PRIVACY COMMISSION ACT -- (House of Representatives - October 02, 2000)

[Page: H8561]

---

   Mr. HORN. Mr. Speaker, I move to suspend the rules and pass the bill (H.R. 4049) to establish the Commission for the Comprehensive Study of Privacy Protection, as amended.

   The Clerk read as follows:

H.R. 4049

    Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,

   SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Privacy Commission Act''.

   SEC. 2. FINDINGS.

    The Congress finds the following:

    (1) Americans are increasingly concerned about their civil liberties and the security and use of their personal information, including medical records, educational records, library records, magazine subscription records, records of purchases of goods and other payments, and driver's license numbers.

    (2) Commercial entities are increasingly aware that consumers expect them to adopt privacy policies and take all appropriate steps to protect the personal information of consumers.

    (3) There is a growing concern about the confidentiality of medical records, because there are inadequate Federal guidelines and a patchwork of confusing State and local rules regarding privacy protection for individually identifiable patient information.

    (4) In light of recent changes in financial services laws allowing for increased sharing of information between traditional financial institutions and insurance entities, a coordinated and comprehensive review is necessary regarding the protections of personal data compiled by the health care, insurance, and financial services industries.

    (5) The use of Social Security numbers has expanded beyond the uses originally intended.

    (6) Use of the Internet has increased at astounding rates, with approximately 5 million current Internet sites and 64 million regular Internet users each month in the United States alone.

    (7) Financial transactions over the Internet have increased at an astounding rate, with 17 million American households spending $20 billion shopping on the Internet last year.

    (8) Use of the Internet as a medium for commercial activities will continue to grow, and it is estimated that by the end of 2000, 56 percent of the companies in the United States will sell their products on the Internet.

    (9) There have been reports of surreptitious collection of consumer data by Internet marketers and questionable distribution of personal information by on-line companies.

    (10) In 1999, the Federal Trade Commission found that 87 percent of Internet sites provided some form of privacy notice, which represented an increase from 15 percent in 1998.

    (11) The United States is the leading economic and social force in the global information economy, largely because of a favorable regulatory climate and the free flow of information. It is important for the United States to continue that leadership. As nations and governing bodies around the world begin to establish privacy standards, these standards will directly affect the United States.

    (12) The shift from an industry-focused economy to an information-focused economy calls for a reassessment of the most effective way to balance personal privacy and information use, keeping in mind the potential for unintended effects on technology development, innovation, the marketplace, and privacy needs.

    (13) This Act shall not be construed to prohibit the enactment of legislation on privacy issues by the Congress during the existence of the Commission. It is the responsibility of the Congress to act to protect the privacy of individuals, including individuals' medical and financial information. Various committees of the Congress are currently reviewing legislation in the area of medical and financial privacy. Further study by the Commission established by this Act should not be considered a prerequisite for further consideration or enactment of financial or medical privacy legislation by the Congress.

   SEC. 3. ESTABLISHMENT.

    There is established a commission to be known as the ``Commission for the Comprehensive Study of Privacy Protection'' (in this Act referred to as the ``Commission'').

   SEC. 4. DUTIES OF COMMISSION.

    (a) STUDY.--The Commission shall conduct a study of issues relating to protection of individual privacy and the appropriate balance to be achieved between protecting individual privacy and allowing appropriate uses of information, including the following:

    (1) The monitoring, collection, and distribution of personal information by Federal, State, and local governments, including personal information collected for a decennial census, and such personal information as a driver's license number.

    (2) Current efforts to address the monitoring, collection, and distribution of personal information by Federal and State governments, individuals, or entities, including--

    (A) existing statutes and regulations relating to the protection of individual privacy, such as section 552a of title 5, United States Code (commonly referred to as the Privacy Act of 1974) and section 552 of title 5, United States Code (commonly referred to as the Freedom of Information Act);

    (B) legislation pending before the Congress;

    (C) privacy protection efforts undertaken by the Federal Government, State governments, foreign governments, and international governing bodies;

    (D) privacy protection efforts undertaken by the private sector; and

    (E) self-regulatory efforts initiated by the private sector to respond to privacy issues.

    (3) The monitoring, collection, and distribution of personal information by individuals or entities, including access to and use of medical records, financial records (including credit cards, automated teller machine cards, bank accounts, and Internet transactions), personal information provided to on-line sites accessible through the Internet, Social Security numbers, insurance records, education records, and driver's license numbers.

    (4) Employer practices and policies with respect to the financial and health information of employees, including--

    (A) whether employers use or disclose employee financial or health information for marketing, employment, or insurance underwriting purposes;

    (B) what restrictions employers place on disclosure or use of employee financial or health information;

    (C) employee rights to access, copy, and amend their own health records and financial information;

    (D) what type of notice employers provide to employees regarding employer practices with respect to employee financial and health information; and

    (E) practices of employer medical departments with respect to disclosing employee health information to administrative or other personnel of the employer.

    (5) The extent to which individuals in the United States can obtain redress for privacy violations.

    (6) The extent to which older individuals and disabled individuals are subject to exploitation involving the disclosure or use of their financial information.

    (b) FIELD HEARINGS.--

    (1) IN GENERAL.--The Commission shall conduct at least 2 field hearings in each of the 5 geographical regions of the United States.

    (2) BOUNDARIES.--For purposes of this subsection, the Commission may determine the boundaries of the five geographical regions of the United States.

    (c) REPORT.--

    (1) IN GENERAL.--Not later than 18 months after appointment of all members of the Commission--

    (A) a majority of the members of the Commission shall approve a report; and

    (B) the Commission shall submit the approved report to the Congress and the President.

    (2) CONTENTS.--The report shall include a detailed statement of findings, conclusions,

[Page: H8562]
and recommendations, including the following:

    (A) Findings on potential threats posed to individual privacy.

    (B) Analysis of purposes for which sharing of information is appropriate and beneficial to consumers.

    (C) Analysis of the effectiveness of existing statutes, regulations, private sector self-regulatory efforts, technology advances, and market forces in protecting individual privacy.

    (D) Recommendations on whether additional legislation is necessary, and if so, specific suggestions on proposals to reform or augment current laws and regulations relating to individual privacy.

    (E) Analysis of purposes for which additional regulations may impose undue costs or burdens, or cause unintended consequences in other policy areas, such as security, law enforcement, medical research, or critical infrastructure protection.

    (F) Cost analysis of legislative or regulatory changes proposed in the report.

    (G) Analysis of the impact of altering existing protections for individual privacy on the overall operation and functionality of the Internet, including the impact on the private sector.

    (H) Recommendations on non-legislative solutions to individual privacy concerns, including education, market-based measures, industry best practices, and new technology.

    (I) Review of the effectiveness and utility of third-party verification of privacy statements, including specifically with respect to existing private sector self-regulatory efforts.

    (d) ADDITIONAL REPORT.--Together with the report under subsection (c), the Commission shall submit to the Congress and the President any additional report of dissenting opinions or minority views by a member or members of the Commission.

    (e) INTERIM REPORT.--The Commission may submit to the Congress and the President an interim report approved by a majority of the members of the Commission.

   SEC. 5. MEMBERSHIP.

    (a) NUMBER AND APPOINTMENT.--The Commission shall be composed of 17 members appointed as follows:

    (1) 4 members appointed by the President.

    (2) 4 members appointed by the majority leader of the Senate.

    (3) 2 members appointed by the minority leader of the Senate.

    (4) 4 members appointed by the Speaker of the House of Representatives.

    (5) 2 members appointed by the minority leader of the House of Representatives.

    (6) 1 member, who shall serve as Chairperson of the Commission, appointed jointly by the President, the majority leader of the Senate, and the Speaker of the House of Representatives.

    (b) DIVERSITY OF VIEWS.--The appointing authorities under subsection (a) shall seek to ensure that the membership of the Commission has a diversity of views and experiences on the issues to be studied by the Commission, such as views and experiences of Federal, State, and local governments, the media, the academic community, consumer groups, public policy groups and other advocacy organizations, business and industry (including small business), the medical community, civil liberties experts, and the financial services industry.

    (c) DATE OF APPOINTMENT.--The appointment of the members of the Commission shall be made not later than 30 days after the date of the enactment of this Act.

    (d) TERMS.--Each member of the Commission shall be appointed for the life of the Commission.

