A group of Democratic Senators have introduced a new bill to protect consumers' most sensitive information--including their health data.
The Consumer Privacy Protection Act of 2015 was introduced by Senate Judiciary Committee Ranking Member Patrick Leahy (D-Vt.) and is being co-sponsored by Al Franken (Minn.), Elizabeth Warren (Mass.), Richard Blumenthal (Conn.), Ron Wyden (Ore.) and Edward J. Markey (Mass.). The legislation "calls for a comprehensive approach to data security by requiring companies to take preventative steps to defend against cyberattacks and prevent data breaches, and to quickly notify customers in the event a data breach occurs," according to an announcement from Markey's office.
Data security is about protecting Americans' privacy, and consumers don't want to just be notified of data breaches; they also want to be informed about what companies are doing with their data and how companies are preventing breaches, Lahey said in a statement.
However, the act is not looking to override state laws already in place regarding privacy, Lahey said. It will only preempt a state's law if the protections under that law are weaker than those in the bill, essentially creating a national floor for data protection.
"Since this bill is modeled after those states with the strongest consumer protections, however, I believe it will improve protections for consumers in nearly every state," he said.
Some provisions in the bill include:
- Individuals who have had medical and health information, among other data, compromised must be notified
- Companies that have the data of 10,000 customers or more must meet consumer privacy and data security standards and notify customers within 30 days of a breach
- A broad definition of the information that must be protected. This includes Social Security numbers, financial information, usernames and passwords, biometric data and more
- Companies will have to let federal law enforcement know about large breaches
Healthcare has struggled with cybersecurity and privacy protection more than many other industries. Just this year, two large breaches at health insurance companies--Anthem and Premera--put the information of more than 90 million patients at risk.
Many in the industry have said that poor protections hinder progress and innovation. While the Senators' bill will hold organizations more accountable when it comes to strong cybersecurity protections and patient breach notifications, healthcare groups must also work to implement "good health hygiene."