Transcript belair_3

Harvard Symposium
Privacy and the 110th and 111th Congresses
August 21, 2008
Congressional Privacy Policy Panel
Robert R. Belair
Oldaker, Biden & Belair
Privacy Consulting Group
Washington, DC
[email protected]
(202) 496-3445
Privacy and the 110th Congress
• What privacy related legislation passed?
– July 2007: Improving America’s Security Act (comparing
biometric data from flight manifests with various watch
lists)
– January 2008: The National Instant Criminal Background
Check System (NICS) Improvement Act
– January 2008: Court Security Improvement Act (restricts
public access to personal information about judges,
prosecutors, witnesses, etc.)
Privacy and the 110th Congress
• What privacy related legislation passed?
– May 2008: The Genetic Information Nondiscrimination
Act of 2008
– June 2008: The Kendall Frederick Citizenship Assistance
Act (privacy and security safeguards for electronic
transmission of biometric information of soldiers seeking
citizenship)
– July 2008: Foreign Intelligence Surveillance Amendments
Act of 2008
Privacy and the 110th Congress
• What legislation did not pass but received
serious consideration?
–
–
–
–
–
Numerous financial privacy bills
Data breach bills
Data broker bills
ID theft bills
Numerous background check bills, including
National Child Protection Act reform
Privacy and the 110th Congress
• What legislation did not pass but received
serious consideration?
– Passport, VISA and other border and immigration
related legislation with privacy, data and
surveillance implications
– Spyware legislation
– Numerous health IT and electronic health record
bills with privacy provisions and implications
Privacy and the 110th Congress
• What legislation did not pass but received
serious consideration?
– Numerous employment privacy bills including everify enhancement legislation
– Federal agency acquisition of personal data
products from data brokers
– Federal agency privacy impact assessments; data
breach and security requirements
– Federal agency data mining
Privacy and the 110th Congress
• What types of privacy legislation did not
receive serious consideration?
– Insurance privacy legislation
– Employment privacy legislation
– Omnibus privacy legislation
Privacy and the 110th Congress
• What types of privacy legislation did not
receive serious consideration?
– Public records privacy legislation
– Online privacy legislation including behavioral
profiling and social networking legislation
– Offshoring privacy legislation
Privacy and the 110th Congress
• What types of privacy legislation did not
receive serious consideration?
– Customer proprietary network information
(CPNI) legislation
– ID authentication legislation (REAL ID reform;
TWIC reform; Hazmat; CFATS; national ID
system)
– Tracking legislation (GPS and auto black boxes)
Privacy and the 110th Congress
• What are the obstacles to enactment of
privacy legislation?
– Weak and unreliable political support
– Relatively stronger political opposition
– Jurisdictional complications
Privacy and the 110th Congress
• What are the obstacles to enactment of
privacy legislation?
– Relatively attractive alternatives
•
•
•
•
State legislation
State and federal regulatory action
Litigation
External pressure – advocacy groups, media,
international pressure
• Self-regulatory codes
Privacy and the 111th Congress
• Political environment
– Democrats expecting to pick up 10 to15 House
seats, 3 to 6 Senate seats
– Presidential race remains a toss-up
– With larger Democratic majorities and pent-up
demand for privacy legislation, there is an
expectation for heightened activity
– But, all of the obstacles to enactment of privacy
legislation will remain in place
Privacy and the 111th Congress
• Privacy topics likely to attract legislative
activity
– Health care reform legislation will require privacy
action on electronic health records and, perhaps,
HIPAA reform
– Immigration reform will raise significant ID
authentication and related privacy issues
Privacy and the 111th Congress
• Privacy topics likely to attract legislative
activity
– Numerous types of financial privacy issues will
be likely to receive legislative attention
– The use and availability of intelligence and
surveillance type reports will be likely to receive
legislative attention
Privacy and the 111th Congress
• Privacy topics likely to attract legislative
activity
– The role of the Federal Trade Commission as a
privacy regulatory agency
– Online privacy, behavioral profiling and social
networking
– The “unregulated” buckets of data
– Public record data
– Personal tracking data; video surveillance; GPS;
and black boxes
CONCLUSION
• Privacy likely to remain a second tier public
policy issue
– Thus, congressional action usually requires an
“action-forcing event” – comprehensive reform
initiative in which privacy is embedded (such as
health care reform) or some type of
threatening/over-reacting initiative, such as DHS
surveillance programs