Developments in Data Privacy Legislation


On September 15, 2011, the Obama administration renewed its calls for comprehensive data privacy legislation which would establish basic online data protection guidelines. These policy statements were made during a hearing held by the Subcommittee on Commerce, Manufacturing, and Trade concerning the impact of the European Union's (EU) privacy and data collection regulations on the Internet economy. The U.S. Department of Commerce stated that the current lack of a baseline privacy framework is hurting the competitiveness of American companies in the global marketplace, and urged the development of data privacy legislation. According to the U.S. Department of Commerce, although many American companies currently rely on the U.S.- E.U. Safe Harbor Framework, this framework is too inflexible, and therefore, data privacy legislation needs to be implemented in the U.S. that is flexible enough to adapt to rapidly changing technologies.

A number of data privacy bills have already been introduced in Congress in recent months, such as the Commercial Privacy Bill of Rights legislation introduced by Senators John Kerry and John McCain, which was discussed in our previous posting, and the Personal Data Privacy and Security Act ("PDPSA"), the most recent version of which was introduced by Senator Patrick Leahy (D-Vt.) on June 7, 2011. The Senate Judiciary Committee, on September 22, 2011, approved an amended version of the PDPSA, along with amended versions of two other breach notification bills: The Data Breach NotificationAct of 2011, introduced by Senator Dianne Feinstein (D-CA) (the "Feinstein Proposal"); and The Personal Data Protection and Breach Accountability Act of 2011, introduced by Senator Richard Blumenthal (D-CT) (the "BlumenthalProposal"). Each of the three bills, summarized in more detail in this posting, if passed, would (with some limited exceptions) replace state data breach notification laws in lieu of a federal standard that requires notification to individuals be provided where a breach results in, or is reasonably likely to result in, the unauthorized access or acquisition of sensitive personally identifiable information ("SPII"). In short, the legislators recognize that the United States is in need of a significant update to its privacy and data protection laws.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Written by:


White & Case LLP on:

Popular Topics
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.