There was an interesting short piece published on CNET News today, "Tech titans lobby for national consumer privacy laws." Basically the tech giants are pushing for a single unified privacy law to apply to all businesses. Gee, makes sense, doesn’t it? Too bad congress has been creating hodge-podge data protection (privacy) legislation for the past couple of decades. Well, it’s better than not having anything.
The meeting took place today with a group from the U.S. House of Representatives, the Subcommittee on Consumer Protection.
Well…the news item whetted my curiosity whistle…but I like to go to the source for the full details. The meeting is currently available via a webcast but (RATS!) not yet the full transcript. Arrggghhh…it is too late in the evening for me to listen to all of this…something to add to my to-do list for tomorrow.
The Witness List & Prepared Testimony came from Meg Whitman, President and CEO, eBay Inc, Dr. Thomas M. Lenard Ph.D., Senior Vice President for Research, The Progress & Freedom Foundation, Peter Swire , Professor, C. William O’Neill Professor of Law Moritz College of Law, The Ohio State University, Scott Taylor, Chief Privacy Officer, Hewlett-Packard Company, Evan Hendricks, Editor/Publisher, Privacy Times.
Their prepared statement, quite short, is also endorsed by Google, Microsoft and several other tech leaders, and pushes for a:
"comprehensive harmonized federal privacy legislation to create a simplified, uniform but flexible legal framework. The legislation should provide protection for consumers from inappropriate collection and misuse of their personal information and also enable legitimate businesses to use information to promote economic and social value. In principle, such legislation would address businesses collecting personal information from consumers in a transparent manner with appropriate notice; providing consumers with meaningful choice regarding the use and disclosure of that information; allowing consumers reasonable access to personal information they have provided; and protecting such information from misuse or unauthorized access. Because a national standard would preempt state laws, a robust framework is warranted."
Such a law truly would start to coincide with all the non-U.S. data protection laws currently in effect. Harmonization is a great idea, and I urge companies to use that concept with their compliance efforts. There are many commonalities and overlaps among existing laws, both U.S. and non-U.S. It would be interesting to see how such a comprehensive law would impact the existing U.S. laws…or vice versa.
One of the subcommittee members, Cliff Stearns (or Joe Barton; it’s hard to tell the way the document is labelled) appears to support such legislation.
This will be something to keep an eye on…hopefully this is not just activity coming at a time to placate the public’s concerns with the glut of privacy/security incidents occurring in the past couple of years. Both businesses and the public need a strong data protection law to help provide security and privacy, as well as provide a legal framework around which organizations can build strong privacy/security programs. Will congress be brave enough to pass such a strong law with teeth and no loopholes? Time will tell. At least one eye will keep on this issue…
Technorati Tags
information security
IT compliance
corporate governance
awareness and training
government
data protection law
privacy law
privacy