Privacy & Information Security Law Blog

On May 27, 2014, the Federal Trade Commission announced the release of a new report entitled Data Brokers: A Call for Transparency and Accountability, detailing the findings of an FTC study of nine data brokers, representing a cross-section of the industry. The Report concludes that the data broker industry needs greater transparency and recommends that Congress consider enacting legislation that would make data brokers’ practices more visible and give consumers more control over the collection and sharing of their personal information.

On September 25, 2013, Senator Jay Rockefeller (D-WV), Chair of the Senate Committee on Commerce, Science and Transportation, expanded his investigation of the data broker industry by asking twelve popular health and personal finance websites to answer questions about their data collection and sharing practices.

Reporting from Washington, D.C., Hunton & Williams partner Frederick Eames writes:

Elections have consequences. What are the consequences of the 2012 election on U.S. federal privacy, data security and breach notice legislation? We outline some key developments in the U.S. House of Representatives and Senate and explain how these developments might affect legislative priorities and prospects for the 113th Congress beginning in 2013.

The absence of congressional action on cybersecurity legislation has spurred efforts by various entities to exert influence over cybersecurity policy. This client alert focuses on some of those efforts, including the Federal Energy Regulatory Commission’s (“FERC’s”) creation of a new cybersecurity office, North American Electric Reliability Corporation (“NERC”) action on cybersecurity Critical Infrastructure Protection (“CIP”) standards, continuing legislative developments concerning cybersecurity and anticipated White House executive orders on cybersecurity.

On February 14, 2012, a joint U.S. congressional committee, including Senators Joseph Lieberman (I-CT), Susan Collins (R-ME), Jay Rockefeller (D-WV) and Dianne Feinstein (D-CA), introduced the Cybersecurity Act of 2012 (the “Act”). Although the legislation appears to have strong bipartisan support, during a February 15 hearing before the Homeland Security and Governmental Affairs Committee, Senator John McCain (R-AZ) indicated that he and six Republican colleagues would propose their own cybersecurity legislation in March.

On November 29, 2011, the Federal Trade Commission announced that Facebook has settled charges that it deceived consumers by making false privacy promises. The settlement requires Facebook to (1) not misrepresent how it maintains the privacy or security of users’ personal information (2) obtain users’ “affirmative express consent” before sharing their information with any third party that “materially exceeds the restrictions imposed by a user’s privacy setting(s),” (3) implement procedures to prevent a third party from accessing users’ information no later than 30 days after the user has deleted such information or terminated his or her account, (4) establish, implement and maintain a comprehensive privacy program, and (5) obtain initial and biennial assessments and reports regarding its privacy practices for the next 20 years.

On November 17, 2011, Senator Jay Rockefeller (D-WV), Chair of the Senate Committee on Commerce, Science and Transportation, issued a statement emphasizing the need for increased consumer protection on the Internet. Rockefeller cited “disturbing” reports about Facebook’s ability to track non-members and members who have logged out of the site, stating that companies should not be tracking users without their consent.

On June 29, 2011, the Senate Committee on Commerce, Science and Transportation convened a hearing entitled “Privacy and Data Security: Protecting Consumers in the Online World.”  In opening remarks, Committee Chair Senator Jay Rockefeller (D-WV) highlighted that the hearing would consider both privacy and data security and discussed three bills focused on these issues.  First, Senator Rockefeller noted S. 917, the Do-Not-Track Online Act of 2011, a bill he introduced that would allow consumers to tell online companies that they do not want their personal information collected and require companies to honor those requests.  Second, the Senator referenced S. 799, the Commercial Privacy Bill of Rights Act of 2011, legislation introduced by Senators John Kerry (D-MA) and John McCain (R-AZ) that would comprehensively address privacy protection.  Finally, Senator Rockefeller spoke about S. 1207, the Data Security and Breach Notification Act of 2011, which he and Senator Mark Pryor (D-AR) reintroduced.  That bill would impose an obligation on companies to adopt basic security measures to protect sensitive consumer data and require companies to notify affected consumers in the event of a breach.  Senator Rockefeller emphasized several times his committee’s jurisdiction over privacy and data security issues.

On May 9, 2011, Senator Jay Rockefeller (D-WV), the Chairman of the Senate Committee on Commerce, Science and Transportation, introduced the “Do-Not-Track Online Act of 2011” (the “Act”).  The Act instructs the Federal Trade Commission to promulgate regulations that would (1) create standards for the implementation of a “Do Not Track” mechanism that would enable individuals to express a desire to not be tracked online and (2) prohibit online service providers from tracking individuals who express such a desire.  The regulations would allow online service providers to track individuals who do not want to be tracked only if (1) the tracking is necessary to provide a service requested by the individual (and the individuals’ information is anonymized or deleted when the service is provided), or (2) the individual is given clear notice about the tracking and affirmatively consents to the tracking.

The Transportation Security Administration has put in place new screening procedures in time for the busy Thanksgiving travel season.  The new procedures have been broadly criticized by aviation security experts and privacy advocates.  One of those experts, Professor Fred H. Cate, Director of the Center for Applied Cybersecurity Research and Professor of Law at Indiana University, has published an open letter to Senator Jay Rockefeller (D-WV) and Senator Kay Bailey Hutchison (R-Tex), urging oversight and reform.  The letter details the ineffectiveness of the new procedures and ...