    (e) VACANCIES.--A vacancy in the Commission shall be filled in the same manner in which the original appointment was made.

    (f) COMPENSATION; TRAVEL EXPENSES.--Members of the Commission shall serve without pay, but shall receive travel expenses, including per diem in lieu of subsistence, in accordance with sections 5702 and 5703 of title 5, United States Code.

    (g) QUORUM.--A majority of the members of the Commission shall constitute a quorum, but a lesser number may hold hearings.

    (h) MEETINGS.--

    (1) IN GENERAL.--The Commission shall meet at the call of the Chairperson or a majority of its members.

    (2) INITIAL MEETING.--Not later than 45 days after the date of the enactment of this Act, the Commission shall hold its initial meeting.

   SEC. 6. DIRECTOR; STAFF; EXPERTS AND CONSULTANTS.

    (a) DIRECTOR.--

    (1) IN GENERAL.--Not later than 30 days after the appointment of the Chairperson of the Commission, the Chairperson of the Commission shall appoint a Director without regard to the provisions of title 5, United States Code, governing appointments to the competitive service.

    (2) PAY.--The Director shall be paid at the rate payable for level III of the Executive Schedule established under section 5314 of such title.

    (b) STAFF.--The Director may appoint staff as the Director determines appropriate.

    (c) APPLICABILITY OF CERTAIN CIVIL SERVICE LAWS.--

    (1) IN GENERAL.--The staff of the Commission shall be appointed without regard to the provisions of title 5, United States Code, governing appointments in the competitive service.

    (2) PAY.--The staff of the Commission shall be paid in accordance with the provisions of chapter 51 and subchapter III of chapter 53 of that title relating to classification and General Schedule pay rates, but at rates not in excess of the maximum rate for grade GS-15 of the General Schedule under section 5332 of that title.

    (d) EXPERTS AND CONSULTANTS.--The Director may procure temporary and intermittent services under section 3109(b) of title 5, United States Code.

    (e) STAFF OF FEDERAL AGENCIES.--

    (1) IN GENERAL.--Upon request of the Director, the head of any Federal department or agency may detail, on a reimbursable basis, any of the personnel of that department or agency to the Commission to assist it in carrying out this Act.

    (2) NOTIFICATION.--Before making a request under this subsection, the Director shall give notice of the request to each member of the Commission.

   SEC. 7. POWERS OF COMMISSION.

    (a) HEARINGS AND SESSIONS.--The Commission may, for the purpose of carrying out this Act, hold hearings, sit and act at times and places, take testimony, and receive evidence as the Commission considers appropriate. The Commission may administer oaths or affirmations to witnesses appearing before it.

    (b) POWERS OF MEMBERS AND AGENTS.--Any member or agent of the Commission may, if authorized by the Commission, take any action which the Commission is authorized to take by this section.

    (c) OBTAINING OFFICIAL INFORMATION.--

    (1) IN GENERAL.--Except as provided in paragraph (2), if the Chairperson of the Commission submits a request to a Federal department or agency for information necessary to enable the Commission to carry out this Act, the head of that department or agency shall furnish that information to the Commission.

    (2) EXCEPTION FOR NATIONAL SECURITY.--If the head of that department or agency determines that it is necessary to guard that information from disclosure to protect the national security interests of the United States, the head shall not furnish that information to the Commission.

    (d) MAILS.--The Commission may use the United States mails in the same manner and under the same conditions as other departments and agencies of the United States.

    (e) ADMINISTRATIVE SUPPORT SERVICES.--Upon the request of the Director, the Administrator of General Services shall provide to the Commission, on a reimbursable basis, the administrative support services necessary for the Commission to carry out this Act.

    (f) GIFTS AND DONATIONS.--The Commission may accept, use, and dispose of gifts or donations of services or property to carry out this Act, but only to the extent or in the amounts provided in advance in appropriation Acts.

    (g) CONTRACTS.--The Commission may contract with and compensate persons and government agencies for supplies and services, without regard to section 3709 of the Revised Statutes (41 U.S.C. 5).

    (h) SUBPOENA POWER.--

    (1) IN GENERAL.--The Commission may issue subpoenas requiring the attendance and testimony of witnesses and the production of any evidence relating to any matter that the Commission is empowered to investigate by section 4. The attendance of witnesses and the production of evidence may be required by such subpoena from any place within the United States and at any specified place of hearing within the United States.

    (2) FAILURE TO OBEY A SUBPOENA.--If a person refuses to obey a subpoena issued under paragraph (1), the Commission may apply to a United States district court for an order requiring that person to appear before the Commission to give testimony, produce evidence, or both, relating to the matter under investigation. The application may be made within the judicial district where the hearing is conducted or where that person is found, resides, or transacts business. Any failure to obey the order of the court may be punished by the court as civil contempt.

    (3) SERVICE OF SUBPOENAS.--The subpoenas of the Commission shall be served in the manner provided for subpoenas issued by a United States district court under the Federal Rules of Civil Procedure for the United States district courts.

    (4) SERVICE OF PROCESS.--All process of any court to which application is made under paragraph (2) may be served in the judicial district in which the person required to be served resides or may be found.

    (i) RULES.--The Commission shall adopt other rules as necessary for its operation.

   SEC. 8. TERMINATION.

    The Commission shall terminate 30 days after submitting a report under section 4(c).

   SEC. 9. AUTHORIZATION OF APPROPRIATIONS.

    (a) IN GENERAL.--There are authorized to be appropriated to the Commission $5,000,000 to carry out this Act.

    (b) AVAILABILITY.--Any sums appropriated pursuant to the authorization in subsection (a) shall remain available until expended.

   SEC. 10. BUDGET ACT COMPLIANCE.

    Any new contract authority authorized by this Act shall be effective only to the extent or in the amounts provided in advance in appropriation Acts.

   SEC. 11. PRIVACY PROTECTIONS.

    (a) DESTRUCTION OR RETURN OF INFORMATION REQUIRED.--Upon the conclusion of the matter or need for which individually identifiable information was disclosed to the Commission, the Commission shall either destroy

[Page: H8563]
the individually identifiable information or return it to the person or entity from which it was obtained, unless the individual that is the subject of the individually identifiable information has authorized its disclosure.

    (b) DISCLOSURE OF INFORMATION PROHIBITED.--The Commission--

    (1) shall protect individually identifiable information from improper use; and

    (2) may not disclose such information to any person, including the Congress or the President, unless the individual that is the subject of the information has authorized such a disclosure.

    (c) PROPRIETARY BUSINESS INFORMATION AND FINANCIAL INFORMATION.--The Commission shall protect from improper use, and may not disclose to any person, proprietary business information and proprietary financial information that may be viewed or obtained by the Commission in the course of carrying out its duties under this Act.

    (d) INDIVIDUALLY IDENTIFIABLE INFORMATION DEFINED.--For the purposes of this Act, the term ``individually identifiable information'' means any information, whether oral or recorded in any form or medium, that identifies an individual, or with respect to which there is a reasonable basis to believe that the information can be used to identify an individual.

   The SPEAKER pro tempore (Mr. PEASE). Pursuant to the rule, the gentleman from California (Mr. HORN) and the gentleman from California (Mr. Waxman) each will control 20 minutes.

   The Chair recognizes the gentleman from California (Mr. HORN).

   GENERAL LEAVE

   Mr. HORN. Mr. Speaker, I ask unanimous consent that all Members may have 5 legislative days within which to revise and extend their remarks on H.R. 4049, as amended.

   The SPEAKER pro tempore. Is there objection to the request of the gentleman from California?

   There was no objection.

   Mr. HORN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, H.R. 4049 would establish a commission to engage in one of the Nation's most comprehensive examinations of privacy protection issues in more than 20 years.

   A few key strokes on a computer can yield a quantity of information that was unimaginable 26 years ago when the privacy act of 1974 became law. From e-mail and e-commerce to e-government, technology has changed the way people communicate, shop, and pay their bills.

   The downside of these advances is that a vast amount of personal information, such as credit cards and Social Security numbers, flows freely from home computers to commercial and government Web sites. Today, everything from medical records to income tax returns is being maintained in an electronic form and is often transmitted over the Internet.

   Growing concern over protecting the privacy of those records has led to the proposal of approximately 7,000 State and local laws, and more than 50 Federal laws. This bill before the House today will provide a most important function in this debate. The commission will examine privacy policies and laws throughout the Nation.

