Skip to main content

U.S. SENATOR PATRICK LEAHY

CONTACT: Office of Senator Leahy, 202-224-4242

VERMONT

Senate Panel Approves Specter-Leahy Bill Protecting Against ID Theft

…Bill To Help Consumers Protect Privacy Of Personal Data
Wins Broad, Bipartisan Support

WASHINGTON (Thursday, Nov. 17) -- The Senate Judiciary Committee on Thursday approved a bipartisan bill to help consumers better protect the privacy of their personal information against theft.  

The Personal Data Privacy and Security Act of 2005 (S. 1789) won broad bipartisan support in a 13 to 5 vote to report the legislation to the full Senate.  Chairman Arlen Specter (R-Pa.) and Ranking Member Patrick Leahy (D-Vt.) are the chief sponsors of the bill.  Other members of the committee who sponsored the measure include Senators Dianne Feinstein, (D-Ca.), and Russell Feingold (D-Wisc.)

“This bill will ensure that our laws keep pace with technology,” said Leahy. “In this information-saturated age, the use of personal data has significant consequences for every American.  People have lost jobs, mortgages and control over their credit and identities because personal information has been mishandled or listed incorrectly.”  

Leahy also testified before the Banking, Housing and Urban Affairs Committee on the issue earlier this year.   

The Specter-Leahy bill grew out of testimony at the Judiciary Committee’s hearing earlier this year (April 13, 2005) on electronic data security.  The hearing was held following the serious data breaches at ChoicePoint and LexisNexis.   Since that time breaches at several other firms have also exposed millions of Americans to identity theft by leaking or losing their personal data, which included names, addresses, and sometimes Social Security numbers. 

A summary of key features of the bill follows:

Summary Of The
Specter-Leahy Personal Data Privacy And Security Act Of 2005
S. 1789

 

·        Provides Americans notice when they have been harmed, and also addresses the underlying problem of lax security and lack of accountability in dealing with personal data.

·        Requires companies that have databases with personal information on more than 10,000 Americans to establish and implement data privacy and security programs, and vet third-party contractors hired to process data. 

·        Requires data brokers to let individuals know what information they have about them, and where appropriate, allow individuals to correct demonstrated inaccuracies. There are exemptions for products and services already subject to access and correction rules under the Fair Credit Reporting Act, as well as companies subject to Gramm-Leah-Bliley and the Health Information Portability and Accountability Act. 

·        Requires notice to law enforcement, consumers and credit reporting agencies when digitized sensitive personal information has been compromised.  The trigger for notice is tied to significant risk of harm with appropriate checks-and-balances to prevent over-notification as well as underreporting.  There are exemptions for national security and law enforcement needs, credit card companies using fraud-prevention techniques or where a breach does not result in a significant risk of harm. 

·        Addresses the government’s use of personal data by: (1) requiring the General Services Administration to evaluate the privacy and security practices of potential government contractors handling personal data, and include penalties in government contracts for failure to protect data privacy and security; (2) requiring Federal departments and agencies to audit the information security practices of commercial data brokers hired for projects involving personal data and include protections and penalties in contracts with data brokers to protect data privacy and security; and (3) requiring Federal departments and agencies to conduct privacy impact assessments on their use of commercial databases to access personal data on U.S. persons, and to adopt regulations to ensure the security and privacy of data obtained through commercial data brokers.

·        Provides stiff monetary penalties for failing to provide privacy and security protections and notices of security breaches, and toughens criminal penalties for those who infiltrate systems to compromise personal data.  Also imposes a criminal penalty in the cases were there is intentional and willful concealment of a security breach known to require notice.

# # # # #

 
 

 

 Return to Home Page Senator Leahy's Biography For Vermonters Major Issues Press Releases and Statements Senator Leahy's Office Constituent Services Search this site