Dem senator pushes measure to make concealing data breaches a crime

Sen. Patrick Leahy (D-Vt.) is pushing for an amendment to a cybersecurity bill that would make it a crime for a company to hide a data breach from its customers.

Under the legislation, anyone who purposefully conceals a data breach that causes financial damage could face up to five years in prison.

Other amendments offered by Leahy would set a national standard for companies to notify their customers in the event of a data breach and would require businesses that store consumers' sensitive personal information to establish data security programs.

ADVERTISEMENT
Many states already require that firms notify their customers following a data breach, but the standards vary by state, and there is no national requirement.

The Senate could vote on Leahy's amendments when it takes up the Cybersecurity Act next week.

The measures are all part of Leahy's Personal Data Privacy and Security Act, which was offered last year but has yet to receive a vote on the floor.

When Leahy first introduced the bill last year, he cautioned that recent breaches “in the private sector and in our government are clear evidence that developing a comprehensive national strategy to protect data privacy and security is one of the most challenging and important issues facing our country."

Yahoo, LinkedIn, eHarmony and Last.fm have all revealed in recent months that hackers broke into their systems and gained access to some of their customers' personal information, including email addresses and account passwords.

Theft of financial information, such as credit card numbers and Social Security numbers, is even more damaging for consumers. 

It's unclear whether any major company has tried to cover up a breach although Sony attracted criticism for waiting six days to reveal that hackers had gained access to Playstation users' information in 2011. 

Sen. Dianne Feinstein (D-Calif.) is a co-sponsor of the Cybersecurity Act and authored her own separate data security legislation. She has said she hopes to see data security provisions incorporated into the broader cybersecurity bill.

The Senate Judiciary Committee, which Leahy chairs, passed his Personal Data Privacy and Security Act last year over the objection of Republicans, who warned it would burden businesses.

In the House, Rep. Mary Bono Mack (R-Calif.) introduced her own narrower data security bill. Republicans on Bono Mack's Commerce, Manufacturing and Trade Subcommittee voted for the legislation, but the measure has not been marked up by the full Energy and Commerce Committee.

Ken Johnson, a spokesman for Bono Mack, said the congresswoman is watching the debate in the Senate over data security closely and hopes to see the issue incorporated into any final cybersecurity law.