Bill Giving Consumers Right To Stop Online Companies From Collecting Data To Be Reintroduced, Blumenthal Says
Sen. Richard Blumenthal, D-Conn., will reintroduce do-not-track legislation that would give American consumers the power to tell companies, including data brokers, that they don't want their information collected. He announced it during a Senate Privacy Subcommittee hearing on whether information held by data brokers is secure.
Sign up for a free preview to unlock the rest of this article
Communications Daily is required reading for senior executives at top telecom corporations, law firms, lobbying organizations, associations and government agencies (including the FCC). Join them today!
The bill is essentially the same one that he and then-Sen. Jay Rockefeller, D-W.Va., introduced in 2013. "It would provide real rights and the means to enforce them against the abuses and overreach and intrusive practices that have become all too common and endemic to much of this industry," Blumenthal said. "The bill would provide very limited exceptions but would prohibit online providers from collecting personal information from individuals who indicate such a preference."
Pam Dixon, executive director of the World Privacy Forum, testified that she would still need to read the bill but would largely support it. She added that the roughly 4,000 U.S. data brokers pretty much go unregulated and don't self-regulate. She did give good marks to Acxiom, whose Chief Security Officer Frank Caserta was also a witness. "Obviously, if we're going to be given the right to opt out, that's a very important step," she said. "Giving consumers clear rights, we don't have that right now."
Dixon said some minimum national security standards are needed to help consumers protect their information. She said privacy protections are largely sectoral, meaning different laws govern the financial, healthcare, educational and government industries, but there is no overarching legislation. Europe, she said, has more of an overarching data protection law.
Asked about the minimum national standards, Caserta said after the hearing that Acxiom is "trying to apply those standards to ourselves. I don't come here today to speak for the whole industry and say this is what the industry needs to do, but we think enough of the process to apply these minimum standards to the business we do."
Subcommittee Chairman Jeff Flake, R-Ariz., asked whether corporate culture is to blame for some of the major breaches. He cited the recent Experian breach that exposed information about 15 million T-Mobile customers (see 1510020051), saying that ex-Experian sources said that leadership was essentially lax in its duty to oversee data security. Dixon said she can't speak to the internal culture of corporations, but that Experian has had other "disturbing" data breaches.
Fidelis CyberSecurity CSO Justin Harvey said many cybersecurity laws were written five to 15 years ago when there wasn't any state-sponsored cyberespionage. He said that even mandatory encryption is no silver bullet and there simply are not enough trained cybersecurity professionals in the market.