Potential Federal Privacy Bill
It is often a surprise to clients, especially non-U.S.-based clients, to learn that there is no true federal consumer data privacy law in the United States.[1] Rather, this vacuum has been filled by state laws, resulting in a patchwork of compliance for companies that do business nationwide. Typically, for companies, this has meant adhering to the most restrictive laws, which, historically, have been California state data privacy laws (the California Online Privacy Protection Act, California Consumer Privacy Act, and forthcoming California Privacy Rights Act). As of today, another 10 states, including New Jersey, New York, and Massachusetts, continue to actively pursue their own consumer privacy laws that would add to this increasingly intricate patchwork of regulations. It seems inevitable that this path will lead to divergent—or worse yet, conflicting—rules, definitions, and policies.
Enter Representative Suzan DelBene (D-Washington) and the Information Transparency and Personal Data Control Act (ITPDCA).
Introduced in March, the ITPDCA is the latest effort from Congress to set uniform federal standards for consumer data privacy. While federal data privacy bills have been introduced by both the House and the Senate in previous sessions, this latest bill by Rep. DelBene may gain traction and bipartisan support, as it includes some "business friendly" components, such as federal preemption of state privacy regimes and the lack of an individual private right of action.
Among the ITPDCA's primary provisions are notice of and consent for data collection and sharing, the ability for a consumer to opt out of the sale of their personal information, standardized requirements for privacy policies, and authorization of the Federal Trade Commission to promulgate rules to enforce the act.
The bill will almost certainly undergo substantial evolution before potentially being signed into law, but if nothing else, it marks a reengagement by Congress on the issue of consumer data privacy and will likely spur other bills to be introduced or reintroduced. As this issue develops, we will continue to track the ITPDCA and other notable bills and provide key updates in the Day Pitney Cybersecurity, Health and Technology (C.H.A.T.) Newsletter.
[1] While previous federal acts targeting specific industries, such as the Fair Credit Reporting Act, Gramm-Leach-Bliley Act, and Health Insurance Portability and Accountability Act, have included some provisions relating to data privacy, they are not general consumer data privacy bills akin to the European Union’s General Data Protection Regulation.
Would you like to receive our Day Pitney C.H.A.T. Newsletter? Sign up here.
Recommended
The arrival of Day Pitney Counsel Laura Land Himelstein was featured in the New York Law Journal's Attorneys 'On the Move' column.
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – September
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – September
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – July 2024
Day Pitney Tax Partner Ryan Leichsenring authored an article for the Hartford Business Journal titled, "Here's How to Avoid Common Pitfalls When Managing Charitable Assets."
The news of Ryan Leichsenring joining Day Pitney as a partner in the firm's Tax practice was featured in Thomson Reuters' The Daily Docket Industry Moves column.
Day Pitney Data Privacy Associate Stephanie M. Gomes-Ganhão authored the article "A Review of Part 2: Consider a More Flexible Compliance Program in the Wake of the Revised Rules," for the Journal of Health Care Compliance.
Hartford-based healthcare attorneys Stephanie Gomes-Ganhão and Phoebe Roth authored the article, "Valuable OIG Compliance Advice for New Healthcare Entrants," in the May edition of The Health Care Compliance Association's (HCCA) monthly magazine Compliance Today.
Day Pitney Cybersecurity, Healthcare and Technology (C.H.A.T.) Newsletter – April 2024