Fact Sheet: The Personal Data Privacy And Security Act
The Personal Data Privacy And Security Act
LINK to complete text of the bill
The Personal Data Privacy And Security Act (PDPSA), And CFAA:
The Computer Fraud and Abuse Act (CFAA) currently makes it a crime to for a person to use a computer in a manner that “exceeds” their “authorized access.”
Section 108 of the bill also adds a new reporting requirement to the CFAA, requiring that the Attorney General annually report to Congress on any criminal cases brought under that law which were based solely upon the defendant either exceeding authorized access to a nongovernmental computer, or accessing a non-governmental computer without authorization.
The bill would not prohibit the Justice Department from using evidence of a contractual violation to support a charge under the CFAA, when coupled with other evidence.
This language in Section 110 was proposed by Senators Grassley and Franken, during earlier consideration of the bill, to ensure that the Justice Department could not bring another case like United States v. Lori Drew, which involved a CFAA charge based solely upon a violation of a MySpace terms-of-service agreement. This language addresses earlier concerns that CFAA could lead to abuse by criminalizing relatively trivial conduct.
The Senate Judiciary Committee favorably reported the language in the bill with bipartisan support when the Judiciary Committee considered similar legislation in 2011.
The bill represents a balance between the need for clear and meaningful punishment, with the equally compelling need to encourage innovation and protect privacy and civil liberties.
# # # # #
David Carle: 202-224-3693
Next Article Previous Article