US Federal Privacy

Image

US Federal Privacy Topic Page

Here, you can find the IAPP’s collection of coverage, analysis and resources related to federal privacy in the United States. The IAPP Resource Center also includes a “US State Privacy” topic page.

Featured Resources

TOOL

US Federal Privacy Legislation Tracker

This tracker organizes the privacy-related bills proposed in Congress to keep our members informed of developments within the federal privacy landscape.
Read More

RESOURCE ARTICLE

US federal AI governance: Laws, policies and strategies

This article provides a breakdown of artificial intelligence governance at the federal level, including the White House, Congress and federal agencies.
Read More

INFOGRAPHIC

US Institutions Privacy Stakeholder Map

This infographic is designed to help privacy professionals understand the myriad of entities involved in setting policy and enforcing privacy rules across the three branches of the federal system.
Read More

ARTICLE

White House unveils sweeping AI executive order

U.S. President Joe Biden released a comprehensive executive order creating the foundation for artificial intelligence development, use and governance in the U.S. This article covers the major points of the order.
Read More

ARTICLE

Bipartisan consensus in US privacy lawmaking

This article provides insight on several indications bipartisan support exists to eventually move a comprehensive federal privacy bill across the finish line.
Read More

INFOGRAPHIC

FTC Privacy Rulemaking – The Steps to Get There

The U.S. Federal Trade Commission intends to formulate rules prohibiting unfair/deceptive acts or practices. This infographic outlines the key rulemaking steps.
Read More


United States Privacy Digest newsletter

Be in-the-know on US privacy news by subscribing to the US Privacy Digest newsletter.

Additional News and Resources

US Congress unveils bipartisan FISA Section 702 reform legislation

Looking to address uncertainty around renewing Section 702 of the U.S. Foreign Intelligence Surveillance Act, a group of bipartisan lawmakers from both chambers of U.S. Congress introduced sweeping legislation that would reform the law and institute more legal safeguards for intelligence agencies to access U.S. citizens' electronic communication data.   Some of the reforms proposed in the Government Surveillance Reform Act include ending law enforcement's ability to purchase U.S. citizens elect... Read More

US policymakers, regulators discuss future of AI regulation at AIGG

It's been an earth-shattering week for those following policy developments in the artificial intelligence governance space. Monday kicked off with a sweeping executive order from the U.S. President Joe Biden on AI safety, security and trust. The G7 issued a code of conduct just days after the United Nations named its new AI advisory board, and this week the U.K. is hosting its AI Safety Summit, issuing the Bletchley Park Declaration.  Running in tandem with these developments, the IAPP is hosti... Read More

PCLOB report further divides FISA Section 702 reauthorization talks

The debate over reauthorization of Section 702 of the Foreign Intelligence Surveillance Act will be a hot topic in privacy circles right up to the December 2023 deadline. On 28 Sept., U.S. Privacy and Civil Liberties Oversight Board stirred the pot with a new report on the foreign surveillance tool's effectiveness and recommendations to consider in 702's reauthorization discussion. The report was approved by a 3-2 vote that was split along party lines with Republican board members dissenting. T... Read More

US lawmaker introduces Federal Cybersecurity Vulnerability Reduction Act

U.S. Rep. Nancy Mace, R-S.C., chair of the House Oversight Committee's Cybersecurity, Information Technology, and Government Innovation Committee, proposed the Federal Cybersecurity Vulnerability Reduction Act, The Record reports. The proposed legislation would require federal contractors to enact policies consistent with National Institute of Standards and Technology guidelines. Mace said the proposal would "ensure a proactive approach to cybersecurity, enabling contractors to identify and addr... Read More

Poll: Americans want federal regulation of AI

A poll of 1,001 registered U.S. voters conducted by the Artificial Intelligence Policy Institute found the majority want federal regulation of AI, ZDNet reports. Fifty-six percent of those polled support federal regulation and 82% said they do not trust technology leaders to tackle regulation independently. Sixty-two percent reported concerns about AI, with 86% saying they believe it could "accidentally cause a catastrophic event." Editor's note: Explore the IAPP AI Governance Center and subscri... Read More

