Senators introduce sweeping data protection bill
The Personal Data Privacy and Security Act of 2007 puts a heavy onus on government to ensure the protection of the the commercial data it collects.
With more reports of the potential compromise of government-held data, and the rise of computer malware aimed at the theft of financial information, senators have introduced the first major piece of legislation of the new Congress aimed at expanding data and privacy protections.
The Personal Data Privacy and Security Act of 2007 (S. 495), introduced in a substantially similar form in 2005 and again last year, puts a heavy onus on government to ensure the commercial data it collects is protected, and to take what its sponsors called basic steps to ensure an individual’s personal information is secure.
If the legislation becomes law, the General Services Administration would also be required to review all government contracts to make sure that vendors have appropriate security programs in place and that they don’t provide information to the government that they know to be inaccurate.
Agencies would have to regularly audit the information security practices of their vendors.
“These are basic, good government measures,” said Sen. Russ Feingold (D-Wis.), one of the co-sponsors of the bill. “They guarantee that the federal government is not wasting money on inaccurate data and that vendors are undertaking the security programs that they have promised and for which the government is paying.”
The bill’s primary sponsors are Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Sen. Arlen Specter (R-Pa.), its ranking member. Other co-sponsors are Sens. Bernie Sanders (I-Vt.) and Charles Schumer (D-N.Y.).
The bill has already received broad approval. Officials at the Center for Democracy and Technology, for example, called it one of the stronger data breach proposals that Congress has made, and said they are particularly supportive of the provision that strengthens oversight of the government’s use of commercial databases to collect information about citizens through data mining.
Despite support for the legislation across the political spectrum, the bill got caught last year in a spate of competing proposals on a subject that was politically popular during an election year. Three House and three Senate committees produced their own proposals on data security, and at least two other Senate committees got involved.
Specter said he’s hopeful that this year the differences among committee members can be bridged.
“The problem is simply too large to ignore,” he said.
NEXT STORY: A GSA addition... Barney Brasseux