Tag Archives: Obama Administration

Privacy Bill of Rights: Respect it now or pay more later

March 13, 2012 by Stephanie Crabb Comments Off on Privacy Bill of Rights: Respect it now or pay more later

Author: Caron Carlson, Editor, FierceCIO

The Obama Administration rolled out a plan last week to improve data privacy in the wake of a steady barrage of privacy intrusions committed by companies such as Google (NASDAQ: GOOG), Facebook, Carrier IQ, and Apple (NASDAQ: AAPL). The plan includes a “Consumer Privacy Bill of Rights” (.pdf) which sets out seven principles:

  • Individual control: Consumers have a right to exercise control over what personal data organizations collect from them and how they use it.
  • Transparency: Consumers have a right to easily understandable information about privacy and security practices.
  • Respect for context: Consumers have a right to expect that organizations will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data.
  • Security: Consumers have a right to secure and responsible handling of personal data.
  • Access and accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers if the data is inaccurate.
  • Focused collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain.
  • Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights.

There’s nothing in this Privacy Bill of Rights that’s particularly revolutionary or even terribly different from the status quo for many businesses. Most notably, the principles are voluntary, at least for now.

If you want to see what real data protection looks like, take a look at what’s happening in Europe. The blueprint out of the White House comes just one month after the European Commission unveiled its own new set of data protection proposals and accompanying penalties for non-compliance. The administration’s report notes that one of its objectives is to create “greater interoperability” between the U.S. privacy framework and those overseas. Like the White House proposal, the proposed rules for the European Union start by seeking to give individuals more control over their data, but that’s more or less where the similarities end. The rules in Europe won’t be voluntary, and any company found in serious violation would be fined up to 2 percent of its global annual revenue.

The question for U.S. consumers’ data privacy is whether or not the new guidelines ultimately will have any teeth. The administration said it plans to work with Congress to come up with legislation authorizing the Federal Trade Commission and state attorneys general to enforce the principles. An act of Congress is not likely in the near term though.

While it would be cheaper and easier in the short term for businesses not to have to worry about consumer privacy any more than they already do, such a myopic approach would only lead to more burdensome regulations down the road. Adhering to both the letter and spirit of the new guidelines will be cheaper and easier in the long run, forestalling European-like privacy regulations from coming to these shores.

Articles
,