WASHINGTON, D.C. – Today, Republican members of the House Subcommittee on Commerce, Trade, and Consumer Protection approved a bill that would leave the personal data of millions of Americans vulnerable to theft and manipulation. In a 13-8 straight party line vote, Republicans approved H.R. 4127, the Data Accountability and Trust Act (DATA), which overrides strong state privacy laws and permits information brokers to determine when a security breach has occurred.  That means the same company that leaked consumers’ personal information is empowered by the Republican bill to determine whether they should notify the victims of the leak.  Rep. Markey, a critic of H.R. 4127 and Co-Chairman of the Congressional Privacy Caucus, offered several amendments to protect the personal data of Americans and emphasized the importance of protecting personal data at today’s mark-up of the legislation.

“Americans go to great lengths to secure their Social Security and credit card numbers and bank account numbers.  H.R. 4127, passed out of committee today fails to meet the test of Americans who want their health and financial and personal information protected like Fort Knox,” said Rep. Markey.  “This committee turned its back on the 51 million Americans who have had their personal information compromised this year and rubber stamped a bill that tells Americans facing identity theft and fraud: you are on your own.”

“We wouldn’t have known about the ChoicePoint data breach if there had been no California consumer protection law.  We are legislating to prevent another ‘ChoicePoint’ by rolling back the California law.  The pre-emption of strong state consumer protection laws is not only arrogant it is dangerous,” said Rep. Markey

The Republican recipe for protecting Americans from personal data theft is as follows:

1. Permit information brokers to determine when a security breach has occurred and when a consumer notification is required.
2. Leave the government off-the-hook for security breaches of government databases.
3. Place no special restrictions on the transfer of personal information to offshore databases or data processors.
4. Pre-empt strong state laws that protect personal data.

Instead of voting to secure the personal data of millions of Americans Republicans voted against a series of Democratic amendments that would have protected strong state laws on notification and require notifications of breaches.  Among the amendments that the Republicans voted to defeat today were:

• A Markey amendment to require that consumers be notified and give their permission before a company can send sensitive personal data about them to a country that the FTC has determined fails to provide adequate and enforceable privacy protections (defeated 8-15)
• A Markey amendment to require companies to allow consumers access to the personal information they have collected about them and the ability to correct erroneous information (defeated 8-14)
• A Markey amendment to strike provisions permitting information brokers to determine when a security breach has occurred and when a consumer notification is required, and instead require disclosure anytime data breaches occur which threaten the security, confidentiality or integrity of data held about a person (defeated 8-15);
• A Schakowsky amendment to replace the bill’s provisions that pre-empt strong state laws that protect personal data (defeated 8-14);
• A Green-Baldwin amendment to allow the State Attorneys General the power to enforce compliance with the bill’s provisions (defeated 9-14);
• A Schakowsky amendment to require all unauthorized access to personal data to be reported to the FTC (defeated 6-12);
• A Schakowsky amendment to require companies to make and keep audit trails of who accesses personal data, so that dishonest employees can be caught and any data breaches they caused can be addressed quickly (defeated 6-12).

For more information on Rep. Markey’s work to protect Americans’ personal data, please visit www.house.gov/markey.