Data use bills get OK from Senate committee

Share this content:

A pair of overlapping U.S. Senate proposals aimed at reining in personal data use by the government and private sector earned approval from a key committee May 3.

The Senate Judiciary Committee passed The Personal Data Privacy and Security Act of 2007, S. 495, introduced by Chairman Patrick Leahy (D-VT) and Senator Arlen Specter (R-PA), along with the Notification of Risk to Personal Data Act, S. 1350, introduced by Senator Dianne Feinstein, (D-CA).

"[Our] bill deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place and also addresses the need to provide Americans with better notice of breaches that may affect their personal information," Mr. Leahy said in a statement.

Ms. Feinstein said that the frequency of data breaches demonstrates that legislation is needed sooner rather than later. Major data breaches have occurred in recent months at the TJX Co., the U.S. Department of Agriculture, Johns Hopkins University, Boeing Co., the U.S. Department of Veterans Affairs and UCLA.

"This legislation would ensure that victims are informed promptly when a security breach occurs, so they can take the necessary steps to protect themselves from identity theft," Ms. Feinstein said in a statement.

The bills, passed by voice votes, now move to the full Senate for consideration. Mr. Leahy and Mr. Specter's effort is the more sweeping bill. A similar version of their bill was approved last year by the Senate Judiciary Committee but died before a floor vote. In the 109th Congress, Ms. Feinstein's data breach notification measure was included as part of a data privacy bill that passed the Judiciary Committee but did not get Senate floor action.

The Feinstein bill, which focuses primarily on notification requirements for entities that experience breaches, was amended to mirror the content of the Leahy-Specter bill. Insiders said both bills were passed separately to improve their chances of getting through.

Among other provisions, S. 495 adds unauthorized access to sensitive personally identifiable information to the criminal prohibition against computer fraud and requires data brokers to let individuals know what information they have about them and, where appropriate, allow them to correct it.

The bill also provides tough monetary penalties for failing to provide privacy and security protections and notices of security breaches, and toughens criminal penalties for those who infiltrate systems to compromise personal data. It imposes a criminal penalty in the cases where there is intentional and willful concealment of a security breach known to require notice.

Several competing measures exist, such as the Identity Theft Prevention Act, which cleared the Senate Commerce Committee earlier this month. This bill prescribes notification requirements, prohibits collection of fees for credit freezes on identity theft victims, and instructs entities that handle sensitive personal information to have minimum security standards in place.

On May 1, Senator Tom Carper (D-DE) joined fellow Senate Banking Committee member Bob Bennett (R-UT) to introduce the Data Security Act of 2007, S. 1260, which requires entities to safeguard sensitive information and notify consumers of a security breach.

This Carper-Bennett bill requires institutions, such as financial establishments, retailers and federal agencies, to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud.

While each of these measures could have a significant impact on direct marketing and financial services firms, the most favorable bill to direct marketers is the Data Security Act of 2007, according to Steve K. Berry, executive vice president for government and consumer affairs at the Direct Marketing Association.

There hasn't been a hearing on the bill the year, but Mr. Berry hopes that one is scheduled soon. He also said he expects a data security measure will be addressed by the full Senate by late summer.

"The banking bill is probably the best in our view," Mr. Berry said. "The details of the language and how they treat Social Security numbers is most favorable to us."


Next Article in Marketing Strategy

Sign up to our newsletters

Company of the Week

Since 1985, Melissa has helped thousands of companies clean, correct and complete contact data to better target and communicate with their customers. We offer a full spectrum of data quality solutions, including global address, phone, email, and name validation, identify verification - available for batch or real-time processes, in the Cloud or on-premise. Our service bureau provides dedupe, email/phone append and geographic/demographic append services for better targeting and insight. For direct mailers, Melissa offers easy-to-use address management/postal software, list hygiene services and 100s of specialty mailing lists - all with competitive pricing and excellent customer service.

Find out more here »

Career Center

Check out hundreds of exciting professional opportunities available on DMN's Career Center.  
Explore careers in digital marketing, sales, eCommerce, marketing communications, IT, data strategies, and much more. And don't forget to update your resume so employers can contact you privately about job opportunities.

>>Click Here

Relive the 2017 Marketing Hall of Femme

Click the image above