Data use bills get OK from Senate committee

Share this content:

A pair of overlapping U.S. Senate proposals aimed at reining in personal data use by the government and private sector earned approval from a key committee May 3.

The Senate Judiciary Committee passed The Personal Data Privacy and Security Act of 2007, S. 495, introduced by Chairman Patrick Leahy (D-VT) and Senator Arlen Specter (R-PA), along with the Notification of Risk to Personal Data Act, S. 1350, introduced by Senator Dianne Feinstein, (D-CA).

"[Our] bill deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place and also addresses the need to provide Americans with better notice of breaches that may affect their personal information," Mr. Leahy said in a statement.

Ms. Feinstein said that the frequency of data breaches demonstrates that legislation is needed sooner rather than later. Major data breaches have occurred in recent months at the TJX Co., the U.S. Department of Agriculture, Johns Hopkins University, Boeing Co., the U.S. Department of Veterans Affairs and UCLA.

"This legislation would ensure that victims are informed promptly when a security breach occurs, so they can take the necessary steps to protect themselves from identity theft," Ms. Feinstein said in a statement.

The bills, passed by voice votes, now move to the full Senate for consideration. Mr. Leahy and Mr. Specter's effort is the more sweeping bill. A similar version of their bill was approved last year by the Senate Judiciary Committee but died before a floor vote. In the 109th Congress, Ms. Feinstein's data breach notification measure was included as part of a data privacy bill that passed the Judiciary Committee but did not get Senate floor action.

The Feinstein bill, which focuses primarily on notification requirements for entities that experience breaches, was amended to mirror the content of the Leahy-Specter bill. Insiders said both bills were passed separately to improve their chances of getting through.

Among other provisions, S. 495 adds unauthorized access to sensitive personally identifiable information to the criminal prohibition against computer fraud and requires data brokers to let individuals know what information they have about them and, where appropriate, allow them to correct it.

The bill also provides tough monetary penalties for failing to provide privacy and security protections and notices of security breaches, and toughens criminal penalties for those who infiltrate systems to compromise personal data. It imposes a criminal penalty in the cases where there is intentional and willful concealment of a security breach known to require notice.

Several competing measures exist, such as the Identity Theft Prevention Act, which cleared the Senate Commerce Committee earlier this month. This bill prescribes notification requirements, prohibits collection of fees for credit freezes on identity theft victims, and instructs entities that handle sensitive personal information to have minimum security standards in place.

On May 1, Senator Tom Carper (D-DE) joined fellow Senate Banking Committee member Bob Bennett (R-UT) to introduce the Data Security Act of 2007, S. 1260, which requires entities to safeguard sensitive information and notify consumers of a security breach.

This Carper-Bennett bill requires institutions, such as financial establishments, retailers and federal agencies, to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud.

While each of these measures could have a significant impact on direct marketing and financial services firms, the most favorable bill to direct marketers is the Data Security Act of 2007, according to Steve K. Berry, executive vice president for government and consumer affairs at the Direct Marketing Association.

There hasn't been a hearing on the bill the year, but Mr. Berry hopes that one is scheduled soon. He also said he expects a data security measure will be addressed by the full Senate by late summer.

"The banking bill is probably the best in our view," Mr. Berry said. "The details of the language and how they treat Social Security numbers is most favorable to us."

Loading links....

Next Article in Marketing Strategy

Sign up to our newsletters

Company of the Week

We recently were named B2B Magazine's Direct Marketing Agency of the Year, and with good reason: We make real, measureable, positive change happen for our clients. A full-service agency founded in 1974, Bader Rutter expertly helps you get the right message to the right audience at the right time through the right channels. As we engage our clients' audiences along their journey, direct marketing (email, direct mail, phone, SMS) and behavioral marketing (SEM, retargeting, contextual) channels deliver information relevant to the needs of each stage. We are experts at implementing and leveraging marketing technologies such as CRM and marketing automation in order to synchronize sales and marketing communications. Our team of architects and activators plan, execute, measure and adjust in real time to ensure the strategy is working as needed and change things if it's not.

Find out more here »

DMN's Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here