Main Nav

Status Update on Data Privacy Legislation

The Senate Judiciary Committee approved three bills on Thursday, September 22nd aimed at setting national standards for security breaches involving personal data.   The bills were the Personal Data Privacy and Security Act of 2011 (S. 1151) introduced by Sen. Leahy (D-VT), the Data Breach Notification Act of 2011 (S. 1408) introduced by Sen. Feinstein (D-CA), and the Personal Data Protection and Breach Accountability Act of 2011 (S. 1535) introduced by Sen. Blumenthal (D-CT). 

All three pieces of legislation are similar in that each would require companies to take reasonable steps to secure personal information about consumers and to notify consumers when their personal data has been stolen as a result of a security breach.  If enacted, each would replace existing state data breach notification laws – currently in effect in nearly all states – with a uniform federal rule requiring breach notification.  EDUCAUSE’s Policy Brief, Data Privacy Legislation: An Analysis of the Current Legislative Landscape and the Implications for Higher Education (8/12/11), details the provisions of the various data privacy bills currently under consideration in Congress.  Since that brief was written in August, Sen. Blumenthal introduced his bill on September 8th that seeks to protect consumers from threats to their sensitive personally identifiable information and safeguard data security by first, deterring preventable breaches, and second, minimizing harm to consumers when a data breach occurs.

Likelihood of final passage of any of the bills is unknown as of now, but EDUCAUSE will continue to monitor and report on any progress.

Tags from the EDUCAUSE Library

Tags from the Community