U.S. Senator Pat Toomey (R-Pa.) introduced a bill Thursday to create a national standard requiring companies to protect and secure consumers' electronic data.
Companies must currently comply with 46 different state laws in the event of a data breach. Sen. Toomey's bill would preempt these laws and replace them with a single national standard, providing better protections and swifter responses for consumers.
In the event of a data breach, the bill would direct companies possessing personal data to notify consumers by mail, email or telephone if their information is stolen.
"A number of recent high-profile data breaches combined with the messy patchwork of 46 different state laws highlight how difficult it is for consumers to know their personal information is secure. Congress needs to provide businesses and consumers with certainty and establish a single reasonable standard for information security and breach notification practices. Our bill would eliminate the burden of complying with varying standards and laws, ensuring that all consumers and their personal information are afforded the same level of protection," Sen. Toomey said.
Sens. Roy Blunt (R-Mo.), Jim DeMint (R-S.C.), Dean Heller (R-Nev.) and Olympia Snowe (R-Maine) are original co-sponsors of Sen. Toomey's legislation.
"As the role of the Internet in Americans' daily lives is constant and evolving, so is the job of protecting and securing private citizens' personal information. This legislation gives certainty to Americans who are increasingly engaged with the online world and to the companies that facilitate these networks," Sen. Blunt said.
"I commend Sen. Toomey for leading on this issue. This bill will create more certainty for consumers and businesses, which is sorely needed right now. I hope we can move this forward quickly," Sen. DeMint said.
"As the use of social media and e-commerce expand so must the protection of personal information on the Internet. It is becoming more critical every day that steps are taken to protect and secure individuals' electronic information. I look forward to working to advance this consumer protection bill and am pleased to join Sen. Toomey and my Senate colleagues in this effort," Sen. Heller said.
"More than 540 million records have been reported breached since 2005 according to the Privacy Rights Clearinghouse, and research from the Ponemon Institute puts the average organizational cost of a breach at $5.5 million. While states have led the way in establishing policies to protect consumer data and notify them if such data is compromised, the existing patchwork of state laws and the inherent interstate commerce aspect of this issue warrants action by Congress. Our legislation would implement a national data security breach standard to simplify compliance for businesses and notifications to consumers to reduce undue burden and confusion," Sen. Snowe said.