Thursday, May 07, 2009

Privacy Laws Proposed in Congress, Canadian Parliament

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

Federal laws addressing privacy concerns have been introduced recently in both Congress and Canada’s Parliament.

Data Security, Breach Notification

The Congressional proposal would regulate information security standards and breach notification procedures. The proposed “Data Accountability and Trust Act” (H.R. 2221) would require persons engaged in interstate commerce that own or possess data in electronic form containing personal information—or that contract to have a third-party maintain such data—to establish and implement reasonable security policies and procedures to protect that data. The measure would also provide for nationwide notice in the event of a security breach.

The proposed law would be enforced by the Federal Trade Commission and state attorneys general. A private right of action would not be available, and the federal statute would preempt state data security and breach notification laws and regulations.

The bill, introduced April 30, was sponsored by Rep. Bobby Rush (D-Ill.) and co-sponsored by Reps. Cliff Stearns (R-Fla.), Joe Barton (R-Tex.), Jan Schakowsky (D-Ill.), and George Radanovich (R-Calif.). Further information—and text of the bill—appears at the Thomas site of the Library of Congress.

Spam, Phishing

The Canadian legislation is aimed at deterring “the most dangerous forms of spam” and threats posed to privacy and personal security by Internet fraud.

The proposed “Electronic Commerce Protection Act” (ECPA) would prohibit the sending of commercial electronic messages without the prior consent of the recipient and would provide rules regulating the sending of such messages, including a mechanism for withdrawal of consent. It would also prohibit the alternation of e-commerce data transmissions and the unauthorized installation of computer addresses.

Persons injured by violations would have a private right of action for actual and statutory damages. The Canadian Radio-television and Telecommunications Commission and the Competition Bureau would also be authorized to impose administrative monetary penalties of up to $1 million Canadian for individuals and $10 million Canadian for all other offenders.

The proposal (Bill C-27) was introduced in the House of Commons of Canada on April 24. Text of the bill is available here.

1 comment:

Rechtsberatung said...

This is the great news for all the people for Canada to see the working on the privacy law. Now they protect their privacy right through proper law.