Leahy re-introduces bill to make concealing data breaches a crime

Senate Judiciary chairmain Patrick Leahy re-introduced a bill Tuesday that would establish a national standard for data breach reporting and make it a crime to conceal a data breach that could result in financial harm to consumers.

"The recent and troubling data breaches at Sony, Epsilon and Lockheed Martin on U.S. Government computers is clear evidence that developing a comprehensive national strategy to protect data privacy and cybersecurity is one of the most challenging and important issues facing our nation," Leahy said in his introductory statement.

ADVERTISEMENT
"The Personal Data Privacy and Security Act will help to meet this challenge, by better protecting Americans from the growing threats of data breaches and identity theft."

The legislation would make it a crime to intentionally conceal a data breach that could cause economic damage to consumers, punishable by up to five years in jail. The bill would require data brokers to disclose to consumers what sensitive personal information they have about them and allow consumers to make corrections to that data.

"Of course, no one has a monopoly on good ideas to solve the serious problems of identity theft and lax cybersecurity. But, this bill puts forth some meaningful solutions to this vexing problem," Leahy said.

Leahy first introduced a version of the bill in 2005 and has steered it through the Judiciary Committee in each of the last three Congresses, only to see it languish on the Senate floor. However, he is more optimistic this time around thanks to the renewed focus on cybersecurity on the Hill.

"In May, the Obama administration released several proposals to enhance cybersecurity, including a data breach proposal that adopts the carefully balanced framework of this bill," Leahy said.

"I am pleased that many of the sound privacy principles in this bill have been embraced by the President and his administration."

The bill would also require firms to take steps to safeguard the privacy and security of consumers and increase the penalties for attempted computer hacking and conspiracy to commit hacking.

It would require both firms and businesses to inform consumers when their personal information has been breached.