The Drumbeat for a Federal Privacy Law Grows

Government contractors focused on DoD’s acquisition efforts and other businesses should keep an eye on the smoke signals in Washington rising on privacy.  From GDPR in Europe, to the draft new NIST Privacy Framework, to NTIA’s request for comments on privacy, the legal landscape on this new regulatory area is fast evolving.

The most recent development is GAO’s 56-page report, released on February 13, 2019, followed by GAO’s testimony to the Senate Subcommittee on Investigations of the Committee on Homeland Security. Important Congressional hearings exploring these critical issues are just around the corner.

A little background: 

In April 2018, Facebook’s Cambridge Analytica scandal about the misuse of 87 million user records triggered a broad GAO investigation on the Federal oversight of internet privacy. That investigation evaluated all Federal statutory and regulatory authorities and enforcement actions and included interviews with industry, consumer advocacy groups, academia and staff from the FTC and the FCC.    

The result, reflected in the final report and testimony are GAO’s recommendations for a comprehensive Federal privacy statute with broad consumer protection, broad rulemaking and civil penalty authorities. While the FTC is the favored regulator for this authority, there was some consideration of a new independent regulatory agency for privacy.  

Congressional hearings have already commenced on this report and it has added momentum to other privacy bills which have been submitted from both sides of the aisle in both the House and the Senate. Privacy could be a rare issue that both houses and even both parties could coalesce around. As a result, we can expect major developments and breaking news on this important data protection and privacy front.

Steve Britt is a Partner at Berenzweig Leonard and leads the firm’s Cybersecurity Law practice. Steve can be reached at sbritt@berenzweiglaw.com.