May 24, 2012

Proposed Federal Privacy Legislation: Summary of Kerry-McCain Bill

Greenberg Traurig
Heidi Salow
Alan N. Sutin
David A. Wheeler
Greenberg Traurig, LLP
Saturday, April 30, 2011
Communications, Media & Internet / Consumer Protection
All Federal / All States
Printer-friendly
Email this Article
Download PDF
Reprints & Permissions

On Tuesday, April 12, 2011, Senators John Kerry (D-MA) and John McCain (R-AZ) formally introduced the Commercial Privacy Bill of Rights Act of 2011 (S. 799). If enacted by Congress in its current form, the Act will require companies to provide greater transparency to consumers regarding what personal information companies are collecting and how it will be used. The Act also would authorize enforcement by the Federal Trade Commission (FTC) or State Attorneys General and provide for penalties of up to $16,500 per day, up to a maximum of $3,000,000. The Act also would mandate that companies offer “opt-out” mechanism for all collected personal information and impose an “opt-in” mechanism for “sensitive” personal information.

The Act’s primary purpose is to establish a comprehensive, unified framework to address the collection and use of personally identifiable information  such as name, postal addresses, unique identifiers, geographic location, e-mail addresses, phone numbers, bank and credit account numbers, non-work phone numbers, and biometric data. It also broadly would include “[a]ny information that is collected, used or stored in connection with personally identifiable or unique identifier information in a manner that may reasonably be used by the party collecting the information to identify a specific individual.” (emphasis added)

The proposed Act requires that companies “have managerial accountability, proportional to the size and structure of the covered entity, for the adoption and implementations of policies consistent with [the] Act.”  Companies would be required to implement comprehensive personally identifiable information privacy protection programs based on reasonable expectations of privacy, and to deal with relevant threats to keeping such covered information private and secure.

The legislation proposed by Senators Kerry and McCain is quite wide in scope, but highlights include:

  • Required opt-out for all information and opt-in for sensitive information. Opt-outs are considered by many to be a best practice but are not currently required by most U.S. laws. The proposed bill would require companies to give “robust and clear” notice that the opt-out was available, and for “sensitive” information (as defined in the bill) the collection and use of the information would require the affirmative consent of the consumer.
     
  • Limitation on the Data that can be collected.Under the proposed legislation, companies could only collect covered information they need to provide a transaction or services. If they hand off covered information to third parties, there should be contracts binding what those third parties can do with the data.
     
  • Establishment of “Safe Harbor” Programs.The FTC could approve nongovernmental organizations to oversee voluntary “Safe Harbor” programs that would allow companies to shield themselves from liability by implementing agreed procedures. 
     
  • Federal Authorities Play Lead Role in Enforcement.The proposed legislation would enable both state Attorneys General and the FTC to enforce the new privacy rules, but the state authorities would have to yield to the FTC if both wished to pursue the same case.  Significantly, the proposed legislation does not provide a private right of action for individuals to bring claims. 

Currently, the proposed Act does not set forth any form of "Do Not Track" mechanism or data breach notification requirements. 

©2012 Greenberg Traurig, LLP. All rights reserved.

About the Author

Heidi Salow
Shareholder

Heidi Salow has been handling cutting-edge issues involving privacy and data security, intellectual property and e-commerce for 15 years. Ms. Salow is an experienced negotiator whose practice includes transactional work, legislative advocacy and compliance counseling. She represents clients on regulatory and public policy matters before Congress, the Administration, and federal and state agencies. She has helped numerous companies achieve compliance with a host of complex privacy, data security, intellectual property and e-commerce laws.

salowh@gtlaw.com
703-749-1300
www.gtlaw.com

About the Author

Alan N. Sutin
Partner

Alan is chair of Greenberg Traurig’s Global Intellectual Property & Technology Practice Group. An experienced business lawyer focused on commercial transactions with significant intellectual property and technology issues, Alan brings a practical, business-oriented approach to advising companies as they expand their use of new leading-edge technologies. He advises clients in connection with transactions involving the development, acquisition, disposition and commercial exploitation of intellectual property with an emphasis on technology-related products and services.

sutina@gtlaw.com
212-801-9200
www.gtlaw.com

Contributors

David A. Wheeler
Of Counsel

David A. Wheeler focuses his practice on eCommerce, information technology, and privacy matters. His experience includes domain name and trademark disputes and registrations, trade secrets litigation, information privacy and identity management, data breach notification compliance, software licensing and outsourcing agreements. Prior to practicing law, David served as a software engineer for a Virginia-based defense contractor and later traded spot currencies as an electronic market maker for the First National Bank of Chicago. He also served as telecommunications consultant for the Bank...

wheelerd@gtlaw.com
312-456-8450
www.gtlaw.com

Boost: AJAX core statistics

Legal Disclaimer

You are responsible for reading, understanding and agreeing to the National Law Review's (NLR’s) and the National Law Forum LLC's  Terms of Use and Privacy Policy before using the National Law Review website. The National Law Review is a free to use, no-log in database of legal and business articles. The content and links on www.NatLawReview.com are intended for general information purposes only. Any legal analysis, legislative updates or other content and links should not be construed as legal or professional advice or a substitute for such advice. No attorney-client or confidential relationship is formed by the transmission of information between you and the National Law Review website or any of the law firms, attorneys or other professionals or organizations who include content on the National Law Review website. If you require legal or professional advice, kindly contact an attorney or other suitable professional advisor.  

Some states have laws and ethical rules regarding solicitation and advertisement practices by attorneys and/or other professionals. NLR does not accept advertising from attorneys or law firms. The National Law Review is not a law firm nor is www.NatLawReview.com  intended to be an advertisement or a referral service for attorneys and/or other professionals. The NLR does not wish, nor does it intend, to solicit the business of anyone or to refer anyone to an attorney or other professional.  NLR does not answer legal questions nor will we refer you to an attorney or other professional if you request such information from us. 

Under certain state laws the following statements may be required on this website and we have included them in order to be in full compliance with these rules. The choice of a lawyer or other professional is an important decision and should not be based solely upon advertisements. Attorney Advertising Notice: Prior results do not guarantee a similar outcome. Statement in compliance with Texas Rules of Professional Conduct. Unless otherwise noted, attorneys are not certified by the Texas Board of Legal Specialization, nor can NLR attest to the accuracy of any notation of Legal Specialization or other Professional Credentials.