Senate Ponders Toughest Data Protection Bill Yet - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

04:18 PM

Senate Ponders Toughest Data Protection Bill Yet

A wide-ranging data protection bill would send officials from companies who do not disclose security breaches to jail for up to five years, and would apply the RICO Act to identity theft gangs.

Two senior U.S. Senators introduced a wide-ranging data protection bill Wednesday that would send officials from companies who do not disclose security breaches to jail for up to five years, and bring the RICO Act to bear on identity theft gangs.

As anticipated, Sen. Arlen Specter (R-Pa.), the chairman of the Judiciary Committee, and that committee's ranking member, Sen. Patrick Leahy (D-Vt.) rolled out the most aggressive bill yet in reaction to the wave of security gaffes that have exposed millions of Americans' identities since the first of the year.

Among its provisions, the Personal Data Privacy and Security Act of 2005 would create a new computer crime classification -- aggravated fraud -- that would add two years of additional jail time for obtaining or access another's digital ID; severely restrict the use of Social Security numbers as account identifiers or numbers; and hold company executives responsible if they hide a data breach.

"It's time for Congress to catch up with the data market and show the American people that we are aware of these threats and will protect the privacy and security of their personal information," Leahy said from the Senate floor Wednesday as he and Specter introduced the bill.

"Reforms like these are long overdue," Leahy added.

Both Leahy and Specter predicted quick passage of the bill, which is the first to sport a Republican as sponsor. Several other bills that take on the data exposure problem have come from several prominent Democrats, including Dianne Feinstein (D-Calif.) and Charles Schumer (D-N.Y.).

The legislation would:

-- Add new penalties to the books by extending computer fraud to cover unauthorized access of data brokers' systems (the statute already covers financial institutions and credit card issuers), meaning that criminals could face up to 10 years in jail; giving the government the power to invoke racketeering charges using the RICO statue to prosecute criminal gangs trading in identities; and putting company officials in prison for up to 5 years if they conceal a data breach.

-- Enact a bevy of new regulations that cover "data brokers," defined as business or non-profits "in the practice of collecting, transmitting, or otherwise providing personally identifiable information on a nationwide basis on more than 5,000 individuals." Among the regulations: data brokers would have to allow consumers the chance to change their information, and as with a credit report, receive a copy of that information at their request.

-- Require businesses not already covered by the Gramm-Leach-Bliley Act or HIPPA (Health Insurance Portability and Accountability Act of 1996) to create a data privacy and security program. That part of the Leahy-Specter bill also expands disclosure rules nationwide, and mandates that customers be informed of any security breach involving more than 10,000 people, or that revolved around a database with more than a million entries.

-- Limit the ways that Social Security numbers can be used as account numbers. This section also bans the sale of Social Security numbers, one of the data bits sold to fraudsters by ChoicePoint in 2004 and disclosed in February 2005.

-- And forces the General Services Administration (GSA) to review government contractors' the privacy and security programs before awarding contracts. This last item came from the recent news that the Internet Revenue Service had awarded a $20 million contract to ChoicePoint.

"It's especially galling to be rewarding firms that have been so careless with the public's confidential information," said Leahy on the floor. "We should at least take a pause before rewarding such missteps with even more government contracts."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
Register for InformationWeek Newsletters
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll