Spurred on by the holiday data breach at Target stores, Sen. Patrick Leahy (D-VT) today reintroduced a revamped version of the Personal Data Privacy Security Act that he originally authored in 2005. Leahy has reintroduced the bill in each of the last four Congresses.
“When I first introduced this bill nine years ago, I had high hopes of bringing urgently needed data privacy reforms to the American people,” Leahy said in a statement today, noting that recent events compelled him to continue to push the legislation.
“The recent data breach at Target involving the debit and credit card data of as many as 40 million customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation,” Leahy noted.
The bill calls for:
- Severe criminal penalties for individuals who intentionally or willfully conceal a security breach causing economic damage to consumers
- A requirement that companies maintain and implement internal policies to protect data privacy and security
- An update of the Computer Fraud and Abuse Act to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense
The Federal Trade Commission and the Departments of Justice and Homeland Security were consulted by his staff in redrafting this version of the bill, Leahy said.
“This is a comprehensive bill that not only addresses the need to provide Americans with notice when they have been victims of a data breach, but that also deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place,” Leahy said, adding that its passage was one of his priorities as Chairman of the Senate Judiciary Committee.