US Senate Stuck in Creating National Data Privacy Laws

Laura BednarCybersecurityLeave a Comment

senators work to create federal data privacy law

The European Union’s (EU) General Data Protection Regulations (GDPR) came into action in a little over a year ago, and have since been stirring up questions about data protection in other parts of the world. The United States has finally decided to take some initiative to secure American’s privacy by holding hearings regarding a federal data privacy framework. While the Senate members on both ends of the political spectrum agree that privacy is needed online, there is some controversy about how to go about it.

Current Data Privacy Laws

The National Conference of State Legislatures states that there are currently at least 25 states that have data protection laws relating to private sector entities. The majority of these laws require businesses who own, license or maintain the personal information of a resident of that state to have reasonable security procedures and practices. In addition, personal information must be protected from unauthorized access, destruction, use, and modification. The current laws can fall into one of four categories:

  • Businesses only
  • Government only
  • Both business and government
  • There are no laws whatsoever

The Most Influential States

While each state has its own version, the standard against which the federal law will be measured is the California Consumer Privacy Act (CCPA). This Act follows the GDPR very closely and has three major goals it hopes to accomplish:

  • Consumers will have the right to know what information large corporations are collecting about you.
  • People can instruct a business not to share or sell personal information about them.
  • Consumers will have protections against businesses who do not uphold the value of privacy. This means individuals could sue companies who collected information on them.

California is not the first to implement more stringent laws. Vermont currently has a data broker law that requires data brokers, who sell consumer information to hundreds of sources, to register with the state. They are also prohibited from using that information for fraud and will be charged with a criminal offense if they do so.

The Biometric Illinois Privacy Act requires that companies obtain consent from individuals if they will disclose biometric identifiers, and must store them securely and destroy them in a timely manner.

Early Attempts at Data Security

One early attempt at a privacy bill was the American Data Dissemination Act, which would require the Federal Trade Commission (FTC) to submit detailed recommendations for privacy requirements. These would be passed on to Congress, who would decide on the recommendations and impose them on tech companies. This bill failed as it did not adequately address the problem at hand.

Senators from the House Committee on Energy and Commerce have already held a hearing in February where they pitched what they believe should be contained within a federal privacy bill. It seems that all lawmakers want data privacy laws that encompass all categories rather than specific coverage like the HIPAA laws.

Some of the points of contention in the hearing were:

  • Laws as authoritative as the GDPR hurt the commerce industry
  • Individuals should be able to access and correct data that companies store on them because some may have a low income, preventing them from fighting back.
  • Smaller businesses, in general, closed due to the GDPR because they could not afford compliance costs
  • There needs to be a difference in what is considered to harm consumers and what isn’t in order to keep quality consumer services

No Solution with the Clock Ticking

There has still been no official move to create a federal data privacy law as both political parties are arguing over how strict the bill should be. Among the many issues brought up at the hearing, senators also take issue with individuals suing companies over data misuse, saying it would perpetuate a culture of constant legal battles. The solution was to hire a regulator to enforce the rules, thus removing the need for legal action.

The Senators hope to pass a federal law before the CCPA takes effect on January 1, 2020, to effectively overrule California’s law. With time running out, if a federal law is not created soon, the nation may look to the west coast as the default data privacy regulations.

With Secure Data, you do not have to worry about your privacy being compromised. We are an SSAE 18 audited company and operate a Class 10 ISO 4 Cleanroom for all of our data recoveries. We take the highest precautions to protect your personal information throughout the recovery process and send your information back on hardware encrypted and FIPS 140-2 Level 3 validated secure storage solutions. For more information on our practices, call 1-800-388-1266.