Brace Your Company for an Onslaught of Government Action on Privacy and Data Security

If 2014 was the year of the data breach, then 2015 may well become known as the year the government fights back.  This year has already seen a flurry of federal action on data security and privacy issues.  The White House and Congress have both taken steps in 2015 to increase the federal government’s role in regulating the collection, use, and protection of personal information.  The White House is being particularly aggressive in pursuing privacy and cybersecurity issues, such as hosting its February 13, 2015 Summit on Cybersecurity and Consumer Protection.  In addition, the White House and Congress have both released a number of proposed plans to clampdown on privacy and data security, such as:

  • White House’s Consumer Privacy Bill of Rights Act is a broad privacy and data security proposal aimed at protecting personal information.  The White House’s twenty-four page proposal contains a sweeping definition of “personal data,” requires businesses to notify consumers about privacy and data security practices, and mandates that consumers be provided “reasonable means” to control the processing of their personal data, among many other obligations.  The proposal gives the Federal Trade Commission substantial enforcement authority (along with State Attorneys General), including the ability to levy fines of up to $25 million.
  • Data Breach Notification Laws would replace the system of 47 individual state notification laws with a nationwide standard in the event of a security breach.  To date, the White House has proposed the Personal Data Notification & Protection Act, while competing bills have also been introduced in the House (Data Accountability and Trust Act) and the Senate (Data Breach Notification Act of 2015).
  • White House’s Cybersecurity Information Sharing Proposal would allow businesses to share information with Homeland Security to protect against cybersecurity risks.  President Obama also signed an Executive Order on this subject.

None of these proposals has yet been enacted into law.  However, the legislative momentum and regulatory interest in this area is clear, so companies should keep close watch on this area in the coming year as they review their own data management processes and procedures.

Riddell Williams’ Privacy and Data Security Group is well-apprised of the latest developments in the area, and is happy to discuss any of these recent developments and other related issues with you. Please contact us at:

Gavin Skok, gskok@riddellwilliams.com, 206.389.1731
Jayson Sowers, jsowers@riddellwilliams.com, 206.389.1602
Shata Stucky, sstucky@riddellwilliams.com, 206.389.1786
James Wendell, jwendell@riddellwilliams.com, 206.389.1583

PDF of News Alert.