Loading...

많은 웹사이트와 마찬가지로, BSA의 웹사이트는 쿠키를 사용하여 해당 웹사이트의 효율적인 기능을 보장하고 당사 사용자에게 최상의 경험을 제공합니다. 당사의 쿠키 사용법 및 귀하의 브라우저 쿠키 설정을 변경하는 법에 대한 자세한 내용은 당사의 쿠키 취급방침에서 더 알아보실 수 있습니다. 쿠키 설정을 변경하지 않고 이 사이트를 계속 이용함으로써 귀하는 당사의 쿠키 사용에 동의하시는 게 됩니다.

X

Privacy Cybersecurity

SEP 11, 2018 | US

BSA | The Software Alliance Releases Privacy Framework to Support Data Privacy Legislation

WASHINGTON – September 12, 2018 – Privacy is a key concern for millions of Americans. With this in mind, BSA | The Software Alliance has developed a Privacy Framework as a guide for policymakers as they seek to draft privacy legislation. Software affects every sector in the United States from manufacturing and education to agriculture and business. Software-enabled technologies increasingly rely on data to function, and sometimes that includes personal data. “We understand and acknowledge the importance of privacy to every consumer,” said Victoria Espinel, President and CEO of BSA | The Software Alliance. “The US has had mechanisms in place to protect privacy for more than twenty years. The world has since changed, and data is critically important to the global economy. We need to ensure clear, consistent, and transparent privacy rules. Now is the time to modernize the law.”Establishing clear national standards to govern how personal data is used will strengthen trust and confidence in the overall data economy. BSA urges Congress to support a user-centric approach to privacy that will provide consumers with mechanisms to control their personal data. This privacy framework will ensure the use of personal data is consistent with consumers’ expectations while also enabling companies to provide innovative solutions for businesses and consumers. In addition to federal legislation, it can serve as a guide to Administration efforts and companies’ own policies.Companies should give consumers transparency and choice into how their data is used. Companies should also have reasonable safeguards in place to keep this data safe. And federal law should have accountability and enforcement mechanisms to make sure companies adhere to these standards.BSA’s Privacy Framework includes making personal data collection and use more transparent, giving consumers more control over their personal data, enabling governance over data collection and use, providing robust security, and promoting the use of data for legitimate business purposes. It includes ten components:
  1. Transparency: Organizations should provide clear and accessible explanations of their practices for handling personal data, including the categories of personal data they collect, the type of third parties with whom they share data, and the description of processes the organization maintains to review, request changes to, request a copy of, or delete personal data.
  2. Purpose Specification: Personal data should be relevant to the purposes for which it is collected and obtained by lawful means. Organizations should inform consumers of the purpose for which they are collecting personal data and use that data in a manner that is consistent with that explanation, the context of the transaction, or reasonable expectation of the consumer, or in a manner that is otherwise compatible with the original purpose for which the data was collected. Organizations should employ governance systems that seek to ensure that personal data is used and shared in a manner that is compatible with the stated purposes.
  3. Informed Choice: Organizations should provide consumers with sufficient information to make informed choices and, where practical and appropriate, the ability to opt out of the processing of personal data. BSA recognizes that certain data, such as financial account information or health condition, may be particularly sensitive. If the use of sensitive data implicates heightened privacy risks, organizations should enable consumers from whom they collect sensitive data to provide affirmative express consent. Certain existing US laws, such as COPPA, HIPAA, GLB, and the FCRA, also provide important protections for the processing of sensitive personal data covered by those laws and should therefore remain in place.
  4. Data Quality: Personal data should be relevant to the purpose for which it is used and, to the extent necessary for those purposes, should be accurate, complete, and current.
  5. Consumer Control: Consumers should be able to request information about whether organizations have personal data relating to them and the nature of such data. They should be able to request a copy of the data, challenge the accuracy of that data, and, as appropriate, have the data corrected or deleted. Organizations that determine the means and purposes of processing personal data should be primarily responsible for responding to these requests. Organizations may deny such requests where the burden or expense of doing so would be unreasonable or disproportionate to the risks to the consumer’s privacy; to comply with legal requirements; to ensure network security; to otherwise protect confidential commercial information; for research purposes; or to avoid violating the privacy, free speech, or other rights of other consumers.
  6. Security: Organizations should employ reasonable and appropriate security measures designed to prevent unauthorized access, destruction, use, modification, and disclosure of personal data based on the volume and sensitivity of the data, size and complexity of the business, and cost of available tools.
  7. Facilitating Data Use for Legitimate Business Interests: Privacy frameworks should facilitate the use of data for legitimate business purposes. Such purposes may include providing services to other business customers or consumers. Where the processing of data poses risks to the privacy of consumers, privacy frameworks should implement a risk-based approach that tailors protections to circumstances that are likely to lead to substantial harm.
  8. Accountability: Organizations should develop policies and procedures that provide the safeguards outlined in this framework, including designating persons to coordinate programs implementing these safeguards and providing employee training and management; regularly monitor and assess the implementation of those programs; and, where necessary, adjust practices to address issues as they arise.
  9. Legal Compliance and Enforcement: Organizations that determine the means and purposes of processing personal data should have primary responsibility for satisfying legal privacy and security obligations. Entities that process data on behalf of those organizations should be responsible for following their agreed upon instructions. Any uniform federal privacy law should harmonize requirements in state law. The Federal Trade Commission, which has a strong record of robust enforcement, should have the tools and resources necessary to carry out its mission effectively.
  10. International Interoperability: Privacy frameworks should enable and encourage global data flows, which underpin the global economy. Where differences exist among varying privacy regimes, governments should create tools to bridge those gaps in ways that both protect privacy and facilitate the free flow of data.
To explore the entire framework, visit http://bit.ly/BSA-PrivacyFramework.

