By Gautham Nagesh - 06/07/11 07:33 PM EDT
Senate Judiciary chairmain Patrick LeahyPatrick Leahy'CREATES Act' would only create more lawsuits Sanders, liberals press Obama to expand closure of private prisons Police union: Clinton snubbed us MORE re-introduced a bill Tuesday that would establish a national standard for data breach reporting and make it a crime to conceal a data breach that could result in financial harm to consumers.
"The recent and troubling data breaches at Sony, Epsilon and Lockheed Martin on U.S. Government computers is clear evidence that developing a comprehensive national strategy to protect data privacy and cybersecurity is one of the most challenging and important issues facing our nation," Leahy said in his introductory statement.
The legislation would make it a crime to intentionally conceal a data breach that could cause economic damage to consumers, punishable by up to five years in jail. The bill would require data brokers to disclose to consumers what sensitive personal information they have about them and allow consumers to make corrections to that data.
"Of course, no one has a monopoly on good ideas to solve the serious problems of identity theft and lax cybersecurity. But, this bill puts forth some meaningful solutions to this vexing problem," Leahy said.
Leahy first introduced a version of the bill in 2005 and has steered it through the Judiciary Committee in each of the last three Congresses, only to see it languish on the Senate floor. However, he is more optimistic this time around thanks to the renewed focus on cybersecurity on the Hill.
"In May, the Obama administration released several proposals to enhance cybersecurity, including a data breach proposal that adopts the carefully balanced framework of this bill," Leahy said.
"I am pleased that many of the sound privacy principles in this bill have been embraced by the President and his administration."
The bill would also require firms to take steps to safeguard the privacy and security of consumers and increase the penalties for attempted computer hacking and conspiracy to commit hacking.
It would require both firms and businesses to inform consumers when their personal information has been breached.