Loading...
Skip to main content

像很多网站一样,BSA的网站使用cookies来确保网站的高效运作,为我们的用户提供最佳的体验。 您可以在我们的Cookies声明中了解我们使用Cookies的更多信息,以及如何更改浏览器的Cookies设置。 继续使用本网站但不更改您的Cookies设置,即表示您同意我们使用Cookies。

X

SEP 11, 2018 | US

BSA | The Software Alliance Releases Privacy Framework to Support Data Privacy Legislation

WASHINGTON – September 12, 2018 – Privacy is a key concern for millions of Americans. With this in mind, BSA | The Software Alliance has developed a Privacy Framework as a guide for policymakers as they seek to draft privacy legislation. Software affects every sector in the United States from manufacturing and education to agriculture and business. Software-enabled technologies increasingly rely on data to function, and sometimes that includes personal data. “We understand and acknowledge the importance of privacy to every consumer,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “The US has had mechanisms in place to protect privacy for more than twenty years. The world has since changed, and data is critically important to the global economy. We need to ensure clear, consistent, and transparent privacy rules. Now is the time to modernize the law.”Establishing clear national standards to govern how personal data is used will strengthen trust and confidence in the overall data economy. BSA urges Congress to support a user-centric approach to privacy that will provide consumers with mechanisms to control their personal data. This privacy framework will ensure the use of personal data is consistent with consumers’ expectations while also enabling companies to provide innovative solutions for businesses and consumers. In addition to federal legislation, it can serve as a guide to Administration efforts and companies’ own policies.Companies should give consumers transparency and choice into how their data is used. Companies should also have reasonable safeguards in place to keep this data safe. And federal law should have accountability and enforcement mechanisms to make sure companies adhere to these standards.BSA’s Privacy Framework includes making personal data collection and use more transparent, giving consumers more control over their personal data, enabling governance over data collection and use, providing robust security, and promoting the use of data for legitimate business purposes. It includes ten components:
  1. Transparency: Organizations should provide clear and accessible explanations of their practices for handling personal data, including the categories of personal data they collect, the type of third parties with whom they share data, and the description of processes the organization maintains to review, request changes to, request a copy of, or delete personal data.
  2. Purpose Specification: Personal data should be relevant to the purposes for which it is collected and obtained by lawful means. Organizations should inform consumers of the purpose for which they are collecting personal data and use that data in a manner that is consistent with that explanation, the context of the transaction, or reasonable expectation of the consumer, or in a manner that is otherwise compatible with the original purpose for which the data was collected. Organizations should employ governance systems that seek to ensure that personal data is used and shared in a manner that is compatible with the stated purposes.
  3. Informed Choice: Organizations should provide consumers with sufficient information to make informed choices and, where practical and appropriate, the ability to opt out of the processing of personal data. BSA recognizes that certain data, such as financial account information or health condition, may be particularly sensitive. If the use of sensitive data implicates heightened privacy risks, organizations should enable consumers from whom they collect sensitive data to provide affirmative express consent. Certain existing US laws, such as COPPA, HIPAA, GLB, and the FCRA, also provide important protections for the processing of sensitive personal data covered by those laws and should therefore remain in place.
  4. Data Quality: Personal data should be relevant to the purpose for which it is used and, to the extent necessary for those purposes, should be accurate, complete, and current.
  5. Consumer Control: Consumers should be able to request information about whether organizations have personal data relating to them and the nature of such data. They should be able to request a copy of the data, challenge the accuracy of that data, and, as appropriate, have the data corrected or deleted. Organizations that determine the means and purposes of processing personal data should be primarily responsible for responding to these requests. Organizations may deny such requests where the burden or expense of doing so would be unreasonable or disproportionate to the risks to the consumer’s privacy; to comply with legal requirements; to ensure network security; to otherwise protect confidential commercial information; for research purposes; or to avoid violating the privacy, free speech, or other rights of other consumers.
  6. Security: Organizations should employ reasonable and appropriate security measures designed to prevent unauthorized access, destruction, use, modification, and disclosure of personal data based on the volume and sensitivity of the data, size and complexity of the business, and cost of available tools.
  7. Facilitating Data Use for Legitimate Business Interests: Privacy frameworks should facilitate the use of data for legitimate business purposes. Such purposes may include providing services to other business customers or consumers. Where the processing of data poses risks to the privacy of consumers, privacy frameworks should implement a risk-based approach that tailors protections to circumstances that are likely to lead to substantial harm.
  8. Accountability: Organizations should develop policies and procedures that provide the safeguards outlined in this framework, including designating persons to coordinate programs implementing these safeguards and providing employee training and management; regularly monitor and assess the implementation of those programs; and, where necessary, adjust practices to address issues as they arise.
  9. Legal Compliance and Enforcement: Organizations that determine the means and purposes of processing personal data should have primary responsibility for satisfying legal privacy and security obligations. Entities that process data on behalf of those organizations should be responsible for following their agreed upon instructions. Any uniform federal privacy law should harmonize requirements in state law. The Federal Trade Commission, which has a strong record of robust enforcement, should have the tools and resources necessary to carry out its mission effectively.
  10. International Interoperability: Privacy frameworks should enable and encourage global data flows, which underpin the global economy. Where differences exist among varying privacy regimes, governments should create tools to bridge those gaps in ways that both protect privacy and facilitate the free flow of data.
To explore the entire framework, visit http://bit.ly/BSA-PrivacyFramework.

关于 BSA

BSA |“软件联盟”(www.bsa.org) 是全球软件行业的主要倡导者,旨在代表该行业,向政府和国际市场发声。其成员包括全球最具创新力的公司,这些公司制定的软件解决方案,不但能够刺激经济,还能提升现代生活的品质。

BSA 的总部位于华盛顿特区,其营运机构遍布 30 多个国家。BSA 凭借这些机构,率先涉足合规项目,以期促进使用合法软件、倡导制定公共政策,并以此培养技术创新能力,以及推动发展数字经济。

媒体联系人

Anna Hughes

Telephone: 202-530-5177
Email: annah@bsa.org

Riley McBride Smith

Telephone: 202-591-1125
Email: Riley@allisonpr.com

For Media Inquiries

Email: media@bsa.org

媒体联系人

Anna Hughes

Telephone: 202-530-5177
Email: annah@bsa.org

媒体联系人

Christine Lynch

CONTACTO DE PRENSA

Anna Hughes

Telephone: 202-530-5177
Email: annah@bsa.org