Coalition Panel: Data Regulation Focus Shifting from Privacy to Security

Sept. 29, 2014 – The federal government’s efforts to severely limit the ability of industry to gather and use online data have shifted away from data privacy and toward data security, according to speakers at the Coalition for Healthcare Communication’s recent meeting held Sept. 22-23 in Washington, D.C.  “The interest in ‘do not track’ legislation is waning, with more legislative attention being paid to data security,” said Coalition Executive Director John Kamp during the meeting’s general session.

Peter Kosmala, senior vice president, Government Relations, AAAA, kicked off a Coalition panel discussion on policy directions for data privacy and security by concurring that do-not-track initiatives have dissipated and that bills in Congress in this area “remain idle despite reintroductions.” This change in priorities may be a result of both industry efforts to self-regulate through the Digital Advertising Alliance (DAA) “AdChoices” program and widespread security breaches over the past year. He remarked that statistics show that most consumers are not opting out of viewing online ads, “which is good news for marketers, because we can deliver the targeted ads that keep many websites free.”

This new focus on data security has led to new data security legislation: Draft data breach notification bills are pending in the Senate (introduced by Sen. Patrick Leahy (D-VT) and Sen. Richard Blumenthal (D-CT)), and a draft data broker bill has been introduced jointly by Sen. Jay Rockefeller (D-WV) and Sen. Ed Markey (D-MA). Further, the Senate Judiciary Committee and the House Energy & Commerce Committee have held hearings on the matter, Kosmala told meeting attendees.

Kosmala also noted that The White House issued a report on “big data” in May 2014 that explored whether consumer data are being used to make decisions about them of which they are not aware. “There is a misconception that industry is both collecting and using all of these data and making decisions about individuals that could have an adverse outcome,” he said. “Policymakers don’t have as much understanding of demographics and targeted marketing as we do,” he continued, adding that they need “a degree of comfort about what is being done.”

Coalition panelist Rachel Thomas, vice president, Government Affairs for the Direct Marketing Association (DMA), commented that industry has to do a better job of telling its data use and sharing story. “There is an opportunity as an industry to talk about the value of data writ large,” she said.

Thomas, who also is the executive director of the Data-Driven Marketing Institute (DDMI), reported that a DDMI survey regarding the value of data flow showed that in one year, the data alone drive $156 billion in the economy and provide 675,000 jobs, even before they are analyzed. Now, she said, DDMI is working on answering the question of what data sharing does for consumers in terms of efficiency and convenience. She cautioned that although many consumers see the positive side of data sharing, “responsible data use needs to be our number one priority.”

Coalition panelist Stephen Kline, senior counsel, Privacy and Regulatory Matters, Omnicom Media Group, stated that the increased scrutiny of data custodianship – heightened by the Target security breach – has changed consumers’ reactions. Today, “30 percent of consumers are willing to walk away from a retailer because of a security breach,” he said, adding that “one of three of the people affected will be the subject of identity theft, which is up from one of nine four years ago.” Coalition panelist Asaf Evenhaim, CEO, Crossix Solutions, said that even though ensuring that healthcare data are secure under Health Insurance Portability and Accountability Act (HIPAA) must be done with great care, sharing deidentified healthcare data allows industry to “better target audiences through certain channels.”

Thomas advised attendees to consider self-regulation for data security as well as data privacy, noting that “we can’t wait until we are about to be regulated to get our act together – we need to maintain a self-regulatory focus and engage with regulators now.” Kline agreed, stating that “a better educated regulator is a better regulator.”

Coalition panelists also shared that the Federal Trade Commission, states and the European Union all are actively monitoring companies’ data-specific policies and practices.