On November 15, the Government Accountability Office (“GAO”) released a report to the public on information resellers with regard to the current consumer privacy framework. The report, carried out at the request of Sen. Rockefeller (D-WV), is titled “Information Resellers: Consumer Privacy Framework Needs to Reflect Changes in Technology and the Marketplace.” The GAO advised Congress to find a balanced approach by enhancing current privacy laws while ensuring that “any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord.” 1
The GAO stated that prescribed federal law altogether and separately, do not address the changes in technology and many do not meet the widely accepted Fair Information Practice Principles (“FIPPs”). The GAO also voiced concerns about new technologies and practices (e.g., mobile devices and online behavioral advertising) used by marketing and other entities that collect personal information, sometimes without the consumer being aware of how the data is being used. The report explained that the GAO’s purpose in the study was to address three elements: “(1) privacy laws applicable to consumer information held by resellers, (2) gaps in the law that may exist, and (3) and views on approaches for improving consumer data privacy.” 2
The GAO listed several privacy laws it identified as limited in adequately governing marketing practices with regard to the collection of data and some as not meeting FIPPs, including the Fair Credit Reporting Act (FCRA), Gramm-Leach-Bliley Act (GLBA), Health Insurance Portability and Accounting Act (HIPAA), Children’s Online Privacy Protection Act (COPPA), Electronic Communications Privacy Act (ECPA), Computer Fraud and Abuse Act (CFAA), Driver’s Privacy Protection Act (DPPA), Family Educational Rights and Privacy (FERPA), Video Privacy Protection Act (VPPA), and Section 5 of the Federal Trade Commission Act.