The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

New Bill Would Create Federal Data Protection Agency

by Chris Brook on Thursday February 13, 2020

Contact Us
Free Demo
Chat

New legislation, introduced today, would give the agency authority to enforce data practices, launch investigations, and issue subpoenas.

Despite a marked increase in data protection legislation - the California Consumer Privacy Act, New York's SHIELD Act to name a few - there still is no single national authority when it comes to issuing and enforcing privacy regulations in the United States.

New legislation, introduced this week by former presidential hopeful Kirsten Gillibrand would change that.

A new Senate bill introduced by Gillibrand (D-NY) on Thursday would create a federal data protection agency designed to protect Americans' privacy and enforce data privacy rights federally.

In a Medium blog post on Wednesday, Gillibrand positioned her legislation as a way to put individuals in better control of their own data.

"Your data is extremely valuable to many companies with unknown motives, who are looking to exploit your data for profit. As a result, your very existence is being parsed, split, and sold to the highest bidder, and there is very little you — or anyone, including the federal government — can do about it," she wrote. “You have the right to know if companies are using your information for profit. You need a way to protect yourself, and you deserve a place that will look out for you.”

Under Gillibrand's legislation, a U.S. Data Protection Agency would have three missions:

1. Give Americans control and protection over their own data by enforcing data protection rules.

2. Work to maintain the most innovative, successful tech sector in the world and ensure fair competition within the digital marketplace.

3. Prepare the American government for the digital age.

The agency would also be in charge of investigating cases, issuing subpoenas and going after companies accused of violating online privacy.

Privacy advocates, like the Electronic Privacy Information Center, were quick to endorse the bill Thursday.

"The US confronts a privacy crisis. Our personal data is under assault. Congress must establish a data protection agency. Senator Gillibrand has put forward a bold, ambitious proposal to safeguard the privacy of Americans," Caitriona Fitzgerald, EPIC Policy Director said in response to the news.

The U.S. is one of several countries without a dedicated privacy watchdog. Currently, the Federal Trade Commission oversees privacy regulations in the U.S. for the most part. The FTC can take enforcement actions to protect consumers against what it deems unfair or deceptive trade practices, including data security practices. Privacy rights are also regulated in some states by their attorney generals - California's AG, Xavier Becerra, will be in charge of enforcing the CCPA later this summer for example.

Several data privacy bills have emerged over the past several years that would empower the FTC to better regulate U.S. companies' use of consumer data but none have really gotten off the ground. The goal of one of the more notable bills, Senator Ron Wyden's (D-OR) "Mind Your Own Business Act" is to allow the FTC to levy fines of up to four percent of annual revenues for first time violations. It would also create criminal penalties - like prison sentences, for executives who play fast and loose with consumers' data.

Experts have long viewed the FTC as hampered by Congress to truly handle privacy enforcement. The commission can really only impose its authority when an organization violates Section 5(a) of the FTC Act and is found engaging in "unfair or deceptive acts or practices."

Tags: Government, Data Protection

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.