difficult to understand U.S. companies' fear of legislation and regulation that seem to work well in their countries. But there are legal and cultural differences: Many European countries have privacy protections written into their constitutions, whereas the U.S. legal tradition is more ambiguous.
Although Mr. Bruhann did not specifically say the United States needs special legislation and a formal enforcement office, many U.S. executives said privately that this is is exactly what the European Union wants.
Mr. Bruhann did say the United States could improve in some areas. He suggested that an organization independent from political and private interests be formed to oversee data privacy matters. Rules, he said, need to cover all companies or entities that handle consumer data, ensuring that individuals are informed when data about them is being collected.
"Europeans can't understand why medical data in the United States has less protection than video rentals," said Mr. Bruhann.
"To have one set of standards is really against the United States' history," said Ronald Plesser, a partner at Piper & Marbury, a law firm in Washington. "The goal in this country is market-driven solutions."
The anti-regulatory forces appeared to have an ally, at least on the issue of a central federal privacy agency, in Leslie L. Byrne, the new special assistant to the President and director of the U.S. Office of Consumer Affairs.
People at the conference made much of her statement that a privacy czar "is only necessary if we don't do anything else.
"I'm not sure that a centralized privacy czar is going to make a difference," she added.
Ms. Byrne, who in 1992 became the first woman elected to Congress in Virginia, said she wants to bring together various agencies and interested parties in the spring to discuss how public information is used and shared.
Referring to state and local governments' collection and dissemination of personal data, Ms. Byrne said she wants to ensure that consumers are told what happens to information they provide to those entities.
"The private sector has added a new wrinkle to public information," she said, referring to the ease with which such information is now available.
She prefers "opt-in" rather than "opt-out" actions by consumers. In the former, "people are affirming that they want to be in a data base" rather than waiting for a marketing company to ask for a refusal.
