Leahy Pushes For Data Privacy Legislation In Wake Of Commerce, NARA Data Breach

WASHINGTON (Wednesday, Jan. 27, 2010) – Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) is urging the Senate to consider comprehensive data privacy legislation in the wake of reports of two serious privacy breaches at the Commerce Department and the National Archives and Records Administration. 

Leahy is the author of the Personal Data Privacy and Security Act, which will improve cybersecurity and better protect Americans’ privacy and personal information.  The Judiciary Committee reported the legislation to the Senate for consideration in November, and in December, Leahy filed a Committee report to accompany the legislation. 

“Today’s reports that the Commerce Department and the National Archives and Records Administration have suffered serious data security breaches – involving the sensitive personal information of thousands of Americans – are a clear call for the Congress to swiftly enact comprehensive data privacy legislation,” said Leahy.  “I am pleased that both of these federal agencies have taken steps to notify the individuals put at risk by these breaches.  But, like all Americans, I am deeply troubled by the unreasonable delay of many weeks – and in the case of the Clinton White House Records, almost a year – before the government provided notice of these data breaches.” 

The Personal Data Privacy and Security Act will require data brokers and companies to establish and implement data privacy and security programs. The Judiciary Committee approved similar comprehensive data privacy and cybersecurity legislation in the last two Congresses.  

Leahy continued, “The absence of a strong national standard for data security is a growing threat to our economic prosperity and national security that Congress can no longer ignore.  The American people deserve better safeguards to protect their privacy.  I urge the Congress to enact comprehensive data privacy legislation without delay.” 

Provisions of the Personal Data Privacy and Security Act would:

  • Increase criminal penalties for identity theft involving electronic personal data and make it a crime to intentionally or willfully conceal a security breach involving personal data;
  • Give individuals access to, and the opportunity to access and correct, any personal information held by commercial data brokers;
  • Require entities that maintain personal data to establish internal policies that protect the privacy of Americans;
  • Require entities that maintain personal data to give notice to individuals and law enforcement when they experience a breach involving sensitive personal data that could result in significant harm or fraud ; and
  • Require the government to establish rules protecting privacy and security when it uses information from commercial data brokers to conduct audits of government contracts with data brokers, and impose penalties on government contractors that fail to meet data privacy and security requirements.

The legislation is supported by, among others, the United States Secret Service, the Federal Trade Commission, the Business Software Alliance, the Center for Democracy and Technology, Consumers Union, Facebook, Microsoft, Symantec, and AARP. 

Leahy has been a longtime champion of privacy protections, and has testified before congressional Committees on the importance of the data privacy legislation. 

# # # # #

Press Contact

David Carle: 202-224-3693