Consumer Protection and Data Breach Notification

14 November 2007 - A Best Practice Forum on Privacy in Rio de Janeiro, Brazil

Agenda

Proponents

American Bar Association

Partners

World Bank

Additional Information

1. This proposal for a thematic Best Practice Forum (BPF) under the “Access” theme will highlight the Internet governance challenges of consumer protection generally and data breach notification specifically. This BPF will conform to the structural requirements set forth in the BPF Call for Proposals (CfP), and will follow the template for thematic presentations in the CfP.

2. Proposal Submitted by: American Bar Association (ABA), Cyberspace Law Committee, Henry L. Judy (henry.judy@klgates.com); World Bank Legal Department, David Satola (dsatola@worldbank.org).

3. Recently completed work by the ABA regarding online consumer protection in cross-border use of the Internet for e-commerce shows that different standards of legal protection in different jurisdictions affects both the willingness to consumers to use the internet and the willingness of suppliers of goods and services to offer them online. The different standards also lead to inefficiencies that increase costs to both consumers and suppliers. As such, cross-border consumer protection is an issue affecting the confidence of different kinds of users to access the Internet for a variety of tasks. Consumer protection is therefore inherent in Internet governance.

4. As data breaches involving personal data have become ever more common globally, questions have naturally arisen as to the rights of affected persons to be advised of that they may be the subject of a breach and the correlative obligations of various holders of the data to provide the notices and to otherwise respond to the actual or potential breach. There are no settled standards on the numerous aspects of implementing a sensible regime to govern these issues, including the standard of care in securing the data. This fact has been particularly troublesome in cases where multi-national entities are involved and personal data from different jurisdictions is transmitted across national boundaries and stored in multiple locations. We will share recent practical experience, research and policy formulation work of the ABA regarding these questions.

5. We intend to showcase recent cases showing the various trends – good and bad – in consumer protection and data breach protection and notification that will illustrate the different policy and legal approaches that have been developed, what remedies are available and the strengths and weaknesses of the various responses to these issues.

6. While we will draw on the expertise in the ABA generally, as well as the Cyberspace Law Committee, to provide background presentations. We have also invited experts from Academia and Industry to participate in this BPF to share their insights on these issues as Discussant and Moderator.