“View from the Hill”

The 110th Session of Congress Convenes in Washington

When the 110th Congress convened in January it did so with a new look – a Democratic majority in the House and Senate – but with many longstanding challenges.

With Democratic control of Congress for the first time since 1994, Speaker Nancy Pelosi (D-CA) and Majority Leader Steny Hoyer (D-MD), along with their Senate counterparts Majority Leader Harry Reid (D-NV) and Assistant Majority Leader Dick Durbin (D-IL), were eager to enact a series of Democratic initiatives – starting with a "100-hour legislative plan” that included the minimum wage, Medicare prescription drug price negotiations, 9/11 Commission recommendations, port security funding, embryonic stem cell research, interest rates for college student loans and repeal of tax credits for energy companies.

The House passed all of these initiatives, which now await action in the Senate, where passage is far less certain and will consume weeks – if not months – of debate. 

Additionally, the House and Senate have spent time discussing congressional ethics and lobbying reform. While the final rules are still working their way through Congress, specific proposals include (among many others) a ban on gifts and sponsored trips for members of Congress and staff, earmark reforms designed to ensure transparency of the project’s sponsor in appropriations bills and the disclosure of grassroots lobbying registrations.

Congressional Democrats have also promised to dramatically increase congressional oversight of executive branch activities and will likely initiate a number of investigations – on such issues as pre-war intelligence in Iraq or Hurricane Katrina preparation and cleanup.

After this initial burst of activity, however, Congress faces several challenges in the coming session on such inflammatory issues as the Iraq War and tax cuts. Another major hurdle for the incoming Congress will be the completion of domestic funding bills.

In light of these challenges, particularly fights over the budget and Iraq, it could be difficult for Congress to accomplish much this year.  Nevertheless, after so many years in the minority, Democrats are under pressure to prove that they can enact their agenda and govern. Likewise, Republicans are already preparing for the 2008 elections and cannot afford to look like obstructionists.

Feds, Several States Mull Regulation of ‘Robo-Calls’  

During the 2006 election season, many registered voters received pre-recorded calls supporting or opposing candidates, parties and ballot initiatives. Some of the people who received these calls logged complaints with everyone from the candidates themselves to the Federal Communications Commission. As a result of the outrage heard from voters, bills prohibiting automated and pre-recorded calls (sometimes referred to as “robo calls”) have sprung up on both the state and federal levels. As of January 2007, about one month into the 2007 legislative session, there were already sixteen bills in seven different states addressing automated calls.

These bills generally seek to regulate one of two kinds of robo calls: political or non-political. Missouri is the most active state in this area, having introduced two bills concerning politically oriented robo calls, and four other bills concerning automated calls regardless of the content of the message. Most of the “content-neutral” bills would amend the “do-not-call” regulations of their respective states to prohibit all calls made through the use of automated dialing and announcing devices (“ADADs”) to numbers on the do-not-call registries, while others put conditions on the use of “ADADs.”

One problem with these proposed rules is that the states do not use a uniform definition of “automated dialing announcing devices.” For example, the state of Washington defines an ADAD as a “device that automatically dials telephone numbers and plays a recorded message when connected,” while in Missouri and Virginia, ADAD means any device or system of devices which is used, whether alone or in conjunction with other equipment, for the purposes of automatically selecting or dialing telephone numbers and disseminating recorded messages to the numbers so selected or dialed. Further complicating this issue are other states that include within their definitions of an ADAD devices that “have the capability” of selecting and dialing telephone numbers and delivering a recorded message, even if those features are not actually utilized when making a call. This diversity among applicable definitions has led to a situation in which devices are subject to ADAD laws in some states, but not in others.

