MRA welcomes amendments to Safe Data Act

The Secure and Fortify Electronic Data Act – the Safe Data Act – is intended to establish uniform standards for data security and data breach notifications, covering personal information such as social security numbers or bank details that could be used by criminals to commit identity theft and fraud.

However the act as originally drafted was set to give the FTC extraordinary rulemaking powers to expand the definition of personal information with limited consultation. The MRA was concerned that commonly used research data might find itself subject to the Safe Data Act rules as an FTC commissioner had already suggested that it might look to broaden the definition to include “information that can be uniquely tied to an individual”.

“Such radical expansion would result in more uncertainty for American employers, including survey and opinion research organisations, whose livelihood depends on the legitimate and accurate collection and analysis of information provided by consumers,” wrote Howard Fienberg, the MRA’s director of government affairs, in a letter supporting an amendment.

A second revision to the bill prevents FTC rulemaking authority on “data minimisation” provisions in the act. The MRA supported this amendment fearing that FTC-set limits would hamper longitudinal studies. It argued that: “Within various modes and methods of data collection, and across many different purposes, the need to collect and retain data will vary, and should be properly subject to those needs, not an arbitrary decision by a regulatory body unfamiliar with the processes and practices of those modes, methods and purposes.”

The Safe Data Act has now passed the sub-committee stage and will move up to the full Energy & Commerce Committee, though it may be delayed until September.