Jacqueline Klosek and Andrew Lurie

Now that the Democratic Party has control of Congress after 12 years of Republican rule, gonzo pundits to armchair politicians are predicting big changes in the next two years. While it is likely that the new Congress will spend a considerable portion of its time debating the Iraq war, the proposed minimum wage and other high-profile issues, privacy is expected to be among the issues Congress confronts. The recent transitions in power have led privacy experts to expect that the new Congress will push through at least a few new measures designed to stabilize the privacy landscape.

Recent Trends in Privacy
After years of scale-backs of personal privacy rights, especially in the aftermath of 9/11, the outgoing 109th Congress did make some progress in certain aspects of privacy regulation. Toward the end of 2006, just before it adjourned, Congress passed a few measures of interest to those in the privacy realm. In the waning days of the session, the House and Senate each passed measures that were intended to address the problems of obtaining telephone records through the use of pretexting. On Jan. 12, 2007, President Bush signed into law the "Telephone Records and Privacy Protection Act of 2006." The new legislation establishes criminal penalties for the fraudulent or unauthorized acquisition or disclosure of confidential phone records information. In addition, during its final week in Washington, the 109th Congress passed the US SAFE WEB Act, a law designed to enable the Federal Trade Commission to better protect consumers from spam, spyware and Internet fraud on a global scale.

Overview of Significant Changes in the Legislature
Except for a brief period in 2001-2002 when the Democrats narrowly held sway over the Senate, the Republicans have maintained control of both houses of the legislature since 1994. The recently departed 109th Congress continued this trend, with the 55 Republicans in the U.S. Senate, 44 Democrats and one Independent. The House was comprised of 230 Republicans, 202 Democrats and one Independent. After the swearing in of the 110th U.S. Congress on Jan. 4, 2007, the House now is made up of 233 Democrats and 202 Republicans, while the Senate is split between 49 Democrats and 49 Republicans, with two Independents who plan to caucus with the Democrats, giving the Democrats a slight edge.

The abrupt switch in party leadership in both houses of the legislature has pundits predicting that the First Session of the new Congress will witness a swing to the political left, and the ripple effects could lead to a newfound focus on privacy rights. The new Democratically dominated political arena will likely be more receptive to privacy concerns, and privacy advocates, such as Sens. Dianne Feinstein, D-Calif., and Patrick Leahy, D-Vt., and U.S. Rep. Ed Markey, D-Mass., will be emboldened and empowered to push forward their mandates with a new sense of vigor. Leahy has been particularly critical of various acts of the current administration that he views as invasive to individual privacy rights, including wiretapping and compiling of databases regarding consumers. Leahy already has been publicly advocating changes in these measures. Significantly, Leahy was recently selected to oversee to the Senate Judiciary Committee, which presides over the writing of laws on topics ranging from criminal justice and wiretapping to intellectual property. The Committee's first hearing last month centered on the administration's data mining efforts, which sent a clear message about Leahy's priorities.

Data Security Breaches
One area of particular interest to federal lawmakers is the issue of what organizations should be required to do in the event of a data security breach. As a result of the numerous highly publicized security breaches that occurred during 2006, the majority of states have already enacted legislation that compels entities to notify their residents in the event of certain types of data breaches. Most of these measures have been modeled after California's ground-breaking law. However, Congress was unable in 2006 to reach consensus on how to protect individuals from the effects of data security breaches.

With the beginning of the current congressional session, there already has been some movement on the issue in the Senate. On January 10th, Feinstein reintroduced a bill aimed at protecting individuals from identity theft by requiring federal agencies and businesses to notify consumers in the event of a data breach. The proposed measure, entitled, the "Notification of Risk to Personal Data Act" (S. 239) had been introduced in the 109th Congress but was not passed. The measure, if passed, would preempt the numerous state security breach notification laws and provide for uniform federal protection in the event of a data security breach.

