Privacy & Information Security Law Blog

On January 28, 2011, the Centre for Information Policy Leadership at Hunton & Williams LLP filed comments with the United States Department of Commerce in which the Centre stressed privacy governance based on data stewardship by accountable organizations.  The Centre was one of a number of organizations that submitted comments in response to the Department of Commerce’s privacy paper, “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework,” which was released in December 2010.  The theme of today’s comments is similar to that which the Centre suggested earlier this month in its comments responding to the European Commission’s consultation paper.

Addressing the Department of Commerce’s policy framework, the Centre outlined the following recommendations:

1. The Policy Framework should rely less upon the individual’s control over the collection and use of data and more upon data stewardship and organizational accountability.
2. The Department should look to Fair Information Practice Principles as articulated in the Organization for Economic Cooperation and Development (“OECD”) guidelines as the foundation for privacy guidance.
3. Principles of fair information practices should be applied within a contextual framework, and not in a rigid or fixed way.
4. The Centre encourages organizations’ use of privacy impact assessments as a tool to assess and manage risks data use may pose to individuals; however, such assessments are not the appropriate tool to serve the transparency function suggested in the Department’s framework.
5. The Centre encourages the establishment of a Privacy Policy Office, but cautions that its charter should be clear and appropriate.  The development of voluntary codes of industry conduct is best carried out by the affected organizations in a non-government environment that encourages candid and open negotiation.
6. The privacy office should take a lead role in discussions with international organizations, and the Federal Trade Commission should continue to represent the United States in forums concerned with privacy enforcement.

The Centre’s comments also include an appendix with a short discussion paper on updating the OECD Privacy Guidelines.  The paper is intended to create a starting point for a debate on fine-tuning the thirty year-old guidance to better serve the emerging environment for data.  The Centre will file comments on the Federal Trade Commission's framework on or before the extended deadline of February 18, 2011.

The views expressed in the Centre’s comments are solely those of the Centre, and do not necessarily reflect the opinions of Centre member companies, Hunton & Williams LLP or its clients.