IT | Security

The Commercial Privacy Bill of Rights Act of 2011 - In Detail

By: Absolute Team | 4/21/2011

Following the very public data breach by Epsilon, which affected millions of people from 57 corporations, Senators John Kerry and John McCain have introduced a new Commercial Privacy Bill - The Commercial Privacy Bill of Rights Act of 2011. Though we posted about the draft of this bill, you'll want to know a bit about how it impacts you as a business.

The bill lays out stronger boundaries on the management of personal information, particularly as it is shared with third parties. In addition, the bill would require more stringent standards on what data is kept, for how long, and how it can be changed. The bill would require companies, and their contractors, to have much more stringent security policies and technologies in place.

Some of the aspects of this bill include:

  • Collectors of information must implement security measures to protect the information they collect and maintain
  • The right to notice, consent, access, and correction of information
  • The right to data minimization, constraints on distribution, and data integrity
  • Collectors must bind third parties by contract to uphold data standards
  • To be enforced by the State Attorneys General and the FTC