Legislation Responds to Massive Equifax Breach
WASHINGTON — U.S. Sen. Ron Wyden (D-Ore.) today co-sponsored comprehensive consumer privacy legislation to protect Americans’ sensitive personal information against cyberattacks and to ensure timely notification and protection when data is breached.
The Consumer Privacy Protection Act of 2017 would require companies take preventive steps to defend against cyberattacks and data breaches, and to quickly provide consumers with notice and appropriate protection when a data breach occurs. The bill addresses the kinds of security breaches that have affected multiple companies – most notably the recent, massive Equifax breach that exposed the personal information of almost half the American population. This sensitive consumer information is increasingly targeted by both criminal hackers and hostile foreign powers.
Wyden, the ranking Democrat on the Senate Finance Committee, also has introduced the Free Credit Freeze Act, which would guarantee all consumers can use PIN numbers to freeze and unfreeze their credit free-of-charge to stop fraudsters from opening new unauthorized financial accounts. And he has worked in a bipartisan fashion with Finance Committee Chairman Orrin Hatch (R-Utah) calling on Equifax to respond to reports that the firm experienced a data breach exposing personally identifiable information such as Social Security numbers, birthdates, addresses and driver’s license numbers of about 143 million Americans.
“Consumers in Oregon and nationwide deserve the fullest possible protection for their most sensitive personal information.” Wyden said. “The Consumer Privacy Protection Act of 2017 introduced today is a crucial and comprehensive piece of the work that’s urgently needed to build those vital safeguards.”
The Consumer Privacy Protection Act of 2017 introduced by Sen. Patrick Leahy (D-Vt.) also is cosponsored by Senators Ed Markey (D-Mass.), Richard Blumenthal (D-Conn.); Al Franken (D-Minn.), and Tammy Baldwin (D-Wisc.)
The bill requires that corporations meet certain baseline privacy and data security standards to keep information they store about consumers safe, and it requires that these firms provide notice and protection to consumers in the event of a breach. This legislation protects broad categories of data, including: (1) social security numbers and other government-issued identification numbers; (2) financial account information, including credit card numbers and bank accounts; (3) online usernames and passwords, including email names and passwords; (4) unique biometric data, including fingerprints and faceprints; (5) information about a person’s physical and mental health; (6) information about geolocation; and (7) access to private digital photographs and videos.
This Consumer Privacy Protection Act has the support of leading consumer privacy advocates, including the Center for Democracy and Technology, the Consumer Federation of America, New America’s Open Technology Institute, and Public Knowledge.
Consumer Federation of America’s Susan Grant, director of Consumer Protection Privacy, said: “This bill takes the right approach to address our data breach crisis by requiring strong security measures to be implemented from the start, not just notice after a breach has occurred.”
Michelle De Mooy, director of Privacy and Data at the Center for Democracy & Technology, said: “As Americans are well aware, data breaches have become ubiquitous but they are not inevitable; enacting common sense legislation to hold companies accountable for their data practices is long overdue. We are pleased to support Senator Leahy’s bill, which protects both Americans’ personal information and their ability to trust the digital ecosystem.”
The full text of the bill can be found here.