US Senate committee advances children's privacy bills

The U.S. Senate Committee on Commerce advanced two bipartisan bills to enhance protections for children online, in a move lawmakers called "critical" in addressing a "sobering" crisis. The committee voted favorably to move the Kids Online Safety Act and the Children and Teens' Online Privacy Protection Act, leaving both eligible for consideration by the full Senate. The approvals came days after U.S. President Joe Biden directly endorsed the bills and reiterated he is been calling for enhanced ... Read More

A guide to the attorney general’s finding of 'reciprocal' privacy protections in EU

On 10 July, the two final pieces fell into place to create a new lawful basis for transferring personal data from the EU to the U.S., implementing the EU-U.S. Data Privacy Framework announced last October. U.S. Attorney General Merrick Garland designated the EU and the European Economic Area as "qualifying states" under President Joe Biden's Executive Order 14086.  That same day, the EU issued its final decision that the U.S. provides "adequate" protection of privacy, making it clearly lawful f... Read More

The Snowden disclosures, 10 years on

Even 10 years on, Edward Snowden's disclosures of U.S. government surveillance programs continue to make an impact on law and policy debates, particularly those involving privacy. His actions changed the coordinates of discussions not only about the balance between national security and privacy but about whistleblowing, journalism, trust in government and freedom of information. While the disclosures may have provided some answers, they generated at least as many new questions. Indeed, the pictu... Read More

Schumer outlines comprehensive US blueprint for AI regulation

U.S. Congress is prioritizing the establishment of rules for the deployment and use of artificial intelligence. While various proposals have begun to surface in recent weeks, Sen. Chuck Schumer, D-N.Y., has stepped up with arguably the most comprehensive plan yet. Speaking at the Center for Strategic and International Studies, Schumer unveiled a two-part strategy to "move us forward on AI" with "one part framework, one part process." The former component of the strategy is the "Securities, Acc... Read More

Assessing the Snowden revelations 10 years later

In 2012, Electronic Frontier Foundation co-founder and Grateful Dead lyricist John Perry Barlow spoke from the IAPP stage to warn about U.S. government surveillance. As a privacy reporter at the time, much of my writing focused on commercial aspects of privacy, particularly with regard to data breaches. Less than a year later, in June 2013, a series of high-profile disclosures rippled throughout the world and changed the calculus for the privacy profession.  Hard to believe it's now been 10 yea... Read More

Catching up with the co-author of the White House Blueprint for an AI Bill of Rights

As automated systems rapidly develop and embed themselves into modern life, policymakers around the world are taking note and, in some cases, stepping in. Earlier this year, the Biden administration took an early step by releasing a Blue Print for an AI Bill of Rights. Comprising five main principles, as well as what should be expected of automated systems, while offering a slate of real-world examples of the potential harms and benefits of artificial intelligence, the Blueprint is a must-read f... Read More

US senators reintroduce COPPA 2.0

U.S. Sens. Bill Cassidy, R-La., and Ed Markey, D-Mass., reintroduced the Children and Teens' Online Privacy Protection Act 2.0, which they said updates online privacy protections for children and teens for the 21st century. The bill prohibits internet companies from collecting personal data of users aged 13-16 without consent, bans targeted advertising to children and teens, covers platforms "reasonably likely to be used" by children, and establishes a "Digital Marketing Bill of Rights for Teens... Read More

House subcommittee hearing reiterates need for federal privacy legislation

During the 36th hearing held in U.S. Congress on privacy and data security over the last five years, members of the House Energy and Commerce Committee's Subcommittee on Innovation, Data, and Commerce again heard calls for comprehensive privacy legislation, namely the American Data Privacy and Protection Act.   The hearing, held Thursday, 27 April, focused on the need for a federal law to fill what Subcommittee Chair Gus Bilirakis, R-Fla., called a "piecemeal sector-specific approach" with exis... Read More

