Dem senator pushes measure to make concealing data breaches a crime

Sen. Patrick LeahyPatrick Joseph LeahyOvernight Tech: Zuckerberg grilled by lawmakers over data scandal | What we learned from marathon hearing | Facebook hit with class action lawsuit | Twitter endorses political ad disclosure bill | Uber buys bike share Overnight Cybersecurity: Zuckerberg faces grilling in marathon hearing | What we learned from Facebook chief | Dems press Ryan to help get Russia hacking records | Top Trump security adviser resigning Shelby approved as Appropriations panel chairman MORE (D-Vt.) is pushing for an amendment to a cybersecurity bill that would make it a crime for a company to hide a data breach from its customers.

Under the legislation, anyone who purposefully conceals a data breach that causes financial damage could face up to five years in prison.

Other amendments offered by Leahy would set a national standard for companies to notify their customers in the event of a data breach and would require businesses that store consumers' sensitive personal information to establish data security programs.

Many states already require that firms notify their customers following a data breach, but the standards vary by state, and there is no national requirement.

The Senate could vote on Leahy's amendments when it takes up the Cybersecurity Act next week.

The measures are all part of Leahy's Personal Data Privacy and Security Act, which was offered last year but has yet to receive a vote on the floor.

When Leahy first introduced the bill last year, he cautioned that recent breaches “in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country."

Yahoo, LinkedIn, eHarmony and Last.fm have all revealed in recent months that hackers broke into their systems and gained access to some of their customers' personal information, including email addresses and account passwords.

Theft of financial information, such as credit card numbers and Social Security numbers, is even more damaging for consumers. 

It's unclear whether any major company has tried to cover up a breach although Sony attracted criticism for waiting six days to reveal that hackers had gained access to Playstation users' information in 2011. 

Sen. Dianne FeinsteinDianne Emiel FeinsteinSteyer endorses de León in bid to unseat Feinstein Amid struggle for votes, GOP plows ahead with Cabinet picks Feinstein comes out against Pompeo for secretary of State MORE (D-Calif.) is a co-sponsor of the Cybersecurity Act and authored her own separate data security legislation. She has said she hopes to see data security provisions incorporated into the broader cybersecurity bill.

The Senate Judiciary Committee, which Leahy chairs, passed his Personal Data Privacy and Security Act last year over the objection of Republicans, who warned it would burden businesses.

In the House, Rep. Mary Bono Mack (R-Calif.) introduced her own narrower data security bill. Republicans on Bono Mack's Commerce, Manufacturing and Trade Subcommittee voted for the legislation, but the measure has not been marked up by the full Energy and Commerce Committee.

Ken Johnson, a spokesman for Bono Mack, said the congresswoman is watching the debate in the Senate over data security closely and hopes to see the issue incorporated into any final cybersecurity law.