On Friday, February 27, 2015, the White House released a revised version of its 2012 proposal for a consumer privacy bill of rights. The revised legislative proposal largely tracks with the 2012 proposal in that it focuses on seven core principles for the collection, use and security of consumers’ personal data:
1. Transparency: Covered entities would be required to provide clear and concise notices about their privacy and security practices.
2. Individual Control: Covered entities would be required to allow consumers to exercise control over what data is collected about them and how it is used.
3. Respect for Context: Would require that covered entities collect and use data in ways that are consistent with the context in which consumers provide such data. Would require internal reviews of privacy and security practices for data collected outside of such contexts.
4. Focused Collection and Responsible Use: Would require covered entities to only collect, retain and use data that is reasonable in light of context. Would require deletion or de-identification of data within a reasonable time period after use.
5. Security: Covered entities would be required to identify reasonable risks and implement safeguards designed to protect against breach, theft, loss, etc. of personal data.
6. Access and Accuracy: Covered entities would be required to grant individuals access to, or an accurate representation of, data collected about them upon request. The consumer would have the right to correct or amend the data.
7. Accountability: Covered entities would be required to take steps appropriate to the privacy risks associated with their data collection activities, including employee training, conducting periodic internal risk assessments, and constructing appropriate security systems and procedures.