US reps. reintroduce Online Privacy Act

U.S. Reps. Anna Eshoo, D-Calif., and Zoe Lofgren, D-Calif., refiled the Online Privacy Act. The comprehensive federal privacy proposal offers user data rights, requires limitations and obligations on data practices and establishes a data protection authority. The bill also sets a legislative floor that allows state legislatures to go beyond OPA provisions as they see fit. Californian members of U.S. Congress, including Eshoo and Lofgren, are against the proposed American Data Privacy and Protect... Read More

IAPP GPS 2023: FTC's Bedoya sheds light on generative AI regulation

Privacy regulators around the world are increasingly growing curious and skeptical about generative artificial intelligence deployments. U.S. Federal Trade Commissioner Alvaro Bedoya is not among those worried about a lack of regulation to address any privacy issues stemming from rampant use of the fast-growing technology. From the keynote stage at the IAPP Global Privacy Summit 2023 in Washington, D.C., Bedoya told privacy professionals existing U.S. statutes at a sectoral level do in fact cov... Read More

White House announces National Cybersecurity Strategy

U.S. President Joe Biden announced the National Cybersecurity Strategy, which aims to "secure the full benefits of a safe and secure digital ecosystem for all Americans." Notably, the Biden administration's strategy seeks to "rebalance the responsibility to defend cyberspace" and place obligations on "the organizations that are most capable and best-positioned to reduce risks for all of us." Privacy and data security are mentioned under the strategy's intended approach to "shape market forces to... Read More

US House lawmakers keep federal privacy legislation top of mind

U.S. Congress made bipartisan progress on comprehensive federal privacy legislation last year, advancing the proposed American Data Privacy and Protection Act to the cusp of a U.S. House floor vote. The prioritization was no fluke and the 118th Congress is compelled to prove as much with eyes toward finalizing a national standard again this year. A step forward for 2023 federal privacy law prospects came with the latest Congressional hearing dedicated to privacy hosted by the House Committee on... Read More

A short history of privacy in US State of the Union addresses

The State of the Union address has a long history in the United States, going back to the Constitution and birth of the Republic, when President George Washington set the precedent by sharing his report on the country with both houses of Congress. That tradition did not last long, however, as less than a decade later, Thomas Jefferson, the nation’s third president, simply presented the legislature with a written report. Fast forward to the early 20th century and find that Woodrow Wilson revived... Read More

Report offers suggestions for updating US CMPPA

The U.S. Congressional Research Service issued a report on potential ways to update the Computer Matching and Privacy Protection Act, a law passed in 1988 to establish “procedures for agencies when they disclose and match data on individuals for certain purposes.” The report outlined changes such as “clarifying the scope of the CMPPA, developing an accurate accounting of matching programs … and assessing regulation and oversight of data matching.”Full Story... Read More

White House executive order brings EU-US data flow deal closer to finish line

The wait for a finalized agreement to solidify EU-U.S. data flows is winding down. The latest step forward in the process came with U.S. President Joe Biden's long-awaited executive order mandating new legal safeguards over U.S. national security agencies' access and use of EU and U.S. personal data. The order comes more than six months after Biden and European Commission President Ursula von der Leyen announced an agreement in principle on the EU-U.S. Data Privacy Framework. Talks for that agr... Read More

The EU-US Data Privacy Framework: A new era for data transfers?

The newly released White House executive order implementing the long-awaited EU-U.S. Data Privacy Framework clears a path for trans-Atlantic business and diplomacy alike. Since the Court of Justice of the EU’s “Schrems II” decision invalidated Privacy Shield more than two years ago, personal data flows from the EU to the U.S. have been legally questionable. Some might argue, data transfers were effectively banned. Enforcement actions have only trickled out, but their precedential and deterrent ... Read More

Twitter whistleblower testifies before US Senate Judiciary Committee

Twitter’s former head of security, Peiter Zatko, revealed his prior employer lagged a decade behind cybersecurity standards. This statement was one among several shocking disclosures he shared with members of the U.S. Senate Judiciary Committee during a hearing Sept. 13. Zatko, who worked at Twitter from November 2020 through January 2022, was called to testify to the committee after he filed a whistleblower complaint with the U.S. Federal Trade Commission and Securities and Exchange Commission... Read More

