Sens. Tom Carper (D-Delaware) and Roy Blunt (R-Missouri) on Thursday introduced legislation that would establish national standards for public and private entities to govern prevention of and responses to the growing number of data breaches plaguing the nation.
The Data Security Act would replace state laws and set national standards. Similar bills have been introduced in the House and Senate.
“Nearly every day it seems we hear of another data breach that has compromised consumers’ sensitive information,” Carper said in a statement. “For millions of Americans, these data breaches can cause worry and confusion and, in some cases, significant financial harm. Yet despite the increasing frequency and scope of data breaches, there still is no single federal law that provides clear, consistent, and comprehensive protection to American consumers impacted by a data breach.”
Under the Data Security Act, an entity that determined sensitive information was compromised would be required to notify the relevant federal government agency, law enforcement, national consumer reporting agencies if the breach affected more than 5,000 consumers, and all consumers whose private information was compromised.
The bill was introduced a little more than a week after the Federal Communications Commission announced a record $25 million settlement with AT&T Services Inc. to resolve a probe into violations of consumer privacy at call centers in Colombia, Mexico and the Philippines. The agency’s Enforcement Bureau learned that employees at call centers used by AT&T accessed customer records without authorization and obtained personal information, then shared it with “unauthorized third parties who appear to have been trafficking in stolen cell phones or secondary market phones that they wanted to unlock,” according to an FCC news release.
The FCC became aware of the breaches last year through a variety of sources, including a report AT&T submitted to the California Attorney General’s Office, an FCC official said in a call with reporters. The official said 47 states have data breach laws.
Lawmakers on Capitol Hill favor a national solution to deal with the growing number of data breaches. In a House Energy and Commerce Committee markup Wednesday, the Democrats withdrew support for legislation from Reps. Marsha Blackburn (R-Tennessee) and Peter Welch (D-Vermont), The Hill reported. But Welch insisted the legislation remained alive, the newspaper said.
“This is an important time for data security. 2014 was correctly dubbed ‘The Year of The Breach’ and Congress must take action,” Blackburn said last month in a statement. “The American people are watching.”