04.30.15

Leahy Leads Introduction Of Strong Legislation To Protect Consumer Information And Prevent Data Breaches

WASHINGTON (Thursday, April 30, 2015) –Vermonters and all American consumers are now facing constant threats of their personal information being hacked.  At the same time that cyber attacks and data breaches are increasing in number and scope, so too is the amount of information consumers share with the corporations who are the target of these breaches.  In order to protect consumers and prompt corporations to do more to protect their customers, Senate Judiciary Committee Ranking Member Patrick Leahy (D-Vt.) introduced the Consumer Privacy Protection Act on Thursday.

The Consumer Privacy Protection Act calls for a comprehensive approach to data security by requiring companies to take preventative steps to defend against cyber attacks and prevent data breaches, and to quickly notify customers in the event a data breach occurs. The measure addresses the kinds of security breaches that have affected retail stores in recent years, as well as breaches of personal email, online accounts, and cloud computing that have sent Americans’ personal information, photos and even location out into public view.

“Today, data security is not just about protecting our identities and our bank accounts; it is about protecting our privacy.  Americans want to know not just that their bank account and credit cards are safe and secure, they want to know that their emails and their private pictures are protected as well,” Senator Leahy said.  “Companies who benefit financially from our personal information should be obligated to take steps to keep it safe, and to notify us when those protections have failed. The Consumer Privacy Protection Act would provide these needed reforms, and all lawmakers who support consumers should support this bill.”

Today’s bill introduction builds on Leahy’s years of work to enact meaningful legislation to ensure Americans’ digital privacy.  He previously authored legislation to establish federal data breach notification law and require businesses to safeguard consumers’ information from cyber threats.  The Consumer Privacy Protection Act he is introducing today builds on earlier legislation, and makes important updates to include protections for social media and cloud computing, in addition to financial information. 

The bill is cosponsored by Democratic Senators Al Franken (Minn.), Elizabeth Warren (Mass.), Richard Blumenthal (Conn.), Ron Wyden (Ore.), and Edward J. Markey (Mass.). An outline of the Consumer Privacy Protection Act of 2015 can be found here, and text of legislation can be found online.  Senator Leahy’s full statement on the legislation is also available online.

Key provisions in the bill include:

  • Requires companies who store sensitive personal or financial information on 10,000 customers or more to meet consumer privacy and data security standards to keep this information safe, and notify the customer within 30 days of a breach.  
  • Establishes a broad definition of information that must be protected, including social security numbers; financial account information; online usernames and passwords; unique biometric data, including fingerprints; information about a person’s physical and mental health; information about a person’s geolocation; and access to private digital photographs and videos.
  • Requires companies to inform federal law enforcement of all large breaches, as well as breaches that involved federal government databases or law enforcement or national security personnel. 
  • Guarantees a federal baseline of strong consumer privacy protections for all Americans.

Importantly, the bill would not supersede state laws already in place that offer strong consumer protections.  Vermont is a leader among states in its consumer privacy laws, and has had a robust data breach notification law in place since 2007.  This legislation would only enhance these protections, and would not weaken them. 

# # # # #

Press Contact
David Carle: 202-224-3693

Press Contact

Press Contact
David Carle: 202-224-3693