Pelosi opposes proposed American Data Privacy and Protection Act, seeks new preemption compromise

Prospects for a landmark vote in the U.S. House on the proposed American Data Privacy and Protection Act boil down to House Speaker Nancy Pelosi, D-Calif., who decides when or if the comprehensive privacy bill's number will be considered on the House floor. Pelosi did not take a side upon the ADPPA becoming available for a floor vote just ahead of U.S. Congress' summer recess, leaving many wondering where the chips would fall when federal lawmakers returned to work Sept. 6. Following weeks of u... Read More

The FTC’s privacy rulemaking: Risks and opportunities

If businesses thought August would bring a lull from the breakneck pace of privacy policymaking — including a draft federal privacy law, five new state privacy laws and a dizzying array of global privacy regulations from the EU to China to Japan — the U.S. Federal Trade Commission had other plans. Announcing an ambitious Advance Notice of Proposed Rulemaking, the FTC has put in motion a process that privacy advocates have dreamt about for years, promulgating trade regulations in privacy and data... Read More

Reframing data privacy

Many privacy regulations — such as the EU General Data Protection Regulation and the California Consumer Privacy Act — aim to protect consumers’ personally identifiable data from abuse, misuse and overuse. Yet personal data continues to be legally collected, aggregated, analyzed, packaged and resold. Information brokering has now become a revenue stream for many commercial organizations. The information broker industry has emerged to profit from brokering consumer data. Industry trade groups, l... Read More

What's next at the FTC?

Original broadcast date: July 28, 2022 In this LinkedIn Live event, IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, considers the avenues the U.S. Federal Trade Commission may go with commentary from BakerHostetler Partner Daniel Kaufman and Wilson Sonsini Goodrich & Rosati Partner Maneesha Mithal, both former FTC personnel. Watch the full recording on LinkedIn. Access the IAPP's LinkedIn profile ... Read More

US House committee showcases federal privacy momentum, opportunity

Tuesday's much-anticipated federal privacy law hearing hosted by the U.S. House Energy and Commerce Committee's Subcommittee on Consumer Protection and Commerce had a different vibe than what onlookers have become accustomed to when Congress discusses privacy matters. Past hearings — they've come in waves at the same time of year over the last three-or-so years — brought clear divides, separate agendas and no consensus among lawmakers on how to arrive at a solution. The proposed American Data P... Read More

What does the newest U.S. privacy bill mean for cybersecurity?

On Tuesday, June 14, the U.S. House Committee on Energy and Commerce held a hearing on the American Data Privacy and Protection Act discussion draft — a leading contender for a comprehensive federal privacy framework. The famed sticking points of individual redress mechanisms, preemption of state laws and the role of the U.S. Federal Trade Commission — the law’s likely federal enforcer — were among the slew of debated aspects. However, the cybersecurity provisions and data security requirements ... Read More

Understanding the scope of the draft American Data Privacy and Protection Act

As the policy community takes time to absorb and reflect on the substantive provisions of the draft American Data Privacy and Protection Act, it is worth exploring the basic scope of application of the bill. What organizations would be expected to comply? How do obligations differ based on size or function in the data economy? The ADPPA presents a somewhat complex array of organizational roles, with different names than privacy professionals may be used to. For example, what’s the difference bet... Read More

US lawmakers unveil bipartisan American Data Privacy and Protection Act

Members of U.S. Congress appear to be full-steam ahead in their pursuit of finalizing comprehensive federal privacy legislation by year's end. A day after revelations of a draft bill circulating, a bipartisan group of lawmakers published a discussion draft for the proposed American Data Privacy and Protection Act for full public consumption. U.S. Senate Committee on Commerce, Science, and Transportation Ranking Member Roger Wicker, R-Miss., and House Committee on Energy and Commerce's Frank Pal... Read More

Distilling the essence of the American Data Privacy and Protection Act discussion draft

