United States Senator
October 29, 2009
Statement Of Senator Patrick Leahy (D-Vt.)
Chairman, Senate Judiciary Committee,
Executive Business Meeting
October 29, 2009
This morning we have another opportunity to consider criminal justice initiatives that have been pending and have bipartisan support. At Senator Webb's request, I included his proposal to establish a criminal justice commission to make recommendations to us. With Senator Hatch and Senator Graham as cosponsors, as well as Senator Specter, Senator Schumer, and others, I hope that we will be able to proceed. A number of members have been reviewing the language of that initial proposal. I understand that Senator Specter will offer a substitute, and I hope that we will be able to complete our consideration of that matter this morning.
October is cybersecurity awareness month and it is fitting we also begin our consideration of measures the Committee has previously considered and voted to report to the Senate, the Personal Data Privacy and Security Act and Senator Feinstein's Data Breach Notification Act. These measures are long overdue.
The troubling cyber attack on U.S. Government computers that occurred in July is clear evidence that developing a comprehensive national strategy for data privacy and cybersecurity is one of the most challenging and important issues facing our Nation. The Personal Data Privacy and Security Act will help to meet this challenge, by establishing a national standard for breach notification and requirements for securing Americans' sensitive personal data. Another important tool to protect Americans' privacy is the Privacy and Civil Liberties Oversight Board, a critical government component established by Congress at the recommendation of the 9/11 Commission to ensure that privacy and civil liberties concerns are appropriately considered in developing and implementing the Nation's counterterrorism policies. Having a fully functional Privacy Board is vital to protecting the privacy rights and security of all Americans. I urge the President to promptly nominate qualified individuals to fill this Board.
Recently, a survey by Unisys Security Index found that Americans are more concerned about identity theft than they are about the H1N1 virus, or meeting their financial obligations. There are compelling and troubling reasons why this is the case. According to the Privacy Rights Clearinghouse, more than 340 million records containing sensitive personal information have been involved in data security breaches since 2005. Last month, The Washington Post reported that sensitive personal data about thousands of U.S. military personnel - including Special Forces members - is being improperly downloaded by computer hackers in China and Pakistan.
This loss of privacy is not just a grave concern for American consumers; it is also a serious threat to the economic security of American businesses. The President's recent report on Cyberspace Policy Review noted that industry estimates of losses from intellectual property to data theft in 2008 range as high as $1 trillion.
The Personal Data Privacy and Security Act takes meaningful steps to help address these concerns. The bill requires that data brokers let consumers know what sensitive personal information they have about them, and allows consumers to correct inaccurate information. The bill also requires that companies that have databases with sensitive personal information on Americans establish and implement meaningful data privacy and security programs.
In addition, the bill requires notice to consumers when sensitive personal information has been compromised, and specifically requires that Federal agencies notify affected individuals when government data breaches occur.
Lastly, the bill provides for tough criminal penalties for anyone who would intentionally and willfully conceal the fact that a data breach has occurred when the breach causes economic damage to consumers.
Many Members of this Committee, including Senators Feinstein, Hatch, Feingold, Schumer, Specter and Cardin, have worked closely with me to strengthen the bill. With their help, this Committee has twice favorably reported this bill on a strong bipartisan basis.
While the Congress has waited to act on data privacy legislation, the dangers to our privacy, economic prosperity and national security posed by data breaches have not gone away. Reports of data security breaches and other cyber intrusions have become almost a daily occurrence.
I also want to thank the many private sector and government organizations that support this bill, including AARP, the Business Software Alliance, the Center for Democracy and Technology, Consumers Union, Symantec, and the United States Secret Service.
We also have matters on the agenda sponsored by Senators Whitehouse and Durbin on which we have held hearings and on which they feel we should be prepared to proceed. We will start with the nominations, a judicial nomination held over from last week, two U.S. Attorney nominees that are supported by their home state Senators, and a nominee to the U.S. Sentencing Commission for whom we held a hearing earlier this month.
# # # # #