In the interest of enhancing consumer privacy, a bill to "require owners of Internet websites to destroy obsolete data containing personal information" has been introduced in the US House of Representatives.
Great news! Right? Well, maybe not. This act, entitled the "Eliminate Warehousing of Consumer Internet Data Act of 2006", is a poorly-thought out attempt to manage personal privacy issues. The core of the bill is as follows:
An owner of an Internet website shall destroy, within a reasonable period of time, any data containing personal information if the information is no longer necessary for the purpose for which it was collected or any other legitimate business purpose, or there are no pending requests or orders for access to such information pursuant to a court order.
So what exactly does this bill say? First, the phrase "within a reasonable period of time". This complete lack of definition of any time framework is an obvious flaw; although relatively minor. Second, "if the information is no longer necessary for the purpose for which it was collected or any other legitimate business purpose" (emphasis added). Now, if there’s anything open-ended in the world, this is it. "For the purpose for which it was collected". Well, I collected your information for the purpose of maintaining a permanent database of customers and their transactions with my business. Oh! That’s not covered by this law, then. My not-yet-outlawed-but-hopefully-will-be business is sending spam – I need these emails as a legitimate means to conduct my business. Really? Oh, well, I guess that’s not covered either.
This is not the most elegant argument against the value of this bill – but I hope the point is conveyed. The bill, by leaving the purposes for keeping personal information so incredibly vague, is rendered practically useless.
Edit: read the full bill (PDF).