Target breach spurs Vermont senator to reintroduce data privacy bill

Share this article:

A Vermont senator has once again brought a bill to Congress that, if passed, would establish a national standard for data breach notification, as well as update the Computer Fraud and Abuse Act to toughen up penalties for computer hacking crimes.

Spurred by the late 2013 breach of Target that involved the theft of 40M cards, CVV numbers and encrypted PIN codes, the Wednesday announcement marked the fourth time Vermont senator and Senate Judiciary Committee Chairman Patrick Leahy has introduced the Personal Data Privacy and Security Act.

Leahy – who authored the bill and sponsored it along with Senators Al Franken, Chuck Schumer and Richard Blumenthal – was unavailable to respond to a SCMagazine.com request for comment, but David Carle, a spokesman for Leahy, told SCMagazine.com that the issue of data privacy would be discussed at an upcoming Senate Judiciary Committee hearing.

“When I first introduced this bill nine years ago, I had high hopes of bringing urgently needed data privacy reforms to the American people,” Leahy said in a statement. “Although the Judiciary Committee favorably reported this bill numerous times this legislation has languished on the Senate calendar.”

Leahy has made the Personal Data Privacy and Security Act available on his website, as well as a section-by-section review.

Most notably, the bill seeks to create a national data breach notification standard that would mandate breached entities give notice to impacted individuals no more than 60 days after the discovery of a breach, barring certain exemptions such as a law enforcement request.

A national data breach notification standard has been talked about for years, but has not gained momentum due to fluctuating standards. Currently, U.S. data breach notification laws are on a state-by-state basis and Alabama, Kentucky, New Mexico and South Dakota have yet to pass any legislation.

Other provisions in the Personal Data Privacy and Security Act include tougher penalties for entities that intentionally conceal data breaches, while an update to the Computer Fraud and Abuse Act would make penalties associated with computer hacking and conspiracy to commit computer hacking punishable under the same underlying offenses.

“This is a comprehensive bill that not only addresses the need to provide Americans with notice when they have been victims of a data breach, but also deals with the underlying problem of lax security and lack of accountability to help prevent data breaches from occurring in the first place,” Leahy said.

Leahy last introduced the bill in 2009.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.