   The commission's work will help determine the extent to which the Nation's privacy laws and policies may need to be revised for today's information technology.

   Mr. Speaker, H.R. 4049 was introduced on March 21, 2000, by the gentleman from Arkansas (Mr. HUTCHINSON) and the gentleman from Virginia (Mr. MORAN), a true bipartisan bill.

   The Committee on Government Reform's Subcommittee on Government Management Information and Technology held 3 days of legislative hearings on the issue, including a day of hearings at the behest of the subcommittee's minority members. The subcommittee approved the bill on June 14, 2000; and the full committee finalized its work on the bill on June 29, 2000.

   During the full committee's consideration, a number of amendments offered by the minority were adopted, and the bill was favorably reported to the full House.

   Mr. Speaker, I yield such time as he may consume to the honorable gentleman from Arkansas (Mr. HUTCHINSON), the chief author of the bill, for further discussion.

   Mr. HUTCHINSON. Mr. Speaker, I thank the gentleman from California (Mr. HORN) for yielding the time to me.

   Mr. Speaker, I certainly rise in support of this legislation, the Privacy Commission Act, and I want to thank the gentleman from California (Mr. HORN) for his leadership and cooperation on this.

   I want to thank the Democrat gentleman from Texas (Mr. TURNER) for his coauthorship of it.

   I want to thank the gentleman from California (Mr. WAXMAN), the ranking member of the full committee, for his participation through this process, his very constructive criticisms and suggestions that he has offered. I think because of the gentleman's participation we have certainly made this a better product that has moved to the floor today.

   I certainly also want to thank the gentleman from the State of Virginia (Mr. MORAN), my cosponsor, who from the very beginning has helped make this a bipartisan product which we have presented to this body.

   If we look back over the issue of privacy, the last comprehensive look at privacy that we have had in our Nation was 25 years ago in 1974, and the report after that privacy study commission was privacy in the information age. Certainly that has changed in 25 years. But even that last commission gave us the hallmark of our privacy legislation today, the foundation of privacy here in the Federal Government.

   That was 1974. Basically, it is time that we need to do it again, and I do believe that Congress understands the issue of privacy and the importance of this issue to the American people. The NBC-Wall Street Journal poll indicated that the number one issue of Americans as they enter the next century is the concern about loss of personal privacy, and so Congress understands that.

   If we look at the issue of video rental records, we understand the public, and we do not want our video rental records disclosed to third parties, and we passed a law that prohibited that.

   We understand that driver's license information should not be passed along and sold to commercial enterprises. We passed a law that restricted that.

   When you look at cable stations and the knowledge as to what an individual, a consumer, clicks his channels and where he goes, we do not want that information passed along; and we pass a law that restricted it.

   Tax returns, we passed a law obviously that restricts the transfer of information from a tax return.

   So we deal with privacy, but Congress should not end its work with what we have done thus far.

   How about medical records? How about State law protection dealing with medical records; is that sufficient? Do we need a new Federal standard? How about the financial records? What do we need to do to further protect the transfer of financial information? And the answer is that regardless of what we can agree upon now, and I have sponsored various portions of privacy legislation and have moved forward, but regardless of what we agree upon now, we cannot end here.

   We need to build a consensus; and this bill, this privacy study commission, is designed to build this consensus that we have not been able to form yet. I think it will help us to enhance personal privacy and do the work that Congress should do.

   Let me go to some of the particulars of this legislation. Obviously, the commission will consist of 17 members appointed by the President, the majority leader, minorities leader, Speaker of the House. So it certainly is bipartisan in the way that it is formulated, but it is tasked with numerous responsibilities from studying the current state of laws on individual privacy, to conducting field hearings across the country, listening to the people, as well as privacy experts.

   We are to submit a report to Congress, this commission will, within a timely fashion; and even though 18 months is a drop-dead date, hopefully they will come back sooner, and they have specifically the right to come back sooner if they can reach that consensus.

   The Committee on Commerce has stepped in and suggested some very important changes but are not dramatic in its impact. One of them is that the commission should look at the impact on the Internet and its functionality. Certainly we want to do that. It says that any commissioner or group of commissioners may dissent and submit a record, so there is nothing dramatic about those changes; but those have been some suggested improvements from the Committee on Commerce.

[Page: H8564]

   I want to talk for a second about the processes as the gentleman from California (Mr. HORN) just indicated. We have gone through 3 days of hearings. We have gone through markup in subcommittee and full committee, and it was during that time that I think we really improved this legislation. One of the suggestions that came from the Democrat side was suggested by the gentleman from California (Mr. WAXMAN), the ranking member, who said that we should make it clear that this legislation in no way should impede the passage of individual privacy legislation. The language that was suggested by the gentleman from California (Mr. WAXMAN) was included.

   The gentlewoman from New York (Mrs. MALONEY) suggested very appropriately that the commission should look at the extent that older individuals are subject to exploitation involving the disclosure of use of their financial information. That was adopted in subcommittee.

   Then the third-party verification efforts, an amendment sponsored as well by the gentlewoman from New York (Mrs. MALONEY) was adopted.

   The importance of having civil liberties represented on the commission was accepted as well, and so there was tremendous improvement through this process. We have really followed the regular order as we have come to this full House.

   This is a very important commission that I believe will do good work. It is important that we have a good vote today, that will send it on its way in a bipartisan way; and I think that when it comes back with a report, hopefully, and I see the gentleman from Massachusetts (Mr. MARKEY) joining us, that we can continue to work on individual privacy legislation between now and the end of this year and into next Congress.

   In the meantime, regardless of what else happens, we need to have this commission that will continue to recommend and supplement what we are doing in this body and to assist in our efforts, and I urge my colleagues to support this common sense approach to privacy.

   Mr. HORN. Mr. Speaker, I reserve the balance of my time.

   Mr. WAXMAN. Mr. Speaker, I yield myself 3 1/2 minutes.

   Mr. Speaker, I want to compliment the gentleman from Arkansas (Mr. HUTCHINSON) and the gentleman from Virginia (Mr. MORAN) for their efforts to focus attention on the important issue of privacy. I believe that H.R. 4049 is a well-intentioned bill. The authors' sincerity in their motivation to improve privacy protections is a real one.

   I strongly object, however, to the decision to bring up this bill as a suspension bill. Until today, we have had no opportunity to consider fundamental privacy legislation that matters to millions of Americans. And now that we have a bill, we are only provided with 20 minutes of debate time and no chance for amendments. And I think that is wrong.

   Mr. Speaker, the gentleman from Arkansas (Mr. HUTCHINSON) said that his bill could go forward and other legislation on the subject of privacy could be considered at the same time. Well, the reality is that other legislation on privacy is not being considered at all. For example, the gentlewoman from New York (Ms. SLAUGHTER) has introduced genetic nondiscrimination and privacy legislation that has broad support; yet there has not even been a hearing on it.

   The gentleman from California (Mr. CONDIT) introduced legislation with the gentleman from Massachusetts (Mr. MARKEY), the gentleman from Michigan (Mr. DINGELL), myself and many other colleagues to provide comprehensive medical privacy protections for American consumers. That bill, which is in the subcommittee of the gentleman from California (Mr. HORN), has not even been given a hearing.

   The gentleman from New York (Mr. LAFALCE) and the gentleman from Massachusetts (Mr. MARKEY) have introduced comprehensive financial privacy protections; yet there has not even been a hearing on their bills.

   Today, with consideration of H.R. 4049, the leadership is finally taking up a bill concerning privacy, but the leadership has brought the bill up under suspension of the rules. This procedure blocks the gentleman from California (Mr. CONDIT), the gentleman from New York (Mr. LAFALCE), the gentleman from Massachusetts (Mr. MARKEY), the gentlewoman from New York (Ms. SLAUGHTER), and others from bringing up measures to provide privacy protections for American consumers.

   We should not waste this opportunity to consider meaningful privacy protections. The Privacy Commission Act should be brought to the floor under regular order so that Members have an opportunity to discuss whether substantive privacy protections or other improvements should be added to the bill through amendment.

   One of the main issues that has been raised about privacy, about the privacy commission bill, is whether its practical effect would be to delay the enactment of privacy protections.

