A group of Senate Democrats led by Judiciary Committee Ranking Member Patrick Leahy (D-VT) has introduced a new data privacy and security bill. According to Ranking Member Leahy's office, the bill, the Consumer Privacy Protection Act:
"Requires companies who store sensitive personal or financial information on 10,000 customers or more to meet consumer privacy and data security standards to keep this information safe, and notify the customer within 30 days of a breach."
"Establishes a broad definition of information that must be protected, including social security numbers; financial account information; online usernames and passwords; unique biometric data, including fingerprints; information about a person’s physical and mental health; information about a person’s geolocation; and access to private digital photographs and videos."
"Requires companies to inform federal law enforcement of all large breaches, as well as breaches that involved federal government databases or law enforcement or national security personnel." "Guarantees a federal baseline of strong consumer privacy protections for all Americans."
The bill would supersede weaker state laws, but not stronger ones. Preemption of stronger state laws for a weaker national standard has been a recurring Democratic criticism of Republican-backed privacy bills.