Leahy first authored and sponsored the Personal Data Privacy and Security Act in 2005, and he has reintroduced the legislation in each of the last four Congresses. Leahy’s bill introduction this time around comes just weeks after Target admitted to a major data security breach. The senator said that news acted as a catalyst for the reintroduction.
“The recent data breach at Target involving the debit and credit card data of [tens of millions of ] customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation,” said Leahy, in a statement.
In 2011, the Obama administration released a proposal to enhance and strengthen cybersecurity and data privacy, including a provision to establish a national standard for data breach notification that is similar to the data breach provision in the Personal Data Privacy and Security Act. Right now, data breach notification requirements are enacted on the state level, and often carry few penalties for not adhering to them.
Beyond notification requirements, key provisions in the bill would use jail time as a deterrent to hacking. They include tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data, when the breach causes economic damage to consumers. And, perhaps most controversially, it seeks criminal punishment for attempted hacking, via an update to the Computer Fraud and Abuse Act that would dole out the same punishments for trying to steal data as actual successful hacking attempts. Opponents say that the law could be too broadly interpreted, leading to unintended consequences like hard time for a teenager that snoops around his or her brother’s Facebook account, for example.
The bill would also require more established internal policies for American businesses that collect and store consumers’ sensitive personal information. And, Leahy announced the issue of data privacy would be the subject of a committee hearing early in the new Senate session.
The bill is cosponsored by Senators Al Franken (D-Minn.), Chuck Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.).