Printed from BusinessInsurance.com

Senate committee approves three data breach bills

Posted On: Sep. 23, 2011 12:00 AM CST

WASHINGTON—The U.S. Senate Judiciary Committee has approved three Democrat-proposed data breach bills.

The Personal Data Privacy and Security Act of 2011, S. 1151, which was introduced by Sen. Patrick Leahy, D-Vt., incorporates several cyber security proposals proposed by the Obama administration this year, Sen. Leahy said in a statement.

It is the fourth time in the past four congressional sessions that the committee has approved such legislation.

The proposal would establish a national standard for data breach notification, and require businesses that collect and store consumers' sensitive personal information to establish and implement data privacy and security programs to prevent breaches from occurring.

The bill also includes criminal penalties for anyone who intentionally and willfully conceals the fact that a data breach has occurred, Sen. Leahy said in the statement.

Other bills

The committee also approved the Personal Data Protection and Breach Accountability Act of 2011, S. 1535, which was introduced by Sen. Richard Blumenthal, D-Conn. The bill would set up a process to help companies establish appropriate minimum security standards to safeguard sensitive consumer information, and require companies to notify individuals promptly after a data breach has occurred, among other things, he said in a statement.

R. Bruce Josten, executive vp of government affairs at the U.S. Chamber of Commerce in Washington, criticized the Blumenthal bill. The bill “would impose extremely burdensome regulations on the business community that would inevitably stifle innovation and harm job growth,” he said in a letter sent to Sen. Leahy, who is chairman of the Judiciary Committee, and ranking member Sen. Charles E. Grassley, R-Iowa.

The third measure the Senate Judiciary Committee approved was the Data Breach Notification Act of 2011, S. 1408, which was sponsored by Sen. Dianne Feinstein, D-Calif. That bill would require federal agencies and those engaged in interstate commerce who possess data containing sensitive personally identifiable information to disclose the breach of such information.