Chamber’s Privacy Principles Feature Breach Notification, State Preemption

Privacy issues

The U.S. Chamber of Commerce on Thursday released its set of legislative recommendations for Congress to consider if and when it tackles data privacy issues, and placed maximum emphasis on the ideas that “sensitive personal information” of individuals deserve the highest level of protection, and that state data privacy statutes should be preempted by new Federal law.

At the top line of legislative concerns, the Chamber endorsed the idea of Federal data security and breach notification rules as part of a larger “national privacy framework” that should include “risk-based” provisions to protect personal sensitive data. It also declared that “keeping this information secure is a top industry priority.”

Within the area of data security and breach notification, however, the Chamber argued that “security is different for individual businesses and one-size-fits-all approaches are not effective; therefore, companies should have flexibility in determining reasonable security practices.”

Not surprisingly given the organization’s pro-business bent, the Chamber called for Federal law to preempt state data security and breach notification requirements, saying that preemption would give consumers “consistent protections” and would cut compliance costs for businesses.

Elsewhere on the Chamber’s data privacy policy legislative wish-list: privacy protections that are informed by the “purpose and context” of how data is used and shared; transparency by businesses about how they will collect, use, and share consumer data; “industry neutrality” which would treat industries equally under Federal law; flexibility to adapt to new technologies; Federal enforcement actions that apply only when there is “concrete harm” to individuals; and reliance on “compliance systems” rather than “an adversarial enforcement system.”

Recent