In the aftermath of the recent data security breach at Target, Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., has reintroduced the Personal Data Privacy and Security Act. Leahy first authored and sponsored the bill in 2005, and he has reintroduced the legislation in each of the last four Congresses.
According to the Privacy Rights Clearinghouse, more than 662 million records have been involved in data security breaches since 2005. According to Verizon’s 2013 Data Breach Investigations Report, there were more than 600 publicly disclosed data breaches last year. These data security breaches have become all too common and these cyberthreats have placed Americans’ privacy rights at great risk.
In 2011, the Obama administration released several proposals to enhance cybersecurity, including a data breach proposal that adopted the carefully balanced framework of our legislation. I am happy that many of the sound privacy principles in this bill have been embraced by the administration.
The Personal Data Privacy and Security Act requires companies that have databases with sensitive personal information on Americans [to] establish and implement data privacy and security programs. The bill would also establish a single nationwide standard for data breach notification and require notice to consumers when their sensitive personal information has been compromised.
This bill also provides for tough criminal penalties for anyone who would intentionally and willfully conceal the fact that a data breach has occurred when the breach causes economic damage to consumers. The bill also includes the Obama administration’s proposal to update the Computer Fraud and Abuse Act, so that attempted computer hacking and conspiracy to commit computer hacking offenses are subject to the same criminal penalties, as the underlying offenses.