(Washington, DC) – Senator Richard Blumenthal (D-CT) released the following statement today after the Senate Judiciary Committee passed the Personal Data Protection and Breach Accountability Act of 2011, legislation he introduced earlier this month, approving the bill and sending it to the Senate floor:
“Today’s vote in the Judiciary Committee is a turning point in combatting dangerous data breaches and identity theft, and offering greater protections and remedies to consumers and businesses in Connecticut and across the country. The American people deserve safeguards for personal privacy and financial security. We must deter preventable and improper disclosures of sensitive personal information. I am grateful both to Chairman Leahy and Senator Feinstein for their leadership on this issue and to Senator Franken for his steadfast support. I look forward to working with my colleagues on both sides of the aisle to ensure that we reduce the risk of serious harm to millions by preventing the loss of people’s personal data before it occurs, and minimizing the damage caused when it does occur.”
Blumenthal’s legislation seeks to protect consumers from threats to their sensitive personally identifiable information and safeguard data security. The bill takes a substantive, multi-pronged approach to combating the risks associated with data breaches for both consumers and businesses, helping to ensure companies take adequate steps to protect individuals from data breaches before they occur, to promote information sharing between companies to help prevent future breaches, and to provide remedies to consumers in the wake of data breaches.
Blumenthal’s legislation is based on two central principles – first, deterring preventable breaches, and second, minimizing harm to consumers when a data breach occurs. Key provisions include:
o Deterring Preventable Breaches: S. 1535 creates a process for helping companies establish appropriate minimum security standards to safeguard sensitive consumer information, and holds them accountable for failing to comply with these plans.
o Minimizing Consumer Harm: S. 1535 requires companies to notify individuals promptly after a breach has occurred, and requires companies to provide consumers with a number of remedies to help mitigate the risk of economic damage and make them whole again.
o Promoting State-of-the-Art Security: S. 1535 facilitates better information-sharing between companies after breaches occur to ensure that businesses are alert to new and emerging threats, and have all of the technical information needed to protect their systems fully.
o Ensuring Compliance Through Robust Enforcement: S. 1535 includes provisions allowing the federal government, state attorneys general, and consumers themselves to hold companies accountable for failing to take reasonable, commonsense steps to protect data and notify consumers of breaches.
The Senate Judiciary Committee also approved two additional data breach proposals – S.1151, the Personal Data Privacy and Security Act of 2011, of which Blumenthal is a cosponsor, and S.1408, the Data Breach Notification Act of 2011.
Blumenthal is a member of the Senate Judiciary Subcommittee on Privacy, Technology, and the Law and has been an outspoken advocate for enhanced consumer protections against data breach incidents and corporate accountability following major data breach incidents this past spring.