The Data Security and Breach Notification Act

The Consumer Protection, Product Safety, and Insurance Subcommittee of the Senate Commerce Committee held a hearing Sept 22 on the Data Security and Breach Notification Act.

Commerce Committee Chairman Jay Rockefeller (D-WV) said, "Data breaches plague businesses and organizations, putting millions of consumers at risk. According to the Privacy Rights Clearinghouse, over half a billion data records have been compromised by unauthorized access to consumer databases since 2005. In 2009 alone, there were 498 data breaches involving 222 million sensitive records. The consequences of these breaches are grave: identity theft, depleted savings accounts, ruined credit scores, and trouble getting loans for cars, homes and kids are just some of the effects. Companies and other entities who collect and maintain data on individuals should keep this information safe and notify consumers if it is compromised. That is what this common sense bill requires. I thank Senator Pryor for his leadership on this issue."

Subcommittee Chairman Mark Pyror (D-AK) said, "As the nation's consumer protection agency, the [Federal Trade Commission] is committed to protecting consumer privacy and promoting data security in the private sector. Data security is of critical importance to consumers. If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm, and consumers could lose confidence in the marketplace. Accordingly, the Commission has undertaken substantial efforts to promote data security in the private sector through law enforcement, education, and policy initiatives."

"In today's connected world—where data is everywhere and the perimeter can be anywhere—protecting information assets from sophisticated hacking techniques is an extremely tough challenge. Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft. More than 90 percent of records breached in 2008 involved groups identified by law enforcement as organized crime. 18 Such attacks are often automated by using malicious code that can penetrate into an organization undetected and export data to remote hacker sites. TechAmerica believes that the United States urgently needs to pass a national data breach law. We urge the Committee to expeditiously approve S. 3742, the Data Security and Breach Notification Act," said Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission.