By Rachna Choudhry, 1/27/15
January 28 is National Data Privacy Day. (A resolution in the 113th Congress, which passed last year, proclaimed it. ) Data Privacy Day began in the United States in January 2008. The Day commemorates the 1981 signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection. Since 2011, the National Cyber Security Alliance (NCSA) has assumed leadership of Data Privacy Day. Learn more or download Data Privacy Day posters and buttons at www.staysafeonline.org.
The Administration's Proposals
This month, the President announced a series of proposals to safeguard Americans' privacy online. Among them, he is proposing the Personal Data Notification & Protection Act, which "clarifies and strengthens the obligations companies have to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard." He is also proposing a Consumer Privacy Bill of Rights, which the White House plans on releasing in February. (Learn more about the President's proposals.)
Privacy Bills in Congress
Already, data privacy and cybersecurity has been an important issue for the 114th Congress. Several related bills have been introduced — and we can expect many more in the coming months. Here are a few recently introduced privacy bills. Share your voice on POPVOX. (New to POPVOX? Check out this slideshow tutorial.)
"To set a national standard for data breach notification, and to require businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats," according to the bill's sponsor. (Bill text)
Secure Data Act (S 135)
Would "prohibit Federal agencies from requiring that private entities design or alter their commercial information technology products for the purpose of facilitating government surveillance," according to the bill sponsor. (Bill text)
To improve the provisions relating to the privacy of electronic communications. According to the bill sponsor, “the Fourth Amendment’s guarantee of security from unreasonable searches of our ‘persons, houses, papers, and effects’ does not disappear because we’ve invented new ways to communicate. Now more than ever it’s important to make sure government doesn’t trample our rights by using those same innovations to see and record every email, instant message, tweet, post, and comment we write." (Bill text)
Cyber Privacy Fortification Act (HR 104)
Amends the federal criminal code to provide criminal penalties for intentional failures to provide required notices of a security breach involving sensitive personally identifiable information. (Bill text)
— Bipartisan — (Also S 237.) To specify the circumstances in which a person may acquire geolocation information. "The GPS Act applies to all domestic law enforcement acquisitions of the geolocation information of individual Americans without their knowledge, including acquisitions from private companies and direct acquisitions through the use of ‘Stingrays’ and other devices. It would also combat high-tech stalking by creating criminal penalties for surreptitiously using an electronic device to track a person’s movements, and it would prohibit commercial service providers from sharing customers’ geolocation information with outside entities without customer consent," according to the bill sponsor. (Bill text)
"Would simply require the government to notify consumers if their personal information is breached on the Healthcare.gov exchanges. Currently there is no such requirement under federal law – despite similar standards being in place for the private sector and state-run exchanges," according to the bill sponsor. (Bill text.)
Please keep in mind that highlighting a bill doesn't imply a POPVOX endorsement in any way. Rather, we're simply trying to offer one more way to stay informed of a complex legislative system.