There are a number of competing bills that are under consideration in the U.S. Congress that are geared toward the creation of a federal privacy law. The parameters of each bill vary, but what's unclear regarding each of their measures is whether they will include a private right of action for the victims of a data breach. Attorney Beth Graham, CIPP/E, CIPP/US, CIPM, argues that "without an arbitration exception, a private right of action for federal privacy law violations would be effectively useless for many data subjects." With forced arbitration clauses in place to help companies to avoid litigation, Graham suggests a U.S. privacy law "will lack teeth" without a provision that allows data subjects to sue for damages caused by the improper handling of their personal information. Graham fully explains her stance in a Privacy Perspectives post.
If you want to comment on this post, you need to login.