The 54-page draft document, entitled "Privacy and Information Innovation: A Dynamic Privacy Framework for the Internet Age," is the work of Commerce’s Internet Policy Task Force. The Task Force held more than six months of consultations, issued a notice of inquiry in April 2010, and held a symposium in May. The document is expected to be released in the coming weeks. The Task Force is a joint effort of the Office of Commerce Secretary Gary Locke, the National Telecommunications and Information Administration, the International Trade Administration, and the National Institute of Standards and Technology.
Recently, the Obama administration created a federal interagency panel to work on privacy and Internet policy. It is chaired by Commerce General Counsel Cameron Kerry and Assistant Attorney General Christopher Schroeder.
The report seeks to demonstrate that a compelling need exists "to provide additional guidance to businesses, to establish a baseline privacy framework to afford protection for consumers, and to clarify the U.S. approach to privacy to our trading partners – all without compromising the current framework’s ability to accommodate new technologies."
However, several industry groups, like broadband industry providers, have staunchly opposed any legislation, recommending in its stead that online privacy protections be pursued through self-regulation, industry standards, and best practices.
As for other congressional action, the report said that lawmakers "should pass a data breach law for electronic records that includes notification provisions, encourages companies to implement strict data security protocols, and allows states to build upon the law in limited ways. The law should track the effective protections that have emerged from state security breach notification laws and permit enforcement by state authorities." And while it called for "baseline" privacy legislation, the report said that such a measure "should not preempt the strong sectoral laws that already provide important protections to Americans, but rather should act in concert with these protections."
In addition, the document said that "[a]ny federal law or regulation should seek to balance the desire to create uniformity and predictability across state jurisdictions with the desire to permit states the freedom to protect consumers and to regulate new concerns that arise from emerging technologies when federal law lags behind privacy issues created by a rapidly changing technological environment." Among the questions posed is whether state attorneys general should be given the authority to enforce national legislation.
The report also called on the Obama administration to "review the Electronic Communications Privacy Act (ECPA), paying particular attention to assuring strong privacy protection in cloud computing and location-based services. The goal of this effort should be to ensure that, as technology and market conditions change, the ECPA continues to provide a fair balance between individuals' expectations of privacy and the legitimate needs of law enforcement to gather the information it needs to keep us safe."
We will certainly report on more developments with respect to this topic, as these leaks turn into babbling brooks and streams of information.