Patient Privacy News

Senate GOP Bill Proposes Federal Privacy Standard Bill, Preempts States

After bipartisan talks fell through on a federal national privacy law, Sen. Jerry Moran released his take on national privacy standard bill that would preempt state laws.

Federal privacy legislation consumer protection patient privacy right of access explicit consent

By Jessica Davis

- Sen. Jerry Moran, R-Kansas, released his spin on federal privacy legislation on March 12 that would establish a national privacy standard and preempt state privacy laws, after bipartisan talks came to a stalemate last week.

Moran’s Consumer Data Privacy and Security Act is designed to strengthen personal data laws and create clear regulations for businesses that collect, use, and process individuals’ identifiable data. It joins a host of other proposed takes from Sens. Ron Wyden, D-Oregon, Bill Cassidy, R-Louisiana, and Jacky Rosen, D-Nevada, Kristen Gillibrand, D-New York, and Edward Markey, D-Massachusetts, among others.

For the past year, Congress has been steadily working and debating toward finding a bipartisan agreement, which both parties acknowledge is the only way to establish a federal privacy standard.

However, Republicans are pushing for a broad preemption of state laws, opposed by Democrats, while Democrats are seeking a private right of action, opposed by Republicans.

“It is clear that Congress needs to act to provide consumers and companies with a clear federal standard that lays out robust protections for consumers’ personal data,” Moran said in a statement. “Americans need to be able to count on strong baseline responsibilities that businesses must uphold when collecting, processing and protecting their personally identifiable information.”

“While our economy has benefited from the use of data, these advancements should not be traded for an individual’s right to have control over their personal information,” he added.

The bill comes in a response to a number of reports of third-party companies using consumer data without consent and some massive data breaches. To Moran, “without action from Congress, consumers will continue to be vulnerable to future threats against their personal data, and innovators and job creators will be plagued with regulatory uncertainty resulting from a growing patchwork of state laws.”

Moran’s proposal would supersede state laws with a national privacy standard, while giving consumers more control over their personal data – including the ability to access, correct, and erase their personal information.

Further, organizations that collect and process a significant amount of data would be required to bolster their security to ensure the protect of personal information.

The bill also prohibits businesses from collecting data without explicit consent from consumers. The bill also gives limited and specific exceptions, such as an individual explicitly consenting for a specific purpose, or the business is processing data in accordance with permissible purpose.

Organizations would need to provide consumers with how the data would be disclosed and the purposes for which the outside party would collect or process the personal data. If passed, companies would be required to develop and implement robust data security programs to protect data from unauthorized access and disclosure.

Lastly, the bill gives the Federal Trade Commission and state attorneys general the authority to enforce federal consumer privacy protections and gives the FTC the resources to carry out these functions.

The FTC provision has received bipartisan support in the past. In December, Sen. Maria Cantwell, D-Washington and several other leading democrats proposed a privacy bill that would establish an FTC enforcement bureau, while giving individuals similar protections to the EU General Data Protection Regulation (GDPR).

While conversations may be in a holding pattern, several industry stakeholders have told HealthITSecurity.com progress on a national privacy bill will likely occur during the lame duck session later in the year.