States Should Increase Internet Privacy Enforcement Partnership with Feds, Maryland Official Says
States should increase their role as a partner with the federal government to address Internet privacy issues, said Steve Ruckman, Maryland assistant attorney general and director of the Maryland Office of the Attorney General’s Internet Privacy Unit, at a joint FCBA-American Bar Association Forum on Communications Law event Wednesday. Maryland Attorney General Doug Gansler has made Internet privacy protections a priority -- both in his in-state work and in his role as president of the National Association of Attorneys General NAAG), Ruckman said. Gansler was originally scheduled to speak at the FCBA event, but needed to testify at a Maryland General Assembly hearing.
The FTC has done a “tremendous” job of addressing privacy concerns in recent years -- but like state governments, the federal agency does not have unlimited resources, Ruckman said. “Given that there are over 800,000 apps in the Apple Store, another 800,000 for Android ... it is impossible for the FTC, acting alone, to fully scout out -- let alone address -- all the problems that are arising in Internet commerce,” Ruckman said. “States can act as a federal partner and help pursue matters that the FTC lacks the time and resources to pursue on its own.” Federal statutes like the Children’s Online Privacy Protection Act already anticipate federal-state partnerships, allowing a state attorney general to pursue in-state violations of federal law in federal court, he said. States also maintain more informal partnerships with the FTC on Internet privacy matters through regular communication, Ruckman said.
State attorneys general also play an important role as the “first responder” in addressing privacy violations, Ruckman said. “When consumers have concerns about how their personal information is being used online, they call our hotlines,” he said. “We get hundreds of calls every month, and more and more are about Internet privacy issues.” States’ first responder role becomes especially important whenever existing privacy protections fail to fully protect citizens, Ruckman said. Such cases include enforcement of data breach laws and prosecution of “bad actors” that blackmail consumers into paying to take down inaccurate background check information, he said. Data breach notification laws are now in effect in 45 states, Washington, D.C., Puerto Rico and the U.S. Virgin Islands, Ruckman said. While there is a renewed interest in harmonizing states’ data breach laws, a national law is likely a long way off, he said.
States can also be a lab for legal reforms on online privacy, Ruckman said. “History has shown us that states have frequently been effective laboratories for reforms on aspects of the economy that reached beyond state borders,” including lending protections, healthcare markets and environmental standards, he said. “We think that states have a role to play in ensuring that the online marketplace is a safe place to do business and recreate.” Gansler has successfully advocated for updates to Maryland’s laws “into the modern era” to reflect changes in what is considered appropriate online privacy and is now advocating for similar updates to the state’s stalking and harassment laws, Ruckman said.
States should continue educating citizens on consumer safety issues, Ruckman said. “Through our investigations, we often learn before many parents the risks that certain online activities pose for children -- and so we should be active in educating them about these risks,” he said. “Likewise we know that some of the good privacy protective habits that are out there should be more widely adopted, and we should be educating consumers about how to adopt them.” NAAG is hosting a summit April 14-16 in National Harbor, Md., that will bring together industry, government and consumer stakeholders to discuss emerging privacy challenges, Ruckman said (http://bit.ly/YrQqmh).