The Society of Citizens Against Relationship Scams Inc. was invited to testify before the U.S. Federal Trade Commission regarding data collection and surveillance, and data security regulation.
The FTC is developing a new set of data limits and responsibility regulations to cover all user data – consensual or not.
Our Dr. McGuinness, Chairman of SCARS was able to deliver our statements with a follow-up set of written recommendations to follow.
Here is the text of his verbal testimony to the United States Federal Trade Commission today on their proposed rule-making on data collection and security. Unfortunately, all presenters had very limited time for verbal presentations. Our written testimony is separate and will be presented in a separate post.
These are the key points we wanted to get across tot he FTC for them to consider in their new regulation.
I am Dr. Tim McGuinness, Chairman of the Society of Citizens Against Relationship Scams Inc. a nonprofit supporting and representing over 50 million online abuse and crime victims, and I am a former co-founder of TigerDirect.com a multi-billion dollar online retailer, with 41 years of personal experience on the Internet
We encourage the COMMISSION to use the lessons of HIPPA and GLBA for how to control privacy and limit data sharing & impose security for a rule-making framework and may even be umbrellaed under these statutes
Do not forget that almost all platforms and apps are also PRODUCTS and may also be regulated by consumer product safety statutes.
♦ Specifically, we recommend:
- Unlimited collection of user data has led to vast criminal activity that has harmed almost all consumers worldwide – current Internet data security has failed
- Complete ban on the collection of PII and user data (including photos) without explicit consent separate from terms and conditions – which includes a general ban on excessive noncontextual data collection and tracking
- A requirement to limit data collection to NO MORE than is necessary for the management and notifications for consumer service accounts including data minimization
- Establishment of HIPPA-style best practices for universal data security
- Define the minimum business size for the affected rule-making, so that this is not impossible for small businesses to comply with
- Define the scope of platforms that must comply, including websites, apps, databases, browsers, and platforms
- Criminal penalties for failure to protect data and unauthorized sharing or disclosure similar to 21cfr11
- A consumer right of full access and revocation of data use & collection authorization – a right to delete
- Ban states from sharing information or data under obsolete sunshine statutes without consent
- A DO NOT COLLECT DATA national registry
- A national directory of data collected by personal name or identity for consumers to know who has their data
- Mandatory notifications of data breach or suspected data breach to consumers affected and disclosure to the FTC, with a mandatory financial fine to compensate consumers for actions needed to mitigate damages
- A private cause of action under the FTCs rulemaking
- A goal that consumers have a right to a sharing in revenue for their data
If you have other suggestions you would like us to consider in our formal written submission, please tell us in a comment.
We welcome the opportunity to represent you all in this important new regulation development.