Maybe we’re getting closer to having a privacy and protection bill with some bite to it. Back in December, the U.S. Department of Commerce released what it called a framework for online privacy protection regulations. In recent days, it’s been reported that the Obama administration is backing those efforts via the creation of a consumer privacy bill of rights. Such a move would bring the U.S. more in line with Europe when it comes to protecting consumer data privacy. Currently, Americans have certain privacy rights guaranteed in many different laws. The problem lies in the fact that the U.S. does not have a comprehensive, federally-mandated consumer protection law but instead has a variety of laws which address individual data systems, such as healthcare (HIPAA) and financial records (Gramm-Leach-Bliley Act). The FTC is arguing that a privacy bill of rights is needed to protect personal data not already covered by other laws, especially given the uproar over Facebook’s privacy settings and Google’s StreetView issue.
The framework suggested by the Department of Commerce includes “voluntary but enforceable” privacy codes of conduct, to be overseen by the Federal Trade Commission (FTC). This sounds similar, at least fundamentally, to how the Dodd-Frank Act puts the onus for whistleblower programs on the SEC. The FTC would be responsible for enforcing such codes of conduct. Assistant Secretary of Commerce Lawrence E. Strickling has stated that companies would be encouraged to adopt these codes of conduct by being offered “safe harbor” status if the companies adhere to codes consistent with the baseline legislation. It’s encouraging to note that Strickling appears to back codes of conduct because their set expectations of privacy and can be adapted as needed.
We’ve always been an advocate for codes of conduct because of the ethical culture they drive for a company. There’s no immediate word on a timeline for action, but given Washington’s legislative process, something could be shaking by mid- to late-summer.