Congress Continues to Explore Legislation on Data Privacy

The U.S. Senate Committee on Commerce, Science, and Transportation announced it will host a hearing on consumer privacy on February 27. The hearing will focus on the principles that should be included in any federal data privacy framework. More details on the hearing can be found here.

The hearing is further evidence of the push on Capitol Hill for federal privacy legislation. This push is coming from several sources. Lawmakers are reacting to their constituents’ concerns about the loss of personal information through data breaches and perceived misuse of data. The Government Accountability Office (GAO) recently published a report that found “comprehensive Internet privacy legislation . . . could enhance the federal government’s ability to protect consumer privacy.” In addition, several major industry groups are pushing for federal legislation in part to stave off state efforts, such as the California Consumer Privacy Act (CCPA). The hearing is particularly important because the committee exercises jurisdiction over the Federal Trade Commission – currently the primary enforcement agency in the U.S. for consumer privacy and information security.

There are several important issues to follow as federal privacy legislation is considered by Congress. These include:

• Would the law preempt state privacy and data breach laws?
• How would the legislation align with other privacy laws, both in the U.S. (e.g. the Health Insurance Portability and Accountability Act (HIPAA)) and elsewhere (e.g. the General Data Protection Regulation (GDPR))?
• Would there be a private cause of action?
• What type of information is subject to protection by law?
• What, if any, entities or actions are excluded from the legislation?
• Which federal agency or agencies are responsible for developing and implementing the necessary regulations and for enforcement?