Publicly released last Friday, the discussion draft of the American Data Privacy and Protection Act gave the privacy community plenty of food for thought for the weekend. Initial impressions and analyses of the text ranged from “very promising,” “a valuable first step,” and “hugely impactful” to “not bad.” Omer Tene perhaps described it most poetically as: “a tsunami that may yet make GDPR seem like a storm in a teacup.” Jim Steyer, founder and CEO of Common Sense Media, said that while the dra... Read More

We’re so close to getting data loyalty right

People are justifiably excited about the American Data Privacy and Protection Act. It’s the most significant bipartisan privacy legislation introduced in more than a decade, and it represents a sincere attempt to move beyond the ineffective “notice and choice” approach to privacy that has been the hallmark of U.S. legislators since the days of dial-up modems. The ADPPA has many interesting parts, which have been well-explained by others. But possibly the most significant part of the bill—and the... Read More

The Constitutional Right To Privacy

In this LinkedIn Live event, IAPP President and CEO J. Trevor Hughes sits down with UNH Assistant Law Professor Tiffany Li to discuss the potential implications and impact of overturning more than 50 years of jurisprudence on the right to privacy.  Read More

Leaked Roe v. Wade opinion sparks right-to-privacy concerns

The Supreme Court of the United States is front and center this week after Politico reported on a leaked initial draft majority opinion by Justice Samuel Alito on the 1973 Roe v. Wade decision. The Supreme Court Tuesday confirmed the leaked draft is authentic. However, Chief Justice John Roberts said the decision on the case is not yet final.  The draft opinion, in which Alito states that "Roe was egregiously wrong from the start," would repudiate the guarantee of federal constitutional protect... Read More

What Judge Ketanji Brown Jackson’s US Supreme Court appointment could mean for privacy

As Judge Ketanji Brown Jackson is making headlines and history as the first Black woman confirmed to serve on the United States Supreme Court, the privacy community is exploring the related privacy law experience she brings to the Court and what her appointment could mean for future decisions. During nomination hearings in March, Jackson faced two days of questioning from members of the Senate Judiciary Committee on her qualifications, sentencing record as a U.S. District Court judge for the Di... Read More

US cybersecurity director on how government can form new social contract with tech industry

United States National Cyber Director Chris Inglis said there is plenty of room for both the technology and privacy industries, and the intelligence gathering and national security arms of the federal government to coexist in cyberspace without their core missions colliding. Inglis laid out a vision for creation of what he called a new “social contract” between the technology and privacy industries, and U.S. national security cyber apparatuses during a discussion facilitated by Morrison & F... Read More

Microsoft's Smith implores US to keep pace in global privacy conversation

A day after Apple CEO Tim Cook called for a U.S. federal privacy law from the keynote stage at the IAPP Global Privacy Summit 2022, Microsoft President and Vice Chair Brad Smith took the urging up a notch in his own keynote address Wednesday. Smith not only made clear that Microsoft was in favor of U.S. Congress acting on federal privacy legislation, but went further with criticism regarding the lack of action on Capitol Hill. He noted that legislation is "not just needed, but long overdue" and... Read More

FTC Chair Lina Khan anticipated to share privacy vision

U.S. Federal Trade Commission Chair Lina Khan will make her first public address focused on privacy issues as chair during the upcoming IAPP Global Privacy Summit in Washington, D.C., an opportunity privacy leaders hope she takes to clearly articulate her privacy visions and plans for the agency. “This speech is an important occasion for Lina Khan — an opportunity to lay out a strong vision and engagement on privacy for a global audience,” said The Brookings Institution Ann R. & Andrew H. T... Read More

Biden's State of the Union remarks put children's privacy front and center

Short, strong and to the point. That's what U.S. President Joe Biden angled for with comments on improving children's privacy and online safety in his State of the Union Address Tuesday night. The White House tipped the public off to Biden's planned remarks, giving the privacy community something to look forward to with the address. While the president's words didn't stray from what was prepared, the message was crystal clear. "It's time to strengthen privacy protections, ban targeted advertis... Read More