   People who advocate privacy protections have expressed concern about the potential for delay. For example, the Consumer Federation of America Consumers Union and U.S. PIRG have stated that ``the creation of a commission would delay efforts to put meaningful privacy protections on the book.''

   People who oppose privacy protections have been happy that this bill could delay privacy initiatives. On April 17, 2000, there was an editorial in the National Underwriter magazine that urged insurance companies to support this measure, because the presence of such a commission will provide a strong argument for Congress and the State legislatures to wait for the results before enacting, as they put it, highly restrictive privacy legislation.

   Under the right circumstances, establishing a privacy commission could be a helpful step in addressing privacy concerns. If Congress concurrently took action on enacting privacy legislation or at least made a binding commitment to take such action, American consumers could be confident that they would complement, rather than delay, this legislation.

   Mr. Speaker, I want to emphasize this point and urge my colleagues to oppose this suspension.

   Mr. Speaker, I reserve the balance of my time.

   

[Time: 15:00]

   Mr. HORN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, as I looked at the evolution of this legislation, every bill or an amendment that the Democratic minority gave us we accepted, and what we are going to have here is just on and on and on, and nothing is going to happen.

   Five years ago when the gentleman from California (Mr. CONDIT) was in my position as chair of the subcommittee on Government Management, Information, and Technology, we had legislation that he submitted, a very fine bill. We have had others. We have Senator LEAHY come over. He has a very fine bill. So it goes. Nobody can pull all the pieces together.

   In the closing weeks of Congress, there is absolutely no way to have the floor time to start having amendments all over the place. I would love to have floor time and have a 3-day debate. It is going to be a 3-day debate, at least.

   It has been a bipartisan proposal all the way, and I would hope we would get something done where it could be pulled together and we might look at it as a base bill, which does not preclude the gentleman from Massachusetts (Mr. MARKEY), the gentleman from Connecticut (Mr. SHAYS). We have a whole bunch of people here who want to have a privacy bill. I am not against that. I just want to get something done in a practical sense.

   I would hope, Mr. Speaker, that my colleagues would support this and not have to go through the--we have the votes, I am sure, on the majority, but we ought to get this movement going.

   Mr. Speaker, I reserve the balance of my time.

   Mr. WAXMAN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, I just want to point out that if we are going to be serious about doing something on privacy legislation, we should have had hearings in the Horn subcommittee, that is how we organize a consensus, not wait for one to happen. We ought to have hearings. We ought to have had leadership to develop legislation. We have not had that leadership to develop legislation.

   Secondly, not every one of our amendments was adopted in committee. We wanted a deadline for action by the Commission and an opportunity for privacy protections to be put into place.

   Mr. Speaker, I yield 3 minutes to the gentlewoman from the District of Columbia (Ms. NORTON), a very important member of our committee.

   Ms. NORTON. Mr. Speaker, I thank the gentleman for yielding time to me.

   Mr. Speaker, normally bills to study serious problems are like apple pie and motherhood, but I will tell the Members, this one deserves the serious reservations of Members of this body in light of mounting concerns among the public about medical privacy and Internet privacy.

   When I chaired the Women's Caucus last term, one of the bills at that time Democratic and the Republican women were able to get some kind of consensus on was a bill involving genetic privacy.

   The notion that we are here talking about studying privacy at the end of yet another term pains me to even hear. This issue is at the top of the agenda of the American public. The concern of the public is so loud and so real, and has been there for so long after so many hearings about various aspects of this problem, that the expectation has been that we would do something about it at least by now.

   Let us take medical privacy. That one is so long overdue, particularly with respect to genetic information. We now know the genetic code. That thing is traveling against us at such a speed. We are here talking about studying it with no time limit? People are thinking, will I lose my job if I go to the company doctor or to any doctor to talk about my condition? And all doctors use the Internet now.

   Do we know where the public is on this? They are clamoring on the doors of this Congress, saying, ``Protect me.''

   My own recent experience makes me come to the floor. I needed something, a fancy new telephone. Somebody found out that I could order it and get it in 24 hours over the Internet. I said, over my dead body. I have a recognizable name. I am not going to put the name of Eleanor Holmes Norton on the Internet, because at least in this region somebody might decide that that is the name to use.

   Do Members know how many people have lost their identity fooling with the Internet? I am not going to lose what little identity I have left. That is one of the things people write again more and more. Yet, we say, here is our answer, we will study that for you. We are making people think we are doing something about something they have clamored for us to do something about for almost 10 years now.

   This bill says that this commission is going to make recommendations on whether additional legislation is necessary? Give me a break. Tell that to the public, that we are trying to find out if it is necessary.

   Or listen to what the FCC has just said: ``Legislation is now needed to ensure consumers online privacy is adequately protected.'' It is necessary. This bill does nothing about that necessity. It is very hard for me to advocate support of this bill. I do not do so.

   Mr. HORN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, I just want to answer the ranking member of the full committee on hearings. We had a full hearing on April 12, 2000. We had a full hearing on May 15. That is two major hearings on a rather simple bill, but it is the only way we are going to get something done.

   Mr. Speaker, I yield 3 minutes to the gentleman from Texas (Mr. TURNER), the ranking member on the subcommittee.

   Mr. TURNER. Mr. Speaker, I thank the gentleman for yielding time to me.

   Mr. Speaker, I appreciate the good work that the gentleman from California (Mr. HORN) has put in on this bill. It is clear to all of us that the American people are demanding action and that their privacy be protected by this Congress. I think it perhaps is one of the most critical issues and one of the most difficult issues we face.

   I think we also understand that there are very complex issues surrounding the discussion of privacy, and there are many opinions that have been voiced to us in the course of proceedings on this bill and others that indicate that the Congress must carefully consider legislation in this area.

   H.R. 4049 is a bipartisan measure which would establish a commission charged with studying issues relating to the protection of individual privacy and the balance to be achieved between protecting privacy and allowing appropriate uses of information.

   The commission would submit a report to Congress and the President within 18 months after its appointment. As a cosponsor of the bill, I commend my colleagues, the gentleman from Arkansas (Mr. HUTCHINSON) and the gentleman from Virginia (Mr. MORAN) for their leadership on a topic of this importance.

   I commend the ranking member, the gentleman from California (Mr. WAXMAN), on his willingness to work with us on the issue. I agree with him, that there are bills pending in this Congress that can be acted upon and should be acted upon prior to the final report of this commission.

   The Subcommittee on Government Management, Information, and Technology of the Committee on Government Reform held 3 days of legislative hearings on this bill, heard from a number of witnesses, hearing various points of view. The witnesses testified regarding the commission's scope, the relationship of ongoing and past privacy efforts, the composition of the commission, and other issues.

   I want to commend the gentleman from Arkansas (Mr. HUTCHINSON) for his willingness to accept an amendment, a manager's amendment, at the full committee level which clarified that the intent of this bill is not to delay or obstruct any pending, ongoing privacy initiatives in this Congress.

   It has been more than 20 years since a privacy commission studied this issue. It is clear to me that we need a comprehensive reevaluation of the subject; that legislation that is pending can be considered and passed while we are studying this issue, but there are enough problems in the area of privacy regulation, privacy protection, to justify a commission with the expertise that is laid out in the bill as far as the creation of a commission and its membership.

   I believe Congress should strictly adhere to the intent of the bill, which calls for the commission to be used as a supplement to and a sounding board for ongoing legislative privacy initiatives rather than any means of delay.

   Again, I commend the gentleman from Arkansas (Mr. HUTCHINSON) and the gentleman from Virginia (Mr. MORAN) for their good work, and I urge the House to adopt this bipartisan measure.

   Mr. WAXMAN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, before yielding to the gentleman from Massachusetts (Mr. MARKEY), who is one of the champions on privacy questions in this Congress, I want to point out that the Horn subcommittee held three hearings, two at our request. They were all on the issue of this commission. There was not a single hearing on the medical privacy issue or the Internet privacy, which is also the jurisdiction of that committee.

   I regret that, because it seems to me we could be much further down the road in directly enacting legislation if we had that leadership.

   Mr. Speaker, I yield 6 minutes to the gentleman from Massachusetts (Mr. MARKEY), who has raised the privacy issue in a number of different spheres and has been such an enormous champion in trying to get legislation, and shown such leadership in trying to get that legislation.

