S. 1151, the Personal Data Privacy and Security Act of 2011, has finally
been introduced by Senator Patrick J. Leahy [D-VT]. It is cosponsored by
Senators Benjamin L. Cardin [D-MD], Al Franken [D-MN] and Charles E. Schumer
[D-NY]. Described as a bill to prevent and mitigate identity theft, ensure
privacy, provide notice of security breaches, and to enhance criminal
penalties, law enforcement assistance, and other protections against
security breaches, fraudulent access, and misuse of personally identifiable
information, it has been referred to the Committee on the Judiciary. The
sponsor chairs that committee.
Now, with the recent Lockheed Martin U. S. Government breaches and the Sony,
Epsilon, Google hackings there is a strong chance that Congress will pass
some type of legislation to ensure that consumers are notified when their
personal sensitive information has been exposed, and that they are allowed
an opportunity to correct inaccurate information that may be collected about
them. "When I first introduced this bill six years ago, I had high hopes of
bringing urgently needed data privacy reforms to the American people" said
the sponsor. Although the Judiciary Committee favorably reported this bill
three times--in 2005, 2007, and again in 2009--the legislation languished on
the Senate calendar.
As previously reported by ISPLA sponsors of similar legislation have been
quoting statistics of the Privacy Rights Clearinghouse stating ". more than
533 million records have been involved in data security breaches since
2005." In his remarks on the Senate floor Senator Leahy referred to the
recent breaches as a "ticking bomb.''
The Personal Data Privacy and Security Act not only requires that data
brokers let consumers know what sensitive personal information they have
about them and to allow individuals to correct inaccurate information, it
also requires that companies that have databases with sensitive personal
information on Americans establish and implement data privacy and security
programs. It calls for a single nationwide standard for data breach
notification when sensitive personal information has been compromised.
The bill also provides for tough criminal penalties for anyone who would
intentionally and willfully conceal the fact that a data breach has occurred
when the breach causes economic damage to consumers. It includes the Obama
administration's recent proposal to update the Computer Fraud and Abuse Act,
so that attempted computer hacking and conspiracy to commit computer hacking
offenses are subject to the same criminal penalties, as the underlying
Finally, according to the Senator, his bill "addresses the important issue
of the Government's use of personal data by requiring that Federal agencies
notify affected individuals when Government data breaches occur, and by
placing privacy and security front and center when Federal agencies evaluate
whether data brokers can be trusted with Government contracts that involve
sensitive information about the American people."
The portion of this legislation dealing with information brokers and
defining such activity would most likely apply to very few of our members.
Here to this bill refers to a data broker as an entity that ". regularly
engages in the practice of collecting, transmitting, or providing access to
sensitive personally identifiable information on more than 5,000
individuals..." Furthermore, under the section dealing with transparency
and accuracy of data collection, the section does not apply to those
services compliant with the FCRA or GLBA.
This bill does not directly affect most investigators on what information
they gather on the subjects of their inquiry nor will they have to allow the
consumer access to or an opportunity to "correct" information contained in
reports which do not fall under the FCRA.
This is a bill that imposes restrictions on how the private sector and
government will handle their data privacy and security programs. ISPLA, as
well as likeminded stakeholders, will be carefully reviewing its provisions
line by line and being watchful of any amendments.
Bruce Hulme, ISPLA Director of Government Affairs
For further information about our lobbying efforts please visit:
[Non-text portions of this message have been removed]