Two key Senators are taking steps to tackle data security after the Target security breach that affected approximately 40 million credit and debit accounts.
Senate Judiciary Committee Chairman Patrick Leahy (D-Vt.) on Wednesday reintroduced the Personal Data Privacy and Security Act, which would create a national standard that businesses would have to follow for informing customers about a security breach. If passed and signed into law, it would also require companies collecting personal information from customers to meet certain data protections standards.
“The recent data breach at Target involving the debit and credit card data of as many as 40 million customers during the Christmas holidays is a reminder that developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our Nation,” said Leahy in a statement.
“That is why today I am introducing the Personal Data Privacy and Security Act, a bill that aims to better protect Americans from the growing threats of data breaches and identity theft. This important issue will also be the focus of a hearing before the Judiciary Committee this year.”
Leahy’s office said the senator first sponsored the legislation in 2005 and has reintroduced the bill in each of the last four sessions of Congress.
Cosponsors of the bill include Senators Al Franken (D-Minn.), Chuck Schumer (D-N.Y.) and Richard Blumenthal (D-Conn.).
Key parts of the bill include tough criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the breach causes economic damage to consumers, according to Leahy’s office.
If the bill became law, it would also update the Computer Fraud and Abuse Act to make computer hacking attempts and conspiring to commit data hacking punishable under the same criminal penalties as the underlying offense. Senate Homeland Security and Government Affairs Committee Chairman Tom Carper (D-Del.) said he plans to introduce a measure that would require retailers to comply with the same data security mandates as financial institutions. Both CUNA have NAFCU called on Congress to address data security in the wake of the Target security breach.