Data Privacy Legislation Reintroduced

January 9, 2014

Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) reintroduced data privacy legislation today. He also announced that data privacy would be the subject of a committee hearing early in the new Senate session.

Leahy, who authored and sponsored the Personal Data Privacy and Security Act in 2005, has reintroduced data privacy related legislation in each of the last four Congresses. The current legislation would establish a national standard for data breach notification, and require American businesses that collect and store consumers’ sensitive personal information to technically, administratively and otherwise protect that information from cyber threats. The senator tied this reintroduction of data privacy legislation to the recent data breach at Target.

“The recent data breach at Target involving the debit and credit card data of as many as 40 million customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation,” said Leahy. “That is why today I am introducing the Personal Data Privacy and Security Act, a bill that aims to better protect Americans from the growing threats of data breaches and identity theft. This important issue will also be the focus of a hearing before the Judiciary Committee this year.”

It is hard to determine at this point whether Senator Leahy’s bill is entirely pro-consumer or whether it has pro-business components as well. Many businesses with operations across the U.S. would benefit from a uniform data breach standard. This bill would create such a standard.

On the consumer protection side, the bill would increase criminal penalties for “intentionally or willfully” concealing a security breach of personal data that causes economic damage to consumers. It would also update the existing law to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense.

The McGuireWoods data privacy and security team will continue to monitor this legislation and inform our clients how it will impact technology and data security practices in the marketplace.