Meet the Perfect Privacy Regulator


The traits of the most effective data privacy regulators share are a commitment to promoting education and awareness, consistent regulation and exercising discretion and good judgment, according to a report issued by the U.S. Chamber of Commerce and Hunton & Williams LLP.

Lisa Sotto, chair of Hunton’s Privacy and Cybersecurity Practice, presented the report at a Chamber of Commerce panel alongside Acting Federal Trade Commission Chairman Maureen Ohlhausen. Sotto pointed to the FTC as an example of a model privacy regulator.

According to the report, effective privacy regulators promote of education and awareness, seek feedback from businesses and individuals and offer guidance and assistance to them both. In addition, an effective privacy regulator should be judicious and transparent and strive for coordination and cooperation with all stakeholders. Finally, an effective privacy regulator should be business and technology-savvy.

The report also looked at the organizational attributes of effective privacy offices, including the funding, autonomy, responsibility and authority of the world’s privacy regulators.

There is wide variety among the enforcement tools available to different international privacy regulators. The U.K. privacy regulator may issues fines, but can’t provide relief to individuals whose privacy have been violated. In the U.S., the FTC can enter into administrative settlement agreements with companies to overhaul their entire privacy and data security programs, but must in most instances ask the Department of Justice to take cases to court.

The report found that successful privacy regulators should be structurally autonomous (yet few receive enough funding for sufficient autonomy) and have a transparent, fair and unbiased process for appointing and removing officials.

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.