Lance Bellers - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

What does the Consumer Privacy Bill of Rights mean for enterprises?

The Consumer Privacy Bill of Rights, if made a federal law, would create a uniform set of privacy requirements. Here's a look at the potential benefits.

I heard the Consumer Privacy Bill of Rights proposed by President Obama may make compliance for data protection/privacy easier for enterprises that have to deal with multiple sets of state laws. Is this true? How will it accomplish that?

In 2012, President Obama announced a push to create a Consumer Privacy Bill of Rights (CPBR) that would establish a uniform set of privacy requirements across all jurisdictions in the United States. Three years later, the White House unveiled a draft text of this legislation and announced its goal to make the legislation a federal law.

The Consumer Privacy Bill of Rights faces an uphill legislative battle. Privacy advocates want the bill to further protect privacy while businesses are concerned that new federal compliance requirements may impede their operations. It remains to be seen whether the legislation will successfully pass through Congress.

The silver lining to the CPBR for organizations is that state laws covering privacy may finally become consolidated under a consistent federal law. For example, as of 2015, every state except Alabama, New Mexico and South Dakota has a state data breach notification law. While many of these laws are modeled after the first breach notification law in California, the laws also contain many differences. Attorneys for nationwide organizations have to familiarize themselves with all of these requirements and harmonize them in the event of an interstate security breach. Privacy laws are even more confusing than breach notification laws and the proposed federal law would specifically preempt state and local legislation.

The contents of the law won't surprise many compliance and privacy officials. The Consumer Privacy Bill of Rights is based upon the same Fair Information Practices found in Europe and applied in countries around the world today. Time will tell whether the United States will achieve a consistent standard similar to that used in the European Union.

Ask the Expert:
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today. (All questions are anonymous.)

Next Steps

Experts call for global data privacy standards in the cloud, businesses struggle through big data and privacy laws and  the industry tries to solve data protection issues without federal legislation

This was last published in October 2015

Dig Deeper on Data privacy issues and compliance