Two New Federal Privacy Bills Introduced


On April 12, Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the Commercial Privacy Bill of Rights Act of 2011 (S. 799). The bill would require "covered entities" to (1) provide notice of their data collection practices and to disclose the purposes for the data collection; (2) provide an opt-out mechanism for "covered information" and an opt-in mechanism for sensitive information; (3) establish procedures for safeguarding data; (4) and implement privacy protections throughout the life cycle of a product ("privacy by design"). Certain provisions of the bill would direct the FTC to initiate rulemaking proceedings within specified timeframes, but the bill also imposes requirements directly on covered entities. The bill does not contain a "do not track" provision. (We summarized Rep. Speier's Do Not Track bill in our February 2011 Alert.)

The bill mandates that covered entities collect only as much information as is reasonably necessary and maintain the information only as long as necessary. The bill would authorize the FTC to develop a safe harbor program, and would provide individuals with the right to access and change certain information that covered entities maintain - something the Direct Marketing Association has repeatedly said would be an expensive requirement for its members.

Please see full alert below for more information.

LOADING PDF: If there are any problems, click here to download the file.