Congress – Rep. Bobby L. Rush (D-IL 01) introduced H.R. 5777, “The Best Practices Act”, a comprehensive federal data privacy bill. The Act would require covered entities (most research companies and organizations) to: provide extensive notice of their data privacy practices to individuals; offer opt-out from collection or use of most information (not necessarily personally identifiable information); get participant’s “affirmative express consent” for collection or use of “sensitive” information (which includes some common demographic data) or for transfer of most information to a third party (except for service providers); make sure the data they keep is accurate; set up and maintain data security systems and processes; and conduct periodic privacy assessments. The Act would be enforced by the Federal Trade Commission (FTC), State Attorneys General (AGs), and private lawsuits. It comes in the wake of a draft bill circulated by Reps. Rick Boucher (R-VA-09) and Cliff Stearns (R-FL-06) at the beginning of the summer (on which MRA has already had meetings with staff); has already been the subject of a hearing in the Energy & Commerce Committee; and will be the basis of a comparable bill being developed by Sen. John Kerry (D-MA), with whose staff MRA has already met. MRA has drafted a thorough summary and analysis of the Act and its impact on the research profession.
PA – Sen. Jeffrey E. Piccola (R-15) introduced S.B. 1449, which would prohibit the Pennsylvania Department of Education from obtaining “identifying information concerning a student for any purpose” from an institution of higher education. The bill would define “identifying information” as “any document, photographic, pictorial or computer image of another person, or any fact used to establish identity, including, but not limited to, a name, birth date, Social Security number, driver's license number, nondriver governmental identification number, telephone number, checking account number, savings account number, student identification number, employee or payroll number, residence address, mailing address or electronic signature.”
NY – Sen. Kevin S. Parker (D-21) and Assembly Member Audrey I. Pheffer (D-23) introduced the “Radio Frequency Identification Right to Know Act” (S.B. 8196 and A.B. 276), which would require all products containing a radio frequency identification (RFID) tag with a notice regarding the existence of such tag. The Act also would prohibit: (A) the combination or linkage of a “consumer’s personal information with information gathered by, or contained within”, an RFID tag; (B) disclosing a consumer’s personal information association with information gathered by, or contained within,” an RFID tag “to a nonaffiliated third party”, either directly, or through an affiliate; directly, or through an affiliate; or (C) using “information gather by, or contained within,” an RFID tag “to identify a consumer”, directly or through an affiliate or nonaffiliated third party. The Act could limit the use of RFID information for research purposes.
Congress – Sen. Chuck Schumer (D-NY) introduced the DISCLOSE Act (S. 3628, comparable to H.R. 5175, which has passed the House). The Act would change campaign finance regulation following the Supreme Court’s ruling in Citizens United. Among many provisions, the Act would require significant disclosures for “political robocalls”. Since the Act would define “political robocalls” as automated calls that promote, support, attack, or oppose “a candidate for election for Federal office”, this legislation would have minimal impact on the research profession if it ever advanced.
NC – The Governor signed H.B. 748 into law as Session Law Number 2010-170. As explained in the July Legislative Update, MRA will seek to work with the regulatory authorities in North Carolina as they implement this new law, to ensure that the definition of “push poll” in no way impinges on bona fide survey and opinion research.
NY – Sen. Shirley L. Huntley (D-10) introduced S.B. 8098 and Assembly Member Vivian E. Cook (D-32) introduced A.B. 6597, companion bills that would add the sending of unsolicited email to the definition of harassment under New York law. Specifically, they would add “transmits an electronic message over a computer network without the express authority of the recipient, when such message provides neither any purpose of legitimate communication nor any information to the recipient which would allow a direct reply to inform the sender of the annoyance.” Researchers abiding by MRA’s recommended email best practices should not be affected by S.B. 8098 and A.B. 6597.