Collection and Use of Information by the Government
Leading Democratic Party members have called for a formal investigation into the myriad data mining activities that the government has undertaken - almost always under the guise of national security - in the past few years. While much of the concern about these issues has centered around the government's use of new technology, such as retinal scans and tracking systems, very recently, the concerns shifted to familiar territory, after, in connection with a Postal Service reform bill signing statement, President Bush claimed the right to open domestic mail in exigent circumstances, such as national security reasons. A bipartisan group of senators is seeking a resolution reaffirming that the privacy of the U.S. mail will be protected.

Regulation of Data Brokers
Data brokers also may be the subject of much focus in 2007. After the ChoicePoint breach in early 2006, the recently departed Congress took a long look at data brokers last year but was unable to push any of the proposed measures through to passage. For his part, Leahy has spoken out on the issue, asserting that the increasing proliferation of data brokers and the burgeoning market for collecting and selling personal information is a particularly troublesome topic. In the opening days of 2007, Leahy has assured privacy advocates that he will push again for legislation that establishes stronger penalties designed to deter identity theft and requires companies to notify individuals when their information has been compromised.

Social Networking Sites
It is also expected that social networking sites will garner some attention in 2007. In early December 2006, Sens. Charles E. Schumer, D-N.Y., and John McCain, R-Ariz., issued a joint press release to announce that they planned to introduce a bill that would require registered sex offenders to submit their active email addresses to local law enforcement organizations. It is anticipated that such a measure would help to protect users, especially older children and teens, of social networking sites like the popular from registered sex offenders. The legislation would enable these social networking sites to cross-check new members against a database of registered sex offenders and block predators from signing up for the service. Under the proposed measure, registered sex offenders would be required to provide an email address to their probation or parole officers and keep such officers apprised of any changes to such email address. Any sex offender submitting a fraudulent email address in an attempt to circumvent the law would face criminal penalties, including possible imprisonment, and any offender caught using an unregistered email address would automatically be in violation of probation or parole terms and face a return to prison.

Use of Social Security Numbers
It is likely that legislative action is likely around protecting Social Security numbers (SSNs). Given the immensely valuable nature of SSNs and their status as a sought-after target in identity theft operations, much thought already has been given to this issue at the state level. The result of this deliberation has been a slew of differing requirements and considerable compliance challenges for companies operating in more than one state. A federal measure would guarantee a minimum level of protection for all individuals, regardless of their state of residence. In addition, if a federal measure passes that includes a preemption provision, it would provide businesses with a more harmonized and less complex framework for them to more easily comply.

There already has been some activity in this area in the Senate. In early January, Feinstein introduced the "Social Security Number Misuse Prevention Act" (S. 238). The proposed measure, which is a reintroduction of a measure that failed to pass last term, would bar the sale or public display of a SSN without an individual's consent. The primary target of the proposed measure would be governmental agencies. The bill would prohibit federal, state and local government agencies from displaying SSNs on public records posted on the Internet or available to the public on CD-ROMs or other electronic media. It also would prohibit government agencies from printing SSNs on checks. While directed mainly at governmental authorities, the measure also would place limitations on the circumstances under which businesses can lawfully request SSNs from their customers.

The First Days of 2007 -Stay Tuned
Early indications suggest that privacy laws will be a hot topic in 2007. When the First Session of the 110th Congress began on Jan. 4, 12 privacy- and security-related bills were introduced on the first day. While it remains too soon to accurately predict what will occur with respect to privacy rights in 2007, the recent political shift has given privacy advocates reason to believe that significant changes are in the works.

The authors are attorneys with Goodwin Procter LLP in New York. They may be reached for comment at

This e-mail address is being protected from spam bots, you need JavaScript enabled to view it


This e-mail address is being protected from spam bots, you need JavaScript enabled to view it



If you want to comment on this post, you need to login.


Board of Directors

See the esteemed group of leaders shaping the future of the IAPP.

