Contact: Amy Smorodin
(202) 828-4405
June 29, 2011 – Without substantially better data and analysis, policymakers cannot make informed decisions concerning data privacy and security legislation, stated Thomas Lenard in testimony before the U.S. Senate Committee on Commerce, Science, and Transportation. During the hearing, “Privacy and Data Security: Protecting Consumers in the Modern World,” Lenard also stressed that data privacy and security are different issues and should be dealt with separately by policymakers.
In his testimony, Lenard, Technology Policy Institute President and Senior Fellow, identified a need for updated data on privacy practices in the marketplace, citing that the last comprehensive study was completed a decade ago. “In addition to basic data,” he stated, “the benefits and costs of policy proposals need to be evaluated to ensure that they improve consumer welfare.” Lenard explained that many privacy proposals would reduce the value of internet advertising and, as a result, would shrink revenues that support online content and services. “The principal purpose of cost-benefit analysis is to make these tradeoffs explicit so that policy makers can make informed decisions.”
Lenard also stated in his testimony that security and privacy should be considered separate policy issues. “Regulating the collection and use of information by legitimate firms does little or nothing to deter identity theft,” he explained. “In fact, excessive control of information may increase the risk of identity theft by making it more difficult for sellers to determine if a potential buyer is fraudulent.”
Lenard explained that there are strong financial incentives for firms to invest in data security so it is unclear if government action on data security is warranted. Incentives for breach notification are less strong, and policymakers should weigh the benefits and costs when determining if mandatory notification would make consumers better off. Perhaps the most significant benefit of federal data security and breach notification legislation would be preempting the patchwork of state laws. For that reason, Lenard advised that enacting a carefully crafted federal bill could yield savings for firms and consumers.
“The privacy and data security debates are extremely important to the future of the digital economy and of innovation in the United States, but, unfortunately, they are taking place largely in an empirical vacuum,” Lenard concluded. “Without substantially better data and analysis, there is no way of knowing with any confidence whether proposals currently under consideration will improve consumer welfare.”
Lenard’s full written testimony is available on the TPI website.
The Technology Policy Institute
The Technology Policy Institute is a non-profit research and educational organization that focuses on the economics of innovation, technological change, and related regulation in the United States and around the world. More information is available at https://techpolicyinstitute.org/.