On Friday, February 27, the White House released its promised draft privacy and data security legislation. The proposed Consumer Privacy Bill of Rights Act of 2015 contains few, if any, surprises and would codify the framework that the White House proposed in 2012, imposing privacy and data security requirements across sectors and industries. The proposal has drawn criticism from the Federal Trade Commission and privacy advocates for not containing enough consumer protections, and from the business community for a lack of clarity and the potential to stifle innovation and to create other unintended consequences. In this post, we summarize the Act and some of the ramifications if it were to be adopted in its current form.