ACS Convention: Hillary Speaks!

Hillary Clinton kicked off the first day of the ACS Convention this morning with the opening address. It was billed as a major policy speech and she did not disappoint, proposing major legislation that would deal with personal privacy as it relates to how both businesses and the government handle personal data. Her proposal is timely of course, since as of late it seems we've heard of one major mishandling of consumer/patient/citizen data after another. What I found interesting was the breadth of her proposal. It would be considerably easier-and less ambitious-for her proposed legislation to address how the government secures private information, or providing some sort of remedy for consumers whose data is lost by or stolen from a business, or providing privacy protections for patients, or reigning in the government's intrusions into the privacy of its citizens as pertains to wiretapping and record keeping (such as the NSA domestic surveillance program.) However, her proposed legislation seeks to address all of these issues, creating what she termed a "privacy bill of rights", as encapsulated in the PROTECT, or Privacy Rights and Oversight for Electronic and Commercial Transactions Act (for which the tortoruous process of creating that acronym she described to the audience's amusement.) I won't detail the entire act here, but it's worth hitting a few highlights. First of all, the PROTECT Act would create new consumer privacy rights and remedies, allowing consumers to know when their credit records have been accessed, granting them a right to control personal consumption data about them (including data companies collect about personal transactions that consumers engage in) and creating a right to hold government and businesses to these standards with a tiered system of damages based on both the size of the business that mishandled the data and the egregiousness of the mishandling. Most importantly, the act would change the "opt-out" system that currently exists, by which consumers must affirmatively indicate to companies that control their data that such data not be shared with third parties. Instead, consumers would have to "opt-in", or indicate their willingness for that data to be shared; otherwise, companies would not be permitted to share or sell that data with third parties. In the second major plank of her approach, the act would create the position of a privacy "Czar" in the executive branch, who would oversee how the government handles the personal data of it's workers, members of the military, and citizens whose records it keeps. This Czar would be charged with providing that such data is secured, as well as providing a remedy to consumers whose personal data is compromised, and implementing changes in how data is handled when government ineptitude results in the loss of personal information. The act would also address the topic of health privacy, balancing the need to move to a largely paperless system of record keeping (badly needed, as anyone who has ever switched doctors can tell you) but making sure that such data is not vulnerable to theft, mishandling or sale to third parties. And lastly, the act would address privacy and national security. As pertains to at least the NSA domestic surveillance program, the role of the FISA court would be renewed, true Congressional oversight would be reinstated, and the act would facillitate effective and accurate surveillance and tracking of terrorist suspects through domestic surveillance, while utilizing "anonymization" to protect the personal data of those who may be subject to some sort of "data mining" program, but who are eventually cleared of any suspicion of involvement with terrorists groups.

All in all, the scope of her proposal is ambitious and exciting. Senator Clinton mentioned more than once the need to create a system of "checks and balances" in the realm of privacy protection; creating a system that is efficient (whether as pertains to consumer transactions or national security) but also protects personal data. She regaled the audience with stories of a half dozen or more thefts/losses/breeches of personal privacy data affecting 500,000 people in her state of New York in the last six months alone, making it clear that new privacy safeguards are long past due. It was a good speech and a bold proposal on an area badly in need of new legislation, and I for one hope that her proposal comes to something.