White House Releases Revised Consumer Privacy Bill of Rights

Feb 27, 2015

Reading Time : 1 min

By: Jo-Ellyn Sakowitz Klein, Francine E. Friedman, Matthew Thomas (Senior Public Policy Specialist), David S. Turetsky, Visiting Professor, College of Emergency Preparedness, Homeland Security, and Cybersecurity at the University of Albany

The proposal would grant the FTC, as well as state attorneys general, enforcement authority, and includes civil penalties for violations. It would also preempt any state laws governing consumer data, except for those pertaining to health information, financial information, data on minors and K-12 students, fraud and consumer safety, and state data breach notification laws. It would provide a qualified exemption for entities subject to specified federal privacy and data security laws, such as the Gramm-Leach-Bliley Act (GLB) and the Health Insurance Portability and Accountability Act (HIPAA).

Covered entities are defined under the proposal as any “person that collects, creates, processes, retains, uses, or discloses personal data in or affecting interstate commerce” but would not include federal, state or local government agencies, tribal governments or entities that collect personal data of less than 10,000 persons over a 12-month period. The definition also excludes entities that collect personal data for the purposes of security research, provided such entities take reasonable steps to mitigate privacy risks and destroy or de-identify such data after research activities are concluded.

Finally, the proposal establishes a mechanism whereby a covered entity may apply to the FTC for approval of private “codes of conduct” governing the processing of personal data by the covered entity. If the FTC determines that the private code of conduct provides equal or greater protections than the relevant requirements described above, such codes may serve as a safe harbor defense before any suit brought against the covered entity for alleged violations of the Act.

It is unclear at this time whether a bill with the same or substantially the same language will be introduced in Congress, or if this will serve as a discussion draft to assist in the crafting of legislation as Congress moves forward.

Share This Insight

Previous Entries

Akin Deal Diary

April 12, 2023

Read More

Akin Deal Diary

2022-12-15

On December 14, 2022, the Securities and Exchange Commission (SEC) adopted amendments regarding Rule 10b5-1 insider trading plans and related disclosures. The amendments aim to strengthen investor protections concerning insider trading and to help shareholders understand when and how insiders are trading in securities for which they may at times have material nonpublic information (MNPI). In light of these amendments, issuers should review and revise, if needed, their insider trading policies and equity grant policies.

Read more.

...

Read More

© 2024 Akin Gump Strauss Hauer & Feld LLP. All rights reserved. Attorney advertising. This document is distributed for informational use only; it does not constitute legal advice and should not be used as such. Prior results do not guarantee a similar outcome. Akin is the practicing name of Akin Gump LLP, a New York limited liability partnership authorized and regulated by the Solicitors Regulation Authority under number 267321. A list of the partners is available for inspection at Eighth Floor, Ten Bishops Square, London E1 6EG. For more information about Akin Gump LLP, Akin Gump Strauss Hauer & Feld LLP and other associated entities under which the Akin Gump network operates worldwide, please see our Legal Notices page.