Public Knowledge Commends Sen. Leahy for Consumer Privacy Protection Act of 2017November 14, 2017
Today, Senator Patrick Leahy (D-VT) introduced the Consumer Privacy Protection Act of 2017. The bill would place requirements on companies with sensitive consumer information, such as Equifax, to maintain safeguards to ensure the privacy and security of such data, and to notify consumers when that sensitive data is breached. Public Knowledge applauds Senator Leahy and the bill’s co-sponsors, including Senators Markey, Blumenthal, Wyden, Franken, Baldwin, and Harris for prioritizing consumer privacy in the wake of the Equifax security breach.
The following can be attributed to Megan Stifel, Cybersecurity Policy Director at Public Knowledge:
“This September we learned of one of the worst consumer data breach in modern American history — the Equifax hack. Before this breach, many consumers weren’t even aware that credit bureaus like Equifax maintain their most sensitive information.
“To worsen matters, Equifax initially forced the data breach victims — more than 145 million Americans — into paying for additional services to protect themselves, like credit freezes and identity theft protection, while pushing consumers into binding arbitration should the company fail to uphold its responsibilities yet again. This bill would address a number of the issues exposed by the Equifax breach.
“Public Knowledge supports this bill because it not only establishes a national protection and notification requirement for the breach of sensitive personal information, but also requires covered entities to develop a consumer privacy and data security program. Importantly, this program sets forth a number of requirements that will improve these entities’ cybersecurity through risk identification, vulnerability testing, employee training, and periodic assessments. Additionally, it establishes a minimization approach for sensitive personal information, requiring entities like Equifax to minimize the amounts of sensitive personal information to that which is reasonably needed for business purposes and only maintain it so long as necessary.
“We are also particularly glad to see that this bill preserves the pro-consumer privacy and data security protection rules maintained by the Federal Communications Commission. FCC privacy rules have been the basis for some of the strongest, most effective enforcement actions against major data breaches by companies such as AT&T and Verizon, and we applaud this bill for continuing to let the FCC do its job.”
“We look forward to working with lawmakers as this legislation continues to advance.”
You can learn more on our website by reading “The Right Response to Equifax” and “Members of Congress Tackle Consumer Protection Failures from Equifax Breach.”