President Obama announced three proposals during a speech at the Federal Trade Commission on Monday that will increase the privacy rights of individuals, consumers and students in the US.
- The Personal Data Notification and Protection Act would require organisations to notify individuals within 30 days of any incident in which personal data has been put at risk due to a data breach.
- The Student Digital Privacy Act would prohibit companies from selling student data to third-party companies for purposes other than education.
- The Consumer Privacy Bill of Rights has been completed and will determine the way in which personal information is used and stored by technology companies.
The above measures will have to gain US Congress approval before any new laws can be introduced. The Consumer Bill of Rights has been recognised as an ambitious piece of legislation and if successfully passed it will be seen as a major step forward for data privacy in the US, providing individuals with a greater ability to determine how their personal information is processed.
The announcements come after a year in which some of the leading US companies such as Target, Home Depot, Sony and financial institutions such as JP Morgan have been the subject of cyber crime related attacks and companies like Coca-Cola face ongoing difficulties in relation to the ongoing impacts of a data breach.
The above US led proposals and the proposed new EU Data Protection Regulation demonstrates an increased global commitment by governments and policy makers to strengthen privacy rights, improve data security and increase consumer confidence. For those organisations operating in both the EU and the US these proposals when finalised will undoubtedly have an impact on the way in which such organisations operate. It is therefore essential for businesses to assess their data processing activities and ensure all relevant stakeholders are fully engaged and understand the potential impacts of any new legislation.