Consumer Privacy Bill Of Rights

In late February 2012, the Obama administration revealed a new Consumer Privacy Bill of Rights regarding personal data and will work with Congress to get it into law.  It would be enforced by the Federal Trade Commission. The key components are: consumer control over data that is collected and how it is used, company transparency of their privacy and security practices, consumer access to their data, limit the data collected, and companies adhere to the “bill of rights”.

1. Individual Control: Consumers have a right to exercise control over what data companies collect from them and how they use it. Companies should offer consumers clear and simple choices, presented at times and in ways that enable consumers to make meaningful decisions about personal data collection, use, and disclosure.

2. Transparency: Consumers have a right to easily understandable and accessible information about privacy and security practices. Companies should provide clear descriptions of what personal data they collect, why they need the data, how they will use it, when they will delete the data or de-identify it from consumers, and whether and for what purposes they may share personal data with third parties.

3. Respect for Context: Consumers have a right to expect that companies will collect, use, and disclose personal data in ways that are consistent with the context in which consumers provide the data. Companies should limit their use and disclosure of personal data to those purposes that are consistent with both the relationship that they have with consumers and the context in which consumers originally disclosed the data, unless required by law to do otherwise.

4. Security: Consumers have a right to secure and responsible handling of personal data. Companies should assess the privacy and security risks associated with their personal data practices and maintain reasonable safeguards to control risks such as loss; unauthorized access, use, destruction, or modification; and improper disclosure.

5. Access and Accuracy: Consumers have a right to access and correct personal data in usable formats, in a manner that is appropriate to the sensitivity of the data and the risk of adverse consequences to consumers, if the data is inaccurate. Companies should use reasonable measures to ensure they maintain accurate personal data and the means for consumers to correct inaccurate data or request its deletion or use limitation.

6. Focused Collection: Consumers have a right to reasonable limits on the personal data that companies collect and retain. Companies should collect only as much personal data as they need to accomplish purposes specified under the Respect for Context principle. Companies should securely dispose of or de-identify personal data once they no longer need it, unless they are under a legal obligation to do otherwise.

7. Accountability: Consumers have a right to have personal data handled by companies with appropriate measures in place to assure they adhere to the Consumer Privacy Bill of Rights. Companies should be accountable to enforcement authorities and consumers for adhering to these principles. Companies that disclose personal data to third parties should at a minimum ensure that the recipients are under enforceable contractual obligations to adhere to these principles, unless they are required by law to do otherwise.

Credit Expert Witness, John Ulzheimer, is the President of Consumer Education at SmartCredit.com, the credit blogger for Mint.com, and a Contributor for the National Foundation for Credit Counseling.  He is an expert on credit reporting, credit scoring and identity theft. Formerly of FICO, Equifax and Credit.com, John is the only recognized credit expert who actually comes from the credit industry.  Follow him on Twitter here.

Categorised in: Civil Penalty, Credit Monitoring, Credit Report, Financial, Identity Theft, Money & Identity

This post was written by John Ulzheimer