Required reading for any businesses that collect information from customers on the Web (that would be most of you): Two reports out for comment recommend changes to the ways companies use and manage the online information they collect about consumers.

The Federal Trade Commission and the Department of Commerce are each seeking comment on their own respective frameworks for online consumer privacy.

The FTC framework, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers” focuses on three major themes:

Privacy by Design: The report recommends companies build privacy protections into everyday business practices, including reasonable security for consumer data, limited data collection and retention, and procedures to promote data accuracy. Companies also should implement privacy practices such as assigning personnel to oversee privacy issues, training employees, and conducting privacy reviews for new products and services.

Simplified Choice: Companies should give consumers simplified choice about the collection and sharing of their data at the time and in the context in which they are making those decisions. The report says companies shouldn't have to seek consent for certain commonly accepted practices, such as product and service fulfillment and first-party marketing. The FTC endorses a “Do Not Track” mechanism governing the collection of information about consumer's Internet activity to deliver targeted ads and for other purposes, for instance, using a persistent setting on the consumer's browser.

Greater Transparency: Companies should develop clearer, shorter, more standardized privacy notices; provide consumers access to the data they maintain proportionate to its sensitivity and the nature of its use; and obtain affirmative express consent before using it in a materially different manner than claimed when the data was collected.

The FTC report says industry efforts to address privacy through self-regulation “have been too slow, and up to now have failed to provide adequate and meaningful protection.”

Comments are due by Jan. 31. The FTC has published an appendix of the questions it requests comment on.

Meanwhile, the Department of Commerce issued its own initial policy recommendations for online consumer privacy in a report titled “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.”

Among its recommendations:

Establishment of a “Privacy Bill of Rights” for consumers built on existing Fair Information Practice Principles, detailing baseline principles for how online companies collect and use personal information for commercial purposes.

Establishment of a Privacy Policy Office in the Department of Commerce to work with the FTC, the Executive Office of the President, and other federal entities, to examine commercial uses of personal information, evaluate whether gaps in privacy protections exist, and help develop enforceable privacy codes of conduct for specific sectors.  

Global Interoperability: The report urges the U.S. government to work with its trading partners and global privacy authorities to find ways to bridge differences in disparate privacy frameworks.

National Security Breach Notification Rules: The report recommends adoption of a federal security breach notification rule to replace the current patchwork of state laws.

Electronic Communications Privacy Act Review: The report recommends that the Obama Administration review the Electronic Communications Privacy Act to address privacy protection in cloud computing and location-based services.

The Commerce Department plans to seek public comment and publish questions from the report in a Federal Register notice.

*Update—The Department of Commerce notice, detailing 42 questions for comment, have been published in today's Federal Register. Comments are due by Jan. 28, 2011. Hat tip to Deborah Lodge of Patton Boggs.