There are seven broad proposals that the administration is referring to as "the desired outcomes of organizational practices," and it is taking that approach for the time being "rather than dictating what those practices should be." These "desired outcomes" are in their early stages, and there's no guarantee any formal rules will follow as a result -- though they could act as a framework for future federal legislation.
Among the suggestions are that "the collection, use, storage and sharing of personal data should be reasonably minimized in a manner proportional to the scope of privacy risks." It floated the ideas that organizations have to be transparent in how they handle and store user data; that orgs should have security measures in place to protect data; and that consumers "should be able to reasonably access and correct personal data they have provided."
The NTIA also suggested that users should be able to control which personal data they provide, and that organizations would be responsible for such data that passes through their systems. You can have your say on the proposals during the public comment period, which closes October 26th.
Meanwhile, the Senate Committee on Commerce, Science, and Transportation will hold a hearing Wednesday related to the privacy policies of major tech and communications companies. Representatives from Amazon, Google, Twitter, Apple, AT&T and Charter are set to appear before the committee, and they may offer suggestions on how to safeguard privacy.