On April 12, 2011, after months of negotiations with stakeholders and multiple drafts, Sens. John Kerry (D-Mass.) and John McCain (R-Ariz.) introduced S.799, the “Commercial Privacy Bill of Rights Act of 2011,” which would establish, for the first time, a comprehensive framework for the collection, use, storage, and transfer of personally identifiable information (“PII”). The bill’s scope is wide. If passed as currently drafted, it would impose generally applicable notice, choice, security, access, and other obligations on companies that collect information, both online and offline, regarding individuals, requiring fundamental changes to how companies do business and interact with their customers. A summary of the 44-page bill is below.
We have noted issues on which we think there is the greatest likelihood of pushback from industry. We expect the legislative process to be somewhat protracted, as other stake-holders, such as privacy advocates, have already complained publicly that the bill should provide greater restrictions on companies’ collection, use, and disclosure of data.
Please see full publication below for more information.