The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls

Digital Guardian's Blog

First Federal Privacy Legislation of 2021 Introduced

by Chris Brook on Monday April 19, 2021

Contact Us
Free Demo

If it gains traction and passes, the bill would supersede most state privacy laws already on the books.

We've seen state bills promising to reign in consumer data privacy pile up over the past several years. Now a federal bill, the first of 2021 but surely not the last, is aiming to do the same.

U.S. Congresswoman Suzan DelBene, D-Wash, reintroduced the bill, the Information Transparency and Personal Data Control Act, last month. The bill is an updated version of one DelBene has introduced previously, once in the 115th Congress in 2019, and originally in the 114th Congress in 2018.

In the wake of similar bills - this one came just two weeks after Virginia became the second state to enact a comprehensive data privacy act – DelBene’s seems to reinforce the need for an overarching federal standard.

The aim of the Information Transparency and Personal Data Control Act (.PDF) is to keep personally identifiable information and information belonging to children under the age of 13 protected.

This bill would put the onus on the Federal Trade Commission (FTC) to fine offenders, and state attorneys to crack down further.

The FTC, under the bill, would be in charge of making requirements for entities that collect, transit, store, process, sell, share or use the sensitive personal information belonging to the public. Organizations would have to provide users with "affirmative, express, and opt-in consent" when it comes to collecting data, like a notice that informs them when their information is going to be either collected, sold, or shared.

The bill considers sensitive personal information as financial account information, health information, genetic data, Social Security numbers, government issued identifiers, usernames and passwords, and geolocation data. It also includes web browsing history, biometric information, sexual orientation, and religious beliefs.

To carry out the bill, the FTC would have to hire 50 new full-time employees to focus on privacy and data security, 15 of which would have to have technology experience; $35,000,000 would also need to be appropriated "for issues related to privacy and data security."

The bill's sponsor, DelBene, favors a federal law over a handful of state-specific ones, which explains partly why she introduced it.

“I understand why states are moving forward in the absence of the federal government moving, but I think it is much better to have a federal law versus a patchwork of laws from a consumer standpoint, but also from the standpoint of a small business,” DelBene told Bloomberg last month.

It of course is too early to say where DelBene's bill will go from here - the previous two iterations were introduced but didn’t gain much traction. Still, the U.S. Chamber of Commerce lauded DelBene's introduction of the bill, giving it some credence.

“It’s time for Congress to pass a national privacy law that gives every American the right to control their privacy, no matter where they live, with a clear set of rules for all businesses, no matter where they operate,” the U.S. Chamber said in an announcement, “The Information Transparency and Personal Data Control Act is a promising first step in bringing consumers, the private sector, and policymakers together to protect sensitive information from bad actors."

It would not be a surprise to see similar bills to DelBene's introduced in the months to come, especially with a rash of state-centric bills similar to Virginia's CDPA and California's CCPA, introduced every few weeks these days.

Tags: undefined

Recommended Resources

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.