As the push for Congress to pass comprehensive consumer privacy legislation increases, Rep. Suzan DelBene (D-WA) has re-introduced the Information Transparency & Personal Data Control Act, a compromise proposal that contains provisions sought by both parties.  This bill would create national data privacy standards and increase the enforcement authority of the Federal Trade Commission (FTC) and state attorneys general.
Continue Reading Bill Introduced Would Preempt State Laws and Strengthen FTC Enforcement 

Tomorrow the U.S. Senate Committee on Commerce, Science, and Transportation will hold a hearing entitled, “What Information Do Data Brokers Have on Consumers, and How Do They Use It?”  According to Chairman John D. Rockefeller IV (D-WV), the Committee will “examine the data broker industry and how industry practices may impact consumers.”  The following witnesses are scheduled to testify:

  • Jessica Rich, Director of the FTC’s Bureau of Consumer Protection
  • Pam Dixon, Executive Director of the World Privacy Forum
  • Dr. Joseph Turow, Professor at the Annenberg School for Communication
  • Tony Hadley, Senior Vice President of Government Affairs and Public Policy at Experian
  • Jerry Cerasale, Senior Vice President of Government Affairs and Public Policy for the Direct Marketing Association

The hearing is part of a more than year-long effort by Chairman Rockefeller to investigate the data broker industry.   In October 2012, Chairman Rockefeller launched an investigation into the business practices of data brokers in order to examine how data brokers collect, compile, and sell consumer information for marketing purposes.  Since September, Chairman Rockefeller has expanded his investigation by sending additional inquiries to various websites and other companies that collect personal information from both online and offline sources and then sell the data to other businesses.Continue Reading Senate Commerce Committee To Examine Data Broker Industry

The National Telecommunications & Information Administration (“NTIA”) announced today that it will convene a series of meetings about the commercial uses of facial recognition technology.  The goal of the meetings will be to develop a voluntary, enforceable code of conduct specifying how the Obama Administration’s “Consumer Privacy Bill of Rights” applies to facial

Today, the Senate Committee on Commerce, Science, and Transportation held a hearing to seek the views of the Federal Trade Commission and the Administration on privacy issues. Discussion at the hearing, entitled “The Need for Privacy Protections: Perspectives from the Administration and the Federal Trade Commission,” focused in significant part on the privacy reports recently released by the FTC and the Administration.

Committee Chairman John D. (Jay) Rockefeller IV (D-WV) introduced the hearing by calling for “strong legal protections” and “simple and easy to understand rules” about information collection. He called for “strong, consumer-focused” privacy legislation this year, though conceded that no consensus about such legislation exists yet. Senator John Kerry (D-MA) also voiced support for privacy legislation. In contrast, Senator Pat Toomey (R-PA) expressed skepticism about new legislation, calling for a detailed cost/benefit analysis and identification of a specific market failure prior to any new regulation.Continue Reading Senate Commerce Committee Holds Hearing on Privacy Reports

The Department of Commerce’s National Telecommunications and Information Administration (NTIA) sought public comment Wednesday on how to begin the process of developing voluntary codes of conduct governing consumer privacy, as called for in the privacy framework released by the White House last month.

That report argues that companies should follow seven basic principles — a Consumer Privacy Bill of Rights — when collecting, using, or disclosing consumers’ personal data. These principles are: individual control; transparency; respect for context; security; access and accuracy; focused collection; and accountability.

The framework calls on Congress to codify the general principles through legislation while stakeholders develop voluntary codes of conduct to implement the principles in particular sectors. The framework tasks the NTIA with setting up an open process in which all interested stakeholders — including companies, consumer advocates, and government officials — would develop conduct codes by consensus.Continue Reading NTIA Seeks Comment on Beginning Conduct-Code Discussions

The U.S. Department of Commerce’s National Institute of Standards and Technology on Tuesday released a final version of its guidelines for how organizations — particularly federal agencies — should manage security and privacy concerns when considering the use of public cloud-computing services. Public cloud services, unlike private clouds, require users to store their data on the provider’s shared equipment rather than on the organization’s own servers.

The new NIST security guidelines do not recommend any particular services, providers, or service models; instead, the guidelines highlight the steps organizations should take and the issues they should consider when evaluating any public cloud service.Continue Reading NIST Issues Guidelines on Public Cloud Security, Privacy

In a speech this week at the U.S. Chamber of Commerce, White House Deputy Chief Technology Officer for Internet Policy Daniel Weitzner announced that the Administration will soon roll out a “privacy bill of rights,” which he described as a “broad, high-level statement of principles” that could be enforced by the FTC.  Weitzner emphasized

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies.  The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and

Sen. John Rockefeller (D-WV), chair of the Senate Commerce Committee, is still working to reach consensus on the data security bill that he and Sen. Mark Pryor (D-AR) introduced in June.  A scheduled markup was canceled in September, and the committee decided not to consider the bill at yesterday’s executive session.  Nonetheless, a spokesman for

Yesterday, the SEC’s Division of Corporation Finance issued a guidance document regarding public companies’ disclosure obligations relating to cybersecurity risks and breaches.  The guidance responds to a request by Sen. Jay Rockefeller that the SEC clarify its position on this increasingly important issue.

The Division noted that as companies have turned to digital technologies to conduct their operations, cybersecurity risks–and incidents–have increased.  Although there is no disclosure requirement under the federal securities laws that specifically addresses cybersecurity, the Division explained that existing regulations may require disclosure of cyber risk assessments and the costs stemming from incidents.  It is important to note, as the Division does, that this is guidance, not a rule, regulation, or order (as some headlines have suggested).

We provide an overview of the guidance after the jump.  For additional information please see this E-Alert prepared by members of our Global Privacy & Data Security and Securities & Corporate Finance practice groups.

Continue Reading SEC’s Division of Corporation Finance Issues Guidance on Disclosing Cybersecurity Risks