On February 27, President Barack Obama, following up on his public announcement that consumer privacy would be on his 2015 agenda, released the discussion draft of the consumer Privacy Bill of Rights Act .

The long-awaited bill requires companies to abide by Fair Information Practice Principles (FIPPs), which include:

Transparency with consumers about data collection activities through notices of privacy practices

  • Consumer control over the processing of their personal data
  • Processing personal data in a reasonable manner in light of the context in which it is being collected
  • Focused collection and responsible use of consumer data
  • Security safeguards for consumer data
  • Allowing consumers to have access to their data and to correct inaccurate data
  • Accountability for protection of consumer data

The bill acknowledges the continued expansion of the Federal Trade Commission and state Attorneys General over enforcement of privacy violations. The bill provides for civil penalties calculated by the number of days that the business violates the Act by an amount not to exceed $35,000 with a cap of $25,000,000—yes that’s million, but does not provide a private right of action.

Finally, the bill provides a safe harbor for businesses if they obtain FTC approval of its enforceable code of conduct, which must be renewed every 3 years.