24/7 Wall St.

The Business Roundtable, a group comprising CEOs of U.S. companies with more than 16 million employees and more than $7 trillion in annual revenues, on Friday sent a comment letter to the U.S. Department of Commerce related to a proposed federal policy on consumer privacy.

In its comment letter, Roundtable technology committee chair, Julie Sweet, CEO of Accenture North America, noted that “enhancing and sustaining consumer trust is vital for continued innovation and economic competitiveness.”

Referring to the General Data Protection Regulation (GDPR) recently implemented in the European Union, new laws in Brazil and California, and a flood of privacy regulations both globally and at the U.S. state and local levels, Sweet points out that fragmentation “leads to a disjointed user experience and misalignment of expectations for consumers.”

With this in mind, the Roundtable sets four objectives for national privacy regulation:

• Championing consumer privacy and promoting accountability
• Facilitating innovation
• Harmonizing regulations
• Achieving global interoperability

The Roundtable outlines seven components of a national framework for consumer privacy law:

Applicability
A federal law must distinguish between personal data that may be considered to identify a real person and aggregate personal data that could not be used to identify an individual.

Comprehensive approach
A national law should provide a consistent, uniform framework for collecting, using and sharing personal data.

Recognize consumer rights
Consumers should have visibility into a company’s use of their data. They also should have some level of control of how their data is collected, used and shared, and they should be able to correct erroneous data. Consumers also should be able to delete personal data in certain instances.

Governance and accountability
Companies should have policies and procedures in place that are consistent with a national privacy law and should be responsible for imposing obligations on vendors with whom they share consumer data. Companies also should have a system in place to handle consumer inquiries and complaints.

Risk-based privacy practices
Companies should “leverage” risk-based privacy practices to apply more protection to practices that present higher risks to consumer rights.

Address data security
Companies should have “reasonable” safeguards against unauthorized access to personal consumer data. A national law also should specify when companies must notify consumers of a data breach that presents a risk of financial harm to those consumers.

Effective, consistent enforcement
The Roundtable supports the Federal Trade Commission (FTC) as the primary enforcement agency for a national privacy law. The agency should be adequately funded to do its job.

The full text of Sweet’s letter is available at the Business Roundtable website.