Commerce Department Playing in the Privacy Arena
The U.S. Commerce Department (Commerce) is one of many federal regulators that is highly active on privacy issues, necessitating monitoring by industry. As discussed in a companion article in this issue of Mass Media Headlines, the Federal Trade Commission recently proposed a "privacy framework," offering businesses a chance to comment by February 18, 2011. Likewise, the Commerce Department seeks comment on its own privacy framework by January 28, 2011. Media companies that depend on personal information or online advertising should consider participating in these proceedings in order to influence the informal "regulatory creep" they represent. Although neither agency proposed new, affirmative regulations, both advance privacy principles of various types that could become difficult to resist.
On December 16, 2010, the Commerce Internet Policy Task Force (IPTF) released a reportthat makes several recommendations for addressing technological, legal and policy issues affecting privacy. The recommendations fall into four main categories:
- Enhance consumer trust online through the recognition of enhanced fair information practice principles (FIPP). Enhanced FIPPs, recognized by the U.S. Government, would improve the clarity, consistency and transparency of online privacy policies in the United States and increase consumer trust in the industry.
- Ensure nationally consistent security breach rules. The report recommends the implementation of a federal security breach notification law to harmonize the disparate state laws on this issue. According to IPTF, a federal approach to security breach legislation would provide clarity for consumers and reduce costs for businesses by facilitating the smooth implementation of national data management strategies.
While the IPTF and Commerce would seemingly prefer private industry to self-regulate in a meaningful way, if private stakeholders fail to act on their own, the report implies that the government may need to step in and impose more stringent mandatory commercial privacy standards. As such, it would be advisable for interested parties to examine the questions posed by IPTF and consider providing meaningful comments in response to ensure that the task force takes their concerns under advisement in its future substantive actions related to commercial data privacy.