If you ask a roomful of 100 people whether they care about online privacy, 80 people will raise their hands, he says. If you ask the same roomful of people if they are willing to donate a DNA sample in exchange for a free Big Mac, 80 people will raise their hands.

As long as the DNA samples are used in aggregate for research, the donors won’t mind, Hill continues. But when their HMO calls and cancels coverage because of a genetic problem, they’ll be furious because their personal information was sold without their approval.

Therein lies the dilemma for policymakers. On one hand, Internet users are concerned about protecting their privacy while online. On the other, consumers are quick to give up their right to privacy in exchange for discounts, freebies or any perceived personal gain.

That’s why lawmakers will tread carefully on the Internet privacy issue when the 107th Congress convenes in January. Experts predict that the next Congress will pass online privacy legislation, which will likely be an opt-out system favored by Internet businesses rather than an opt-in system recommended by consumer groups.

Momentum seems to be building for opt-out legislation that mandates notice and choice. Under this type of legislation, companies must notify consumers about what personal information they are collecting and how they’ll use that information. They also must give consumers the choice to opt out of data collection. Such legislation will likely include stiff penalties and strong enforcement.

Opt-in legislation, on the other hand, would require Web site operators to get permission from consumers before gathering information about them online. Privacy advocates favor opt-in legislation based on inviolable consumer privacy rights.

Congress has passed notice-and-choice legislation for financial institutions, known as the Gramm-Leach-Bliley Act. Similar legislation for the healthcare industry is pending in both houses of Congress.

For corporate IT managers, the challenge is to put a technical solution in place now that is nimble enough to adjust after privacy legislation passes. At a minimum, your Web site should support notice and choice. You also should start thinking about what systems and processes are required for an opt-in system.

As difficult as this chore may seem, you should keep your fingers crossed that the 107th Congress does address online privacy.

That’s because it’ll be much easier for you to deal with one federal online privacy law than a patchwork of 50 different state laws.

Online privacy legislation is coming. Smart IT managers will be ready for it.

• Handicapping the top guys at WorldCom, AT&T, Sprint
• Your worst security nightmare
• Microsoft will be king of the court
• MSP: More than another acronym
• No more dreamin' about streamin'

Contact Senior Editor Carolyn Duffy Marsan

Other recent articles by Marsan

Reaction: Here's what some Fusion users are saying about this article: What do you think? Add your comments to the thread

Send this article to a colleague