   Mr. MARKEY. Mr. Speaker, I thank the gentleman for yielding time to me.

   Mr. Speaker, this is a very important debate. I think it is important for everyone who is listening to the debate to understand what we are debating and what we are not debating.

   We are debating a privacy commission. In fact, that is how it is described by the proponents. But for those that want real privacy, we are debating a privacy omission. That is what this debate is really all about.

   We have bills before Congress. They have been sitting there for years. The gentleman was the chair of this subcommittee and did not have any hearings on the subject. The Committee on Banking and Financial Services, no hearings; the Committee on Commerce, no hearings.

   Everyone understands what the problem is. The Internet industry understands, the banking industry understands, the health industry understands the issues. What frightens them most greatly is that the public understands them, as well.

[Page: H8566]

   These are not complicated issues. We over the years have made many decisions with regard to the privacy of the American public. It is not something that requires a lot of study.

   We make it a requirement that a driver of an automobile have to opt in before any license information, driver's license information, can be transferred. If we rent a video cassette at a video rental store, they have to get our permission before they transfer that information. If we are watching cable TV and late at night we might flick over to one of those pay per view channels that maybe we don't want the rest of the family, much less everyone else in the neighborhood, understanding that we might have watched, the cable industry cannot tell anyone that we did that. They have to get our permission before they do so. If we call anyone on our phones, the phone company cannot tell anybody who we called without our permission.

   If a child goes online to a commercial site for children and they are under the age of 13, that site cannot transfer that information to anyone else without the express permission of parents. But if the child is 13, if the child is 14, if the child is 15, there are no restrictions.

   Do Members think this Congress could figure out that maybe we should protect 13- and 14- and 15-year-olds? We are told by the committee that they cannot figure that out. It is too hard for them to know whether or not a 13-year-old or a 14-year-old or a 15-year-old's information should be transferred. They need to get an expert panel of industry officials, primarily, I am going to bet that is the case, to tell us whether or not those children should be protected.

   Mr. Speaker, that is why we run for office. People in this country know whether or not they want their health care records protected or not. They know whether or not they want their financial records protected. We do not need a Commission to study this. This is not beyond the ability of this Congress to deal with.

   What the bill is really all about is punting for another 2 years, 18 months, for the commission to study it. It means it is right before the next Congress ends, in the year 2002, which is exactly what the industry wants. We do not have to be a genius to figure out what to do to protect children, to protect the medical record of Americans, to make sure that somebody cannot take all of our checks or all of our brokerage accounts, all of the medical exams we might have to take for an insurance policy, and then sell it as though it is a product.

   Do we really have to study that? I don't think so. This is just a commission to make sure that this Congress can say that it did something; that is, put a fig leaf over this issue.

   So Mr. Speaker, yes, we need a new economy, but we need a new economy with old values. We need commerce with a conscience. This Congress, by passing this bill, demonstrates that it is unwilling to grasp this moral issue of what corporate America is doing in taking the private, most sensitive information of American families and turning it into a product which is sold around the country and around the world.

   So if Members want privacy and they want it to happen, vote no on this bill and force them to bring out the bills over this next week that ensure that on the Internet, on financial records, on the health care data of every American family, we give them the protections which they deserve.

   Otherwise, this bill is going to guarantee that there will be no action in the next Congress either, because the report does not come back until 2 years from now, at the end of the next Congress.

   

[Time: 15:15]

   So I think that, while they may have had all the hearings on their commission bill, that, without question, whether or not we are going to ensure that the new technology ennobles and enables Americans rather than degrades and debases, whether or not we come to grips with the fact that there is a sinister side of cyberspace and that we understand it and that we demonstrate to the American people that we do understand it, and that we become the privacy keepers as were our local bankers when we were younger, our doctors and nurses when we were younger, and that we identify with those privacy keepers rather than the privacy peepers and the information reapers which these new data banks are able to make possible, creating products out of the family information of each one of us in the United States. I do not believe that there is an issue more central to the integrity and the well-being of a family in the United States than whether or not we give them the rights today to protect that information from being turned into a product.

   To say that we do not have the ability to understand it says that we do not understand cyberspace, we do not understand the world in which everyone is living, and we do not understand that 85 percent of the American public in every single poll are demanding us to give them the right to protect this information. Vote no on this commission.

   Mr. HORN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, before I yield to the gentleman from Virginia (Mr. MORAN), the co-author of this legislation, I want to say that the gentleman from Massachusetts (Mr. MARKEY) is always very eloquent. Did he beat on the door of the chairman of the Committee on Commerce? Did he beat on the door of the chairman of the Committee on Judiciary? I did not hear him beating on my door.

   But we knew the gentleman from Massachusetts and five others were out there, and we would have been glad to give them a hearing. But there are a lot of other committees around here that have the jurisdiction. I am not aware of the gentleman from Massachusetts ever going before any of those committees. But he always is eloquent, no question about it.

   Mr. MARKEY. Mr. Speaker, will the gentleman yield?

   Mr. HORN. Mr. Speaker, I yield 10 seconds to the gentleman from Massachusetts (Mr. MARKEY) to answer how many doors did he knock on. When I have a bill out, I am knocking on doors.

   Mr. MARKEY. Mr. Speaker, I was given an ironclad commitment by the other side when we were debating the financial services bill last November that they would have hearings all this year in the Committee on Banking and Financial Services on financial services and health care privacy. They had no hearings on this issue. That side over there did not, in fact, fulfill its commitment.

   Mr. HORN. Mr. Speaker, I yield 4 1/2 minutes to the gentleman from Virginia (Mr. MORAN).

   Mr. MORAN of Virginia. Mr. Speaker, I want to start by thanking the distinguished gentleman from California (Mr. HORN). He made it clear from the outset that he wanted bipartisan constructive legislation, that he wanted hearings, and he wanted to do what we could do given the information that we had available to us.

   I also want to thank the gentleman from Arkansas (Mr. HUTCHINSON). He has worked, again, in a constructive manner, listening to everyone that wanted to have input into this legislation, has never behaved, to my knowledge, in this context in any partisan fashion. He wanted this to be a bipartisan bill. So I was very pleased to work with him.

   I thank the gentleman from Texas (Mr. TURNER), the ranking member of the subcommittee. Again, all they wanted to do was work in a constructive bipartisan manner.

   Now, I also want to thank the gentleman from California (Mr. WAXMAN) whose leadership has been outstanding. In fact, I agree with the gentleman's emphasis on the need for privacy legislation and with the gentleman from Massachusetts (Mr. MARKEY).

   I think that we ought to have privacy legislation right now, particularly with regard to the protection of medical records. No question. Let us do it. We will vote for it. I know that the gentleman from California (Mr. HORN) and the gentleman from Arkansas (Mr. HUTCHINSON) will and the gentleman from Texas (Mr. TURNER) will as well.

   So I would say to the gentleman from Massachusetts (Mr. MARKEY), my very good friend, I wished that I had had the same rhetoric teachers as my colleague, but I did go to the Jesuits, and I remember some of this, and it is very effective and impressive.

[Page: H8567]

   But let me say to the gentleman from Massachusetts just do it. If he wants privacy legislation, do it. As the gentleman from California (Mr. HORN) suggested, the gentleman from Massachusetts is on the Committee on Commerce.

   The reality is that it is not going to get done. This is all we have. We have made it clear, every speaker has made it clear this does not preclude any other privacy legislation. It is meant to compliment it. We do not have to take 18 months. We can do it in 6 months.

   The problem is, while the gentleman from Massachusetts (Mr. MARKEY), my good friend, may have all the answers, I do not. I am not sure what to do. Given the fact that there are 7,000 privacy bills introduced in State legislatures, one out of every 5 legislative bills introduced around the country this year had to do with privacy, we have got dozens of bills pending before our committees on privacy, which one of them works? Which ones will create a consistency? I am not sure. I do not have those answers.

   I am not even sure how we protect the consumer choice that is very important to many people while ensuring that we protect people's basic privacy which is a fundamental American right and freedom. I do not have those answers. I am not sure this Congress has those answers. Perhaps some of us do; and if they do, just do it. Come up with the legislation, and we will vote for it.

   In the meantime, we want to get the experts together to bring out all the factors that need to be considered so that we can have the most thoughtful, the best considered legislation possible.

   This is critically important. It is critically important to our economy and to our society. It is a basic American freedom, individual privacy. But let us not mess it up.

