Massive Equifax Breach Again Reveals Urgent Need For Consumer Privacy Safeguards
(Washington, DC) – U.S. Senator Richard Blumenthal (D-Conn.) today joined Senator Patrick Leahy (D-Vt.) and four other senators in introducing comprehensive consumer privacy legislation to protect Americans’ sensitive personal information against cyberattacks and to ensure timely notification and protection when data is breached.
The Consumer Privacy Protection Act of 2017 would require companies to take preventive steps to defend against cyberattacks and data breaches, and to quickly provide consumers with notice and appropriate protection when a data breach occurs. The bill addresses the kinds of security breaches that have affected multiple companies – most notably the recent, massive Equifax breach that exposed the personal information of almost half the American population. This sensitive consumer information is increasingly targeted by both criminal hackers and hostile foreign powers.
“Under current law even the most egregious examples of lax security can be met only with apologies and promises to do better next time – no fines, penalties or real deterrents to create incentives to actually do better,” said Blumenthal. “This bill begins to provide that real deterrent by holding companies accountable for the sensitive data they collect, and requiring—not merely requesting or suggesting—that they take baseline steps to safeguard consumer privacy.”
Leahy said: “Companies that profit from our personal information should be obligated to take steps to keep it safe, and to provide notice and protection to consumers when those protections have failed. This is a comprehensive program to help ensure that when Americans entrust corporations with their most sensitive personal information, these firms take the right steps to keep it secure and to do the right thing if breaches do occur. In today’s world, data security is no longer just about protecting our identities and our bank accounts; it is about protecting our privacy and even our national security.”
The bill was introduced by Leahy and cosponsored by Blumenthal, Ed Markey (D-Mass.), Ron Wyden (D-Ore.), Al Franken (D-Minn.), and Tammy Baldwin (D-Wisc.)
The Consumer Privacy Protection Act requires that corporations meet certain baseline privacy and data security standards to keep information they store about consumers safe, and it requires that these firms provide notice and protection to consumers in the event of a breach. This legislation protects broad categories of data, including: (1) social security numbers and other government-issued identification numbers; (2) financial account information, including credit card numbers and bank accounts; (3) online usernames and passwords, including email names and passwords; (4) unique biometric data, including fingerprints and faceprints; (5) information about a person’s physical and mental health; (6) information about geolocation; and (7) access to private digital photographs and videos.
This Consumer Privacy Protection Act has the support of leading consumer privacy advocates, including the Center for Democracy and Technology, the Consumer Federation of America, New America’s Open Technology Institute, and Public Knowledge.
Consumer Federation of America’s Susan Grant, director of Consumer Protection Privacy, said: “This bill takes the right approach to address our data breach crisis by requiring strong security measures to be implemented from the start, not just notice after a breach has occurred.”
Michelle De Mooy, director of Privacy and Data at the Center for Democracy & Technology, said: “As Americans are well aware, data breaches have become ubiquitous but they are not inevitable; enacting common sense legislation to hold companies accountable for their data practices is long overdue. We are pleased to support Senator Leahy’s bill, which protects both Americans’ personal information and their ability to trust the digital ecosystem.”
The full text of the bill can be found here.