The House Energy and Commerce Committee released a draft of the discussion of a new bipartisan data privacy bill. The bill concerns the national standards for privacy and security and plans to put limits on U.S. companies that collect, use, and retain consumer data.
The draft legislation requires all companies to create a privacy program and to release a privacy policy, penned in straightforward language, which clarifies what information is gathered, how it is going to be used, the length of time it will be kept, and who will have access to the consumer data.
There should also be data security steps implemented, which are suitable to the business size and the type and sophistication of data activities. When a breach of consumer data occurs, businesses need to report it to the Federal Trade Commission.
A Bureau of Privacy will be created by the Federal Trade Commission for creating rules, providing guidance, and implementing compliance. The FTC will establish a data retention time period and develop rules that cover personal information disclosed to third parties.
The bill would allow consumers to have more control over their personal information and the way businesses can use it. Consumers can exercise the following rights: the right to access and correct their information, control who gets access to their personal data, and request businesses to erase their personal data.
To help consumers know which companies have their personal data, the draft legislation requires creating a central repository of data brokers. This repository can be used by consumers to know who retains a copy of their information and determine how they could use their right to access that information, make modifications, and request the deletion of their personal information.
An Energy and Commerce Committee spokesperson said that this draft wants to protect consumers and give data collectors transparent rules. It demonstrates several months of labor and a close venture between the personnel of the Democratic and Republican Committee.
The draft release comes after a Senate Commerce Committee hearing discussion of the two data privacy bills sponsored by Senate Commerce Committee Chairman, Roger Whicker (R-Miss) and Senator Maria Cantwell (D-Wash). The two camps cannot reach an agreement on what ought to be incorporated in the bill, however, it was decided to pass bipartisan legislation.
Two of the important items from the contending bills were if the federal privacy bill must preempt state regulations and if there should be a private cause of action. Sen. Cantwell’s bill proposed a private cause of action so that consumers can sue organizations that violate privacy, which Congressman Wicker opposed. Wicker’s bill proposed that the new federal privacy law should take the place of state laws, while Sen. Cantwell would like the state laws to be maintained to give more protection to consumers. The bill discussion draft steers away from the two issues.
Industry stakeholders’ opinions on the draft legislation are being solicited. Comments are welcome until mid-January 2020.