As we prepare to welcome both the 44th President and a revamped Congress to Washington, it is time to consider what privacy under the new administration will look like. Barack Obama polled strongly on the campaign trail as the candidate most likely to advance individual privacy rights, but are the pollsters a good indicator what privacy will look like under the new administration?    Here are some of our thoughts about what we may see in the next four years.

 

National Privacy Law: Major players in the online marketing sphere, such as Microsoft and Google, already have expressed support for a generally-applicable privacy law to preempt a growing number of state laws that impose varying requirements on the collection, use, storage and disclosure of personal information. Whether a federal law emerges governing the collection and use of personal data, including for marketing purposes, is the looming question in the new administration.

Behavioral Advertising: Behavioral advertising — the practice of tracking of an Internet user’s activities online in order to deliver advertising targeted to an individual consumer’s interests — which Congress examined extensively over the summer — should continue to generate interest under an Obama administration. Indeed, the Federal Trade Commission (“FTC”) is expected to announce its final guidance concerning the self-regulation of behavioral advertising even before President-elect Obama takes office in January. We are also likely to see behavioral advertising legislative proposals at the state level, with efforts gaining traction in states like New York, where both Houses are now controlled by the Democrats.

Electronic Health Records: A key component of President-elect Obama’s health care plan is the migration of health care records from paper to more universally accessible forms of electronic media. The incoming president believes strongly that the use of technology will help lower the cost of health care. But as many commentators have suggested, greater accessibility carries greater risk, and the shift toward computerized health records is one area in which President-elect Obama’s aggressive technology and innovation policies may outgrow existing consumer protection safeguards. President-elect Obama’s commitment to providing robust protections against the misuse of this kind of sensitive information likely will require the development of additional, and more broadly-applicable, regulations to shore up existing safeguards provided under the Health Insurance Portability and Accountability Act (“HIPAA”) and other existing legal regimes.

Data Breach Notification:  Over the past few years, states have been very active passing legislation that requires businesses that retain information about state residents to notify such residents when that information is compromised. Efforts to pass a preemptive national law have stalled largely because of the greater discretion proposed for business regarding the need to notify. That issue will likely continue to impede consensus on a national law, and the state framework is likely to be with us for a while.

Legislative activity at the state level concerning the protection of personal information, however, is likely to continue as lawmakers try to respond to several high profile information security breaches from previous years. Moreover, as we are seeing in Massachusetts and Connecticut where new data security laws have been passed, we may see a stronger push at the state level toward requiring affirmative steps to protect personal information, rather than just requiring businesses to respond to a breach incident.

More Robust Federal Trade Commission: President-elect Obama plans to enlarge the FTC budget and enforcement power to aid in the implementation of his technology and innovation policies. The FTC’s expanded powers will likely be used to enforce the Commission’s new identity theft Red Flags Rule, which requires financial institutions and creditors to implement comprehensive written identity theft prevention programs by May 1, 2009. The FTC’s decision to extend the original November 1, 2008 compliance deadline for an additional six months portends relatively immediate enforcement activity in Summer 2009 that will help define precisely what is required, and from whom, under the Rule. The push for more enforcement power may also spur the expansion of the FTC’s authority to seek civil penalties and other monetary remedies for violations of the statutes and regulations the Commission enforces.

Location Data & Government Surveillance: President-elect Obama’s desire to develop and better utilize available technologies to create real change in America will likely create some friction in the areas of government surveillance and the collection of location data where the interests of national security and personal privacy diverge. Moreover, the private sector’s collection and use of location data and other “tracking” information to more effectively market to consumers raises concerns on both sides of the aisle since these technologies arguably can be misused to compromise national security or personal privacy. While we expect the Obama administration to back away from the aggressive government surveillance policies and programs implemented by the previous administration in the wake of September 11, 2001, the success of these efforts will require a delicate balance between a strong stance on national security and a shift toward protecting the privacy of Americans at home.