August 7, 2020

Volume X, Number 220

August 07, 2020

Subscribe to Latest Legal News and Analysis

August 06, 2020

Subscribe to Latest Legal News and Analysis

August 05, 2020

Subscribe to Latest Legal News and Analysis

CEOs Lead Charge for National Consumer Privacy Law

Recently, Business Roundtable, an association for over 200 CEOs of America’s largest companies, released a detailed framework for a national consumer data privacy law that would provide uniformity in an area currently governed by an amalgam of state statutes and regulations. Business Roundtable is hopeful that it has the ear of the Administration and the Legislature to see progress on this effort in the 2019 Session.

The CEOs leading this effort come from a wide variety of industries, including: technology, communications, retail, financial services, health, manufacturing, hospitality, insurance and others. “There is an unprecedented opportunity to establish an innovative privacy landscape and underscore the need for a national privacy law,” said Julie Sweet, Chief Executive Officer – North America of Accenture and Chair of the Business Roundtable Technology Committee. “Consumers do not feel in control of their personal data and how it is collected, used and shared. U.S. laws to protect consumer privacy are highly fragmented, inconsistent and are nonexistent for much of the U.S. economy. A comprehensive national standard that details individual data privacy rights and provides clear obligations for how companies handle personal data is crucial for consumers, business and the U.S. economy.”

            The Business Roundtable legislative framework outlines four fundamental privacy rights for consumers:

  • The right to transparency regarding a company’s data practices, including the types of personal data that a company collects, the purposes for which this data is used and whether and for what purposes personal data is shared.
  • The right to exert control over their data, including the ability to control whether companies sell their personal data.
  • The right to access and correct inaccuracies in their personal data
  • The right to delete their personal data.

The proposal invokes federal preemption of state and local regulations and also addresses uniformity for data breach notifications. Currently all 50 states, Puerto Rico, the Virgin Islands, and Guam have a variety of requirements related to notification after data breaches or potential breaches. Despite having common threads, businesses operating in several states currently have to be wary of variance in notification requirements dependent on the number of affected residents, what constitutes “unreasonably delay,” and whether breaches may be pursued by private individuals or only the state’s attorney general. The proposal encompasses regulation by the FTC to ensure uniformity across industries and does not provide for a private right of action.

We will continue to track this issue, which addresses the balance that must be struck between the need for protection of the privacy of consumers and employees with the business community’s need for consistency and predictability in data privacy protection.

Jackson Lewis P.C. © 2020National Law Review, Volume IX, Number 17


About this Author

Jennifer Shoaf Richardson, Jackson Lewis, Employer Representation, workplace law matters attorney

Jennifer Shoaf Richardson is an Associate in the Jacksonville, Florida, office of Jackson Lewis P.C. Her practice focuses on representing employers in workplace law matters, including preventive advice and counsel.

Ms. Richardson previously defended insurers in bad faith/extra-contractual liability litigation and coverage matters. She has handled appeals in the Eleventh Circuit, the Supreme Court of Florida, and four out of five of Florida’s district courts of appeal. While attending law school, Ms. Richardson served as Senior Articles Editor...