On February 10, 2011, United States Representative Bobby Rush, D-Ill., reintroduced legislation, the “Best Practices Act,” aimed at enhancing consumer privacy online.
Representative Bobby Rush reintroduced legislation that would establish a set of ground rules and privacy minimums to assist consumers in protecting their personal information, particularly as they engage in online, Internet-based commerce and entertainment. The legislation’s stated goal is to ensure that consumers have meaningful choices about the collection, use, and disclosure of their personal information and to foster transparency about the commercial use of personal information.
Key components of the legislation include, inter alia, the following:
- Requiring companies that collect personal information to disclose their practices with respect to the collection, use, disclosure, merging, and retention of personal information, and explain consumers’ options regarding those practices.
- Requiring companies to provide disclosures of their practices in concise, meaningful, timely, and easy-to-understand notices, and directing the Federal Trade Commission (“FTC”) to establish flexible and reasonable standards and requirements for such notices.
- Requiring companies to obtain “opt-in” consent to disclose information to a third party. In the bill, the term, “third party” would be defined based on consumers’ reasonable expectations rather than corporate structure.
- Establishing a “safe harbor” that would exempt companies from the “opt-in” consent requirement, provided those companies participate in a universal opt-out program operated by self-regulatory bodies and monitored by the FTC.
- Requiring companies to have reasonable procedures to assure the accuracy of the personal information they collect. The bill would also require the companies to provide consumers with reasonable access to, and the ability to correct or amend, certain information.
- Requiring companies to have reasonable procedures to secure information and to retain personal information only as long as it is necessary to fulfill a legitimate business or law enforcement need.
Unlike the FTC’s recently released privacy report, which proposed a “Do-Not Track” mechanism that would give consumers an easy way to opt out of having their Web activities tracked for advertising purposes, the BEST PRACTICES Act does not mandate a donot- track mechanism. However, to qualify under the FTC Safe Harbor program contained in the proposed legislation, companies would have to set up a “Do-Not-Track”-like mechanism for consumers to allow them to opt out of having the personal information they provide, both online and offline, shared with third parties.
What It Means:
This proposed legislation does not represent governing law. If your company is engaged in the use of personal and profiling information, online or offline, for advertising or other reasons, you should monitor this legislation closely as it progresses, or fails to progress, through Congress.