   I know that privacy is off the charts on every poll we take. I know that all the voters want us to do something about privacy. But if we are going to do it, we ought to do it right. We ought to do it in a bipartisan way. We ought not politicize it. It ought to be good, public policy that is sustainable. That is what this legislation does. That is all it does.

   We have worked on this. We have listened to everyone. I know the gentleman from California (Mr. WAXMAN), my friend and the distinguished leader will recall that, in fact, when we had hearings, the gentleman from Massachusetts (Mr. MARKEY) testified about medical records, about financial records.

   I am not sure I got an answer about the question how do we make consistent privacy regulations on medical records, on financial records, on the children's privacy protection act that was just passed. How do we bring all these together and have a consistent Federal policy? How do we get consistency among the States without preempting their right to protect their citizens? I do not know. Let us ask the experts, and that is what this commission does.

   Mr. Speaker, I rise today in strong support of H.R. 4049. I would like to thank my colleague ASA HUTCHINSON and JIM TURNER, the ranking member of the subcommittee, for their leadership and bipartisan efforts in introducing this bill.

   This legislation has been criticized by some as a proposal to slow down other privacy legislation. On the other hand, the idea of a privacy commission has been criticized by at least some in the business community out of a concern that it may lead to the enactment of overbearing legislation.

   Unfortunately, this way of thinking and operating has become a familiar pattern with a familiar result. Congress winds up doing nothing. That is really what we are talking about today. Do we engage in the same old partisan gridlock and do nothing or do we get serious about moving forward on some of the most important issues in this nation and pass this legislation.

   I respect and appreciate much of the work that colleagues and friends like ED MARKEY and JOHN LAFALCE have done on privacy issues. I agree with them that there are some privacy issues, like the protection of medical records, that Congress should immediately move to protect.

   That is why we purposely did not include any moratorium or preemption language that would prevent Congress or the states from enacting privacy legislation that may be needed before the work of this commission is done. But the reality is that there is not going to be any other privacy legislation passed this term. In the meantime, we can be doing something constructive.

   Let me repeat that: Nothing in this bill precludes Congress or the states from moving forward on privacy legislation.

   I do believe, however, that the work of the Privacy Commission will lead to better overall decisions about privacy, particularly as it relates to the Internet and electronic commerce.

   Privacy has become a major public policy issue. Last year, the state legislatures considered over 7,000 privacy bills. Approximately one out of every five bills introduced in the state legislatures was a privacy bill. The Congress currently has before it dozens of privacy bills. The federal regulatory agencies are busy on numerous privacy initiatives.

   And yet, it has been more than twenty years since the Privacy Protection Study Commission issued its landmark report in 1977. Since then, the personal computer and the Internet have transformed our economy. At the same time, they have raised and continue to raise new privacy issues that the 1977 study could not have envisioned. It is time to revisit the issues from the 1977 report as well as the broader new issues raised by the information economy. The Privacy Commission Act creates an opportunity to do just that.

   Everyone agrees that getting privacy policy right will go a long way towards fully developing the potential of the Internet and e-commerce. The extent to which this exciting new medium will continue its incredible expansion depends in large measure on balancing legitimate consumer privacy rights with basic marketplace economics. An open and supportive legal environment has helped encourage the rapid development of the Internet. Companies and consumers alike realize that Internet privacy is the one issue that must be done right.

   Americans are rightly concerned about their lack of privacy. We know and appreciate that the public worries about cookies; worries about the capture of information regarding browsing behavior; and worries about profiling. But, we don't know what the dimensions are of the real privacy threats posed by these activities and what the economic payoffs are of these activities. We certainly don't know very much yet about the impact of recently enacted privacy protection legislation, such as the Children's Online Privacy Protection Act or the privacy protections in Title V of Gramm-Leach-Bliley.

   There is a lack of consensus about whether the U.S. should move toward the establishment of some type of national privacy regulatory agency or whether the existing combination of courts, consumer protection authorities, Attorney Generals and various federal agencies provide a more than adequate privacy regulatory presence.

   There is also the troubling question of preemption. In an electronic environment where information moves across local, state, and national borders in nanoseconds, does it really make any sense to allow the location of data, sometimes the momentary location of data, to dictate the rules that apply?

   The stakes are high. As a nation, we must find a way to protect information privacy and to give our citizens confidence that they can engage in e-commerce and provide access to their personal information, knowing that the information will be used appropriately and in ways that are consistent with their understanding of the transaction.

   At the same time, we must preserve the ability of the business community to use personal information effectively to promote consumer convenience and to drive down the cost and improve the quality of goods and services; and to personalize the marketplace--in a very real sense, revolutionize the marketplace--to spur growth and to give consumers information about the goods and services which consumers wish to receive.

   The Privacy Commission created by H.R. 4049 will not answer every question to everyone's satisfaction. But, there is every reason to believe that this is exactly the right time for a Privacy Commission to look at these questions, as well as the profound changes in the underlying technology and the underlying business models that have ignited the current privacy debate. This will allow us to get to our destination with fewer mistakes and in a way that encourages the effective use of personal information while protecting privacy.

   The Privacy Commission Act is supported by The Information Technology Industry Council, The Center for Democracy and Technology, The American Electronics Association, The Information Technology Association of America, and The Association for Competitive Technology.

   I would like to thank ASA for his leadership on this issue and I urge my colleagues to support the serious study of these important issues and to vote for this important legislation.

   Mr. WAXMAN. Mr. Speaker, may I inquire how much time each side has remaining.

   The SPEAKER pro tempore (Mr. PEASE). The gentleman from California

[Page: H8568]
(Mr. WAXMAN) has 6 1/2 minutes remaining. The gentleman from California (Mr. HORN) has 50 seconds remaining.

   Mr. WAXMAN. Mr. Speaker, I yield 2 minutes to the gentleman from Louisiana (Mr. TAUZIN).

   Mr. TAUZIN. Mr. Speaker, I thank the gentleman from California (Mr. WAXMAN) very much for yielding me this time.

   Mr. Speaker, I rise in opposition to this legislation. Let me explain quickly why. First, it is important to know that this body has legislated for the past 30 years on privacy concerns. There are at least a dozen or so privacy bills that already have been passed by this body, some recently dealing with children online, some recently dealing with financial services, issues, or medical records. We continue to examine those before the Committee on Commerce and other committees of this body.

   Recently, the Chamber of Commerce put on an extraordinary function at Lansdowne, Virginia where we brought in private sector individuals and learned a great deal more about the issue. The staff, as we speak, of the Committee on Commerce is working with my staff to see if we cannot have one additional hearing before we leave Congress this year as we prepare for what the Committee on Commerce expects to do in this area next year. But the last thing we need to do, in my opinion, is to give this issue to some commission to make decisions about these critical issues.

   Let me tell my colleagues about a report that GAO just did at the request of the gentleman from Texas (Mr. ARMEY) and I. The gentleman from Texas (Mr. ARMEY) and I asked GAO to look at Federal Web sites to see how well they protected privacy and to use the FTC standard to find out which among our Federal sites were out of line.

   Do my colleagues know how many sites on the Federal Web complied with the FTC guidelines? Three percent. Fourteen percent of them had cookies. Everyone of them was gathering personal information. Only 23 percent met the test for security, which means those Web sites are open to hackers every day.

   The bottom line is the Federal Government itself does not have its act in order. Our own Federal Web sites, 3 percent only comply with the FTC. Yet, we are going to appoint a commission to tell us how the private sector should be adopting rules on privacy. No, I think that is our responsibility. I think our responsibility is, number one, number one, to get the Federal Web sites in line so that, on the Federal site where one has to give up information to the government, that information is protected properly; and then, two, for the Committee on Commerce and the legislature to come up with some good legislation for the private sector.

   Mr. WAXMAN. Mr. Speaker, I yield myself such time as I may consume.

   Mr. Speaker, along the lines of the argument just made by the gentleman from Louisiana (Mr. TAUZIN), I want to point out that a number of privacy experts, including individuals from the Electronic Privacy Information Center, Consumer Action, Privacy Times, the Privacy Rights Clearinghouse, the Free Congress Foundation, Junk Busters and others, they said: ``We oppose this bill because it is unlikely to advance privacy protections in the United States. To the contrary, if adopted, it would likely retard the progress of legislation that would result in meaningful protections for Americans.

