Why We Need Interstate Privacy Rules for the USSeptember 25, 2020
In the absence of a comprehensive federal privacy law that pre-empts disparate and inconsistent state privacy laws, a multistate interoperability code of conduct or certification may be the only way for organizations, particularly SMEs, to comply with an ever-increasing number of state privacy requirements.
This Concept Proposal makes the case for interstate privacy rules for the U.S. |
Data Protection in the New Decade: Lessons from COVID-19 for a US Privacy FrameworkAugust 24, 2020
Data protection is constantly evolving, and the global experience with COVID-19 in 2020 has offered valuable lessons to help guide that evolution in the future. Digital data and technologies have assumed an even greater importance in economic activity, social connectivity, and public health.
This discussion paper highlights some of the key data protection lessons from COVID-19. It focuses on providing guidance to inform development of a comprehensive US federal privacy framework, while also drawing on the broader context of other nations and regions. |
What Does the USMCA Mean for US Federal Privacy Law?January 17, 2020
This paper argues that in light of the USMCA, any new comprehensive federal privacy law must take account of and enable the CBPR and similar formal accountability mechanisms, such as privacy codes of conduct and certifications, in order to fully account for U.S. obligations under the digital trade chapter in which this recognition is found. Moreover, such formal privacy programs and certifications should be included regardless of the USMCA because they are important tools for effective legal compliance, serve as cross-border transfer mechanisms for data flows to and from countries that require such transfer mechanisms, and deliver many other benefits to all stakeholders, as discussed below.
|
Organizational Accountability in Light of FTC Consent OrdersNovember 13, 2019
In the United States, organizational accountability is a requirement that has long been established in law and regulatory guidance across a wide variety of corporate compliance areas. In the US privacy realm, the Federal Trade Commission (FTC) has traditionally spelled out many of accountability’s key features through its consent decrees. Practically every consent decree resulting from an FTC privacy case has included a requirement to establish and implement a written privacy and security program, with many of these incorporating the essential elements of organizational accountability.
This paper will explore the recent $5 billion dollar FTC settlement with Facebook (“Facebook Settlement”) which resulted from Facebook’s alleged violation of a prior 2012 FTC consent order. It will also examine the recent FTC settlement with Equifax, related to its 2017 data breach (“Equifax Settlement”). |
The Concept of Organizational Accountability - Existence in the US Regulatory Compliance and its Relevance for a Federal Data Privacy LawJuly 3, 2019
As the US considers the adoption of a comprehensive federal privacy law, numerous stakeholders have raised the importance of incorporating the concept of “organizational accountability” into any new US privacy law. Accountability is now globally recognized as a key component of effective privacy and data protection regulation. This global acceptance, however, creates the misconception for some that this concept is somehow a foreign import and does not fit within US corporate and legal culture. Accountability is also sometimes misunderstood as a concept that is too vague or hard to define, or as something that is promoted by industry in lieu of strict and enforceable privacy rules. Nothing could be further from the truth.
This paper explores the concept of organizational accountability as it exists within the current US legal system across a variety or regulatory areas and what this can teach us for a federal privacy law. |
Ten Principles for a Revised US Privacy FrameworkMarch 21, 2019
Our economies and societies are in the midst of the 4th industrial revolution, with digitalization and datafication transforming the way we live, work and interact. This transformation has brought into sharp focus the question of how we should regulate data use, governance and privacy to enable us to reap the benefits of data driven innovation while mitigating the risks associated with ubiquitous and massive data use. In response, many countries have updated or are in the process of updating their data privacy laws and frameworks.
This paper focuses on principles for a potential US federal privacy law. This federal law should have the dual objectives of providing appropriate privacy protections for consumers and enabling the digital economy and innovation to ensure US leadership and competitiveness. CIPL believes that the following principles will help ensure that these dual goals are met. |
Learning from GDPR: What Elements Should the US Adopt?January 25, 2019
This paper outlines top aspects of the GDPR which should be incorporated in a new federal US privacy law and top aspects that should not be included without further adaptation.
These aspects are stated at a very general level with a non-GDPR expert audience in mind. |
Copyright © 2024 by the Centre for Information Policy Leadership at Hunton Andrews Kurth LLP.
|