Privacy and Security Law: A Comprehensive National Framework

The House Committee on Energy & Commerce recently established a data privacy working group to explore the creation of comprehensive federal privacy legislation. As part of this effort, the group released a Request for Information to collect feedback from stakeholders on key privacy and security issues. In response, Proofpoint submitted a statement in support of a national framework, emphasizing that clear and consistent privacy and security protections benefit Proofpoint's customers and their employees, a summary of which is captured below.

The Need for a National Privacy and Security Law
At Proofpoint, we're on the front lines of cybersecurity - helping protect thousands of organizations and millions of users from advanced threats like identity theft, phishing, ransomware, and business email compromise. With trillions of data points analyzed and 20+ years of experience, we are confident that strong, uniform privacy and security laws provide essential protection for businesses and consumers.

Proofpoint's Human-centric Approach
We take a human-centric approach to cybersecurity. Our platform, trusted by 85 of the Fortune 100, stops human-targeted attacks, safeguards data, and makes users more resilient, improving organizations' overall security posture. Proofpoint provides the only modern cybersecurity architecture that takes a comprehensive, adaptive, and effective approach to protecting organizations' greatest assets and biggest risks: their people. Powered by NexusAI and backed by our global intelligence, we help organizations protect themselves from cyber threats faster and respond to cyber risks more effectively.

While innovative tools are essential for defending against emerging and evolving cyber threats, they are most effective when supported by clear, concise and consistent laws that prioritize sensible privacy and security. By aligning Proofpoint technology with strong and effective policy, we can build a safer and more resilient cybersecurity framework.

A Patchwork of Privacy Laws
Privacy protections in the US vary by state, industry, and situation. The patchwork approach creates confusion for consumers about how their data is protected and requires businesses to navigate often conflicting compliance obligations.
People deserve peace of mind knowing that every business throughout the country is held to the same privacy and security standards. Trust grows when people know their information is secure-regardless of who they're dealing with or where their information is being processed.

The Solution: A Uniform Privacy Law
As a cybersecurity service provider to organizations across industries throughout the world, we've experienced the complexity that varying privacy and security frameworks create. Each customer prioritizes different privacy and security concerns, resulting in contracts and agreements with different terms-creating complexity where none should exist.

A national uniform privacy law would streamline requirements, clarify responsibilities, and reduce costs. It would also help businesses better protect data by establishing clear, uniform expectations for the entire supply chain.

Elements of a Strong Privacy and Security Framework
Applying what we have learned from how various federal, state, and local US jurisdictions, as well as other countries, have legislated in this space, we have the opportunity to adopt the most effective elements to protect consumers, hold businesses accountable, and establish consistent standards that keep business operations running efficiently.

This includes:
• Prioritizing Data Minimization: Only collect and use the data needed for clearly stated purposes.
• Requiring Data Security Safeguards: Hold businesses accountable to strong security standards.
• Supporting Security Uses of Data: Allow data processing when necessary to detect and prevent security incidents and protect against cyber threats.
• Fostering Innovation: Balance strong privacy and security protections with the flexibility needed to foster the advancement of technologies such as AI.

The Next Step
We've seen what does and does not work with respect to privacy and security regulations. Now is the time to take the next step and create a framework that promotes strong and sensible cybersecurity for all.