For more information on our efforts to create comprehensive federal privacy legislation, check out our Federal Privacy Legislation campaign.
Data security is one of the foundational Fair Information Practices which undergird privacy laws across the country, including existing federal health and financial privacy rules. Federal legislation must require entities that collect and use personal information to adopt reasonable policies, practices, and procedures to protect personal data. What is “reasonable” should be tailored to the activities of the company, the type and amount of data at issue, and the costs of implementing state of the art safeguards.
If you are reading this draft and want to talk to our Privacy & Data team for more info, please contact Michelle Richardson at [email protected].