Yesterday, Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL) released a discussion draft of comprehensive privacy legislation that has been in the works for over a year.
The proposed legislation would require web publishers to alert users about how their information is being collected, used, shared and stored.
The most stringent requirements are placed on what the legislation terms “sensitive information” including race, religion, medical and financial history information. Also included in this category is specific geolocation information. All sensitive information would be subject to a consumer opt-in meaning, the consumer expressly consents to the collection of such information.
A second category of information termed “covered information” includes identifiers such as full name, social security number, telephone number, bank account number, biometric data etc. This kind of information would be subject to an opt-out meaning, the entity can collect such information unless the consumer expressly declines consent for such collection.
The draft mandates rules for the aggregation and sharing of covered information and creates detailed requirements for privacy notices. Entities who do not collect “sensitive” information and who collect information on fewer than 5000 individuals in a 12 month period are exempted.
I’m curious to learn how you think this legislation would affect your business. Would you need to comply? Would compliance be difficult/costly? Please chime in–in the comments.