   ``Enacting this bill would give the appearance that Congress was finally doing something about protecting Americans' right to privacy when, in fact, it was not. Such a result would be unfair to the American people.''

   I agree with the argument that the gentleman from Louisiana (Mr. TAUZIN) and others have made, and I would urge my colleagues to oppose this legislation.

   Mr. Speaker, I am glad to yield 2 minutes to the gentleman from Massachusetts (Mr. MARKEY).

   Mr. MARKEY. Mr. Speaker, I thank the gentleman from California for yielding me this time.

   Mr. Speaker, let me give my colleagues an illustration of the problem that we have right now. The gentleman from Iowa (Mr. LEACH), Republican, passed a bill earlier out of his committee that would have given additional opt-in protections for medical information. It passed out of the Committee on Banking and Financial Services 26 to 14. That was back on June 29 of this year. The bill has not been heard from since.

   It just sits over there with the leadership on the Republican side holding onto this bill even though, on a bipartisan basis, Democrats and Republicans have already come to an agreement that the financial records that include sensitive medical information should be protected with this extra level of an opt-in protection.

   In addition, I mean, we can go down the litany, the gentleman from California already went down earlier the litany of bills which have been introduced in this Congress which are still awaiting hearings, still awaiting deliberation. But it is hard for Members of Congress to reach that bipartisan consensus if no hearings are being held by the Republican leadership on these very sensitive subjects.

   And to basically subcontract out our responsibility to a commission when the American public expects us to be making those decisions ourselves, and we have the capacity to do so, while we feign ignorance, we are basically saying there is an invincible ignorance on our part, when we cannot understand these issues, when in fact the reality is that, when we act on these issues, when we move, the Republican leadership then blocks them from coming out here on the floor because the industries that are affected do not want the American people to have any additional privacy.

   That is the core issue that we are talking about here, whether or not we are going to take on those large industries who basically have a commercial stake in compromising the privacy of every single American.

   At this point in time, if we look down the litany of bills that have been before the Congress over the past year, we can say that, without question, that there can only be a zero which is given to the Republican leadership in dealing with this issue of American privacy.

   Mr. WAXMAN. Mr. Speaker, I yield 30 seconds to the gentleman from Virginia (Mr. MORAN).

   Mr. MORAN of Virginia. Mr. Speaker, I thank the very distinguished gentleman from California for yielding me this time.

   Mr. Speaker, I would ask my colleague if he is aware, I was the author of the opt-in requirement on licensing and registration of automobile vehicles, and it is working. But it was done in a bipartisan way if the gentleman will recall and we had adequate information.

   I would suggest to my colleague that if he has legislation that can pass that the authors of this bill would be more than happy to sign on to that legislation and support it.

   

[Time: 15:30]

   We just want to get something done that will work, that is constructive, and that is sustainable.

   Mr. WAXMAN. Mr. Speaker, I yield myself such time as I may consume to point out that the predecessor of the gentleman from California (Mr. HORN) of the committee that has the jurisdiction over privacy legislation, the gentleman from California (Mr. CONDIT), worked for many years on the issue of medical privacy; and, as a result, the gentleman from California (Mr. CONDIT) introduced a bill that had conservatives to liberals in the House on his legislation.

   Rather than build on that legislation and move it forward, the Republican leadership let it languish. Rather than work to resolve the issues of financial privacy, the Republican leadership in the Congress has not brought that to the floor. What the Republican leadership in the Congress has suggested we do about privacy is set up another commission. And many of us fear that setting up another commission is an excuse not to move forward. That is why, when this commission legislation was brought before the committee, we wanted a mandatory deadline to force actual action to protect people's privacy, not simply to continually study it.

   So I regret we do not have legislation on the subject, and that is why I would urge that we do not agree to this bill on suspension. I urge my colleagues to vote ``no.''

   Mr. Speaker, I have no further requests for time, and I yield back the balance of my time.

   Mr. HORN. Mr. Speaker, I yield myself such time as I may consume.

   Obviously, this is the only thing that is going to happen, and it sounds like a lot of bipartisanship that we pride ourselves on in our subcommittee, with the gentleman Texas (Mr. TURNER) and the gentlewoman from New York (Mrs. MALONEY) over the years, is somehow missing here.

   I am very sorry that the ranking Democrat on the full committee cannot go along on this. If the gentleman knew he was going to kill it, why did he not say it when we had it before the full committee instead of playing games here when we are getting near an election?

   Mr. Speaker, I yield the balance of my time to the gentleman from Arkansas (Mr. HUTCHINSON), who spent a lot of hours and weeks and months on this legislation.

   Mr. HUTCHINSON. Mr. Speaker, how much time remains?

   The SPEAKER pro tempore (Mr. PEASE). The gentleman from Arkansas (Mr. HUTCHINSON) has 30 seconds.

   Mr. HUTCHINSON. Mr. Speaker, one thing I believe we agree on is that we want to go in the same direction in protecting privacy. The bottom line here is that, for whatever reason, the bill of the gentleman from Massachusetts (Mr. MARKEY) is not moving through the Committee on Commerce.

   Please do not disappoint people who want to do something about privacy by saying we are not going to do anything this year. This is our only opportunity. I hope we can come back and do something in the Committee on Commerce, but I also hope this bill can pass this year, and I ask for my colleagues' support.

   Mr. STARK. Mr. Speaker, enactment of federal legislation to protect the medical privacy of Americans has been a subject of congressional debate for years. More recently, with passage of the financial modernization legislation last year, financial privacy has been on the minds of millions, and electronic privacy concerns are becoming a major source of friction for dot.com companies and consumers.

   Legislative solutions in these areas are not simple. Inevitably, the rules that will do the most to protect consumers cause affected businesses to object that they would be burdensome and costly. But reasonable solutions are needed, or the fears that many harbor now--that public and private entities they know nothing about are somehow gaining access without their knowledge to intimate (and sometimes damaging and embarrassing) information about them--will increasingly cause privacy-protective consumers to take extreme measures to avoid releasing as much personal information as possible. Or, they may simply decide to lie.

   Already, surveys tell us that some consumers are deciding not to seek certain medical treatments--genetic tests in particular--because they fear that the results could render them uninsurable. On the other hand, insurers insist that they have a right to seek and demand as much information as possible in order to accurately determine risk and premiums.

   Legislation is urgently needed to set boundaries and rules that are fair, reasonable, broad and balanced. There are many such bills that are pending in this Congress that would do much to advance the privacy agenda. Regrettably, they have been bottled up in committee. Among these bills are:

   H.R. 4380, a bill developed by the administration and introduced by Representative JOHN LAFALCE (D-NY). The legislation would inform and empower consumers in the area of financial privacy by giving them the choice of saying ``yes'' or ``no'' before any disclosure of their medical information that is gathered by financial institutions (which include insurers). It would also allow consumers who chose to take the initiative to stop the transfer of other personal financial information that would otherwise take place.

   H.R. 4585, introduced by Representative JIM LEACH (R-Iowa) would also enhance financial privacy protections by giving consumers an affirmative ``opt in'' choice before their medical information could be shared by financial institutions. The bill also features a federal private right of action. It was marked up by the House Banking Committee on June 29, where it was approved 26-14.

   H.R. 1941, introduced by Representative GARY CONDIT (D-Calif.) would give consumers control over the use and disclosure of their medical records, and private health plans, physicians, insurers, employers, and others clear rules for how medical records should be handled. Consumers whose privacy was violated would have legal redress through a private right of action.

   H.R. 4611, introduced by Representative EDWARD MARKEY (D-Mass.) features the administration's proposals to strengthen privacy protections for use of Social Security numbers.

   H.R. 3321, introduced by Representative MARKEY and Representative BILL LUTHER (D-Minn.) would provide comprehensive privacy protections on the Internet.

   H.R. 4857, introduced by Representative CLAY SHAW (R-Fla.) and JERRY KLECZKA (D-Wisc.) was approved last week by the House Ways and Means Committee, and aims to curb identity theft with new rules restricting abuse of Social Security numbers. No floor action on the bill has yet been scheduled.

