The Department of Commerce’s National Telecommunications and Information Administration (NTIA) issued a Notice seeking comments on a proposed federal consumer data privacy approach. In a parallel effort, the Commerce Department’s National Institute of Standards and Technology is developing a voluntary privacy framework to help organizations manage risk.
The NTIA seeks comment on a number of possible principles:
• Organizations should be transparent about how they collect, use, share, and store users’ personal information.
• Users should be able to exercise control over the personal information they provide to organizations.
• The collection, use, storage and sharing of personal data should be reasonably minimized in a manner proportional to the scope of privacy risks.
• Organizations should employ security safeguards to protect the data that they collect, store, use, or share.
• Users should be able to reasonably access and correct personal data they have provided.
• Organizations should take steps to manage the risk of disclosure or harmful uses of personal data.
• Organizations should be accountable for the use of personal data that has been collected, maintained or used by its systems.
In addition, the NTIA seeks feedback on the following high-level goals for federal action which is “non-exhaustive and non-prioritized list of the Administrations’ priorities”:
• Harmonize the regulatory landscape
• Provide legal clarity while maintaining the flexibility to innovate
• Comprehensive application
• Employ a risk and outcome-based approach
• Maintain and enhance Interoperability
• Provide incentives for privacy research
• FTC enforcement
Finally, the NTIA Notice seeks feedback on a range of high level issues, including whether there are additional goal or risks that the agency failed to identify, the appropriate mechanisms deploying the articulated goals, such as via Executive Order or some other manner, and whether given that the FTC is the primary privacy enforcement agency, whether it has the appropriate statutory authority.
Comments on the NTIA Notice are due October 26, 2018.