Friday, August 13, 2010

Federal Consumer Privacy Bill Introduced in House

This posting was written by Thomas A. Long, Editor of CCH Privacy Law in Marketing.

A proposed federal consumer privacy law titled “Building Effective Strategies to Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act” (“BEST PRACTICES Act”) was introduced in the House of Representatives on July 19 by Rep. Bobby L. Rush (D, Ill.).

According to Rush, the bill (H.R. 5777) would establish a flexible framework of basic rights for consumers while also outlining obligations for companies based on fair information principles. The measure would cover both online and offline collection, use, and retention of information about consumers.

The bill would grant enforcement authority to the Federal Trade Commission and the states, including civil penalty authority; would authorize a limited private right of action; and would preempt certain state laws that require covered entities to implement requirements with respect to the collection, use, or disclosure of consumer information.

The preemption provision would not apply to state laws that address financial information or health information, data breach laws, trespass, contract or tort laws, or other laws that relate to acts of fraud.

If enacted, the “BEST PRACTICES Act” would:

• Require companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and to explain consumers' options regarding those practices;

• Require companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices;

• Require companies to obtain "opt-in" consent to disclose information to a third party;

• Establish a "safe harbor" that would exempt companies from the "opt-in" requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC;

• Require companies to have reasonable procedures to assure the accuracy of the personal information they collect, as well as means for consumers to access and correct or amend certain information; and

• Require companies to have reasonable procedures to secure information and to retain personal information only as long as is necessary to fulfill a legitimate business or law enforcement need.

Text of the bill, which was referred to the House Energy and Commerce Committee, appears here at the Thomas website of the Library of Congress.

No comments: