Commerce Proposes a "Privacy Bill of Rights"
On December 16, 2010, the U.S. Department of Commerce released a preliminary report, or "Green Paper," from its Internet Policy Task Force (IPTF) entitled, "Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework." Commerce Secretary Gary Locke stressed that "self-regulation is not enough," and added that "today's report is a road map for considering a new framework that is good for consumers and businesses." Federal Trade Commission (FTC) Chairman Jon Leibowitz declared the Green Paper to be a "welcome addition to the ongoing dialog about protecting consumers' privacy." Comments addressing the report and specified questions are due by January 28, 2011.
The report makes several recommendations for addressing technological, legal and policy issues affecting privacy. These recommendations fall into four main categories:
1. Enhance consumer trust online through the recognition of enhanced fair information practice principles (FIPP).
Enhanced FIPPs, recognized by the U.S. government, would improve the clarity, consistency and transparency of online privacy policies in the United States and increase consumer trust in the industry.
2. Develop voluntary, enforceable codes of conduct for specific industries.
3. Encourage global interoperability.
The report highlights the importance of working with other governments and foreign trading partners to find practical means of reducing the friction between disparate privacy policies and ensuring the smooth and secure flow of data across national borders.
4. Ensure nationally consistent security breach rules.
The report recommends the implementation of a federal security breach notification law to harmonize the disparate state laws addressing this subject. According to the IPTF, a federal approach to security breach legislation would provide clarity for consumers and reduce costs for businesses by facilitating the smooth implementation of national data management strategies.
While the Commerce Department would seemingly prefer private industry to self-regulate in a meaningful way, if private stakeholders fail to act on their own, the report implies that government may need to step in and impose more stringent mandatory commercial privacy standards. Consequently, interested parties may wish to examine the questions posed by the IPTF and consider providing comments to ensure that the Commerce Department can consider their concerns in developing its future substantive actions related to commercial data privacy.