http://www.judiciary.senate.gov/hearings/testimony.cfm
< Return To Hearing
Statement of

The Honorable Patrick Leahy

United States Senator
United States Senate
September 15, 2011

Opening Statement Of Senator Patrick Leahy (D-Vt.),
Chairman, Senate Judiciary Committee,
Executive Business Meeting
September 15, 2011

Today the Committee has the opportunity to complete action on judicial nominees from our hearing in July, to reauthorize the U.S. Administrative Conference and to support personal data privacy and security measures.

My staff has been consulting with Senator Grassley's and those of other members for months my proposals to enhance cybersecurity and combat cybercrime contained in Personal Data Privacy and Security Act. This is a measure we have been working on for several years in a bipartisan manner, and that this Committee has previously reported on multiple occasions with strong bipartisan support. I hope that all members of the Committee will join with me and support this measure to better protect Americans' privacy.

The troubling data breaches at Sony, Epsilon and Lockheed are just a few reminders that developing a comprehensive national strategy to protect data privacy and cybersecurity is one of the most challenging and important issues facing our Nation. As The Washington Post editorial board observed earlier this year: "Now there is a need for legislative action. As the recent high-profile leaks of personal data at Google, Sony and the data-collecting company Epsilon suggest, this issue is a ticking bomb."

The Personal Data Privacy and Security Act will help to meet this challenge, by better protecting Americans from the growing threats of data breaches and identity theft. I thank, in particular, Senator Schumer, Senator Franken and Senator Cardin for cosponsoring this important privacy legislation.

While the Congress has been delayed from acting on data privacy legislation, the dangers to our privacy, economic prosperity and national security posed by data breaches have not gone away. According to the Privacy Rights Clearinghouse, more than 535 million records have been involved in data security breaches since 2005. Recently, the Department of Homeland Security warned Americans to beware of email scams related to tropical storm Irene -- which recently devastated much of Vermont with record flooding -- because the emails could be cleverly disguised phishing scams.

In May, the Obama administration released several proposals to enhance cybersecurity, including a data breach proposal that adopts the carefully balanced framework of the legislation that I previously introduced and that this Committee has previously passed with bipartisan support three times. The administration also proposed several updates to the Computer Fraud and Abuse Act. Last week, the Committee held a hearing on those proposals.

During the last several months, I have consulted closely with the Obama administration, industry representatives, and privacy and consumer advocates to develop a substitute that incorporates the administration's proposals to improve cybersecurity. I have crafted this substitute after discussions with the Departments of Justice, Homeland Security and Commerce, and the Federal Trade Commission. The substitute I offer today would establish a single nationwide standard for data breach notification. The bill would also require that companies that maintain databases with Americans' sensitive personal information establish and implement data privacy and security programs, so that data breaches do not occur in the first place. The bill also includes tough criminal penalties for anyone who would intentionally and willfully conceal the fact that a data breach has occurred, as well as provisions to update the Computer Fraud and Abuse Act.

I have worked closely on this issue with many other Senators, including Senators Feinstein, Schumer, Whitehouse, Franken and Blumenthal. I thank each of these Senators. I hope that Senator Grassley will work with me to build bipartisan support for these proposals.

I have heard rumors recently that the decision has been made by the Senate Republican leadership that Republicans on this Committee should not support these and other important legislative efforts. I hope those rumors are wrong.

I was disappointed when no Republican member of the Committee supported reauthorization of the Second Chance Act. That was something President Bush championed along with religious organizations to help prepare prisoners for law abiding lives when they were released back into our communities. Until this year, that law had had strong bipartisan support in this Committee and in the Senate.

Sadly, I am sensing that the same may be true with our efforts to against human trafficking and in favor of the Violence Against Women Act. Victims of sex trafficking and domestic violence can't wait until after the next election for our assistance. They should not be required to take "no" for an answer. We need to make progress and protect the American people.

We can take a step in that direction today, and show that the talk about Republicans having a plan to block and stall all significant legislation is wrong, by passing this cybercrime and privacy legislation today.

The substitute does not contain many of the important privacy protections in my original, comprehensive bill, such as provisions to address data brokers and government use of data, and I will continue to work to enact those important privacy provisions. But, this bill puts forth some meaningful solutions to the vexing problem of data breaches and I believe that we simply cannot afford to wait any longer to enact meaningful data breach legislation.

In the past, this bill has always garnered strong bipartisan support on this Committee and I hope that will be the case again this year. Protecting cybersecurity is of critical importance to all of us, regardless of party or ideology. I hope that all members of the Committee will support this measure and favorably report this important bill. Then, working with Majority Leader Reid and the Republican leadership, we can ensure that it be part of the comprehensive cybersecurity legislation the Senate considers.

# # # # #