BSA 소개

소프트웨어 연합(BSA | The Software Alliance, 이하 BSA)(www.bsa.org)은 각국 정부를 대상으로 세계 시장에서 전 세계 소프트웨어 업계를 대변하고 옹호하는 선도적 연합체입니다. 세계의 가장 혁신적 기업들이 회원사로 참여하며 경제에 활기를 불어 넣고 현대의 생활을 향상시키는 소프트웨어 솔루션을 만들어 내고 있습니다.

워싱턴 DC에 본부를 두고, 30개국이 넘는 국가들에서 운영되는 BSA는, 합법적 소프트웨어 사용을 증진시키고 기술 혁신을 촉진하며 디지털 경제의 성장을 추진하는 공공 정책을 지지하는 준법 프로그램들을 선도합니다.

언론 연락처

Michael O’Brien

이메일: [email protected]

For Media Inquiries

이메일: [email protected]

언론 연락처

Media Inquiries

이메일: [email protected]

언론 연락처

Media Inquiries

이메일: [email protected]

CONTACTO DE PRENSA

Media Inquiries

이메일: [email protected]

관련된 컨텐츠

US: BSA Comments on Department of Commerce Request for Comments on Proposed Rule on Significant Malicious Cyber-Enabled Activities

BSA appreciates the opportunity to provide comments on the Department of Commerce’s BIS' Notice of Proposed Rulemaking to implement aspects of the E.O. on Taking Additional Steps to Address the National Emergency With Respect to Significant Malicious Cyber-Enabled Activities.

Policy Filing | Apr 25, 2024

「해외사업자의 개인정보 보호법 적용 안내서」에 대한 BSA 의견서

BSA는「해외사업자의 개인정보 보호법 적용 안내서」 (이하 ‘안내서’)의 영문(안)과 관련하여 개인정보보호위원회 (이하 ‘개인정보위’)에 의견을 제출할 수 있는 기회가 주어져 기쁘게 생각합니다.

Policy Filing | Apr 23, 2024