The legislation regulating political calls made with ADADs is split between bills which would amend states’ DNC laws to prohibit these types of calls to numbers on the do-not-call registries, and legislation that would amend the states’ definition of telemarketing or telephone solicitation to include political calls made using ADADs. The states in which these bills have been introduced generally use the same definition of a political call: any call, the purpose of which is to promote, advertise, campaign for or against, or solicit donations on behalf of any political candidate or political issue. Once again, however, it is the definition of ADAD that could cause problems. In Texas, ADAD means “equipment used for telephone solicitation or collection that can store numbers to be called or produce numbers to be called through use of a random or sequential number generator and convey, either alone or with other equipment, a prerecorded or synthesized voice message to the number called without the use of a live operator”. This is a much more restrictive definition than the definition utilized in Florida (“automated system for the selection or dialing of telephone numbers or the playing of a recorded message when a connection is completed to a number called”) and Georgia (“a device that whether alone or with other equipment, automatically selects and dials telephone numbers and disseminates pre-recorded messages”). As with bills that regulate robo calls without regard to the calls’ message, this diversity in defining an ADAD has led to confusion among entities attempting to comply with different states’ laws.

On the Federal level, House Bills 248 and 372 would require the Federal Trade Commission to revise the do-not-call registry provisions of the Telemarketing Sales Rule to prohibit politically-oriented recorded message telephone calls to telephone numbers listed on the registry. The Bill defines “politically-oriented recorded message telephone calls” as calls in which “a person is not available to speak with the person answering the call, and the call instead plays a recorded message; and whose purpose is to promote, advertise, campaign, or solicit donations, for or against any political candidate or regarding any political issue, or uses in the recorded message any political candidate's name.” House Bill 479 would require the same action by the FTC, however, it utilizes a different definition of politically oriented telephone call: “‘politically-oriented telephone call’ means any outbound telephone call whose purpose is to promote, advertise, campaign for, or solicit donations for or against any political candidate.” None of the bills on the federal level have progressed out of committee yet, so it is difficult to say with any degree of certainty whether a bill regulating robo calls or ADADs will pass during this legislative session.

CASRO will continue to monitor the process of these bills and any other legislation introduced during this legislative session and will provide updates through the legislative tracking reports, which can be found on CASRO’s website.

House Bill Seeks to Eliminate ‘Push Polls’

A bipartisan group of House lawmakers introduced in early March a bill designed to prevent push polls, reports Matthew Murray of Roll Call. But before the bill can advance, there remains much to debate, including the definition of what constitutes such a poll and the severity of restrictions and penalties.
Politicians are motivated to curb so-called push polling, which they claim habitually includes negative questions designed to tarnish the image of candidates and elected officials. These polls are considered devices used by rival campaigns and political causes to increase the negativity scores of politicians.

According to Murray’s article, The Push Poll Disclosure Act, introduced by Rep. Tom Petri (R-Wis.) on March 1 and now pending before the House Administration Committee, would require some pollsters in federal elections to disclose their identities to the survey respondents. Those conducting polls whose results are not being made public would be required to disclose the poll’s price tag and its sponsor to the Federal Election Commission (FEC).

The idea behind the bill is to make it easier for the FEC to police companies that are running push polls. Reps. Jeff Fortenberry (R-Neb.), Tim Holden (D-Pa.), Ron Kind (D-Wis.), Carolyn Maloney (D-N.Y.), Christopher Shays (R-Conn.) and John Shimkus (R-Ill.) co-sponsored the bill. The question now at hand is: “How are you going to differentiate a legitimate poll from a push poll?” As Murray notes in his article, “One man’s legitimate telephone survey that asks tough questions about a candidate can be another’s push poll.”

Rep. Tom Petri (R-Wis.)

Another potential point of contention will be the exact number of households a pollster may call while still remaining anonymous. While most agree 1,200 is sufficient, survey pools can run over. When they do, and polling firms are required to supply their names, their cover is blown — and so, too, may be the poll’s effectiveness.

“I’d want to be sure that [any final bill] would not clip legitimate survey research,” said Republican pollster Whit Ayers in Murray’s article. “Once you disclose the sponsor of a legitimate survey, objectivity goes out the window.”

Also to be debated are the severity of penalties. Some lawmakers want to limit punishment to FEC fines, while others see the need for felony charges and the threat of imprisonment.

Politicians indicate that they intend to involve mainstream pollsters in the committee process to make sure restrictions do not cut into the firms’ bottom lines.

CASRO GPA will be weighing in on this proposed legislation to ensure that the definition of “push polling” or, more accurately, political telemarketing, is clearly targeted and does not inadvertently envelop legitimate political research.

