Senator John Kerry (D-Mass.), Chairman of the Commerce Subcommittee on Communications, Technology and the Internet, today made the case for a Commercial Privacy Bill of Rights at a hearing of the Senate Commerce Committee addressing "Privacy and Data Security: Protecting Consumers in the Modern World."
"Consumers have the right to know that their information is being collected and used by companies in a safe and legitimate way. In order to ensure that individuals are protected in the event of a data security breach, commonsense commercial privacy laws are needed to impose accountability and security requirements on the companies involved," said Senator Kerry.
Senator Kerry's full statement, as prepared for delivery, is below:
Mr. Chairman, thank you for holding this hearing. As you know, the cost of collecting, storing, and distributing information is now so low -- and the value of that information in the market so valuable -- that a digital profile or multiple digital profiles are compiled on almost all of us and sliced, diced, and traded daily.
What we are discussing today is (1) the ability people have to participate in how these profiles are constructed and what they contain and (2) the need to establish uniform standards for the security of the private networks that hold our information.
When I talk about privacy, I am talking about people's ability to exercise choice and control over how their information is collected, used, and distributed. Data security is a subset of that issue and about how companies secure the information they collect on people and what they need to do in the case of a security lapse.
Both are serious matters. When a company is hacked and the information of hundreds of thousands of their consumers is taken, the individuals whose information is revealed are exposed to the risk of the hackers who stole it using that information to harm them. The company that is hacked is also hurt by being exposed to reputational damage and harmed relations with its customers. Establishing uniform procedures for how to react in the case of a security lapse and establishing incentives for having strong security processes in the first place to avoid a hack is a necessary goal and well addressed in the data breach legislation Senators Pryor and Rockefeller have introduced.
But data security requirements alone do not give people the authority over how their information is collected or its use and distribution. Data security is just one piece of the privacy puzzle.
After working with Senator McCain for months on this issue, we introduced legislation earlier this year titled the Commercial Privacy Bill of Rights to deal with the challenge comprehensively. Imposing accountability and security requirements on the collectors of information is the first title in the legislation. And beyond accountability and security, our legislation would give people meaningful and specific explanations and control on how their information is being collected, used, and distributed as well as the power to opt out of those practices.
While by no means perfect, the Commercial Privacy Bill of Rights stands alone today as the only comprehensive, bipartisan proposal before the Senate. We have solid support from those in the center of the debate, including companies like Intel, Microsoft, eBay, and Hewlett Packard as well as consumer advocates like Consumers Union. Many others have supported the general structure of the proposal. And it is in the center of this debate that we will find the space to move forward workable, practical protections for consumers without hindering innovation.
Our expert agencies represented here today - the Federal Trade Commission, the Department of Commerce, and the Federal Communications Commission - have been doing what they can to protect Americans using the legal tools available to them and their ability to convene stakeholders and experts to help educate themselves and consumers on changing data collection practices in the modern world. And the companies and advocates here today for our second panel are also actively participating in the process of helping us get the policy and law in this space correct.
Mr. Chairman, I look forward to working with you and them to ensure that we have a complete picture of what is going on in the market today and how we can move strong, smart baseline commercial privacy protections into law.