Congress Begins to Focus on Data Privacy

Image courtesy of FreeDigitalPhotos.net

The law is often the last to catch on to what’s happening and the crooks know it. After numerous data breaches and an epidemic of identity theft and cyber-crime our elected representatives are finally getting the message. The cyber world is being overrun by criminals.

In January of this year the Personal Data Privacy Bill was re-introduced to Congress by Sen. Patrick Leahy (D-VT.) the bill will mandate that corporations that keep records of personal information set up data security and privacy programs. It would set a national standard for notification of data breaches. Currently nearly every state has its own set of rules and regulations about when and how data breaches are revealed. The bill was first introduced in 2005.

In February Attorney General Eric Holder called on Congress to create a “strong national standard” when it comes to reporting data breaches.

As a result Congress has begun to more closely scrutinize data brokers. Senators Jay Rockefeller (D-W.Va.) and Ed Markey (D-Mass.) have constructed a bill requiring increased transparency and accountability in private data collection and sales.  The Senators described data collection as a “shadow industry” with “very little scrutiny and oversight.”

But those honorable gentlemen on Capitol Hill can’t even agree on who should handle the problem. Currently there are at least three different committees considering bills that will regulate the handling of sensitive information in private industry.  The following bills have been introduced over the last year: Data Security and Breach Notification Act, Toomey (R-PA); Personal Data Privacy and Security Act, Leahy (D-VT); Data Security Act, Carper (D-DE) and Blunt (R-MO); Data Security and Breach Notification Act, Rockefeller (D-WV); and Personal Data Protection and Breach Accountability Act, Blumenthal (D-CT). And as you know cooperation is a dirty word in Washington these days.

 Breakin’ It Down

Our elected leadership knows there is a problem. But they have no idea how to deal with it. Various factors come into play when it comes to data privacy not the least of which is money. Most major corporations collect data on their customers. And they don’t like to be told how they can use it or what to do if it becomes compromised. Basically they don’t like the government in their business. Too many elected officials accept money from lobbyist for the data collectors so they are hesitant to really tackle the problem.

But when big stores like Target get hit with a data breach and that information becomes products for sale in the criminal under-world the voting public can get pretty angry. Congress feels the heat.

If you’re expecting a bill to hit President Obama’s desk this year you might not be disappointed but that bill is probably going to be watered down in favor of the data collectors.

A lot of companies and associations that represent the data collection industry want to rely on self-regulation. Really? I for one do not believe you can expect any money making enterprise to exercise self-restraint in the face of profit. Information collection is a multi-billion dollar industry and growing like crazy.

So here is my compromise; remove the legal blockades that prevent consumers from suing when their data is lost. Right now it almost impossible to sue any company for losing your data. Change the laws and open up individual and class action suits when a company loses control of data. Hit the big data collectors in the wallet.

I strongly believe if companies that collect data are made to pay settlements and damages the same as they would for defective product things will change. We cannot continue to have our data collected and then handled sloppily.

Yeah we sell our data in the form of loyalty cards and discounts. But data is collected in almost every facet of life including medical data and financial data. We give it away and even broadcast a lot of our personal data. And that is another problem. But that is our own fault. However companies that profit from data collection must be held accountable. They must be punished for losing control of data that could compromise the lives and livelihoods of consumers. I’d say we will allow you to self-regulate if you accept the financial repercussions of your sloppiness.