washington — U.S. Sen. Joe Manchin, D-W.Va., joined 16 other senators in reintroducing legislation to protect personal data online.
The Data Care Act would require websites, apps, and other online providers to take steps to safeguard personal information and stop the misuse of users’ data.
“I am very concerned about the increased frequency of online data breaches and the dangers they present for users. We must give American users the confidence they need to feel that their sensitive information remains safe online. When you go to a bank or a doctor’s office, you expect them to protect your personal information. Just because a company is online shouldn’t make them any different. That’s why I am proud to partner with my colleagues on this bill that would require online services to secure personal data and protect users from harm,” said Manchin.
Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and not misuse their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves users in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing an explicit duty for online providers, Americans can trust that their online data is protected and used responsibly.
The Data Care Act establishes duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:
Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
Duty of Loyalty – May not use individual identifying data in ways that harm users;
Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene. States and the FTC may go after both first- and third-party data collectors.
Rule Making Authority – FTC is granted rule making authority to implement the act.