Affiliations
Blog‎ > ‎

What Are the Privacy Expectations under the Obama Administration and the New Congress?

posted Sep 24, 2010 11:10 PM by Eddie Cox   [ updated Oct 31, 2010 12:22 PM by Michael Cox ]
Obama’s advisors include notable privacy advocates.  The following was taken from Obama’s published campaign plan.

"Safeguard our Right to Privacy: The open information platforms of the 21st century can also tempt institutions to violate the privacy of citizens.  Dramatic increases in computing power, decreases in storage costs and huge flows of information that characterize the digital age bring enormous benefits, but also create risk of abuse.  We need sensible safeguards that protect privacy in this dynamic new world.  As president, Barack Obama will strengthen privacy protections for the digital age and will harness the power of technology to hold government and business accountable for violations of personal privacy.”

More specific positions include:

  • "Obama will also work to provide robust protection against misuses of particularly sensitive kinds of information, such as e-health records and location data that do not fit comfortably within sector-specific privacy laws."
  • "Obama will increase the Federal Trade Commission’s enforcement budget and will step up international cooperation to track down cyber-criminals so that U.S. law enforcement can better prevent and punish spam, spyware, telemarketing and phishing intrusions into the privacy of American homes and computers."

 

Here is some of what we can likely expect from the Obama administration, the new congress, and state legislatures going forward:

  • Substantial increases in the FTC’s budget, jurisdiction, and enforcement powers, including increased civil penalties
  • FTC’s final behavioral advertising principles (due out by the end of 2008) will likely be the basis for new enforcement actions
  • Department of Health and Human Services (DHHS) will likely commence sanctions of HIPAA violations
  • e-health records will likely be included in health care reform legislation
  • Red- Flag enforcement actions after May 2009
  • No federal privacy breach notification law that would pre-empt and dilute the stronger 45 state privacy breach disclosure laws
  • More state privacy laws with prescriptive data security standards, such as the Massachusetts and Nevada (see next blog entry)
  • More enforcement at the state levels to protect their residents (regardless of the organization’s location)    
While the economy certainly adversely affects organizational budgets, the recent failures in financial markets will bring about more regulatory oversight and enforcement actions across the board.  With the average privacy breach costing millions (see my “Value Proposition” web-page), organizations must invest wisely to mitigate such an impact to their bottom-line. 
 
Michael Cox, CIPP
President, SoCal Privacy Consultants 

Sign in|Report Abuse|Print Page|Remove Access|Powered By Google Sites