Yesterday, Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL) released a discussion draft of comprehensive privacy legislation that has been in the works for over a year.
The proposed legislation would require web publishers to alert users about how their information is being collected, used, shared and stored.
The most stringent requirements are placed on what the legislation terms “sensitive information” including race, religion, medical and financial history information. Also included in this category is specific geolocation information. All sensitive information would be subject to a consumer opt-in meaning, the consumer expressly consents to the collection of such information.
A second category of information termed “covered information” includes identifiers such as full name, social security number, telephone number, bank account number, biometric data etc. This kind of information would be subject to an opt-out meaning, the entity can collect such information unless the consumer expressly declines consent for such collection.
The draft mandates rules for the aggregation and sharing of covered information and creates detailed requirements for privacy notices. Entities who do not collect “sensitive” information and who collect information on fewer than 5000 individuals in a 12 month period are exempted.
I’m curious to learn how you think this legislation would affect your business. Would you need to comply? Would compliance be difficult/costly? Please chime in–in the comments.
Melanie is the Senior Technology Policy Representative at the National Association of Realtors. That means she lobbies Congress and Federal Agencies on technology policy issues of importance to the real estate industry. In her pre-NAR life Melanie has been a practicing attorney and a software start-up executive. Like any native Californian, Melanie loves good wine and bountiful farmers markets.
Benn Rosales
May 6, 2010 at 12:53 am
A page of size 9 small print with a yes or a no isn’t going to work like it has in the past. It should meet todays 2.0/web standards of transparency with each physical decision an opt-in/out. It’s no longer enough continue believing people read the small print anymore. I also believe legislation should be clear that ‘default’ should always err on the side of caution/private, not public.