Sen. Arlen Specter (R-Penn.) and Sen. Patrick Leahy (D-Vt.), the chairman and ranking member, respectively, of the Senate's Judiciary Committee, plan to include jail time for business leaders who intentionally conceal a security breach that involves personal data.
The bill is just the latest in reaction to the growing number of disclosures of data theft, loss, and illegal selling. The most recent -- and the largest to date -- involved 40 million credit card accounts.
"Insecure databases have become low-hanging fruit for hackers looking to steal identities and commit fraud during a time when we are seeing a troubling rise in organized rings that target personal data to sell in online," said Sen. Leahy in a statement.
The Leahy-Specter bill, the first to garner support from a Republican, would also put a stop to the buying and selling of Social Security numbers without owners' permission, bar government agencies from posting public records that contain Social Security numbers on the Internet, and require companies that hold personal data to create policies to protect the data as well as vet third-parties they hire to process that data.
Consumers would also be allowed to access the personal data profiles collected by "data brokers" -- such as ChoicePoint, Inc., a company that earlier this year admitted to selling data to criminals -- and correct any errors, just as they can now with their credit reports.
"This actually sounds like a bill that will do something," said Avivah Litan, research director at Gartner, and the research firm's resident expert on data and identity theft. "Mostly because it puts the CEOs on the hot seat."
The upcoming bill is the latest in a string from the Senate. Sen. Dianne Feinstein (D-Calif.), Sen. Charles Schumer (D-N.Y.), and Sen. Bill Nelson (D-Fla.) have all introduced legislation that tackle aspects of the data breach problem.