In a slight deviation from its market-forces-are-good-enough mantra, the US Federal Trade Commission has just established what it calls the Federal Trade Commission Advisory Committee on Online Access and Security. The Committee will advise the FTC on information security practices employed by Web sites. The Committee will "[consider] the parameters of reasonable access to personal information and adequate security to protect such information, and [prepare] a written report presenting options for implementation of these fair information practices and the costs and benefits of each option," an FTC press release says. Issues to be tackled include whether the level of access provided by Web sites should vary with the sensitivity of the personal information collected; whether consumers should be provided access to enhancements to personal information (e.g., inferences about their purchasing habits); methods for verifying the identity of individuals seeking access; whether a fee may be charged for access; and whether limits could be placed on the frequency of requests for access, and if so, what those limits should be. The Committee will also consider standards for evaluating the measures taken by Web sites to protect the security of personal information; what might constitute reasonable steps to assure the integrity and accuracy of such information; and what measures should be undertaken to protect such information from unauthorised use or disclosure. The decision to examine a regulatory initiative follows many months of debate within the FTC, during which the option to let business regulate itself has predominated. Much of the FTC's patience with self-regulation has been predicated on the expectation that businesses will look after privacy concerns with some diligence, recognising privacy as a natural and necessary lubricant of e-commerce. Numerous studies have indicated that overall, e-commerce is failing to offer adequate privacy protection to customers and Web site visitors, preferring to do only as much as it is forced to do. With that in mind, the FTC may be preparing to mandate what common sense and enlightened self-interest ought to encourage. ®