The Privacy Working Group is composed of senior retail representatives with responsibility for aspects of company operations that affect customer and employee privacy.
- NRF retail company members who participate in the Privacy Working Group provide valuable input to the association’s government relations team in significant ways that help shape our public policy priorities and positions on privacy and data security issues, as well as our responses to legislative and regulatory proposals. Members’ input on these privacy issues is vital to our advocacy efforts.
- This member committee is comprised of several hundred members with experience in privacy and data security legislation and regulation at both the federal and state level. While many participants are also members of the International Association of Privacy Professionals (IAPP), the group benefits from the diversity of its membership across a range of retail industry business and technology executives and counsels, including: Government Relations and Public Policy executives, General Counsels and Associate/Assistant General Counsels, Senior Privacy Counsels/Regulatory Compliance Officers, Senior Internal Audit Officers, and Chief Privacy Officers (CPOs), Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs).
- The Privacy Working Group’s principal focus is to serve as a forum on data privacy issues at the federal level, with additional attention given to global and state privacy regulations that could impact U.S. federal policy. In recent years, we have spent considerable time on EU regulations, such as the General Data Protection Regulation (GDPR), and on certain precedential U.S. state legislation and adopted laws, such as the California Consumer Privacy Act (CCPA). Our work in these venues has aided us significantly in our federal public policy advocacy efforts on behalf of retailers.
- The Privacy Working Group conducts most of its business by email and conference calls, but also meets in person three seasons each year (Winter, Spring and Fall), with at least one meeting occurring at our headquarters in Washington, D.C. Last year’s Fall Privacy Meeting 2018 was held in Las Vegas in September, our Winter Privacy Meeting 2019 was held in Los Angeles in January, and our Spring Privacy Meeting 2019 was held in Washington, D.C. in May.
- Between meetings, PWG members receive several memos each month via email with updates on legislative and regulatory developments in privacy or data security. We also host telephone conference calls when necessary to address a pressing issue and, recently, in light of the federal and state activity in 2019, we have been hosting a standing Privacy Working Group call every other week since March.
- As part of our outreach by email, we ask members to review and provide input on proposed bills and regulations regarding privacy and data security matters, and we offer other opportunities for members to engage in task forces on particular issues. The task forces are typically comprised of smaller groups of members (15 to 30 individuals) who will participate in more frequent emails or calls to help us develop materials or positions on discreet issues. Our current task forces are:
- Privacy Professionals Task Force (PPTF): Our most recently formed task force is comprised of about 20 highly experienced senior counsels and regulatory compliance officers who are helping us develop a customer-centric approach to data privacy.
- Global Privacy Task Force (GPTF): Formed in 2017, this task force has about 20 members who focus on global privacy regulations, most notably the EU’s GDPR and ePrivacy Regulation, and who help coordinate NRF’s global privacy activities and member delegation trips to Brussels.
- Broadband Information and Telecom Services (BITS) Task Force:1 Formed several years ago, this small team of ten members looks more deeply at Federal Communications Commission (FCC) issues that may impact retailers, such as the FCC’s Telephone Consumer Protection Act (TCPA) inquiries and rulemakings, as well as net neutrality legislative and regulatory proposals. [The BITS Task Force’s scope of coverage is broader than data privacy issues, and membership in the BITS Task Force is not necessary to provide input on privacy issues like TCPA, which are also covered in the broader Privacy Working Group matters. ]