Key Points
  • ECPA standards must be clarified, providing stronger privacy protections for communications and associated data in response to changes in technology and new services and usage patterns, while preserving the legal tools necessary for government agencies to enforce the laws, respond to emergency circumstances and protect the public.
  • Federal privacy law must be reconciled with requests by fiduciaries and executors for access to digital assets of deceased person, resolving serious conflict of law and preemption questions for the states and privacy questions for users of online services. Policy must balance the interests of estate administrators, with the privacy of users with whom and about whom they have communicated.
  • State Departments of Education should make publicly available an inventory and index of all data elements with definitions of individual student data fields currently in the statewide longitudinal data system, create a data security plan, and ensure compliance with federal and state data privacy laws and policies.
  • Effective cybersecurity measures will build upon public-private partnerships, existing initiatives, and resources, emphasize risk management, focus directly on threats and bad actors and be capable of responding and rapidly adapting to new technologies, consumer preferences, business models, and emerging threats.

A market environment is essential for future success of the Internet. A consumer and private-sector-driven approach to privacy via self-regulation avoids undue regulatory burden that would threaten a thriving electronic marketplace.

The Internet has flourished due in large part to the unregulated environment in which it has developed and grown. Self-regulation, industry-driven standards, individual empowerment and a market environment generally promise greater future success than intrusive governmental regulation.  In order to secure the economic growth and vitality of the electronic marketplace, the private sector must continue to lead through self-regulation. Innovation, expanded services, broader participation, and lower prices will arise in a market-driven arena, not in an environment burdened by over-regulation.

The market has responded favorably and swiftly to consumer concerns regarding the collection and use of personal information.  Innovators have crafted tools that let users block cookies, advertising, the tracking of Internet surfing behavior, and third party sharing of information. The market is responding to consumer concerns, without burdensome government regulation. The most effective privacy policies provide notice, choice, security, and access. Online sites and services should be encouraged to offer more options along these lines and individuals should be free to select the policy that best fits their needs and take responsibility for their online activities.

Effective cybersecurity is essential for the proper function of government and continued growth of the economy in cyberspace.  However, cyber challenges could pose an existential threat to the U.S. economy, our national security apparatus and public health and safety.

Cyberspace’s owners include all who use it: consumers, businesses, governments, and infrastructure owners and operators. Cybersecurity measures must help these stakeholders to be aware of the risks to their assets, property, reputations, operations, and sometimes businesses, and better understand their important role in helping to address these risks. Industry should lead the way in sharing information with the appropriate government entities following an attack and collaborating with others in the private sector to share best practices.

Partnerships between government and industry have provided leadership, resources, innovation, and stewardship in every aspect of cybersecurity since the origin of the Internet. Cybersecurity efforts are most effective when leveraging and building upon these existing initiatives, investments, and partnerships.

Publications

  • Screenshot 2021-03-26 115613

    Amicus Brief: AFP v. Baccera

    “Every American should be concerned about this type of detailed donor disclosure,” said ALEC CEO Lisa B. Nelson. She continued,…
  • A FRAMEWORK FOR PRIVACY LEGISLATION – Web Cover Page

    A Framework for Privacy Legislation

    Privacy is en vogue. Policymakers from Washington, D.C. to Washington State are talking about it. They are holding meetings and…
  • 2013-03-20 Abuse-and-Misuse-of-Personal-Info-Final cover

    Abuse and Misuse of Personal Information

    Executive Summary: Advances in technology provide a number of useful products and services that can either enhance or threaten personal privacy,…
+ All Privacy and Security Publications

Model Policies

  • Use of AI Firearm Detection Software in Schools Draft

    Section 1. School District Safety and Security (A) From existing appropriations provided for school security purposes, the Department of Education may enter into a contract with a private vendor for firearm detection software. Such software shall: (a) Detect and alert school district personnel and first responders…

  • ALEC Statement of Principles for Teen Use of Social Media Draft

    Laws and regulations governing the safety of teens (ages 13-18) and their use of social media should be consistent with the principles outlined below. It is without dispute that the safety and well-being of children and teens should be of priority for social media platforms and policymakers. Social media platforms…

  • State Infrastructure Protection Act Final

    AN ACT relating to prohibiting contracts or other agreements with certain foreign-owned companies in connection with critical infrastructure in this state. BE IT ENACTED BY THIS LEGISLATIVE CHAMBER: SECTION 1.  This Act may be cited as the State Infrastructure Protection Act. SECTION 2.  The relevant section or chapter of the business or commerce code…

  • Resolution Urging Congress to Protect Consumer Privacy in Banking and Financial Transactions Final

    Resolution Urging Congress to Protect Consumer Privacy in Banking and Financial Transactions WHEREAS, the Biden Administration and some in Congress have proposed changes to tax information reporting which would require financial institutions to provide the Internal Revenue Service reports of incoming and outgoing transactions from every customer financial…

  • The Privacy Protection Act Final

    Purpose This proposal establishes criteria for the government’s adoption of new and emerging surveillance technologies while ensuring privacy protections for individuals. Text Section 1. Definitions 1. “Commission” means the Personal Privacy Oversight Committee created in Section 4. 2. (a)“Government entity” means the state, county, a municipality, a higher education institute,…

  • Statement of Principles on Facial Recognition Policy Final

    I. Policymakers should avoid one-size fits all frameworks. Any framework should identify actual harms to consumers and be designed to protect against those harms. Prescriptive legislation should be avoided as it prevents the private sector from innovatively addressing public concerns about the technology. To the extent possible, policymakers should avoid…

+ All Privacy and Security Model Policies

Task Forces

Commerce, Insurance and Economic Development

Members of the Commerce, Insurance and Economic Development Task Force believe that economic freedom is the…

Health and Human Services

There is no sector of our economy where the hand of government is more evident than…

Communications and Technology

With nearly 200 members representing all parts of the country and every segment of industry, the…