President Obama outlined last night new legislation on notifying consumers in the event of a data breach and protecting consumer privacy. Listrak’s chief privacy officer says the new rules should not mean major changes for marketers following good privacy practices today.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”

Last night President Barack Obama spoke these words during the State of the Union Address.  In the weeks leading up to the address, privacy was definitely in the spotlight.  While it wasn’t the focal point of the President’s address, it is very clear that more is to come regarding privacy legislation. Obama spoke to the FTC last week saying, “If we’re going to be connected, then we need to be protected.  As Americans, we shouldn’t have to forfeit our basic privacy when we go online to do our business.”

The president proposed the Personal Data Notification and Protection Act, which would require companies to notify customers within 30 days if their personal information has been compromised. The bill quickly earned approval from many business groups, who would prefer to comply with a single national notification standard rather than the current patchwork of state laws. Consumer support is also substantial, as they would know their credit card (and/or personal information) has been stolen before the bad actors are able to use it.

The new Student Digital Privacy Act was also outlined.  This bill would restrict the ability of companies to mine the data of children. The measure, which is modeled after California’s Student Online Personal Information Protection Act, would prevent companies from selling student data to third parties for non-educational purposes or from targeting advertising to students based on data collected in schools.

The President also renewed his push for a sweeping Consumer Privacy Bill of Rights. The White House first outlined the online privacy rights in 2012 and urged Congress to take up the issue (The Whitehouse Report). The FTC also issued recommendations on protecting consumer privacy at that time (The FTC Report). But there has been little movement on the Hill, and no legislation has been introduced. Next month, the White House plans to release legislative language to enact the principles into law.


“As Americans, we cherish our civil liberties — and we need to uphold that commitment if we want maximum cooperation from other countries and industry in our fight against terrorist networks. So while some have moved on from the debates over our surveillance programs, I haven’t. As promised, our intelligence agencies have worked hard, with the recommendations of privacy advocates, to increase transparency and build more safeguards against potential abuse. And next month, we’ll issue a report on how we’re keeping our promise to keep our country safe while strengthening privacy.”

As a privacy advocate and board member of the Online Trust Alliance, I had the honor of participating in a Senate hearing on Online Advertising and Hidden Hazards to Consumer Security and Data Privacy. Led by Senator John McCain, the U.S. Senate Permanent Subcommittee on Investigations issued a formal staff report reflecting interviews with dozens of advertising and industry experts (including me, as Listrak’s Chief Privacy Officer), reviewing data collection processes and security vulnerabilities that have inflicted significant costs on Internet users and American businesses. In addition to that, I’ve had the opportunity to participate in various one-on-one meetings and roundtable discussions with the House, Senate and Federal Trade Commission.

So, the question I am asked often, “What will the Privacy Bill of Rights mean for digital marketers?”

I feel we won’t have to make too many drastic changes in our data lifecycle practices. Considering that the measure is mainly to set out “basic baseline protections across industries” and will limit a company’s ability to collect data from consumers without their consent, there will not be much change needed. As responsible, permission-based marketers, this is something we’re doing already – and have been doing for years.


The bill also appears likely to include prohibitions against collecting data for one purpose and then using it for a different one. Again, no major changes here, as this is generally outlined in the privacy statements of marketers, and they are already held accountable to these data practices by the FTC.

I am eagerly awaiting the report from the White House and will continue to keep a close eye as this and other privacy and compliance matters evolve.

Listrak provides e-mail marketing services to 61 of the Internet Retailer Top 1000 web merchants.