Hearing Summary: Legislative Hearing on S.3742, the Data Security and Breach Notification Act of 2010
September 22, 2010
WASHINGTON, D.C.—The U.S. Senate Committee on Commerce, Science, and Transportation held a Consumer Protection, Product Safety, and Insurance Subcommittee hearing today on S.3742, the Data Security and Breach Notification Act of 2010.
Witness List:
Ms. Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission
Mr. Mark Bregman, Chief Technology Officer, Symantec Corporation, and on behalf of TechAmerica
Ms. Ioana Rusu, Policy counsel, Consumers Union
Mr. Stuart Pratt, President, Consumer Data Industry Association
Ms. Melissa Bianchi, Partner, Hogan Lovells US LLP, on behalf of the American Hospital Association
Key Quotations from Today’s Hearing:
“Data breaches plague businesses and organizations, putting millions of consumers at risk. According to the Privacy Rights Clearinghouse, over half a billion data records have been compromised by unauthorized access to consumer databases since 2005. In 2009 alone, there were 498 data breaches involving 222 million sensitive records. The consequences of these breaches are grave: identity theft, depleted savings accounts, ruined credit scores, and trouble getting loans for cars, homes and kids are just some of the effects. Companies and other entities who collect and maintain data on individuals should keep this information safe and notify consumers if it is compromised. That is what this common sense bill requires. I thank Senator Pryor for his leadership on this issue.”
Chairman John D. (Jay) Rockefeller IV
“Data security breaches can leave consumers extremely vulnerable to identity theft, destroying their credit and threatening families’ financial stability. Our bill would help ensure that companies are keeping consumers’ personal information safe and quickly alerting individuals if their data has been compromised. Today’s hearing provided important input from key stakeholders and highlights the need to establish strong standards to protect Americans’ information.”
Senator Mark Pryor, Chairman, U.S. Senate Subcommittee on Consumer Protection, Product Safety, and Insurance
“As the nation’s consumer protection agency, the FTC is committed to protecting consumer privacy and promoting data security in the private sector. Data security is of critical importance to consumers. If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm, and consumers could lose confidence in the marketplace. Accordingly, the Commission has undertaken substantial efforts to promote data security in the private sector through law enforcement, education, and policy initiatives.”
Ms. Maneesha Mithal, Associate Director, Division of Privacy and Identity Protection, Bureau of Consumer Protection, Federal Trade Commission
“In today's connected world—where data is everywhere and the perimeter can be anywhere—protecting information assets from sophisticated hacking techniques is an extremely tough challenge. Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft. More than 90 percent of records breached in 2008 involved groups identified by law enforcement as organized crime. 18 Such attacks are often automated by using malicious code that can penetrate into an organization undetected and export data to remote hacker sites. TechAmerica believes that the United States urgently needs to pass a national data breach law. We urge the Committee to expeditiously approve S. 3742, the Data Security and Breach Notification Act.”
Mr. Mark Bregman, Chief Technology Officer, Symantec Corporation, and on behalf of TechAmerica
“The ubiquity of security breach incidents today renders the Data Security and Breach Notification Act of 2010 particularly timely and relevant. Consumers Union strongly supports the provisions of this bill. We believe that the passage of this bill will give rise to responsible data security policies and will increase consumer confidence in the marketplace.”
Ms. Ioana Rusu, Policy counsel, Consumers Union
“Whether it is counter terrorism efforts, locating a child who has been kidnapped, preventing a violent criminal from taking a job with access to children or the elderly or ensuring the safety and soundness of lending decisions our members’ innovative data bases, software and analytical tools are critical to how we manage risk in this country, ensure fair treatment and most importantly, how we protect consumers from becoming victims of both violent and white-collar crimes of all types.”
Mr. Stuart Pratt, President, Consumer Data Industry Association
“This proposed legislation would require the Federal Trade Commission (FTC) to establish regulations requiring a broad range of entities, including many hospitals, to implement security practices to protect personal information and to provide for notification in the event of any security breaches of that information. Hospitals already are regulated in this area. In the past, Congress has recognized this by exempting hospitals from duplicate regulatory requirements. We believe that a similar approach makes sense here.”
Ms. Melissa Bianchi, Partner, Hogan Lovells US LLP, on behalf of the American Hospital Association
###