Data Risk Intelligence
Automated Data Mapping
Do Not Sell/Do Not Share
Cookie Banner Solutions
Consent & Preferences
Data Rights RequestsIntel Releases Draft Federal Privacy Bill for Discussion
Intel, one of the world’s largest semiconductor chip makers, has released its own model legislation to spur further discussion on data. It joins several other technology companies and business organizations that have released draft laws or principles to build a federal privacy law around in the United States.
The law requires a comprehensive privacy and data security program that builds upon eight principles:
1. Collection Limitation
2. Data Quality
3. Purpose Specification
4. Use Limitation
5. Security Safeguards
6. Openness
7. Individual Participation
8. Accountability
Other significant sections of the law provide for:
Third-Party Vendor Management: Organizations that hire a third-party to process personal data must conduct due diligence, take reasonable steps to maintain appropriate controls for privacy and security, require the third-party by contract to implement and maintain appropriate measures as part of its comprehensive privacy and security program, and at least annually determine whether the third-party is in compliance with the federal privacy law.
Rulemaking & Enforcement: The proposal would give FTC rulemaking authority and the authority to bring a civil action with penalties of up to $16,500 per individual, with a total of not more than $1 billion arising out of the same acts or omissions. It would also give the state Attorneys General the ability to enforce the law.
Safe harbor: Intel proposes a safe harbor from civil penalties if a corporate officer certifies annually to the FTC that it has reviewed compliance with the privacy law and the review did not reveal any material non-compliance that has not been mitigated. The safe harbor does not exempt a covered entity from equitable remedies and is not valid for repeat offenders. If a corporate officer completed a certification knowing that the statements were not true would be subject to a criminal action with fines of up to $1 million and prison of not more than 10 years.
Preemption: The bill would preempt any state law that is primarily focused on the reduction of privacy risk through the regulation of personal data collection and processing activities, without limiting the enforcement of any state consumer protection law.
Other Blog Posts on Proposed Federal Privacy Law Changes:
NIST Voluntary Privacy Framework
NTIA Global Privacy Priorities
Media Reports White House Considering Privacy Law Changes
Business Roundtable Privacy Framework
ITI FAIR Privacy Framework
US Chamber of Commerce Privacy Principles
Contact Clarip for Help with Your Privacy Program
The Clarip privacy software and team are available to help improve privacy practices at your organization. Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo or speak to a member of the Clarip team.
If you are working towards GDPR compliance, we can help through our modular GDPR software. Whether you are starting the process with GDPR data mapping automation, need privacy impact assessment software, or looking to meet ePrivacy requirements with cookie management software, Clarip can help strengthen your privacy program.
If CCPA compliance in 2020 is on your radar, ask us about our California Consumer Privacy Act software. Improve efficiency of responses to data subject access requests with our DSAR software, or provide the right to opt out of the sale of personal information with our consent management platform.
Click here to contact us (return messages within 24 hours) or call 1-888-252-5653 to schedule a demo and speak to a member of the Clarip team.
