Six Senate Dems back new data breach bill
The cascade of Senate data breach bills continues to rain down.
A cavalcade of privacy-minded Senate Democrats led by Patrick Leahy (Vt.) on Thursday will introduce the Consumer Privacy Protection Act.
Like at least three other Senate offerings, the bill would require companies to notify customers following a data breach and set minimum data security requirements.
{mosads}Unlike some efforts, Leahy’s bill would not supersede stronger state data security requirements, a key sticking point for several Democrats who fear a weak federal standard might lessen consumer protections.
“Companies who benefit financially from our personal information should be obligated to take steps to keep it safe, and to notify us when those protections have failed,” Leahy said in a statement.
Legislators have been seeking a solution to the complex and occasionally overlapping state laws that guide companies’ data security standards and data breach notification guidelines.
Businesses are pushing hard for a federal law after a slate of mammoth data breaches at Target, Home Depot, JPMorgan and Anthem, among many others, exposed the unnecessary high costs and difficulties of complying with various state laws.
A series of Democratic senators is backing Leahy’s bill: Richard Blumenthal (Conn.), Al Franken (Minn.), Ed Markey (Mass.), Elizabeth Warren (Mass.) and Ron Wyden (Ore.).
Their measure will compete with at least three other Senate proposals that are indistinguishable in some regards.
Sen. Mark Warner (D-Va.) said he would release his own bill as early as this week.
Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.) introduced the bipartisan bill of the group two weeks ago.
And Sen. Bill Nelson (D-Fla.) has been pushing another offering since January. The White House even issued its own legislative proposal on the topic, elements of which were mirrored in Nelson’s bill.
Leahy’s bill is touted as the privacy and consumer advocates’ preferred measure. According to a release, organizations such as the Center for Democracy and Technology and the Consumers Union support the measure.
“All lawmakers who support consumers should support this bill,” Leahy said.
The Consumer Privacy Protection Act specifically delineates what type of information private firms would have to protect: Social Security numbers, financial account data, online login credentials, email addresses, biometric data, medical data, geolocation and photos and videos.
“Today, data security is not just about protecting our identities and our bank accounts; it is about protecting our privacy,” Leahy said. “Americans want to know not just that their bank account and credit cards are safe and secure, they want to know that their emails and their private pictures are protected as well.”
In addition to the notification and security requirements, Leahy’s bill would create civil penalties for companies failing to comply with these standards.
Civil penalties have been a tough sell for Republicans, who worry they would give too much power to zealous federal regulators.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..