Rep. Rush unveils privacy bill

Rep. Bobby Rush (D-Ill.) will unveil a consumer privacy bill on Monday that would force companies to obtain customers’ consent before sharing their personal information with third parties.

The Best Practices Act of 2010 would apply to both online and offline companies that collect personally identifiable data from customers such as their names, addresses, and credit card and social security numbers. The bill would require companies to notify users on how their information is used, how it is shared internally and every time their data is disclosed to a third party.

Companies that have already collected personal information would only be allowed to keep the data on hand as long as it either serves a legitimate-business or law-enforcement need. The bill would also introduce incentives for firms to properly scrub data to ensure users can’t be identified after the fact.

The legislation empowers the Federal Trade Commission to regulate how companies comply with the law and to assess fines in the event of a data breach. State attorney generals may also bring action against companies that violate customers’ privacy rights with a maximum penalty of $5 million. Companies outside the FTC’s traditional jurisdiction — including financial services firms, non-profits and agricultural businesses — are exempted.

An aide said Rush’s office has been in close contact with Rep. Rick Boucher (D-Va.), who is also working to craft comprehensive privacy legislation. Boucher’s draft proposal — released in June — required companies to get permission from users every time they wish to use their information in any way, such as targeted Web advertisements. Rush’s bill would require that customers “opt in” before companies are allowed to share that information.

Rush’s bill also includes a safe harbor program at the FTC for companies that wish to self-regulate. By voluntarily pledging to follow the new privacy policy, companies would no longer need to obtain user consent to share information. The aide said such programs already exist in the private sector “but we feel that safe harbor program that FTC would design would have to be robust.”