The Department of Commerce’s “Internet Policy Task Force” prepared a green paper outlining ideas for a national data protection policy. Consumer information security is of paramount importance to the government agency, so it wants Fair Information Practice Principle issues front and center on the state-crafting agenda — and it wants it NOW!
Data Protection Policy: Fair Information Practice Principles (FIPPs)
The data protection policy known as Fair Information Practice Principles, or “FIPPs,” are already acknowledged and followed by most government departments. They’re a set of data protection principles that address the proper handling of customer PII. For example, one of the DHS’ principles is:
Transparency: Organizations should be transparent and notify individuals regarding collection, use, dissemination, and maintenance of personally identifiable information (PII).
FIPPs are broad and used as guides for Internet lawmaking, rather than data protection policy rules in and of themselves.
FIPPs: Industry-Specific Consumer Information Security Codes of Conduct
When the FIPPs task force solicited public opinions about the data protection policy guidelines, small businesses responded clearly: FIPPS are too vague to be effective. How can the problem of ambiguity be solved? Most small business association recommend that each industry develop a “voluntary” code of conduct and establish market-specific self-regulating bodies that work closely with the FTC to bust “bad boys.”
FIPPs Recommendation: National Standards for Security Breach Notifications
A Security Breach Notification, or “SBN,” is a alert sent out by businesses to people affected by privacy breaches — or, to be blunt: if a company gets hacked, its required to send an SBN to affected users and clients. Currently, SBN rules are strictly a state issue.
The lack of federal data protection policy standards when it comes to SBN laws is a burden for companies with branches in more than one state — as they must comply with several different standards. As such, business advocates are pushing for a federal SBN standard. If passed, entities that have to comply with fifty different states’ laws on SBNs would only have to comply with one SBN requirement.
FIPPs: Preemption of State Law
If lawmakers passed a national SBN law, state laws would still apply in the case of provisions covering unfair or deceptive practices. Additionally, state laws that are more restrictive than federal laws would continue to apply (though this seems to continue the burden for businesses to comply with differing laws among various states).
Although the federal laws would preempt state laws, state Attorneys-General would be authorized to enforce the federal laws. The idea behind this is to allow states to determine what areas need priority in enforcement, as they may differ in different jurisdictions.
Top-Rated Online Privacy Law Firm
Do you need a attorney well-versed in data protection policy law? Contact Aaron Kelly of the Kelly / Warner law firm today. Aaron is one of the first attorneys to concentrate on Internet law issues — and as such, has razor sharper online privacy legal chops – which translates into less research costs for you.
How good of an Internet law attorney is Aaron, you ask? You can check out his Martindale.com peer and client review ratings here, in addition to his avvo.com one here. Still want more? Head on over to the firm’s testimonial page here.
We look forward to assisting with your data security policy and online privacy legal issues so you can get back to what you do best – running your business.