June 18, 2019

June 18, 2019

Subscribe to Latest Legal News and Analysis

June 17, 2019

Subscribe to Latest Legal News and Analysis

Government Accountability Office Recommends Comprehensive Privacy Legislation

The Equifax and Facebook-Cambridge Analytica scandals, coupled with the proliferation of state privacy and security laws such as the California Consumer Privacy Act (CCPA)—as well as proposed laws in Washington and Massachusetts—have increased demand for a comprehensive national privacy law.  Last week, the Senate announced plans to hold hearings to discuss a proposed privacy law.  The Government Accountability Office (GAO) has just released its report recommending that Congress develop comprehensive privacy legislation to enhance consumer protections. 

The GAO, a non-partisan government watchdog, commenced its investigation into the current state of privacy law at the request of House Energy and Commerce Committee Chairman Frank Pallone, Jr.  In discussing his request, Chairman Pallone noted that the Equifax breach putting more than 143 million consumers at risk and the Facebook Cambridge Analytic scandal have demonstrated that  consumers’ privacy is  “violated online and offline in alarming and dangerous ways.”

As part of its investigation into federal oversight of Internet privacy, GAO interviewed industry stakeholders, such as current and former Federal Communications Commission (FCC) and Federal Trade Commission (FTC) employees, consumer advocates, academics, and industry professionals, in addition to evaluating FCC and FTC Internet privacy enforcement actions.

While all industry stakeholders believe that comprehensive privacy legislation would enhance privacy oversight, industry professionals believe GAO’s approach would stifle business innovation and become quickly obsolete due to the pace of technological advancement. Consumer advocacy stakeholders disagree and argue this type of comprehensive privacy legislation would promote clarity and deter harmful privacy practices.

CongressEven with mixed opinions from industry stakeholders, GAO ultimately recommends that Congress develop comprehensive legislation on Internet privacy to enhance consumer protections and provide flexibility to address a rapidly evolving Internet. In developing such comprehensive legislation, GAO notes that Congress must focus on (1) enacting legislation to establish privacy requirements for all sectors; (2) identifying agencies that should have the power to oversee privacy, including appropriate rulemaking authority; and (3) increasing the effectiveness of the overseeing agency by providing authority to impose civil penalties. To GAO, and national legislation supporters everywhere, this comprehensive legislation will enhance the federal government’s ability to protect consumer privacy, provide more certainty in the marketplace, and provide more confidence to consumers.

On February 26, the House Consumer Protection and Commerce Subcommittee will meet to discuss the GAO report. This hearing will take place just one day before the Senate Commerce Committee is set to hold a hearing entitled “Policy Principles for a Federal Data Privacy Framework in the United States” to discuss establishing federal privacy regulations.  Numerous hurdles exist in crafting a federal privacy law that is acceptable to consumer advocates and the business community, including state pre-emption, statutory fines, and increased powers for the FTC.  Still, the upcoming House hearings, coupled with the Senate’s hearings, suggest the Congress may finally be one step closer to comprehensive privacy reform.

Copyright © by Ballard Spahr LLP


About this Author

Kristen Poetzel, Ballard Spahr Law Firm, Philadelphia, Finance and Cybersecurity Law Attorney

Kristen Poetzel is an associate in the firm's Privacy and Data Security Group who concentrates on data privacy and cybersecurity matters, including breach response and investigation, risk assessment, proactive breach planning, regulatory investigation and compliance, and privacy litigation defense. Kristen's cybersecurity clients include financial institutions, corporations from various industries, health care entities, municipalities, and educational institutions. She uses her technical knowledge of ransomware, phishing, hacking, malware, Trojans, botnets...

Philip Yannella, Ballard Spahr Law Firm, Philadelphia, Data Security Attorney

As Co-Practice Leader of Ballard’s Privacy and Data Security Group, and Practice Leader of the firm’s E-Discovery and Data Management Group, Philip N. Yannella provides clients with 360-degree advice on the transfer, storage, and use of digital information.

Mr. Yannella regularly advises clients on the Stored Communications Act (SCA), Computer Fraud and Abuse Act (CFAA), EU-US Privacy Shield, General Data Protection Regulation (GDPR), Defense of Trade Secrets Act, PCI-DSS, Telephone Consumer Protection Act (TCPA), New York Department of Financial Services Cybersecurity Regulations, ISO 27001 compliance, HIPAA Security Rules, and FTC enforcement activity, as well as eDiscovery issues—leveraging his experience serving as National Discovery Counsel for more than two dozen companies in nationwide litigation. He harnesses his deep knowledge of privacy, data security, and information governance laws to help multinational companies develop global information governance programs to comply with overlapping, and sometimes conflicting, laws. Mr. Yannella serves on the advisory board for the ACC Foundation’s Cybersecurity Survey, the largest survey of in-house counsel on cybersecurity issues.