In today’s blog, I would like to comment on sustainable practices, the “S” in RSVP. Often sustainability is affected by public sentiment. We should all take heed.
Considerable concern has been voiced recently in Europe and Latin America about the revelations Edwards Snowden has unleashed concerning the practices of the NSA. Obviously those practices are not sustainable in their current form. While government practices can have far more serious consequences than private sector practices, what government decides is appropriate affects the private sector as well.
During President Obama’s recent speech on NSA reforms, he commented on industry use of consumer data and privacy issues. “There was recognition by all who participated in these reviews that the challenges to our privacy do not come from government alone. Corporations of all shapes and sizes track what you buy, store and analyze our data, and use it for commercial purposes; that’s how those targeted ads pop up on your computer or smartphone. But all of us understand that the standards for government surveillance must be higher.”
“I have also asked my Counselor, John Podesta, to lead a comprehensive review of big data and privacy. This group will consist of government officials who—along with the President’s Council of Advisors on Science and Technology—will reach out to privacy experts, technologists and business leaders, and look at how the challenges inherent in big data are being confronted by both the public and private sectors; whether we can forge international norms on how to manage this data; and how we can continue to promote the free flow of information in ways that are consistent with both privacy and security.”
We don’t know how the results of this process might differ from the Consumer Privacy Bill of Rights for the private sector that was put forth by the Department of Commerce in 2012, setting forth, in general terms without specific legislative language, aspirational principles to protect an individual’s privacy.
The Consumer Privacy Bill of Rights includes the following principles:
1) Individual Control:
Consumers should be able to exercise control over what personal data companies collect from them, how they use it, and how third parties use personal data or whether they receive it.
Consumers should be able to easily understand what data companies collect, why it’s needed, how it’s used, and when it will be deleted or de-identified, as well as, whether, and for what purposes, it may be shared with third parties.
3) Respect for Context:
Consumers should be able to expect that companies will collect, use and disclose personal data in ways that “are consistent with the context in which consumers provide the data”. If companies use or disclose personal data for other purposes, “they should provide heightened transparency” and “meaningful opportunities to prevent these disclosures”.
Companies need to provide security and adequate safeguards for personal consumer data they collect and maintain. The Framework urges the adoption of a “national standard” for notification following a breach of security, replacing the laws in place in 47 States and the District of Columbia.
5) Access and Accuracy:
Consumers should be able to have access to personal data and the right to correct inaccuracies. Inaccurate personal data “may lead to a range of harms” which must be balanced against respect for the First Amendment’s freedom of speech.
6) Focused Collection:
Consumers should be able to place reasonable limits on the personal data that companies collect and retain, limiting the data to only what companies need to achieve the specific purpose for which the data was first collected, and to destroy it once its purpose has expired.
Companies should be held accountable to assure that they adhere to the Bill of Rights. One way to achieve this end is to have periodic audits and to recognize that when data is transferred to a third party, all parties remains accountable for how it is handled.
We will be following the new developments by the Administration, and will keep you posted.
An interesting follow-up to this was the opening session at the World Economic Forum in Davos Switzerland. Instead of a Noble laureate panel of economists, promoting the technology revolution were senior executives from Yahoo, AT&T, BT Group, Cisco Systems and SalesForce.com.
The economists stuck back point out that the many opportunities provided by the digital disruption of companies and communities also carry complex political, economic and social risks. Laurence Summers, former US Treasury secretary, said the advance of technology was not an “unalloyed good”, likening the benefits and the disruption to the industrial revolution. He went onto warn that the world lacked the kind of political leaders who helped shape public policy of the late 19th and early 20th century.
At the heart of the issue is the impact on jobs. Eric Schmidt, chairman at Google, warned that automation could wipe out a broad range of jobs, while creating new jobs in the tech space. One Nobel Prize-winning economics summed it up by saying, “We’re innovating in a world that doesn’t have a perfect map, so we’re going to have to do it with empathy and humanity.”
Advertisers should take head and work harder of establishing ethical marketing guidelines for the industry.
Other key issues to watch include:
- Obama’s full speech, for those who are interested is available at http://www.nationaljournal.com/white-house/full-text-of-obama-s-speech-on-nsa-surveillance-20140117.
- The FTC report on their investigation into data brokers is still expected any day.
- Congress has started the year with some privacy and security legislation.
Senate Finance Chairman Max Baucus (D-MT) introduced the Bipartisan Congressional Trade Priorities Act which creates guidelines for future international trade agreements and includes language on digital trade in goods and services and cross-border data flows (see page 17).
Senate Commerce Chairman Rockefeller is looking to reintroduce his data breach bill while House Subcommittee Chairman Lee Terry is planning a hearing on data breaches in early February and intends to introduce a bill soon. Security breach legislation could well be one of only a few pieces of federal privacy and security legislation we see passed this year.