Contact Us

Need someone to talk to? We’re here for you.

IAPP Staff

Looking for someone specific? Visit the staff directory.

Learn more about the IAPP»

Daily Dashboard

The day’s top stories from around the world

Privacy Perspectives

Where the real conversations in privacy happen

The Privacy Advisor

Original reporting and feature articles on the latest privacy developments

Privacy Tracker

Alerts and legal analysis of legislative trends

Privacy Tech

Exploring the technology of privacy

Canada Dashboard Digest

A roundup of the top Canadian privacy news

Europe Data Protection Digest

A roundup of the top European data protection news

Asia-Pacific Dashboard Digest

A roundup of the top privacy news from the Asia-Pacific region

Latin America Dashboard Digest

A roundup of the top privacy news from Latin America

IAPP Westin Research Center

Original works. Groundbreaking research. Emerging scholars.

Get more News »

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

IAPP Job Board

Looking for a new challenge, or need to hire your next privacy pro? The IAPP Job Board is the answer.

Join the Privacy List

Have ideas? Need advice? Subscribe to the Privacy List. It’s crowdsourcing, with an exceptional crowd.

Find more ways to Connect »

Find a Privacy Training Class

Two-day privacy training classes are held around the world. See the complete schedule now.

NEW! Raise Staff Awareness

Equip all your data-handling staff to reduce privacy risk, with Privacy Core™ e-learning essentials.

Online Privacy Training

Build your knowledge. The privacy know-how you need is just a click away.

The Training Post—Can’t-Miss Training Updates

Subscribe now to get the latest alerts on training opportunities around the world.

Upcoming Web Conferences

See our list of upcoming web conferences. Just log on, listen in and learn!

Train Your Team

Get your team up to speed on privacy by bringing IAPP training to your organization.

Learn more »

CIPP Certification

The global standard for the go-to person for privacy laws, regulations and frameworks

CIPM Certification

The first and only privacy certification for professionals who manage day-to-day operations

CIPT Certification

The industry benchmark for IT professionals worldwide to validate their knowledge of privacy requirements

NEW! FIP Designation

Recognizing the advanced knowledge and issue-spotting skills a privacy pro must attain in today’s complex world of data privacy.

Certify Your Staff

Find out how you can bring the world’s only globally recognized privacy certification to a group in your organization.

Learn more about IAPP certification »

IAPP-OneTrust PIA Platform

Simplify privacy impact assessments with this cloud-based customizable platform - free to IAPP members!

72% say privacy is now a board-level concern

Find out more about privacy governance in the IAPP-EY Annual Privacy Governance Report 2016.

Privacy Vendor List

Find a privacy vendor to meet your needs with our filterable list of global service providers.

IAPP Communities

Meet locally with privacy pros, dive deep into specialized topics or connect over common interests. Find your Community in KnowledgeNet Chapters, Sections and Affinity Groups.

More Resources »

Time to Get to Work at the Congress

It's almost here! Thought leadership, a thriving community and unrivaled education...the Congress prepares you for the challenges ahead. Register now!

Plan for the Summit

The world’s premier privacy conference returns with the sharpest minds, unparalleled programs and preeminent networking opportunities. Registration opens December 19!

Intensive Education at the Practical Privacy Series

This year's Series spotlights Data Breach, FTC and Consumer Privacy, GDPR and Government privacy issues. It’s the education you need NOW. Early bird ends Nov. 4!

Speak at the Symposium

The call for speakers is open! The Symposium returns to Toronto this Spring and programming is now underway. Looking to share your privacy prowess? Submit by November 20!

Sponsor an Event

Increase visibility for your organization—check out sponsorship opportunities today.

More Conferences »

Become a Member

Start taking advantage of the many IAPP member benefits today

Corporate Members

See our list of high-profile corporate members—and find out why you should become one, too

Renew Your Membership

Don’t miss out for a minute—continue accessing your benefits

Join the IAPP»