Background[]
In December 1999, the Federal Trade Commission established the Advisory Committee on Online Access and Security (ACOAS) pursuant to the Federal Advisory Committee Act (the "FACA").[1] The FTC asked the ACOAS to consider the parameters of "reasonable access" to personal information collected from and about consumers online and "adequate security" for such information.
Issues to be addressed[]
The Advisory Committee was asked to provide advice and recommendations to the FTC regarding options for the implementation by commercial websites of the Access and Security fair information practice principles, and the costs and benefits of each option.
The FTC charged the Advisory Committee with (1) considering the parameters of reasonable access to personal information and adequate security to protect such information, and (2) preparing a written report presenting options for implementation of these fair information practices and the costs and benefits of each option.
The Advisory Committee was asked to consider, among other things:
- whether the extent of access provided by websites should vary with the sensitivity of the personal information collected and/or the purpose for which such information was collected;
- whether the difficulty and costs of retrieving consumers' data should be considered;
- whether consumers should be provided access to enhancements to personal information (e.g., inferences about their preferences or purchasing habits);
- appropriate and feasible methods for verifying the identity of individuals seeking access;
- whether a reasonable fee may be assessed for access, and if so, what a reasonable fee would be; and
- whether limits could be placed on the frequency of requests for access, and if so, what those limits should be.
The Advisory Committee was also asked to consider:
- how to define appropriate standards for evaluating the measures taken by websites to protect the security of personal information;
- what might constitute reasonable steps to assure the integrity of this information; and
- what measures should be undertaken to protect this information from unauthorized use or disclosure.
Meetings held and topics considered[]
The FTC appointed 40 Advisory Committee members who represented varied viewpoints on implementing access and security online. The ACOAS held four public meetings between February and May 2000:
- February 4th Meeting — Agenda
- February 25th Meeting — Agenda
- March 31st Meeting — Agenda
- April 28th Meeting — Agenda
In addition, Advisory Committee members worked in subgroups between meetings to address specific topics in more depth and to draft working papers and sections of the ACOAS report for discussion at the public meetings.[2]
Access[]
With regard to access, the committee addressed four questions: (1) What is the meaning of access (merely view or view and modify)? (2) Access to what? (3) Who provides access? and (4) How easy should access be? The Advisory was unable to agree on a clear recommendation and instead presented a range of access options. In part, the committee recognized that the dilemmas presented by the need to authenticate for access purposes complicated access options and necessitated an evaluation of the particular circumstances.
Final report[]
The ACOAS submitted its Final Report (full-text) to the FTC on May 15, 2000.