Privacy and Security
- ECPA standards must be clarified, providing stronger privacy protections for communications and associated data in response to changes in technology and new services and usage patterns, while preserving the legal tools necessary for government agencies to enforce the laws, respond to emergency circumstances and protect the public.
- Federal privacy law must be reconciled with requests by fiduciaries and executors for access to digital assets of deceased person, resolving serious conflict of law and preemption questions for the states and privacy questions for users of online services. Policy must balance the interests of estate administrators, with the privacy of users with whom and about whom they have communicated.
- State Departments of Education should make publicly available an inventory and index of all data elements with definitions of individual student data fields currently in the statewide longitudinal data system, create a data security plan, and ensure compliance with federal and state data privacy laws and policies.
- Effective cybersecurity measures will build upon public-private partnerships, existing initiatives, and resources, emphasize risk management, focus directly on threats and bad actors and be capable of responding and rapidly adapting to new technologies, consumer preferences, business models, and emerging threats.
A market environment is essential for future success of the Internet. A consumer and private-sector-driven approach to privacy via self-regulation avoids undue regulatory burden that would threaten a thriving electronic marketplace.
The Internet has flourished due in large part to the unregulated environment in which it has developed and grown. Self-regulation, industry-driven standards, individual empowerment and a market environment generally promise greater future success than intrusive governmental regulation. In order to secure the economic growth and vitality of the electronic marketplace, the private sector must continue to lead through self-regulation. Innovation, expanded services, broader participation, and lower prices will arise in a market-driven arena, not in an environment burdened by over-regulation.
The market has responded favorably and swiftly to consumer concerns regarding the collection and use of personal information. Innovators have crafted tools that let users block cookies, advertising, the tracking of Internet surfing behavior, and third party sharing of information. The market is responding to consumer concerns, without burdensome government regulation. The most effective privacy policies provide notice, choice, security, and access. Online sites and services should be encouraged to offer more options along these lines and individuals should be free to select the policy that best fits their needs and take responsibility for their online activities.
Effective cybersecurity is essential for the proper function of government and continued growth of the economy in cyberspace. However, cyber challenges could pose an existential threat to the U.S. economy, our national security apparatus and public health and safety.
Cyberspace’s owners include all who use it: consumers, businesses, governments, and infrastructure owners and operators. Cybersecurity measures must help these stakeholders to be aware of the risks to their assets, property, reputations, operations, and sometimes businesses, and better understand their important role in helping to address these risks. Industry should lead the way in sharing information with the appropriate government entities following an attack and collaborating with others in the private sector to share best practices.
Partnerships between government and industry have provided leadership, resources, innovation, and stewardship in every aspect of cybersecurity since the origin of the Internet. Cybersecurity efforts are most effective when leveraging and building upon these existing initiatives, investments, and partnerships.
I. Policymakers should avoid one-size fits all frameworks. Any framework should identify actual harms to consumers and be designed to protect against those harms. Prescriptive legislation should be avoided as it prevents the private sector from innovatively addressing public concerns about the technology. To the extent possible, policymakers should avoid …
WHEREAS, laws and regulations should allow health care providers to practice the full extent of their professional training and expertise through telehealth; WHEREAS, laws and regulations should permit health care providers to deliver all forms of telehealth, including real-time video consultations, remote patient monitoring, and store-and-forward technology; WHEREAS, all health …
WHEREAS, the cost of healthcare has grown an average of 2.4 percent faster than GDP since 1970 and currently represents 18 percent of the United States’ total GDP; and WHEREAS, the lack of access to health care in rural areas is contributing significantly to these increasing costs; and WHEREAS, 21 …
Statement of Principles for Cybersecurity WHEREAS, it is the mission of the American Legislative Exchange Council (ALEC) to advance the principles of free markets, limited government and federalism; and WHEREAS, effective cybersecurity is essential for the proper function of government and continued growth of the economy in cyberspace; and …
Employee Online Privacy Act Summary Job applicants and employees are increasingly using online accounts for their personal communication and social networking. Potential and actual employers should not request or require access to these personal accounts, except in cases where the employer is obligated to investigate activities that may involve …
Information Security Management Act Summary An act concerning cyber security for communication and information resources in public agencies, and making an appropriation in connection therewith. Be it enacted by the General Assembly of the State of _____________: Section 1. Article _____ of title _____, ___________ Revised Statutes, …