News & Insights  |  Newsletters

Commerce Department Playing in the Privacy Arena

January 2011

The U.S. Commerce Department (Commerce) is one of many federal regulators that is highly active on privacy issues, necessitating monitoring by industry.  As discussed in a companion article in this issue of Mass Media Headlines, the Federal Trade Commission recently proposed a "privacy framework," offering businesses a chance to comment by February 18, 2011.  Likewise, the Commerce Department seeks comment on its own privacy framework by January 28, 2011.  Media companies that depend on personal information or online advertising should consider participating in these proceedings in order to influence the informal "regulatory creep" they represent. Although neither agency proposed new, affirmative regulations, both advance privacy principles of various types that could become difficult to resist.

On December 16, 2010, the Commerce Internet Policy Task Force (IPTF) released a reportthat makes several recommendations for addressing technological, legal and policy issues affecting privacy.  The recommendations fall into four main categories:

  • Enhance consumer trust online through the recognition of enhanced fair information practice principles (FIPP).   Enhanced FIPPs, recognized by the U.S. Government, would improve the clarity, consistency and transparency of online privacy policies in the United States and increase consumer trust in the industry.
  • Develop voluntary, enforceable codes of conduct for specific industries.   Multi-stakeholder groups from individual industries should come together to develop meaningful and enforceable privacy codes of conduct tailored to their specific industries to supplement the baseline FIPPs.  Moreover, the report recommends the establishment of a Privacy Policy Office within the Department of Commerce that would act as a center of privacy policy expertise, a convener of diverse public and private stakeholders, and a liaison with the Federal Trade Commission.  The proposed Privacy Policy Office would also help develop and oversee uniform commercial privacy policies as needed.
  • Ensure nationally consistent security breach rules.   The report recommends the implementation of a federal security breach notification law to harmonize the disparate state laws on this issue.  According to IPTF, a federal approach to security breach legislation would provide clarity for consumers and reduce costs for businesses by facilitating the smooth implementation of national data management strategies. 

While the IPTF and Commerce would seemingly prefer private industry to self-regulate in a meaningful way, if private stakeholders fail to act on their own, the report implies that the government may need to step in and impose more stringent mandatory commercial privacy standards.  As such, it would be advisable for interested parties to examine the questions posed by IPTF and consider providing meaningful comments in response to ensure that the task force takes their concerns under advisement in its future substantive actions related to commercial data privacy.