Privacy: It’s time for Congress to do right by consumers

What should a new consumer privacy framework look like? Legislation must be simple to understand, targeted to consumers’ needs and today's digital reality, and national in scope so all Americans are equally protected. Verizon believes a consumer privacy bill should be bipartisan and focus on the following key principles:

1. Consistency. All entities, regardless of industry sector, that collect information about consumers should be subject to the same requirements. One set of rules, primarily enforced by a single Federal regulator – the Federal Trade Commission – will ensure consistent protections for consumers.
2. Flexibility. Statutory requirements governing ever-evolving technology need to be flexible so that they don’t become quickly outdated. The overall framework should be informed by the principle that the level of sensitivity of the personal information will dictate the corresponding protections. The FTC could have a role in providing guidance on statutory requirements, such as defining “personal information” and “sensitive personal information.”
3. Transparency. Companies must provide clear and easy to understand information about their practices with respect to the collection, use, and sharing of personal information. As part of transparency, companies should have a mechanism that provides consumers with reasonable access to what information the company has about that consumer.
4. Choice. Companies must provide consumers with the opportunity to opt in to the collection, use, and sharing of sensitive personal information and to opt out of the collection, use, and sharing of other personal information. Exceptions should be in place for the collection, use, and sharing of personal information for operational and other purposes (e.g., legal process).
5. Data Security and Breach Notification. Companies must put in place reasonable security measures to protect information and should notify consumers in appropriate circumstances when breaches occur.
6. Safe Harbor Programs. There should be a Safe Harbor program that companies can follow and know that they are meeting the requirements of the law.
7. Enforcement. The enforcement regime for privacy should be two-fold: (a) FTC enforcement with civil penalties (subject to a cap); and (b) State attorneys general enforcement of Federal law.