A group of Democratic senators have drafted new legislation that would protect consumer information by requiring companies to take proactive steps to defend against cyberattacks and breaches as well as set standards for notifying patients in the event of a breach.
The Consumer Privacy Protection Act of 2015 was introduced by Senate Judiciary Committee Ranking Member Patrick Leahy (D-Vt.) and Sens. Al Franken (D-Minn.), Elizabeth Warren (D-Mass.), Richard Blumenthal (D-Conn.), Ron Wyden (D-Ore.) and Edward Markey (D-Mass.).
The following are four key provisions of the bill.
1. Companies storing personal or financial information on more than 10,000 customers must meet privacy and data security standards to safeguard the information, as well as notify customers within 30 days of a breach.
2. The bill indicates information requiring protection includes Social Security numbers, financial account information, online usernames and passwords, unique biometric data like fingerprints, health data, geolocation information and private digital photographs and videos.
3. Companies storing this information would be required to inform federal large enforcement of all large breaches and any breaches involving federal government databases, law enforcement or national security personnel.
4. The bill would establish a federal baseline of consumer privacy protections that preempt the weaker individual state laws.
To read the full text of the bill, click here.
More articles on data breaches:
How patients feel about healthcare providers that experience a data breach
FBI advises Anthem not to speak publicly about breach
Premera faces multiple class-action lawsuits over data breach