Daniel Solove and Chris Hoofnagle have published a paper entitled A Model Regime of Privacy Protection. The paper outlines patches that could be applied to current US law to increase privacy protection. In the paper, Solove and Hoofnagle build the model regime around Fair Use Practices, a set of very general principles:
- There must be no personal data record-keeping system whose very existence is secret.
- There must be a way for an individual to find out what information about him is in a record and how it is used.
- There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
- There must be a way for an individual to correct or amend a record of identifiable information about him.
- Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precaution to prevent misuse of the data.
From these principles, they recommend specific changes to US law and then show how those changes would apply to ChoicePoint and other data brokers. I'd love to see an analysis of how the regime presented by Solve and Hoofnagle reinforce or are congruent with Kim Cameron's seven laws.