Just after eBay announced hackers had stolen customers’ passwords last week, Sen. Robert Menendez (D-N.J.) and Rep. Albio Sires (D-N.J.) introduced companion legislation aimed at increasing consumer protections and corporate responsibility in the event of a data breach.
“This latest data breach confirms what we already know: our data is simply not safe,” Menendez said. “When we shop, every consumer assumes that companies will protect their data by any means necessary. Yet in the last year, we have read far too many stories about hackers getting past corporations’ security systems. The American people deserve better than knowing that their information will soon end up in the hands of criminals, and that is why I am introducing legislation that will finally give consumer’s rights over their personal information that are long overdue.”
The legislation—the Menendez-Sires Commercial Privacy Bill of Rights—limits both the type of information a company can collect, as well as how long the company can hold on to the information. The House bill accompanies the Senate bill introduced by Menendez in January.
The bill would also require the FTC to issue rules requiring businesses to obtain consumer consent to transfer private information to third parties and requires companies to protect consumer information when transferring it to a third party.
Additionally, the legislation establishes a uniform data security notification standard to replace the current patchwork of 47 state laws and additional protections for children’s information.
“Data breaches, like the ones we’ve most recently seen with eBay and Target, happen far too often,” Sires said. “Citizens put their trust in corporations and their security systems every day when they shop, bolstering the economy and providing for their families in the process. It is unfair that they are unprotected as they go about their daily lives. I am pleased to introduce this legislation with Senator Menendez in order to protect consumers’ personal information and hold those accountable who fail to keep that information secure.”