Data Security Legislation Expected to Move Again in 110th Congress

With the recent theft of credit and debit card information of millions of customers from the TJX Company and an increasing number of states writing their own legislation to address privacy and data security breaches, federal privacy/data security legislation will undoubtedly again be considered in the 110th Congress.  Progress was being made in the last Congress as House and Senate committees passed various versions of the bill and the committees were beginning to work out their jurisdictional differences.  Unfortunately, the pending November elections shifted the political focus to passage of homeland and port security legislation, and privacy/data security legislation was shelved until now. 

CASRO is asking to be regulated by the bill because a uniform federal law would preempt its member companies from the litany of state laws on the books or currently under consideration.  Each state has a different definition of PII, which forces CASRO member companies to meet different standards depending on where the information is being collected and thereby makes accurate sampling and reporting very difficult.  State laws and state proposals for new laws not only differ on the definition of PII, but also on the extent of notification required in the event of a breach, as well as the potential restrictions on the transferability of data (even between different divisions of the same company). 

Since the start of the 2005 legislative session, approximately 30 state laws regulating personal information have been signed into law, and 46 states have introduced legislation concerning personal information and security breaches. The vast number of bills has resulted in a patchwork of enacted laws, with requirements varying from state to state.

The good news is that there appears to be a general consensus in Congress to create a uniform, federal data protection standard.  The bad news is that jurisdictional battles in Congress continue to loom ahead.  In the new Congress, privacy/data security legislation must be rewritten and reintroduced.  It is possible that while crafting the bill’s language, tensions may subside between staff in both the House and the Senate now that Democrats control both chambers. 

In the House, it remains to be seen if incoming Energy & Commerce Chairman John Dingell (D-MI) and Financial Services Chairman Barney Frank (D-MA) can resolve past differences of each of their Committee’s versions of privacy/data security legislation.  Although they are in the same party, it is possible that they may not be able to come to a consensus any better than their Republican predecessors, former Energy & Commerce Chair Joe Barton (R-TX) and former Financial Services Chair Mike Oxley (R-OH).  House Judiciary Chairman John Conyers (D-MI) may also wish to put his Committee’s stamp on the issue.
	John Dingell (D-MI)	Barney Frank (D-MA)

Democrats in both Energy & Commerce and Financial Services seem to agree on the importance of including language establishing a credit freeze process and the potential for attorney general enforcement.  Chairman Dingell is likely to use Energy & Commerce’s bipartisan legislation from 2006 as a base for advancing legislation in this arena and the bill is likely to include enhancements to further protect consumers through notification requirements if their security is breached.  Chairman Frank has indicated that data security legislation will be a priority for his Committee, and is expected to move a bill that looks very much like last year's Financial Services bill, that would create a federal floor with the right of states to pass tougher laws with regards to federal preemption.  He is also strongly supportive of a credit freeze provision. 

On the other side of the Capitol, the Senate has indicated an intent to legislate.  However, it is possible that it too will experience a similar jurisdictional quagmire.  The Senate Commerce, Science and Transportation Committee and the Senate Judiciary Committee both advanced privacy/data security legislation in the last Congress, and the financial services industry continues to strongly urge the Senate Banking Committee to advance the issue (Senator Robert Bennett introduced a bill last year but it was never acted upon).  As such, it will be worth watching what kind of Committee hearings incoming Senate Commerce Chairman Daniel Inouye (D-HI), Judiciary Chairman Patrick Leahy (D-VT) and Banking Chairman Christopher Dodd (D-CT) announce to protect our nation’s citizens from data security breaches.

The media placed a great deal of focus on the missing laptop computer that was stolen from the home of a Veterans Affairs employee earlier this year, resulting in the disclosure of personal information of over 26.5 million of our nation’s veterans and military personnel.  It is inevitable that, with the continuing body of press coverage on high profile data breaches and the staggering statistics of Americans affected, Congress will revisit privacy and data security legislation in the 110th Congress.   

The U.S. Survey Research Industry's Successful History of Self-Regulation:
Can It Be Duplicated Globally?

