Privacy & Information Security Law Blog

On June 29, 2011, the Senate Committee on Commerce, Science and Transportation convened a hearing entitled “Privacy and Data Security: Protecting Consumers in the Online World.”  In opening remarks, Committee Chair Senator Jay Rockefeller (D-WV) highlighted that the hearing would consider both privacy and data security and discussed three bills focused on these issues.  First, Senator Rockefeller noted S. 917, the Do-Not-Track Online Act of 2011, a bill he introduced that would allow consumers to tell online companies that they do not want their personal information collected and require companies to honor those requests.  Second, the Senator referenced S. 799, the Commercial Privacy Bill of Rights Act of 2011, legislation introduced by Senators John Kerry (D-MA) and John McCain (R-AZ) that would comprehensively address privacy protection.  Finally, Senator Rockefeller spoke about S. 1207, the Data Security and Breach Notification Act of 2011, which he and Senator Mark Pryor (D-AR) reintroduced.  That bill would impose an obligation on companies to adopt basic security measures to protect sensitive consumer data and require companies to notify affected consumers in the event of a breach.  Senator Rockefeller emphasized several times his committee’s jurisdiction over privacy and data security issues.

Senator Pat Toomey (R-PA) drew a distinction between privacy and data security.  He encouraged the committee to “seriously consider” enacting a national standard on data security, but questioned whether there is a clear need for legislation on broader privacy issues.  Senator Toomey noted that U.S. e-commerce innovation outstrips that of Europe because of its minimal regulation of the Internet.  He questioned whether any real harm has occurred as result of data collection and use, and stated his desire for a cost-benefit analysis of any proposed regulations.

Because a series of floor votes was scheduled for late morning, the hearing was brief.  Commissioner Julie Brill of the Federal Trade Commission, Cameron Kerry, General Counsel for the Department of Commerce, and Austin Schlick, General Counsel of the Federal Communications Commission, delivered testimony and briefly answered questions.  In response to a question from Senator Kerry regarding the FTC’s authority to protect consumers, Commissioner Brill discussed the difference between FTC enforcement against actions that are “deceptive” and those that could be deemed “unfair,” which are more difficult to establish.  She also indicated that the FTC would favor a self-regulatory do-not track mechanism, but that it might not be entirely effective because of the way the industry is structured.

There was sufficient time for business representatives to make brief opening statements, but due to time constraints the committee planned to submit questions to the representatives for their written response.