[Congressional Record Volume 156, Number 173 (Wednesday, December 22, 2010)] [Senate] [Page S11026] From the Congressional Record Online through the Government Publishing Office [www.gpo.gov] COMPREHENSIVE DATA PRIVACY Mr. LEAHY. Mr. President, as we approach the end of another year--and the end of the 111th Congress--millions of Americans continue to face growing threats to their privacy and security because of data security breaches involving their most sensitive personal information. Last year, I reintroduced the Personal Data Privacy and Security Act--a bipartisan and comprehensive bill that will better protect Americans from the growing threats of data breaches and identity theft. I am disappointed that the Senate will adjourn for the year without considering this important privacy legislation. This long overdue privacy bill would establish a national standard for breach notification and requirements for securing Americans' most sensitive personal data. The bill--as improved by my manager's amendment--strikes the right balance to protect privacy, promote commerce, and successfully combat identity theft. I urged the Senate to consider and pass this important privacy legislation before we adjourn for the year. Despite its bipartisan approval by the Judiciary Committee, the ranking Republican is objecting and refusing to allow the Senate to proceed. When I first introduced this bill 6 years ago, I had high hopes of bringing urgently needed data privacy reforms to the American people. I have worked closely with both Republican and Democratic Senators since to enact this important privacy legislation. Although the Judiciary Committee favorably reported this bill three times--in 2005, 2007, and yet again in 2009--it remains stalled on the Senate Calendar. While the Senate has waited to act, the dangers to our privacy, economic prosperity, and national security posed by data breaches have not gone away. The recently reported cyber attacks in response to the WikiLeaks disclosures are fresh reminders of the urgent need to have national standards to protect the privacy of America's digital information. In June, the insurance company WellPoint, Inc., announced that 470,000 individuals who used the company's Web site to apply for insurance may have unwittingly exposed their Social Security numbers and other sensitive data to the public. Just last month, the University of Hawaii suffered a major data breach involving sensitive student data, including Social Security numbers, dates of birth, names, and grades. And a recent data breach at the Department of Veterans Affairs resulted in the unauthorized release of the Social Security numbers and other personal information of at least 180 of our veterans. These troubling data breaches are painful reminders of the need to enact comprehensive Federal data privacy legislation this year. This bill offers meaningful solutions to the vexing problem of data security breaches. It requires that data brokers let consumers know what sensitive personal information they have about them and to allow individuals to correct inaccurate information. The bill also requires that companies that have databases with sensitive personal information on Americans establish and implement data privacy and security programs. In addition, the bill requires notice when sensitive personal information has been compromised. The bill provides for tough criminal penalties for anyone who would intentionally and willfully conceal the fact that a data breach has occurred when the breach causes economic damage to consumers. Finally, the bill addresses the important issue of the government's use of personal data. I am pleased that the Obama administration has recently issued two privacy reports that make recommendations to improve data privacy that are consistent with the approach adopted in my bill. I drafted this bill after long and thoughtful consultation with many of the stakeholders on this issue, including the privacy, consumer protection, and business communities. I have also worked closely with other Senators, including Senators Feinstein, Hatch, Feingold, Specter, and Schumer. This is a comprehensive bill that not only deals with the need to provide Americans with notice when they have been victims of a data breach but that also deals with the underlying problem of lax security to help prevent data breaches from occurring in the first place. The House of Representatives has passed comprehensive data privacy legislation. The Senate should also pass comprehensive data privacy legislation and should have done so this Congress. There has been ample time to resolve any concerns, but still there are those who are refusing to allow the Senate to act. We cannot afford to continue to wait to address this important privacy issue. The American people are suffering the consequences of that inaction. ____________________