Sen. Patrick Leahy (D-Vermont), chairman of the Judiciary Committee, has introduced the Personal Data Privacy and Security Act of 2011 (Leahy pdf; archive pdf). Leahy first introduced this legislation in 2005 and had sponsored the legislation three times since.
In a news release, Leahy said, “The many recent and troubling data breaches in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country.”
Here’s more about the legislation from the statement:
The Personal Data Privacy and Security Act will establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information to safeguard that information from cyber threats. The bill also requires businesses to allow consumers to correct inaccurate information. Last month, the Obama administration released a proposal to enhance and strengthen cybersecurity and data privacy, including a provision to establish a national standard for data breach notification that is similar to the data breach provision in the Leahy-authored Personal Data Privacy and Security Act. […]
Additional provisions of the bill include:
- Tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the breach causes economic damage to consumers;
- A requirement that companies that maintain personal data establish and implement internal policies to protect data privacy and security;
- An update the Computer Fraud and Abuse Act to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense; and
- A requirement the government ensure that the privacy and security of sensitive data is protected when the government contracts with third-party contractors.