Butterfield Boosts Data Privacy Bill Consumer Protections

Sep 30, 2009
Press Release

Washington, D.C. – As part of a bill aimed at better protecting personal electronic private data, Congressman G. K. Butterfield successfully added a provision providing free credit monitoring for victims of data privacy breaches.
 
“While privacy breaches can’t be undone,” Butterfield said. “Consumers can get some peace of mind with free credit monitoring services.”
 
Butterfield added a provision to the Data Accountability and Trust Act that requires companies to provide victims of data privacy breaches with two years of free credit monitoring services. He explained that credit monitoring services provide consumers with daily or weekly alerts regarding personal credit changes to help combat identity theft.
 
The provision was added today during the House Committee on Energy and Commerce’s mark-up session on the bill. Generally, the bill would require that companies possessing personal electronic data such as names, birth dates, credit card numbers and Social Security numbers have security plans in place as well as consumer notification procedures when data breaches occur.
 
The bill would also direct the Federal Trade Commission (FTC) to establish a standard method for destroying obsolete non-electronic data, and would also require credit-reporting agencies to submit their security policies and security breach notification procedures to the FTC.
 
“The bill ensures that consumers have timely notification so they can to take steps to protect themselves,” Butterfield said. “As more and more of this very sensitive and personal data is electronically stored, we must ensure there are stronger consumer protections.”
 
During the mark-up, House Committee on Energy and Commerce Chairman Henry Waxman praised Butterfield for adding the credit monitoring benefit for consumers.
 
“I would like to thank Mr. Butterfield for proposing this important provision and for his leadership on behalf of American consumers,” Waxman said. “This change will encourage innovation and competition, and will ultimately provide better services for consumers whose information was compromised.”
 
Since 2005, the non-profit Privacy Rights Clearinghouse estimates that more than 263 million personal electronic records have been breached. Recently, the University of North Carolina at Chapel Hill began notifying about 163,000 women who participated in a mammography project about the potential compromise of Social Security numbers and other personal information after a hacker breached a system containing the data.
 
Butterfield said the bill was important because it provides uniform protection for all consumers. Currently, 44 states have enacted unique data breach notification laws. As a result, he explained, the requirement, forms of notification and time frames vary from state to state.
 
The committee approved the bipartisan bill unanimously by voice vote. Butterfield said he expects a vote by the full House before the end of the year.