Following in the wake of the FTC’s report on online tracking, the Commerce Department has issued its “green paper” on privacy. The report is part of the Department’s ongoing review of privacy practices begun in April this year. While it avoids making many specific policy recommendations, the report does recommend the development of Fair Information Privacy Principles, creation of a privacy office within the Department, and consideration of a national data security breach notification law. The themes are very consistent with the goals expressed by the FTC: increased transparency through simple notices, clearly articulated purposes for data collection (similar to “privacy by design”), commitments to limit data uses to fulfill these purposes, and expanded use of robust audit systems to bolster accountability. Like the FTC, the Department is seeking comments on its paper by the end of January, including most prominently on whether a self-regulatory approach can accomplish the expressed objectives, or whether the FTC should be given more regulatory authority to issue detailed rules. The report also seeks input on whether privacy legislation should include the right for consumers to sue over privacy breaches.
Although the green paper (like the FTC report before) presents no immediate compliance requirements, they both suggest compliance ideas for 2011. Look for an upcoming post from us on that with some suggestions for the New Year.
With the release of the FTC and Commerce reports, we can now look ahead to the 112th Congress to see what, if any, steps the House and Senate committees take to explore these topics.