   By comparison, the bill on today's suspension calendar, the Privacy Commission Act (H.R. 4049) offers no solutions. Instead, it calls for a 17-member commission to spend 18 months and $5 million to figure out what to do. There is nothing inherently wrong with studying privacy. But the majority party, in putting only this legislation on the floor during the 106th Congress, misses the main point, which is that we need to be legislating--not sitting on our hands and waiting for input from a commission that may or may not provide additional worthwhile insights on crafting sound privacy policy in 2002.

   Nor do we need a commission to second-guess the medical privacy regulations that will soon be issued by the Department of Health and Human Services. There are some in the health industry who are hoping a commission will call for further delay in the date on when the HHS regulations take effect, and who will use the commission to raise hypothetical concerns about their workability and cost. Yet the regulations are already subject to a 2-year implementation timeline, giving stakeholders a long lead-time to prepare and put in place some initial necessary safeguards to protect consumers' medical records from misuse and abuse.

   I urge my colleagues to raise their voices in support of real privacy legislation that will provide comprehensive medical, financial, and Internet protections for all Americans.

   Mr. DAVIS of Virginia. Mr. Speaker, I rise today in support of H.R. 4049, the Privacy Commission Act. I am proud to be an original sponsor of this bill, which would be a significant step forward toward creating a comprehensive framework for the protection of personal privacy.

   The Privacy Commission would be unique in Congress because of its comprehensive approach to dealing with the growing concern Americans have regarding the protection of their personal privacy--whether that be online privacy, identity theft, or the protection of health, medical, financial, and governmental records. The Commission would be charged with investigating the problem of protecting personal privacy in a broad-based fashion, across-the-industry spectrum. After an extensive 18 month investigation, the commission will then be required to recommend whether additional legislation is necessary, what specific proposals would be effective, and proposals for non-governmental privacy protection efforts as well.

   This bipartisan commission would be comprised of 17 members representing experts of various industries and organizations whose work impacts individual's personal privacy. Specifically, the commission would be representing federal, state, and local governments; business and industry groups; academics; consumer groups; financial services groups; public policy and advocacy groups; medical groups; civil liberties experts; and the media, though it is not limited to just these areas.

   Mr. Speaker, in these times of rapidly changing technology, people are uncertain and fearful about who has access to their personal information and how that information is being used. The Privacy Commission would examine the entire spectrum of privacy issues and find solutions that will aggressively protect these growing concerns. I urge all my colleagues to vote in support of the Privacy Commission Act.

   Ms. SLAUGHTER. Mr. Speaker, I rise in opposition to H.R. 4049, the Privacy Commission Act.

   As my colleagues know, this legislation would establish a commission to study various aspects of privacy--financial, medical, electronic, and so on--and make recommendations to Congress. The 15 commission members would have 18 months to complete their work.

   My objections to this bill have little to do with its actual substance. If the majority prefers to study an issue rather than act upon it, they are welcome to do so. I am deeply disturbed, however, that they would deny those of us who wish to act the opportunity to offer amendments.

   In many cases, we know privacy does not exist, and we know how to provide the protections that American consumers are demanding. Just last week, the Institute for Health Freedom released a Gallup survey finding that 78 percent of those polled considered it very important that their medical records be kept

[Page: H8570]
confidential. Individuals are particularly concerned about their genetic privacy. Genetic information is perhaps the most personal information that can be learned about an individual, and can have enormous ramifications for their future. As a result, Americans are especially worried that their genetic information could fall into the wrong hands and be used to undermine, rather than advance, their best interests.

   I am proud to sponsor H.R. 2457, the Genetic Nondiscrimination in Health Insurance and Employment Act. As its title states, this legislation would prevent insurers and employers from using genetic information to discriminate against individuals. The bill has the support of dozens of organizations, as well as over 130 bipartisan cosponsors. It was developed with the review and input of all the stakeholders, including consumers, health care professionals, and providers. H.R. 2457 has been enthusiastically endorsed by the administration, and the President has called repeatedly for its passage.

   Nevertheless, this legislation languishes in committee without so much as a hearing. The majority has buried this reasonable, responsible, timely legislation in favor of establishing a commission that will, in this case, simply tell us what we already know.

   I have traveled all over the nation to discuss genetic discrimination issues. At every turn, I am approached by individuals who tell me that they would like to take a genetic test, but have decided not to do so because they are afraid the results will be obtained by their insurer or employer. I am contacted by doctors who say that their relationships with their patients are being damaged because patients are afraid to have notes about a genetic disorder in their medical records. I receive calls and letters from researchers who tell me that it is getting more difficult every year to recruit participants in genetic research.

   Congress has already waited too long to act on this issue. We cannot waste any more time by deferring to a commission that will not report for a year and a half. I urge my colleagues to vote against H.R. 4049, and to call for its consideration under regular order.

   Mr. DINGELL. Mr. Speaker, I rise in opposition to H.R. 4049, the ``Privacy Commission Act.''

   We don't need a commission to study consumer privacy rights. Consumers either have the right to determine how personal information they gave others will be used, or they don't. In my view, consumers deserve this right. Spending 18 months studying privacy and $5 million of the taxpayers money will not bring us any closer to deciding this fundamental issue. Only Members of the Congress, not members of a study commission, can decide whether to protect consumer privacy.

   What consumers are demanding is a simple and clear statement from Congress that banks, insurance companies, securities firms, HMO's, and other entities cannot disseminate or use personal information in ways the consumer has not approved. That's not a complicated concept, although many who don't want to protect consumer privacy will maintain that it is. One hundred and thirty-eight of our colleagues are cosponsors of one such bill that we should have the opportunity to consider either as an amendment to the bill before us or on its own.

   That legislation, H.R. 2457, is sponsored by our colleague, Mrs. SLAUGHTER, and prohibits genetic discrimination in determining eligibility for health insurance and employment. Polls show that more than 80 percent of those surveyed are afraid that genetic information could be used against them. One hundred and seventy-eight of our colleagues have signed a discharge petition to bring this matter to the floor for a vote. Outside medical professional groups, including the Director of the National Human Genome Research Institute, support the bill. The administration strongly support it, and the platforms of both major national parties include planks that call for legislation like H.R. 2457.

   Clearly, Members are ready to act on genetic privacy, yet the Republican House leadership says we can't. The chairman of the Commerce Committee has repeatedly rejected requests from Democratic Members to let the committee act on this important legislation. In fact, Republican leadership won't even permit an amendment prohibiting genetic discrimination to be offered to the matter before us.

   That's just plain wrong, and the Republican majority should not be allowed to cite passage of this meaningless commission bill as evidence that they have concerns for consumer privacy. If they truly were concerned about consumer privacy we'd be considering Mrs. SLAUGHTER's bill, or others like it that are intended to legally protect consumer privacy, not just study it. At the very least, Members should have the right to amend this bill with proposals that provide consumers real and needed protection.

   Mr. Speaker, I urge my colleagues to vote ``no'' on H.R. 4049.

   Mr. WATTS of Oklahoma. Mr. Speaker today I rise in support of H.R. 4049, the Privacy Commission Act. I commend the gentleman from Arkansas, Mr. HUTCHINSON, on this fine piece of legislation.

   Mr. Speaker, as we enter into this new millennium, the Internet has taken the American economy to unseen levels of prosperity. The Internet has contributed to a stock market which has reached unimaginable highs.

   However, with this amazing new medium, we must be cautious of the privacy of individuals. The Internet, this storehouse of financial, personal and medical information can be easily abused and unjustly destroy people's credit, reputation and security. America's families have a right to be concerned.'' This Congress must take steps to assure families that their privacy will be protected in the modern age.

   This piece of legislation will create a bipartisan committee to study privacy and its protection. Mr. Speaker this legislation will take monumental steps in protecting individual privacy in the 21st Century. This commission will spend 18 months discussing the question of privacy, and find the answers to these questions.

   Mr. Speaker, I support this important piece of legislation and urge my colleagues to vote yes on H.R. 4049, the Privacy Commission Act.

   The SPEAKER pro tempore. The question is on the motion offered by the gentleman from California (Mr. HORN) that the House suspend the rules and pass the bill, H.R. 4049, as amended.

   The question was taken.

   Mr. WAXMAN. Mr. Speaker, on that I demand the yeas and nays.

   The yeas and nays were ordered.

   The SPEAKER pro tempore. Pursuant to clause 8, rule XX and the Chair's prior announcement, further proceedings on this motion will be postponed.

END