March 05 2019
Similar to new data security and privacy laws sweeping the European Union and California, it is only a matter of time before new laws are required throughout the United States. This week's news is the U.S. House and Senate held hearings on data security and personal privacy.
The timing of the first set of hearings on Capitol Hill aligns with the fact that several other states – such as Washington, North Carolina, Oregon, and Virginia – are on a pathway to either pass new or update their security and privacy laws.
Along with the California Consumer Privacy Act (CCPA) law looming in 2020, it comes as no surprise the federal government is stepping up the dialogue for a more comprehensive data security and consumer privacy framework.
On February 27, the Committee on Commerce, Science, and Transportation held a hearing entitled Policy Principles for a Federal Data Privacy Framework in the United States. This Committee has oversight of the Federal Trade Commission, which is the primary enforcement agency for data security and consumer privacy.
Senators from both sides of the aisle queried the expert witnesses on the following topics:
There is a bill on the Senate floor right now, S.189 – Social Media Privacy Protection and Consumer Rights Act of 2019. The bill was introduced by Sen. Klobuchar, D-MN, on January 17. The witnesses all agreed to assist the Committee to craft a more comprehensive framework within this bill.
On February 16, the Subcommittee on Consumer Protection and Commerce of the Committee on Energy and Commerce held a hearing titled Protecting Consumer Privacy in the Era of Big Data.
During the U.S. House hearing, expert witnesses answered questions on the same topics as the hearing in the U.S. Senate. You can follow the discussion in the video.
In real estate, our companies have a lot of consumer data. Some of us are using and sharing this data in order to deliver relevant services and content to consumers, something that consumers want.
Bipartisan support for federal legislation on data security and consumer privacy seems to be evolving. Passage of this legislation is going to be determined by the details in protecting consumer privacy and data security. Today's politics certainly expose a philosophical difference in the implementation of a law. In short, it is going to take time and compromises to have something in place before 2020.
What is different in both of these hearings is the concern for consumers losing out on services or their confusion of notice and consent. These hearings also discussed how GDPR generated unintended consequences to small business and technology innovators.
Note: California Consumer Privacy Act (CCPA) only targets businesses who have gross revenue of $25 million or more, and exempts non-profits and governments. Furthermore, CCPA states that businesses having 50,000 or more consumers in their database must comply with the law.
Companies who have already implemented a data security and consumer privacy strategy should stay focused on maintaining and managing the strategy. Any changes to federal law will have to be incorporated into the strategy.
Those who are just beginning to develop a strategy should keep moving forward with crafting their strategy and continue to monitor what Congress is doing. New laws can cause a pivot in the processes or strategy.
Companies who have not started a strategy should think about doing one soon. Read this GDPR white paper before starting. You should have something in place no later than December 31, 2019 if you qualify under CCPA business requirements.
WAV Group is happy to get on a conference call to walk your team to discuss data security and consumer privacy strategy. Contact Victor Lund, Marilyn Wilson, or David Gumpper to schedule some time.
To view the original article, visit the WAV Group blog.