A discussion draft of a new bipartisan data privacy bill has been released by the House Energy and Commerce Committee. The bill calls for national standards for privacy and security and would place restrictions on the collection, use, and retention of consumer data by U.S. businesses.
The draft legislation calls for all businesses to have a privacy program and to publish a privacy policy, written in clear language, which explains what data will be collected, how it will be used, how long it will be retained, and with whom consumer information will be shared.
Data security measures would also need to be implemented, which should be appropriate for the size of the business and the nature and complexity of data activities. In the event of a breach of consumer information, businesses would be required to report the breach to the Federal Trade Commission.
The Federal Trade Commission has been tasked with creating a Bureau of Privacy which would be responsible for developing rules, issuing guidance, and enforcing compliance. The FTC would also need to set a data retention time frame and create rules covering the disclosure of personal information to third parties.
The bill would give consumers much greater control over their personal data and how it can be used by businesses. Consumers will have the right to view and correct their data, control who can access their personal information, and request that businesses delete their personal information.
To help consumers find out which businesses have their personal information, the draft legislation calls for the creation of a centralized repository of data brokers. Consumers could use that repository and find out who holds a copy of their data and find out how they can exercise their right to access that data, make corrections, and arrange for their personal data to be deleted.
“This draft seeks to protect consumers while also giving data collectors clear rules of the road. It reflects many months of hard work and close collaboration between Democratic and Republican Committee staff,” explained a spokesperson for the Energy and Commerce Committee.
The release follows a Senate Commerce Committee hearing in which two data privacy bills proposed by Senate Commerce Committee Chairman, Roger Whicker (R-Miss) and Senator Maria Cantwell (D-Wash) were discussed. Both camps could not reach a consensus on what should be included in the bill, but it was agreed that the only way forward was for bipartisan legislation to be passed.
Two of the sticking points from the competing bills was whether the federal privacy bill should preempt state laws and if a private cause of action should be included. Sen. Cantwell’s bill calls for a private cause of action to allow consumers to sue companies for privacy violations, which is opposed by Congressman Wicker. Wicker’s bill calls for the new federal privacy law to replace state laws, whereas Sen. Cantwell wants state laws to be retained to provide greater protection for consumers. The discussion draft of the bill avoids both of these issues.
Feedback is being sought from industry stakeholders on the draft legislation. Comments will be accepted until the middle of January 2020.
The post Discussion Draft of Federal Data Privacy Bill Released by House Energy and Commerce Committee appeared first on HIPAA Journal.