Key data security insights from FTC CafePress settlement

A data minimization requirement, a mandate to use multi-factor authentication, direct notice to consumers with an admission of wrongdoing, monetary relief. There’s a lot to pay attention to in the U.S. Federal Trade Commission’s proposed settlement with the current and former owners of CafePress, announced March 15. IAPP Managing Director, Washington, D.C., Cobun Zweifel-Keegan, CIPP/US, CIPM, has done an excellent job of teasing out the privacy lessons hidden in what is, on its surface, a data ... Read More

US House subcommittee talks proposed surveillance ad ban, Big Tech accountability

From the harms caused by targeted advertising, to the importance of protecting children online, to the need for a comprehensive federal privacy law, a wide-ranging U.S. House committee hearing Tuesday explored legislative ways to protect online users. In its third hearing on the topic, the House Committee on Energy & Commerce’s Subcommittee on Consumer Protection and Commerce discussed the proposed Banning Surveillance Advertising Act of 2022, Algorithmic Accountability Act of 2022, Digital... Read More

FTC takes steps toward privacy, AI rulemaking

As the debate rages on regarding whether the U.S. Federal Trade Commission should or could begin rulemaking on privacy, the commission has signaled it is not willing to wait for a consensus. On Dec. 10, the FTC filed an Advanced Notice of Proposed Rulemaking with the Office of Management and Budget that initiates consideration of a rulemaking process on privacy and artificial intelligence. The filing describes the FTC's intent as seeking to "curb lax security practices, limit privacy abuses, an... Read More

Australia, US reach crime data sharing agreement

The U.S. Department of Justice announced the U.S. and Australia entered into a crime data sharing agreement under the Clarifying Lawful Overseas Use of Data Act. The DOJ said the agreement will allow law enforcement from both countries to trade electronic data in efforts to "prevent, detect, investigate and prosecute" a range of serious crimes, including ransomware attacks. The deal will be carried out with "strong protections for the rule of law, privacy and civil liberties," according to the D... Read More

Senate committee talks need for FTC resources, federal privacy law

During the first U.S. Senate privacy hearing of the year before the Committee on Commerce, Science, and Transportation Wednesday, former members of the Federal Trade Commission said the agency is lacking resources to handle the privacy and data protection challenges of today’s digital world, while Sen. Roger Wicker, R-Miss., called on the Biden administration to appoint a senior staffer to lead the charge on a federal privacy law. The former FTC officials urged enhanced enforcement authority fo... Read More

Study: Americans want government to prioritize data security, privacy

A study by the Associated Press-NORC Center for Public Affairs Research and MeriTalk found a majority of Americans believe the federal government can improve citizens’ online data security. More than 7 in 10 adults believe personal data security should be a national security issue, and national standards for the collection, processing and sharing of personal data should be established by the federal government. Sixty-one percent say the federal government should “devote a good deal of time to da... Read More

Privacy bills in the 117th Congress

As the August recess commences, it seems an opportune moment to consider the legislative developments around privacy in the 117th U.S. Congress. More than halfway into 2021, dozens of privacy-related federal bills have been introduced that, if passed, would have a major impact on how organizations handle personal data and the rights afforded to individuals. Yet, these efforts in Congress toward passage of a new federal privacy law have received less attention as state-level privacy legislation ... Read More

Standing issues in U.S. privacy class actions

In the U.S., class actions are a popular enforcement mechanism to compensate consumers, including for alleged violations of state and federal privacy laws and data breaches. While there is no federal comprehensive data privacy law in the U.S., there are a number of state and federal privacy-related laws, like Illinois’ Biometric Information Privacy Act, the California Consumer Privacy Act and the federal Fair Credit Reporting Act, that are frequently the basis for class action claims. While thes... Read More

Rep. DelBene on what it will take to pass US privacy legislation

Prospects for a federal privacy law in the U.S. ramped up in recent years, but nothing has come close passing even though data protection is a bipartisan issue. At the same time, U.S. state activity is swarming and many countries around the world are developing and implementing their own national privacy laws. So what’s it going to take for the U.S. to pass a federal law? Rep. Suzan DelBene, D-Wash., was the first congressional lawmaker to propose federal privacy legislation in 2021. Her bill re... Read More

April Doss on US surveillance, global data flows and Big Tech after the Russia investigation

