Impact:
Without international agreement on a framework for industry self-regulation, global internetworking is not possible. Information will not flow across boundaries if each regional or local authority has its own distinct privacy mandates. In addition, fair information practices are essential to enabling educational, commercial and entertainment applications to reach their full potential.

Position:
While the collection and use of public data is essential to online business, IT companies recognize the need to maintain consumer confidence in the Internet by protecting citizens' privacy. Industry understands that it cannot succeed unless it resolves public concerns. Cisco supports a model of industry self-regulation (as opposed to government intervention) that is strengthened by innovative tools to give consumers greater choice in protecting their personal data and understanding how it may be collected and used. A reasonable balance can be achieved between consumer protection and business requirements, as evidenced by several ambitious industry-led initiatives over the past year.

Background:
In the information age, sensitive and confidential data is routinely stored in or transmitted across computer networks. Online businesses often collect and use data to maximize consumers' online experience and options. For example, online booksellers collect data to make reading recommendations, online advertisers use data to offer consumers coupons for products they use, and online media sites collect data to allow visitors to customize the news they receive (and avoid re-entering their password each visit).

But surveys and reports show great numbers of consumers who could use the Internet to buy things do not do so out of concerns about the security and privacy of their personal information online.

• 66.7% of online "window shoppers" state that assurances of privacy will be the basis for their making online purchases. (NFO Interactive Study, Online Retail Monitor: Branding, Segmentation & Web Sites, 10/1999).

In 1998 the European Union (EU) issued a data privacy directive banning the flow of personal data to third countries without "adequate privacy protections." Since that directive, negotiators from the EU and US have worked to agree on a single system for privacy protection.

Status:
The online industry has made extraordinary progress in regulating itself and providing consumers with privacy protections and greater notice of privacy policies. Aggressive industry efforts at self-regulation over the past year have successfully demonstrated the effectiveness (and implementation speed) of self-regulation:

• 65.9% of the 7,500 most popular Web sites had posted privacy policies by Oct. 1999, up from 14% the year prior.
• 93% of the 100 most popular Web sites posted privacy policies by 1999, up from 71% in 1998.

The Federal Trade Commission is satisfied that self-regulation is effective as well. The FTC favored government regulation in 1998 unless industry could implement "broad-based and effective self-regulatory policies" by the end of the year. By 1999, the FTC was urging Congress not to pass any new Internet privacy laws, finding self-regulation the least intrusive and most efficient means to ensure fair information practices.

Nevertheless, both industry and the government continue to closely monitor this important issue. The National Telecommunications & Information Administration ("NTIA") and the FTC held a public workshop on "online profiling" on November 8, 1999.

Internationally, EU and U.S. negotiators are working towards a self-regulatory regime on a global basis (non-governmental oversight of industry privacy practices). Issues remaining between the U.S. and EU are enforcement, financial services protections, and ways users can opt out of having their data disseminated.

Involvement:
Cisco is working with the Online Privacy Alliance to develop an ongoing program of effective industry self-regulation. Cisco continually assesses its own privacy policy in relation to emerging guidelines and public needs.

The Online Privacy Alliance (OPA) is a coalition of 85 companies and associations formed to promote industry self-regulation as a means of addressing privacy concerns. OPA has issued guidelines on the central elements of any self-regulation programs and advocated online privacy measures to more than 17,000 corporate executives at hundreds of companies nationwide.

Fast Facts:

• 93 of the 100 most heavily trafficked dot-com Internet sites post privacy policies to help consumers in 1999, up from 71 in 1998. ( Online Privacy Alliance Survey , June 1999).
• 65.9% of the most visited Web sites post some privacy notice in 1999(based upon a random sampling of 361 of the top 7,500 sites), up from 14% in 1998. ( Georgetown University Privacy Study, Jul. 1999 ).
• 2/3rds of people using the Internet believe online privacy should be market-regulated, rather than legislated, including nearly 60% of registered Democrats and more than 70% of Republicans. ( @plan , Nov. 1999).
• 66.7% of online "window shoppers" state that assurances of privacy will be the basis for their making online purchases. 80% said deep discounts would inspire their first online transaction. (NFO Interactive Study, Online Retail Monitor: Branding, Segmentation & Web Sites, 10/1999).
• 86% of Internet users believe individuals should be able to make informed choices on whether or not to give personal information in exchange for free service or benefits; 12% see such voluntary exchanges as invasive of privacy ( Privacy & American Business Survey ).
• 87% of Internet users feel it is fair to collect information about consumer interests and preferences for statistical analysis of interest and buying trends among net users ( Privacy & American Business Survey ).
• 98.2% of the top Web sites collect at least one type of personal identifying information (e.g. name, e-mail, address, postal address); 75% collected at least one type of demographic information (e.g. gender, preferences, zip code). (NFO Interactive Study, Online Retail Monitor: Branding, Segmentation & Web Sites, 10/1999).

Privacy Links:
Self-Regulation and Privacy On-line, ( Federal Trade Commission Report to Congress , July 29, 1999).

Georgetown University Internet Privacy Policy Study (July 21, 1999).

Online Privacy Alliance Report to the FTC on the Privacy Practices of the Top 100 Commercial Web Sites (6/8/1999).

"Site Seeing on the Internet," FTC's Consumer Guide to Travel in Cyberspace .

AT&T Survey On Understanding Net Users' Attitudes About Online Privacy (4/14/1999).

IBM Multi-National Consumer Privacy Survey (IBM, Oct. 1999).

Independent Consumer Privacy Watchdogs:

• Better Business Bureau Online
• TRUSTe

Cisco Systems Inc.'s Privacy Policy .

European Union's Privacy Directive .

For more information on privacy issues and resources, visit the Privacy Exchange , the Center for Democracy & Technology (etc.) the Privacy & American Business web site and the Electronic Privacy Information Center .

For information on privacy through encryption check out Americans for Computer Privacy and the Internet Privacy Coalition .