Search

U.S. Takes More Steps on Consumer Data Privacy

Updated: Oct 2, 2018



The U.S. government is taking more notice about online consumer data privacy…finally?!


Just this past week, the U.S. Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a “Request for Comments” for a “new approach to consumer data privacy” while allowing for “prosperity and innovation.”


This move follows the new data protection regulations by the European Commission and the new privacy law enacted in California.


Perhaps the U.S. is taking more notice after the rollout of the European Union’s (EU) General Data Protection Regulation (GDRP) on May 25th this year while companies scrambled, and are still scrambling, to understand and meet the EU data privacy compliance requirements.


Also, California lawmakers recently passed one of the toughest U.S. data privacy laws to date which goes into effect on January 1st, 2020.


The NTIA’s press release states that the “Request for Comments is part of a transparent process to modernize U.S. data privacy policy for the 21st century.”  Further, that they want to look at ways to provide higher levels of data protection at the individual level and also give organizations “legal clarity and the flexibility to innovate.”


This could of course trigger new regulations for companies that mine personal data for profit.  Telecom, internet companies, and the Big Tech companies – like AT&T, Facebook, Google, Amazon, Apple, Twitter, and Charter Communications – are all taking notice since they have the biggest stake in these discussions and the framework.


Privacy advocates say that there is much needed legislation to govern the entire “life cycle” of consumers’ data including how it’s collected, used, stored, shared and sold, in addition to having security safeguards in an age of increasing data breaches.


David Redl, administrator of NTIA stated:

“The United States has a long history of protecting individual privacy, but our challenges are growing as technology becomes more complex, interconnected and integrated into our daily lives.”

With a similar framework to the GDPR and CCPA and the goal of building stronger data privacy protections, the NTIA is seeking comments on the what they describe as the following outcomes:

  1. Organizations should be transparent about how they collect, use, share, and store users’ personal information.

  2. Users should be able to exercise control over the personal information they provide to organizations.

  3. The collection, use, storage and sharing of personal data should be reasonably minimized in a manner proportional to the scope of privacy risks.

  4. Organizations should employ security safeguards to protect the data that they collect, store, use, or share.

  5. Users should be able to reasonably access and correct personal data they have provided.

  6. Organizations should take steps to manage the risk of disclosure or harmful uses of personal data.

  7. Organizations should be accountable for the use of personal data that has been collected, maintained or used by its systems.

Data privacy advocates and organizations can speak up on how the U.S. will frame their version of the U.S. GDPR.  In just a month after the announcement, comments to the NTIA are due by October 26th, 2018.


Christine Baird, CEO of Clarus Tech Partners, has a team of IT, legal, cybersecurity, and compliance experts who advise and implement data security and privacy solutions.