Privacy Bill Introduced in House by Congressman Cliff Stearns

Congressman Cliff Stearns (R-6/FL), the Chairman of the House Energy and Commerce Committee’s Oversight and Investigations Subcommittee, introduced a comprehensive privacy bill on Wednesday.  H.R.1528, the “Consumer Privacy Protection Act of 2011,” is cosponsored by Congressman Jim Matheson (D-2/UT), also a member of the Energy and Commerce Committee.  The text of the bill is available here.

The Stearns bill was introduced just one day after a comprehensive privacy bill (S.799) was introduced in the Senate by Senators John Kerry (D-MA) and John McCain (R-AZ).  We also expect the Federal Trade Commission (FTC) and the Department of Commerce to issue their final reports on privacy issues in the coming weeks.  These issues are clearly gaining more traction and we need your input.

Following are the major provisions of the Stearns/Matheson bill:

  • Covers all collection of personally identifiable information both online and offline
  • Requires companies to notify consumers that their personally identifiable information may be used or transferred for purposes unrelated to a transaction; unlike the Kerry bill, which covers all information collection, the Stearns bill only covers personally identifiable information
  • Requires companies to provide privacy policy statements that are “brief, concise, clear and conspicuous and written in plain language” which are available to consumers prior to the collection of any personally identifiable information
  • Requires companies to provide consumers with ability to opt out of the sale or disclosure of their personally identifiable information to third parties; that opt-out would be effective for five years unless the consumer indicates otherwise; consumers cannot be contacted about their opt-out by the company involved until at least one year has elapsed
  • Provides a detailed process for the Federal Trade Commission (FTC) to approve self-regulatory programs for a period of five years; a company that participates in an approved self-regulatory program would not be liable for any civil penalties for violation of the Act unless the noncompliance was willful; requires the FTC to presume that a company is in compliance with the Act if it participates in an approved self-regulatory program
  • Specifically provides that there is no private right of action and preempts state laws; the Act could be enforced only by the FTC and unlike the Kerry bill, there is no enforcement by state attorneys general

Congressman Stearns has been very active on privacy issues over a period of years.  He worked closely with former Congressman Rick Boucher (D-VA) on these issues.  The addition of Congressman Matheson as a cosponsor is an indication that there is some bipartisan support for comprehensive privacy legislation.

Congresswoman Mary Bono Mack (R-45/CA), the Chair of the Commerce, Manufacturing and Trade Subcommittee of the House Energy and Commerce Committee, also has expressed an interest in these issues and privacy legislation is likely to be considered first in her subcommittee.

Most companies are already doing much of what the Stearns bill would require.  ANA has encouraged all of our members to adopt privacy policies that give consumers notice of their information collection practices and the ability to opt out of transferring any personally identifiable information to third parties.  While the scope and requirements of the Stearns bill are considerably narrower than the Kerry bill, we remain concerned that a case has not been made for how consumers in general have been harmed in the privacy area and why new legislation is necessary.

We would very much appreciate your input on the Stearns bill.  Please contact Dan Jaffe (djaffe@ana.net) or Keith Scarborough (kscarborough@ana.net) in ANA’s Washington, DC office at (202) 296-1883 with your comments.