The Information Technology Industry Council (ITI) today released its policy and legislative wish list for data privacy, joining a recent wave of tech trade groups including the Internet Association and BSA issuing similarly-themed statements as lawmakers filed data privacy bills this year.
Central to ITI’s proposals are different classifications of “personal data” and “sensitive personal data,” with the former being any data reasonably associated with a person, and the latter being data specific to ethnicity, political affiliation, religious and philosophical beliefs, trade union membership, genetic, biometric, and health data, sexual orientation, and precise geolocation data.
In the case of sensitive personal data, individuals should have the “right to expressly and affirmatively consent” to use of that data in most situations, and in the case of personal data, they should have the “right to exercise control” of that data including rights to access, correct, port, delete, consent, and object to use.
Individual should also receive disclosures about how their data is being collected and by whom, how it will be used and retained, and how third parties may gain access, ITI said.
Further, ITI said regulators should hold companies responsible for their data practices, and companies should be held liable for breaches of “national privacy law.” It also said companies handling data should be required to put in place “comprehensive security programs” that protect their operations and sensitive data that they control.
“Consumer trust is a key pillar of innovation, and our industry must do everything we can to deepen that trust and meet consumers’ expectations when it comes to protecting their privacy and personal data,” said Dean Garfield, ITI’s CEO, in a statement. “This framework moves us toward that goal by enhancing transparency, increasing individual control, establishing company accountability, promoting security, and fostering innovation. We expect this framework will continue to take shape as we work alongside lawmakers and consumers to develop meaningful privacy legislation in the United States and across the world.”
Data privacy legislation was introduced in the Senate this year by Sens. Amy Klobuchar, D-Minn., and John Kennedy, R-La., and in the House by Rep. Suzan DelBene, D-Wash.