Senators Renew Efforts to Pass Data Privacy Legislation
Time 2 Minute Read
Categories: Enforcement, Information Security, Security Breach, U.S. Federal Law

On January 8, 2014, Senator Patrick Leahy (D-VT), Chair of the U.S. Senate Judiciary Committee, reintroduced the Personal Data Privacy and Security Act of 2014, comprehensive information security legislation that would establish a national standard for data breach notification and require businesses to safeguard customers’ sensitive personal information from cyber threats. The bill also would establish criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the incident causes economic damage to consumers.

Senator Leahy first introduced the Personal Data Privacy and Security Act in 2005, and he has reintroduced the legislation in each of the previous four Congresses. Key provisions in the bill include:

  • criminal penalties for individuals who intentionally or willfully conceal a security breach involving personal data when the breach causes economic damage to consumers;
  • a requirement for companies that maintain personal data to establish and implement internal policies to protect data privacy and security; and
  • an update to the Computer Fraud and Abuse Act to make attempted computer hacking and conspiracy to commit computer hacking punishable under the same criminal penalties as the underlying offense.

The bill also authorizes the Federal Trade Commission to write and enforce rules requiring companies to protect “personally identifiable information” and to notify consumers in the event of a breach. Violators could face up to $500,000 in civil penalties. The FTC currently lacks explicit congressional authority in this area; data security cases are pursued under Section 5 of the FTC Act, which prohibits “unfair and deceptive” trade practices.

Senator Leahy announced that the issue of data privacy would be the subject of a Judiciary Committee hearing early in the new Senate session. Senator Deb Fischer (R-NE) also called for Congressional action on data security, urging the Senate Committee on Commerce, Science, and Transportation, on which she sits, to take up the issue.

Tags: Computer Fraud and Abuse Act, Congress, Consumer Protection, Federal Trade Commission, Personally Identifiable Information
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 3 Minute Read
Connecticut AG Clarifies AI Compliance Obligations Under CTDPA

The Connecticut Attorney General recently issued a legal memorandum regarding the application of existing Connecticut laws, such as the Connecticut Data Privacy Act, to the use of artificial intelligence.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Oklahoma Enacts Comprehensive Consumer Privacy Law

On March 20, 2026, Oklahoma Governor Kevin Stitt signed SB 546 into law, enacting the Oklahoma Consumer Data Privacy Act, which will take effect on January 1, 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Alabama Enacts App Store Accountability Act Requiring Age Verification

On February 5, 2026, Alabama Governor Kay Ivey signed Alabama House Bill 161, the App Store Accountability Act, establishing age categorization, age verification and parental consent requirements for mobile application marketplace providers operating in Alabama, effective January 2027.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
CalPrivacy Reaches Settlement with Ford Motor Company Over CCPA Opt-Out Right Violations

On March 5, 2026, the California Privacy Protection Agency announced that the agency had reached a settlement with Ford Motor Company resolving an enforcement action against the company that alleged noncompliance with the California Consumer Privacy Act’s opt-out of sale/sharing rights.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page