FYI - Obama Announces Sweeping Privacy Initiative

["Mike Davis" <mike.davis.sd@gmail.com>]

FYI - IN case you missed this today..  
+++ GO PRIVACY....   the "cyber message that sells and PAYS"

In a speech today at the Federal Trade Commission, U.S. President Barack
Obama announced a sweeping series of privacy initiatives, calling for
federal breach notification law, stronger protections of student data and
stronger cybersecurity and identity theft prevention efforts as part of a
Consumer Bill of Rights. Angelique Carson, CIPP/US, rounds up the major
points of emphasis in his speech and gets reactions from around the privacy
community in this article
https://privacyassociation.org/news/a/obama-announces-legislation-on-student
-id-consumer-privacy/


It's a big day for privacy. Giving what he called a "sneak peak" into his
State of the Union address, President Barack Obama stopped by the Federal
Trade Commission (FTC) today to announce legislation he plans to introduce
on consumer and student privacy. Calling on Congress to get behind him in a
bipartisan way, Obama outlined forthcoming bills on identity theft and
student privacy as well as an updated draft of the Consumer Privacy Bill of
Rights.

"We pioneered the Internet," Obama said of the United States. "But we also
pioneered the Bill of Rights and a sense each of us as individuals have a
sphere of privacy around us that should not be breached by our government
but also by commercial interests."

Privacy advocates are largely pleased with the announcements but say some
are more likely to pass than others. Breach notification and student
privacy? Likely. Consumer Privacy Bill of Rights? Let's not get ahead of
ourselves.

--- The Proposals

In February 2012, the White House released a consumer privacy whitepaper
calling for a comprehensive, federal Consumer Privacy Bill of Rights that
the administration drafted over two years' time via consultations with
stakeholders. 
https://privacyassociation.org/news/a/2012-02-23-experts-react-to-consumer-p
rivacy-bill-of-rights/ 
Now, the Commerce Department has announced it has completed public
consultations on a revised draft and will release the proposal within 45
days. Commerce has asked Congress to now begin "active consideration of it."
http://www.whitehouse.gov/sites/default/files/privacy-final.pdf 

In his State of the Union address, Obama will also introduce two new Acts:
The Personal Data Notification and Protection Act would create a national
standard for breach notification and establish a 30-day notification
requirement upon discovery. It would also criminalize illicit overseas
identity trade. Second is the Student Digital Privacy Act, which would
require educational institutions to only use the data they collect for
educational purposes, specifically banning companies from selling student
data to third parties for unrelated purposes and from sending targeted ads
based on that data.

Federal Breach Notification Bill
Chris Calabrese, senior policy director at the Center for Democracy and
Technology, says the president's privacy announcement is a win for consumers
and students in general, but a breach notification law is going to be tricky
to get through Congress.
"It's a pretty entrenched issue at this point, with companies having dealt
now for a while with state privacy breach bills and not actually as eager to
have national standards as they have been in the past," he said, adding that
consumer groups are concerned about preemption of state law.

Joseph Rubin, an attorney at Arnall Golden Gregory who often represents the
business community including Fortune 1000 companies, agrees with Calabrese's
concerns about preemption.
"I think that's part of the balance the business community has to deal
with," he said. "We want a national standard, but if it goes too far or
isn't totally preemptive, it doesn't add anything. The devil is in the
details, and the details of various proposals have unfortunately thwarted
efforts to pass legislation over the last decade."
This go-round, he's not thrilled with the time frame for breach
notification.
"Thirty days seems awfully short," he said. "It's not impossible, but it
depends on the standard of harm. If there's not substantial risk of injury,
we think notification is likely unnecessary."

But Prof. Woodrow Hartzog of Samford University said many states already
require notification in under 30 days as well as impose data security
requirements. U.S. President Barack Obama addresses the Federal Trade
Commission. "It's possible the legislation could be watered down and weaken
stronger state laws," he said.

Rubin said industry would hope breach notification is administratively
enforced, not through the courts and class-actions. It's not insignificant,
Rubin said, that Obama made the announcement at the FTC. Yes, that implies
administrative enforcement, but it's also a concern for industry, because it
seems to indicate the FTC would have rule-making authority and therefore
civil penalty authority. This creates uncertainty for industry, he said,
because recent cases like Wyndham have illustrated persisting questions in
the court of public opinion about the clarity the FTC provides in regard to
what you can and cannot do.
https://privacyassociation.org/news/a/he-court-says-ftc-can-punish-rulebreak
ers-but-what-exactly-are-the-rules/ 

Janis Kestenbaum, who recently left her role as FTC Chairwoman Edith
Ramirez's advisor, also spoke of the importance of Obama choosing the FTC to
launch the news.
"I think that shows his administration's recognition for the important work
the FTC's doing in those areas," she said.
Ramirez noted, as she introduced the president, his presence at the FTC
underscores the significance of the FTC's work and highlights "our shared
commitment to consumer privacy."


Consumer Privacy Bill of Rights
Calabrese calls the Consumer Bill of Rights a pretty "ambitious piece of
legislation" but agrees it's an important one.
The bill would apply to any individual's personal data, including in the
aggregate. The White House bill's provisions included granting consumers the
right to exercise control over the data companies collect from them and how
it's used; the right to easily understandable and accessible information
about privacy and security practices; the right to data access and to
correct inaccurate data; the right to reasonable limits on the amount of
data companies collect on them, and for companies to be held accountable by
enforcement authorities in the case they don't adhere.
"We've identified some basic principles to both protect personal privacy and
ensure industry can keep innovating," Obama said. "We believe there ought to
be some basic, baseline protection across industries. I hope Congress joins
us to make the Consumer Privacy Bill of Rights the law of the land."
If Obama succeeds in getting it passed through Congress, it'd be a "really
important marker for the future ... A presidential administration writing
good workable rules for how privacy legislation could work in the United
States," Calabrese said.


Student Privacy Legislation
David Hoffman, CIPP/US, global privacy officer at Intel, a provider of
education services that has called for FERPA reform, said changes are
critically needed to allow organizations to use data to improve education
but simultaneously engender trust among parents, students and teachers. To
date, that level of protection really hasn't existed, he said.
Obama today announced that 75 companies have signed the Student Privacy
Pledge, developed by the Future of Privacy Forum and the Software &
Information Industry Association, in the name of progress despite an often
gridlocked Congress. Companies that sign the pledge promise not to sell
student information nor behaviorally target students and to only use data
for authorized purposes.
"We won't wait for legislation," Obama said. "It's the right thing to do. If
you don't join this effort," he said of the industry, "we intend to make
sure those schools and parents know you haven't joined this effort."

Obama said his proposals are basic, common-sense steps everyone should be
able to support, from consumers to industry to Republicans to Democrats.
"This should not be a partisan issue. This should be something that unites
all of us as Americans," Obama said. "This transcends politics and ideology
... everyone's online. Everyone understands the risks and opportunities that
are presented by this new world. Business leaders want their privacy and
their children's privacy just like everybody else does."

<<attachment: winmail.dat>>