WASHINGTON June 8, 2011 - Sen. Patrick Leahy (D-VT), Chairman of the Senate Judiciary Committee, re-introduced a bill Tuesday that would establish a national standard for the notification to consumers by corporations when data breaches occur.
Sen. Chuck Schumer (D-NY) and Sen. Ben Cardin (D-MD) cosponsored the Personal Data Privacy and Security Act, a reiteration of bills by the same name that have failed in each of the three previous Congresses.
“The many recent and troubling data breaches in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country,” said Leahy through a statement Tuesday. “Protecting privacy rights is of critical importance to all of us”
The bill would criminalize concealing data breaches that could result in economic damages to consumers and increase penalties under the Computer Fraud and Abuse Act. The bills also makes hacking or attempting to hack a computer a criminal offense and private firms would be required to establish and maintain data privacy and security protocols.
Over the last month, Sony's Playstation network has faced numerous attacks that resulted in the theft of personal information of more than 77 million users. Early this week Nintendo also suffered from a cyber-attack but the company says that no personal data was stolen.
“According to the Privacy Rights Clearinghouse, more than 533 million records have been involved in data security breaches since 2005,” said Leahy in a statement about the bill.
The government would be required under the new measure to ensure the security of sensitive data is protected when it works with outside contractors. The General Services Administration would also be required to evaluate how contractors use and protect consumer data when authorizing contractors.
“When Sen. Leahy first introduced this bill in 2005, there were 22 states with data breach notification laws on the books. That regulatory patchwork was already causing confusion for consumers and unnecessary compliance burdens for companies. Now, almost all states have breach laws.” said Business Software Alliance President and CEO Robert Holleyman. “BSA urges Congress to pass data security and breach notification legislation this session to create a single, national standard to replace the unwieldy state patchwork we have today.”