Statement Of Senator Patrick Leahy, Chairman, Senate Committee On The Judiciary, On The Reporting Of S. 1490, The Personal Data Privacy And Security Act Of 2009
MR. PRESIDENT. I am pleased that today, the Judiciary Committee is filing its report on S. 1490, the Personal Data Privacy and Security Act of 2009. This comprehensive cyber security legislation will better protect American consumers and businesses from the constant threat of identity theft and other cyber crimes.
I introduced this legislation in July. It is cosponsored by Senators Specter, Hatch, Cardin, Durbin, Feingold, Schumer, and Brown. The Committee favorably reported this bipartisan bill on November 5, 2009. I am pleased that, thanks to the hard work of the Judiciary Committee, this legislation is the first cybersecurity bill to be reported in the Senate this year.
The Personal Data Privacy and Security Act will establish a much-needed national standard for breach notification, and clear requirements for securing Americans' sensitive personal data. The bill also requires that data brokers let consumers know what sensitive personal information they have about them, and allow consumers to correct inaccurate information. Lastly, the bill provides for tough criminal penalties for anyone who intentionally and willfully conceals the fact that a data breach has occurred, when the breach causes economic damage to consumers.
The Federal Bureau of Investigation's latest annual report on Internet crime found that online crime hit a record high in 2008 -- a 33.1 percent increase over the previous year -- and that the total dollar loss linked to online fraud last year was $265 million. This dramatic loss of data privacy is not just a grave concern for American consumers; it is also a serious and growing threat to the economic security of American businesses. A recent National Small Business Study conducted by the National Cyber Security Alliance found that the majority U.S. small businesses store important customer data on their computer systems, but 86 percent of these companies do not have a full-time employee dedicated to maintaining data security.
For several years, the Committee has worked very hard on this bill to address these concerns and to ensure that this bill strikes the right balance to protect privacy, promote commerce and successfully combat identity theft and other cyber crimes. For this reason, the legislation is supported by a broad cross-section of consumer, business, and government organizations, including, the United States Secret Service, the Federal Trade Commission, the Business Software Alliance, the Center for Democracy and Technology, Consumers Union, Facebook, Microsoft, Symantec, and AARP.
Given the persistent threat of lax data security, we cannot afford to wait any longer to address this pressing issue. During the last Congress, the Senate Judiciary Committee promptly reported this bill in May 2007; unfortunately, the Senate adjourned without taking any action. In the intervening months, the problems of identity theft and lax data security have not gone away. Just recently, we learned firsthand that no one, including Congress, is truly immune from the risks associated with data security breaches.
While I have -- and will continue to -- consult closely with all interested Senators on this bill, I urge the Senate not to delay action on this measure. The critical privacy reforms in this bill are by no means all that must be done to improve cybersecurity. But, they are crucial first steps that Congress should immediately enact.
The New York Times editorial board recently recognized the need for quick action on this legislation in a November 25, 2009, editorial entitled "Keeping Personal Data Private," in which they wrote: "There are many important issues competing for Congress's attention, but keeping people's personal information safe should rank high on the list. Senate leaders should find the time for a vote on the Leahy bill, and the House should pass its own bill without further delay." I ask that a copy of that editorial be included in the record following my full statement.
The House of Representatives passed its comprehensive data privacy legislation -- the Data Accountability and Trust Act, H.R. 2221, on December 8, 2009. Now that the House has acted, I hope that the Senate will consider this comprehensive data privacy bill early next year.
Again, I thank all of the cosponsors of this bill for their work on this bill and for their commitment to protecting the privacy rights of all Americans. I urge all Members to support this important cybersecurity legislation.
Source