The U.S. survey research industry has been free from external regulation in large measure because it has been successful in regulating itself.  The industry’s formula for success: blend equal shares of the natural “protectiveness” of the research process with the mandatory CASRO standards that ensure those protections; mix in an open environment that promotes creativity along with professionalism.  The result of this strong self-regulatory platform is that government has not imposed restrictive regulations on research, and has even protected the industry from some abuses of the research process.  In turn, the U.S. research industry has proactively supported government regulations that protect personal privacy and freedom from harassment. A new initiative, “Responsible Research Regulation,” launched by ESOMAR at WIN (World Industry Network), hopes to promote and improve industry self-regulation on a global scale.

This initiative’s first step was to gather information on self-regulatory practices in the research industry from countries around the globe. Over half of the 25 countries that responded to the survey have enforceable codes of conduct.  The survey showed that there are differences among the systems and levels of self-regulation in these countries.  A first meeting to present the survey results led to additional discussion about the possibility of forming an independent global entity to handle complaints about research pretenders, poor quality research, or unprofessional research.  This idea of a global disciplinary bureau poses many questions, particularly if such a body publicized its proceedings, that will need to be addressed and discussed. Setting that idea aside, however, the initial goal of building a framework of information and models of “Responsible Research Regulation” is a good one, and CASRO will continue to be involved with this effort.

In the next issue of PA, we will explore the idea of a global disciplinary bureau— What do you think of this concept? Would it work in the U.S.? Is it needed in the U.S.?  Please weigh in with your thoughts and opinions, by contacting Diane Bowers at dbowers@casro.org.

Cost of a Data Breach Rises

The “2006 Cost of a Data Breach Study” details the financial impact of data loss incidents on affected companies.  Initiated in 2005, the study examines all financial consequences of data breaches involving consumers’ personally identifiable information.  According to the Privacy Rights Clearinghouse, more than 330 data loss incidents involving more than 93 million individual records have occurred since February of 2005.

According to the study’s 2006 findings, data breaches cost companies an average of $182 per compromised record, a 31 percent increase over 2005.  The Ponemon Institute analyzed 31 different incidents for the study.  Total costs for each ranged from less than $1 million to more than $22 million.

The Study tracks a wide range of cost factors, including legal, investigative, and administrative expenses, as well as stock performance, customer defections, opportunity loss, reputation management, and costs associated with customer supports such as informational hotlines and credit monitoring subscriptions.

Customer turnover is extrapolated for those individuals who are breach victims, or those who were sent notification that their personal data was lost or stolen during the past year. Estimates of turnover range from zero (an organization in business services) to over 7% (a financial software company). The average estimated turnover rate in this year’s study is 2.01%.  In 2005 the average turnover rate was 2.6% (a decrease by .5%).  The approximate size of the breach event ranges from less than 2,500 to over 160,000 people.

This finding suggests that turnover or churn is situation specific, perhaps relating to the nature of the breach, quality of communications and harms resulting from data loss.  While the sample is too small to determine Industry effects, it is likely that organizational “type” plays a crucial role in customer churn rates. For a copy of the “2006 Cost of a Data Breach Study”, please send your request to research@ponemon.org.

New Government and Public Affairs Committee Chairman Determined To Keep CASRO at Forefront of Privacy Issue

Larry Ponemon, chairman and founder of the Ponemon Institute, and the newly appointed chairman of CASRO’s Government and Public Affairs Committee, is busy working with Frank Craddock and Carl Bentzel of Washington, D.C.-based lobby firm DCI Group on keeping abreast of privacy legislation in the new Congress. As you have read in the above Congress reports, progress appears to be close at hand. Larry is determined to be a strong advocate for the survey research industry on this issue and others, working together with fellow committee members: Duane L. Berlin, Esq., CASRO General Counsel (Lev & Berlin, P.C.), Eileen A. Campbell, CASRO Board Chair (Millward Brown, Inc.), Chet Zalesky, CASRO Chair-Elect (CMI), Diane K. Bowers, CASRO President, Eric Darmofal, Esq. (Lev & Berlin, P.C.), Richard Day (Richard Day Research), Ed Matricardi (DCI Group), Peter Milla (Survey Sampling International, L.L.C.), Bob Moore (Moore Information), Stuart Pardau (J.D. Power & Associates), John P. Rupp, Esq. (Covington & Burling) and Paul Talmey (Talmey-Drake Research & Strategy).

If you have a legislative issue you'd like to discuss with Larry, contact him at: larry@ponemon.org