Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., re-introduced legislation to create stronger data privacy standards for businesses Wednesday, citing Target's recent security breach of its customers' credit card information as an example of the risks of data theft.
Thieves stole payment data in December for approximately 40 million Target customers who used credit or debit cards at those stores between Nov. 27 and Dec. 15, during the peak of the holiday shopping season. Leahy first authored and sponsored the Personal Data Privacy and Security Act in 2005, and has re-introduced the bill during the past four sessions of Congress. The bill would set a national standard for data breach notification, and require American businesses to take extra security step when they collect and store consumer information, Leahy said in a release.
"Developing a comprehensive national strategy to protect data privacy and cybersecurity remains one of the most challenging and important issues facing our nation," Leahy said. "This important issue will also be the focus of a hearing before the Judiciary Committee this year."
The bill would increase criminal penalties for "intentionally or willfully" concealing a security breach of personal data that causes economic damage to consumers. It would also update the existing law to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense.
The bill is cosponsored by Sens. Al Franken, D-Minn., Chuck Schumer, D-N.Y., and Richard Blumenthal, D-Conn. Business lobbying groups halted previous attempts to pass this legislation, fearful that the new regulations could be harmful to companies, including the National Retail Federation and the National Automotive Dealers Association, as well as the U.S. Chamber of Commerce.