U.S. government surveillance bubbled back up in headlines in recent weeks. Portugal's data protection authority, the National Data Protection Commission, halted transfers of data to the U.S. after complaints that census data were being sent back to the U.S. The same week, a U.S. Foreign Intelligence Surveillance Court decision was published, in which it renewed a U.S. surveillance program even though it found some Federal Bureau of Investigation employees illegally accessed email data. This come... Read More

Protect consumer privacy: Repeal GLBA's privacy provisions

How do the privacy protections in the Gramm-Leach-Bliley Act — the well-known banking law — help consumers? The short answer is that the GLBA does almost nothing to help consumer privacy. Understanding that the GLBA is essentially a privacy fraud is important because exemptions for the GLBA are features of some state and federal privacy bills. Let’s look at the provisions of the GLBA. The privacy part of the law provides two — and only two — provisions for consumers. First, each financial insti... Read More

Tracking the politics of US privacy legislation

Observers of the debate around the potential for a new federal data privacy law know that dozens of relevant bills have been introduced and debated in U.S. Congress over the past couple of legislative sessions. While they make for good reading and discussion material, do any of them have a realistic shot at survival? If so, which of them are the most likely to eventually make their way into law? As the IAPP continues to track these proposals, a very basic but important realization should come i... Read More

Former US privacy officials say 'not so fast' on federal law

The attention of a U.S. privacy pro is divided pretty well these days. First and foremost, compliance efforts for the California Consumer Privacy Act are underway. But there's also other laws — both domestic and international — to consider, along with heightened focus on incident response and prevention. Regardless of how occupied privacy pros' minds are these days, there likely remains a space carved out for the unknown that is: a potential federal U.S. privacy law. Momentum for federal legisl... Read More

What is a robocall, anyway?

"I don't know what you mean by 'glory,'" Alice said.     Humpty Dumpty smiled contemptuously. "Of course you don't — till I tell you. I meant 'there's a nice knock-down argument for you!'"    "But 'glory' doesn't mean 'a nice knock-down argument,'" Alice objected.    "When I use a word," Humpty Dumpty said, in rather a scornful tone, "it means just what I choose it to mean — neither more nor less."    "The question is," said Alice, "whether you can make words mean so many different things."   ... Read More

US Senate grapples with how to regulate AI

At a hearing at the U.S. Senate Committee on Commerce, Science, and Transportation June 25, lawmakers aimed to determine what kind of government intervention, if any, is necessary for artificial intelligence given that companies are competing for "optimal engagement" from internet users, something that is often achieved through user manipulation and without their knowledge.  "While there must be a healthy dose of personal responsibility when users participate in seemingly free online services, ... Read More

The importance of a mandatory arbitration carve-out in a US privacy law

The U.S. Congress is currently considering a number of competing bills aimed at implementing a federal privacy law. Although the details of each proposal vary, such a law would have a profound effect on how an individual’s personal data may be used, shared and protected. Still, the specifics of a new federal privacy regime remain unclear. According to the Brookings Institution: “Many questions, such as the size and type of entities covered; individual rights of access, correction, and deletion;... Read More

Consensus and Controversy in the Debate Over US Federal Data Privacy Legislation

(JUpdated: October 2019) – Over the past year, numerous lawmakers and organizations have offered proposals or recommendations regarding a new U.S. federal data privacy law. To shine more light on the specific provisions that are being debated, we look here at a set of bills that have been introduced in Congress in the past year, from the Consumer Data Protection Act introduced by Senator Ron Wyden, D-Ore., to the Algorithmic Accountability Act of 2019 and the Do Not Track Act, among many others. Read More

Guide to the Gramm–Leach–Bliley Act

This guide provides an overview of the main provisions of the GLBA. Easily navigate within this guide through the following sections: Overview The Financial Privacy Rule The Safeguards Rule Privacy Protection for Customer Information — Pretexting & Fraudulent Access Overview What is it? The GLBA is a federal law that became effective in the United States In 1999. The GLBA is also known as the Financial Services Modernization Act of 1999. Privacy pros zero in on Title V,... Read More