On July 20, 2010, Representative Bobby Rush (D-Ill.) introduced a new bill aimed at regulating privacy issues. On the heels of recent privacy controversies involving companies like Facebook and Google, the bill would place restrictions on collection and sharing of personal information.
The “Best Practices Act” would apply to businesses (and “persons”) that store personal information, including names, addresses, e-mail address, or phone numbers. It exempts certain small business if they store information of fewer than 15,000 persons.
Among its numerous restrictions, the proposed legislation would require companies to use an “opt-in” framework to collect “sensitive” data as financial information, race or ethnicity, or Social Security numbers. Companies could continue to collect certain less sensitive “personal” information on an “opt-out” basis. Customers and web surfers would also have to “opt-in” to give permission to companies to share “sensitive” or “personal” information with third parties. Companies would be exempted from the opt-in requirements if they participated in a safe harbor program, to be operated by industry groups and developed and overseen by the FTC. The program would require companies to post prominent notices regarding privacy policies.
The bill leaves a great deal of responsibility and discretion in the hands of the FTC to define the parameters of the legislation’s privacy framework and to enforce its provisions. The proposed legislation provides for fines for violators as well as a private lawsuits by consumers.
The bill is scheduled for a hearing on July 22 before the Commerce Subcommittee on Commerce, Trade and Consumer Protection, which Representative Rush chairs. The Subcommittee will also consider a similar bill introduce in May by Virginia Representative Rick Boucher (D).
Update July 28, 2010: Senator John Kerry announced that he would work with Senator John Pryor to introduce similar legislation in the Senate.