The Massive Equifax Breach Again Reveals The Urgent Need For Consumer Privacy Safeguards

Washington (November 14, 2017) -- Senator Edward J. Markey (D-Mass.) joined Senator Patrick Leahy (D-Vt.), and five other senators to introduce comprehensive consumer privacy legislation to protect Americans’ sensitive personal information against cyberattacks and to ensure timely notification and protection when data is breached.
The Consumer Privacy Protection Act of 2017 would require companies to take preventive steps to defend against cyberattacks and data breaches, and to quickly provide consumers with notice and appropriate protection when a data breach occurs.  The bill addresses the kinds of security breaches that have affected multiple companies – most notably the recent, massive Equifax breach that exposed the personal information of almost half the American population. This sensitive consumer information is increasingly targeted by both criminal hackers and hostile foreign powers.

“Data breaches are a black cloud hanging over the United States’ bright economic horizon, threatening identity theft or fraud every time consumers make a purchase," said Senator Markey. "Congress must act swiftly to ensure that Americans’ personal and sensitive information is properly safeguarded.  The Consumer Privacy Protection Act requires companies to adhere to strong data security standards and creates penalties for companies that fail to meet them. I thank Senator Leahy for his leadership on this issue and look forward to working with my colleagues to pass this important legislation.”

“Companies that profit from our personal information should be obligated to take steps to keep it safe, and to provide notice and protection to consumers when those protections have failed," said Senator Leahy. "This is a comprehensive program to help ensure that when Americans entrust corporations with their most sensitive personal information, these firms take the right steps to keep it secure and to do the right thing if breaches do occur.  In today’s world, data security is no longer just about protecting our identities and our bank accounts; it is about protecting our privacy and even our national security.”

The bill also is cosponsored by Richard Blumenthal (D-Conn.); Ron Wyden (D-Ore.), Al Franken (D-Minn.), and Tammy Baldwin (D-Wisc.), who have long shared Senator Leahy’s commitment to consumer privacy protection.  

The Consumer Privacy Protection Act requires that corporations meet certain baseline privacy and data security standards to keep information they store about consumers safe, and it requires that these firms provide notice and protection to consumers in the event of a breach.  This legislation protects broad categories of data, including: (1) social security numbers and other government-issued identification numbers; (2) financial account information, including credit card numbers and bank accounts; (3) online usernames and passwords, including email names and passwords; (4) unique biometric data, including fingerprints and faceprints; (5) information about a person’s physical and mental health; (6) information about geolocation; and (7) access to private digital photographs and videos.

This Consumer Privacy Protection Act has the support of leading consumer privacy advocates, including the Center for Democracy and Technology, the Consumer Federation of America, New America’s Open Technology Institute, and Public Knowledge.

Consumer Federation of America’s Susan Grant, director of Consumer Protection Privacy, said:  “This bill takes the right approach to address our data breach crisis by requiring strong security measures to be implemented from the start, not just notice after a breach has occurred.”

Michelle De Mooy, director of Privacy and Data at the Center for Democracy & Technology, said:  “As Americans are well aware, data breaches have become ubiquitous but they are not inevitable; enacting common sense legislation to hold companies accountable for their data practices is long overdue.  We are pleased to support Senator Leahy’s bill, which protects both Americans’ personal information and their ability to trust the digital ecosystem.”