News & Insights  |  Newsletters

Commerce Proposes a "Privacy Bill of Rights"

January 2011

On December 16, 2010, the U.S. Department of Commerce released a preliminary report, or "Green Paper," from its Internet Policy Task Force (IPTF) entitled, "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework."  Commerce Secretary Gary Locke stressed that "self-regulation is not enough," and added that "today's report is a road map for considering a new framework that is good for consumers and businesses."  Federal Trade Commission (FTC) Chairman Jon Leibowitz declared the Green Paper to be a "welcome addition to the ongoing dialog about protecting consumers' privacy."  Comments addressing the report and specified questions are due by January 28, 2011.

The report makes several recommendations for addressing technological, legal and policy issues affecting privacy.  These recommendations fall into four main categories:

1.     Enhance consumer trust online through the recognition of enhanced fair information practice principles (FIPP).

Enhanced FIPPs, recognized by the U.S. government, would improve the clarity, consistency and transparency of online privacy policies in the United States and increase consumer trust in the industry.

2.    Develop voluntary, enforceable codes of conduct for specific industries.  

Multi-stakeholder groups from individual industries should come together to develop meaningful and enforceable privacy codes of conduct tailored to their specific industries to supplement the baseline FIPPs.  Moreover, the report recommends the establishment of a Privacy Policy Office within the Department of Commerce that would act as a center of privacy policy expertise, a convener of diverse public and private stakeholders, and a liaison with the FTC.  The proposed Privacy Policy Office would also help develop and oversee uniform commercial privacy policies as needed.

3.      Encourage global interoperability. 

The report highlights the importance of working with other governments and foreign trading partners to find practical means of reducing the friction between disparate privacy policies and ensuring the smooth and secure flow of data across national borders.

4.      Ensure nationally consistent security breach rules. 

The report recommends the implementation of a federal security breach notification law to harmonize the disparate state laws addressing this subject.  According to the IPTF, a federal approach to security breach legislation would provide clarity for consumers and reduce costs for businesses by facilitating the smooth implementation of national data management strategies.

While the Commerce Department would seemingly prefer private industry to self-regulate in a meaningful way, if private stakeholders fail to act on their own, the report implies that government may need to step in and impose more stringent mandatory commercial privacy standards.  Consequently, interested parties may wish to examine the questions posed by the IPTF and consider providing comments to ensure that the Commerce Department can consider their concerns in developing its future substantive actions related to commercial data privacy.