In early June, a slew of new bills began circulating in Congress that, if enacted, would impose uniform national data security and data breach notification requirements on entities that collect sensitive personal information. On June 7, 2011, Sen. Patrick Leahy (D-VT) introduced the Personal Data Privacy and Security Act (S. 1151), which was followed on June 15, 2011 by Sen. Mark Pryor’s (D-AR) and Sen. Jay Rockefeller’s (D-WV) Data Security and Breach Notification Act (S. 1207). The Leahy bill was referred to the Senate Judiciary Committee while the Pryor-Rockefeller bill was referred to the Senate Commerce Committee. Also on June 15, 2011, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade held a hearing on Rep. Mary Bono Mack’s (R-CA) Secure and Fortify Electronic Data Act (SAFE Data Act) Discussion Draft, which has yet to be formally introduced but is very similar to the Pryor-Rockefeller bill.
Click here to read more on the common themes among the three bills, as well as the respective civil and criminal penalties each bill imposes for violations.
While it is unclear if legislation will pass this term, privacy and data security issues continue to gain momentum in Congress. What is clear is that companies need to exercise due diligence in their data security and privacy practices or potentially subject themselves to unwanted litigation, Congressional pressure and regulation – not to mention negative media coverage.