On April 30, Sen. Patrick Leahy, D-Vt., introduced legislation that would require companies to report data breaches within 30 days and would protect a wide range of personal and geographic location data while allowing more stringent state laws to stand.  As mentioned here, the Consumer Privacy Protection Act is just the latest piece of legislation aimed at strengthening consumer privacy protections.

The bill has received partisan co-sponsorship from Sens. Al Franken (D-Minn.), Elizabeth Warren (D-Mass.), Richard Blumenthal (D-Conn.), Ron Wyden (D-Ore.), and Edward J. Markey (D-Mass).  Key provisions in the Consumer Privacy Protection Act of 2015 include:

  • Requiring companies who store sensitive personal or financial information on 10,000 customers or more to meet consumer privacy and data security standards to keep this information safe, and to notify consumers within 30 days of a breach.
  • Establishing a broad definition of information that must be protected, including Social Security numbers; financial account information; online usernames and passwords; unique biometric data, including fingerprints; information about a person’s physical and mental health; information about a person’s geographic location; and access to private digital photographs and videos.
  • Requiring companies to inform federal law enforcement of all large breaches, as well as breaches that involved federal government databases or law enforcement or national security personnel.
  • Guaranteeing a federal baseline of strong consumer privacy protections for all Americans by preempting weaker state laws, while leaving stronger state laws in place

According to Leahy, who is the ranking member of the Senate Judiciary Committee, “Americans want to know not just that their bank account and credit cards are safe and secure, they want to know that their emails and their private pictures are protected as well.”  He adds, “Companies who benefit financially from our personal information should be obligated to take steps to keep it safe, and to notify us when those protections have failed.”

Follow the Consumer Financial Services Law Monitor for further updates on this and other current topics.