U.S. Senators Arlen Specter (R-Pa.) and Patrick Leahy (D-Ver.) introduced
legislation Wednesday targeting data brokers and their methods of collecting
and securing the personal information of Americans.
Spector, chairman of the Senate Judiciary Committee, and Leahy, the ranking
Democrat on the panel, are seeking a national data breach disclosure law in
addition to limiting the online trade in Social Security numbers.
The Personal Data Privacy and Security Act of 2005 introduced Wednesday
comes more than two months after Specter’s committee heard testimony on the
rash of data breaches since the beginning of the year.
Just a week before the legislation was introduced, CardSystems, a company
that services credit cards for MasterCard International, Visa and other
brands, admitted to potentially exposing information about more than 40
million cardholders.
“We are in a field of phenomenal electronic advances,” Specter said at a
Capitol Hill press conference. “We are now seeing breaches in the security
of those advances, and it has become a matter of serious consequence for our
individual privacy and law enforcement.”
The bill requires businesses that maintain personal data to give notice to
individuals and law enforcement when they experience a breach involving
sensitive personal data. In addition, it limits the buying, selling or
displaying of a Social Security number without consent of the number’s
owner.
Further, the legislation prohibits companies from requiring individuals to
use Social Security numbers as their account numbers and places limits on
when companies can force individuals to turn over those numbers in order to
obtain goods or services.
“It is time for Congress to catch up with the data market and to show the
American people that we are aware of these threats and will protect the
privacy and security of their personal information,” Leahy said.
The legislation also boosts criminal penalties for identity theft involving
personal data and adds fraud involving unauthorized access to personal data
as a predicate offense for RICIO charges.
“Our laws need to keep pace with technology,” said Leahy. “Insecure
databases have become low-hanging fruit for hackers looking to steal
identities and commit fraud during a time when we are seeing a troubling
rise in organized rings that target personal data to sell in online, virtual
bazaars.”
Private sector companies are not the only entities dealing in personal data
to be by targeted by the Specter-Leahy legislation. It requires the
government to establish rules protecting privacy and security when it uses
data broker information.
“Reforms like these are long overdue. This issue and our legislation
deserve to become a key part of this year’s domestic agenda so that we can
achieve some positive changes in areas that affect the everyday lives of
Americans,” Leahy said.
The Specter-Leahy bill joins an already crowded field of Senate proposals
about data breaches. Senators Dianne Feinstein (D-Calif.) and and Charles
Schumer (D-Calif.) already have bills waiting for hearings by either the
Judiciary Committee or the Commerce Committee.
