Developments in Data Privacy Legislation

more+
less-

On September 15, 2011, the Obama administration renewed its calls for comprehensive data privacy legislation which would establish basic online data protection guidelines. These policy statements were made during a hearing held by the Subcommittee on Commerce, Manufacturing, and Trade concerning the impact of the European Union's (EU) privacy and data collection regulations on the Internet economy. The U.S. Department of Commerce stated that the current lack of a baseline privacy framework is hurting the competitiveness of American companies in the global marketplace, and urged the development of data privacy legislation. According to the U.S. Department of Commerce, although many American companies currently rely on the U.S.- E.U. Safe Harbor Framework, this framework is too inflexible, and therefore, data privacy legislation needs to be implemented in the U.S. that is flexible enough to adapt to rapidly changing technologies.

A number of data privacy bills have already been introduced in Congress in recent months, such as the Commercial Privacy Bill of Rights legislation introduced by Senators John Kerry and John McCain, which was discussed in our previous posting, and the Personal Data Privacy and Security Act ("PDPSA"), the most recent version of which was introduced by Senator Patrick Leahy (D-Vt.) on June 7, 2011. The Senate Judiciary Committee, on September 22, 2011, approved an amended version of the PDPSA, along with amended versions of two other breach notification bills: The Data Breach NotificationAct of 2011, introduced by Senator Dianne Feinstein (D-CA) (the "Feinstein Proposal"); and The Personal Data Protection and Breach Accountability Act of 2011, introduced by Senator Richard Blumenthal (D-CT) (the "BlumenthalProposal"). Each of the three bills, summarized in more detail in this posting, if passed, would (with some limited exceptions) replace state data breach notification laws in lieu of a federal standard that requires notification to individuals be provided where a breach results in, or is reasonably likely to result in, the unauthorized access or acquisition of sensitive personally identifiable information ("SPII"). In short, the legislators recognize that the United States is in need of a significant update to its privacy and data protection laws.

Please see full article below for more information.

LOADING PDF: If there are any problems, click here to download the file.

Published In: Administrative Agency Updates, Elections & Politics Updates, International Trade Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »