Consumers should control the extent to which their personal information may be collected, analyzed, shared, and sold.
Privacy protections should be embedded into products and services.
Organizations (including private companies, nonprofits, and government entities) should clearly communicate:
Policymakers should protect against the misuse of data, including:
Policymakers and the private sector should ensure that organizations effectively protect against unauthorized access to or misuse of consumers’ personally identifiable information
Organizations must effectively inform consumers about how their PII is secured and what actions will be taken in the event of a security breach.
Companies, government agencies, and individuals should protect the unauthorized use, display, collection, and sale of SSNs.
Federal policymakers should strengthen protections and enforcement against identity theft.
Occupational regulation should enhance consumer health and safety and provide consumers with meaningful benefits.
Regulators should provide robust oversight to ensure compliance with federal, state, and local consumer protection laws.