Is a US National Privacy Law on the Horizon?Attorney Kirk Nahra on the Improving Prospects for Legislation
The prospects for passing a U.S. privacy law will improve under the Biden administration, predicts attorney Kirk Nahra, who monitors regulations.
"The fact that we have both a Biden administration and Democratic control of both houses of Congress makes it somewhat more likely there's a national privacy law sooner rather than later," he says in an interview with Information Security Media Group.
"But 'soon' isn't tomorrow. It's not that the first priority of the new administration and new Congress," he notes. "My prediction is that there is a reasonable likelihood of a national privacy law during the first term of the Biden administration, but that's four years long."
A national privacy law might be tied to changes to the 107-year-old Federal Trade Commission Act, Nahra says. "Right now, there's a much more expansive effort to pass a national privacy law - and the FTC and how [its enforcement] work is wrapped up in that debate," he says.
The FTC's enforcement of data security and privacy issues has based on the FTC Act, which was signed into law in 1914 by President Woodrow Wilson. The FTC Act "obviously had nothing to do with privacy or data security," he notes. Yet, the FTC has used this very general consumer protection framework to engage in some data security and privacy cases, Nahra notes (see: FTC Orders Health App Vendor to Revamp Privacy Practices).
"There's a limited number of steps they've taken to penalize companies [in data security and privacy cases] because they don't have a lot of specific authority under the FTC Act," Nahra says.
In this interview (see audio link below photo), Nahra also discusses:
- Other top privacy and cybersecurity issues facing the Biden administration and the new Congress;
- Why proposed changes to the HIPAA Privacy Rule that the Department of Health and Human Services' Office for Civil Rights announced in December - but as of Monday had still not yet been published in the Federal Register - might go nowhere under the Biden administration;
- The potential impact of the new HIPAA Safe Harbor legislation signed into law by President Trump;
- Potential state privacy law developments to watch in 2021.
Nahra is a partner with WilmerHale in Washington, where he co-chairs the global cybersecurity and privacy practice. He analyzes the requirements of privacy and security laws across the country and internationally, providing advice on data breach issues, enforcement actions, big data issues, contract negotiations, business strategy and overall privacy, data security and cybersecurity compliance.