The following press release was issued today by Senator Patrick Leahy:
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) on Wednesday reintroduced sweeping legislation to protect Americans’ personal information and ensure their privacy. Leahy also announced the issue of data privacy would be the subject of a committee hearing early in the new Senate session.
Leahy first authored and sponsored the Personal Data Privacy and Security Act in 2005, and he has reintroduced the legislation in each of the last four Congresses. The bill would establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats. Leahy’s bill introduction on Wednesday comes just weeks after the department store chain, Target, suffered a major data security breach involving 40 million credit and debit cards used to pay for purchases at its stores during the busy holiday buying season.
“The recent data breach at Target involving the debit and credit card data of as many as 40 million customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation,” said Leahy, whose extended statement can be viewed online. “That is why today I am introducing the Personal Data Privacy and Security Act, a bill that aims to better protect Americans from the growing threats of data breaches and identity theft. This important issue will also be the focus of a hearing before the Judiciary Committee this year.”
In 2011, the Obama administration released a proposal to enhance and strengthen cybersecurity and data privacy, including a provision to establish a national standard for data breach notification that is similar to the data breach provision in the Leahy-authored Personal Data Privacy and Security Act. The bill introduced today is cosponsored by Senators Al Franken (D-Minn.), Chuck Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.).
Key provisions in the bill include:
- Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the breach causes economic damage to consumers;
- A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security; and
-
An update the Computer Fraud and Abuse Act to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense.