[Congressional Record Volume 156, Number 173 (Wednesday, December 22, 2010)]
[Senate]
[Page S11026]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                       COMPREHENSIVE DATA PRIVACY

  Mr. LEAHY. Mr. President, as we approach the end of another year--and 
the end of the 111th Congress--millions of Americans continue to face 
growing threats to their privacy and security because of data security 
breaches involving their most sensitive personal information. Last 
year, I reintroduced the Personal Data Privacy and Security Act--a 
bipartisan and comprehensive bill that will better protect Americans 
from the growing threats of data breaches and identity theft. I am 
disappointed that the Senate will adjourn for the year without 
considering this important privacy legislation.
  This long overdue privacy bill would establish a national standard 
for breach notification and requirements for securing Americans' most 
sensitive personal data. The bill--as improved by my manager's 
amendment--strikes the right balance to protect privacy, promote 
commerce, and successfully combat identity theft. I urged the Senate to 
consider and pass this important privacy legislation before we adjourn 
for the year. Despite its bipartisan approval by the Judiciary 
Committee, the ranking Republican is objecting and refusing to allow 
the Senate to proceed.
  When I first introduced this bill 6 years ago, I had high hopes of 
bringing urgently needed data privacy reforms to the American people. I 
have worked closely with both Republican and Democratic Senators since 
to enact this important privacy legislation. Although the Judiciary 
Committee favorably reported this bill three times--in 2005, 2007, and 
yet again in 2009--it remains stalled on the Senate Calendar. While the 
Senate has waited to act, the dangers to our privacy, economic 
prosperity, and national security posed by data breaches have not gone 
away.
  The recently reported cyber attacks in response to the WikiLeaks 
disclosures are fresh reminders of the urgent need to have national 
standards to protect the privacy of America's digital information. In 
June, the insurance company WellPoint, Inc., announced that 470,000 
individuals who used the company's Web site to apply for insurance may 
have unwittingly exposed their Social Security numbers and other 
sensitive data to the public. Just last month, the University of Hawaii 
suffered a major data breach involving sensitive student data, 
including Social Security numbers, dates of birth, names, and grades. 
And a recent data breach at the Department of Veterans Affairs resulted 
in the unauthorized release of the Social Security numbers and other 
personal information of at least 180 of our veterans. These troubling 
data breaches are painful reminders of the need to enact comprehensive 
Federal data privacy legislation this year.
  This bill offers meaningful solutions to the vexing problem of data 
security breaches. It requires that data brokers let consumers know 
what sensitive personal information they have about them and to allow 
individuals to correct inaccurate information. The bill also requires 
that companies that have databases with sensitive personal information 
on Americans establish and implement data privacy and security 
programs.
  In addition, the bill requires notice when sensitive personal 
information has been compromised. The bill provides for tough criminal 
penalties for anyone who would intentionally and willfully conceal the 
fact that a data breach has occurred when the breach causes economic 
damage to consumers. Finally, the bill addresses the important issue of 
the government's use of personal data.
  I am pleased that the Obama administration has recently issued two 
privacy reports that make recommendations to improve data privacy that 
are consistent with the approach adopted in my bill.
  I drafted this bill after long and thoughtful consultation with many 
of the stakeholders on this issue, including the privacy, consumer 
protection, and business communities. I have also worked closely with 
other Senators, including Senators Feinstein, Hatch, Feingold, Specter, 
and Schumer.
  This is a comprehensive bill that not only deals with the need to 
provide Americans with notice when they have been victims of a data 
breach but that also deals with the underlying problem of lax security 
to help prevent data breaches from occurring in the first place. The 
House of Representatives has passed comprehensive data privacy 
legislation. The Senate should also pass comprehensive data privacy 
legislation and should have done so this Congress.
  There has been ample time to resolve any concerns, but still there 
are those who are refusing to allow the Senate to act. We cannot afford 
to continue to wait to address this important privacy issue. The 
American people are suffering the consequences of that inaction.

                          ____________________