First, a review of the Framework should be addressed. What is the Privacy Framework? The scope of the framework is to be applied to all commercial enterprises that collect data whether or not they interact with consumers or not. In addition it is also applied to data that can be associated with consumers, computers or other devices. The reason of the framework is because most consumers are unaware of the way their collected data is being used and how it’s used (Santalesa, R., 2010).
There was some speculation that the framework was to be tied to Department of Health and Human Services HIPAA. This is one of the scopes of the framework, called the Universal Scope. The other scope is called the Privacy by Design and these protections are: reasonable safeguards, limited data collection, reasonable retention and accuracy of data collected.
Now we can address the question. What’s next? Although the commission has not completely endorsed the DNT (do-not-tract) many major web browser owners have come on board and have announced their support. Microsoft’s IE ver. 9 has Tracking Protection features installed. There has been an agreement with some companies, i.e. Facebook, Google and Microsoft and IBM. They have agreed to support Privacy-by-Design and Do-Not-Track but only if the requirements are flexible and reasonably achievable. There has also been an upsurge in the States’ action for use of data security and protection. Along with the States’ potential for data protection and the other aforementioned actions and discussions, this passing of this regulation looks promising.
Kerry Releases Draft of “Privacy Bill of Rights”
This proposed act by Senator John Kerry (D- MA) and co-sponsored by Senator John McCain (R-AZ) is meant to enhance the privacy protections of individuals. The act is also meant to enhance commerce hopefully infusing consumer confidence. The salient points of the act will be address in the following paragraphs.
The act defines covered entities who are persons that collect data for at least 5,000 persons for a period of 12 months in addition to telecommunication carries and non-profit companies. Some of the information covered in this act is first name, last name, residential address etc. Not all PII (personal identifiable information) and UII (unique identifier information) data will be listed here. It’s also important to note that UII includes persistent information such as a customer number held in a cookie, user id, processor serial number or device serial number.
Only the most relevant information can be collected as to improve the services for covered entities. They are also required to assure the information that they collect is accurate. They are also required to notify all users of the act of collection, use of data and any changes to the data that has been collected. Covered entities are also required to make all users’ information accessible and upon request the entity has to relinquish all use of said data. All third parties are prohibited from access to the data unless there was consent by the consumer. Unauthorized use is another salient point that stipulates that any use by covered entities of data that is not meant to be used to process transactions, prevent a crime and improvement of service. There are others but only a few are mentioned. Finally, the state attorneys general are allowed to enforce this act including monetary penalties of up to $16,500.00 can be realized (Kerry Releases Draft of Privacy Bill of Rights, 2012).
Kerry Releases Draft of Privacy Bill of Rights (2012). Retrieved from http://www.infolawgroup.com/2011/03/articles/data-privacy-law-or- regulation/kerry-releases-draft-of-privacy-bill-of-rights/
Santalesa, R. (2011). Retrieved from http://www.infolawgroup.com/2011/03/articles/data- privacy-law-or-regulation/whats-next-for-the-ftcs-proposed-privacy-framework/
Santalesa, R. (2010). Retrieved from http://www.infolawgroup.com/2010/12/articles/privacy- law/review-of-ftcs-proposed-privacy-framework-part-1/
InfoLawGroup LLP. (2012). Kerry Releases Draft of Privacy Bill of Rights. Retrieved from http://www.infolawgroup.com/2011/03/articles/data-privacy-law-or-regulation/kerry-releases-draft-of-privacy-bill-of-rights/
Santalesa, R. (2011). What’s next for the FTC’s proposed privacy framework? Retrieved from http://www.infolawgroup.com/2011/03/articles/data-privacy-law-or-regulation/whats-next-for-the-ftcs-proposed-privacy-framework/
Santalesa, R. (2010). Review of the FTC’s proposed privacy framework – Part 1. Retrieved from http://www.infolawgroup.com/2010/12/articles/privacy-law/review-of-ftcs-proposed-privacy-framework-part-1/