Lance Bellers - Fotolia
I heard the Consumer Privacy Bill of Rights proposed by President Obama may make compliance for data protection/privacy easier for enterprises that have to deal with multiple sets of state laws. Is this true? How will it accomplish that?
In 2012, President Obama announced a push to create a Consumer Privacy Bill of Rights (CPBR) that would establish a uniform set of privacy requirements across all jurisdictions in the United States. Three years later, the White House unveiled a draft text of this legislation and announced its goal to make the legislation a federal law.
The Consumer Privacy Bill of Rights faces an uphill legislative battle. Privacy advocates want the bill to further protect privacy while businesses are concerned that new federal compliance requirements may impede their operations. It remains to be seen whether the legislation will successfully pass through Congress.
The silver lining to the CPBR for organizations is that state laws covering privacy may finally become consolidated under a consistent federal law. For example, as of 2015, every state except Alabama, New Mexico and South Dakota has a state data breach notification law. While many of these laws are modeled after the first breach notification law in California, the laws also contain many differences. Attorneys for nationwide organizations have to familiarize themselves with all of these requirements and harmonize them in the event of an interstate security breach. Privacy laws are even more confusing than breach notification laws and the proposed federal law would specifically preempt state and local legislation.
The contents of the law won't surprise many compliance and privacy officials. The Consumer Privacy Bill of Rights is based upon the same Fair Information Practices found in Europe and applied in countries around the world today. Time will tell whether the United States will achieve a consistent standard similar to that used in the European Union.
Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)
Experts call for global data privacy standards in the cloud, businesses struggle through big data and privacy laws and the industry tries to solve data protection issues without federal legislation
Dig Deeper on Data privacy issues and compliance
Related Q&A from Mike Chapple
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
HIPAA regulations incorporate NIST guidelines and standards, so do healthcare organizations need to be compliant with both? Expert Mike Chapple ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.