Incident underscores need to pass Sen. Carper's Data Security Act to enhance protections for consumers
Oct 14 2011
WASHINGTON – In the wake of recent media reports that the Social Security Administration failed to notify thousands of Americans after inadvertently releasing their personal information, today Sen. Tom Carper (D-Del.) called for stronger, nationwide notification requirements for consumers impacted by security breaches. For several years, Sen. Carper has been pushing Congress to adopt his bipartisan Data Security Act to create a set of national protections for consumers who are impacted by data breaches by public and private entities.
"Over the past few decades, our society has become increasingly dependent on information technology, including consumers, government, and businesses of all kinds," said Sen. Carper. "While we have reaped enormous benefits from this powerful technology and innovation, millions of Americans are at risk for identity theft because of the vulnerability surrounding sensitive personal information. This most recent incident once again underscores the need for modern and comprehensive laws that protect consumers if their personal information has been compromised. That's why I joined Senator Roy Blunt to introduce the Data Security Act of 2011. This bill would take important steps to help protect consumers and businesses from identity theft and account fraud, as well as put into place nationwide requirements to notify affected consumers if a breach occurs.
"Although we must do all that we can to prevent such breaches from happening, if one does occur, consumers must be notified promptly and properly," continued Sen. Carper. "Moreover, such critical, personal data – whether housed by a federal agency or a retailer – must be safeguarded from the moment it is entered into a database. The failure of the Social Security Administration to protect that critical information and its failure to notify the tens of thousands of Americans that this breach put at risk is disturbing. I hope that the Social Security Administration takes the proper steps to prevent a similar incident from happening again, and I will continue to work with my colleagues to make sure our important legislation is considered and ultimately passed."
In July, Sen. Carper and Sen. Roy Blunt (R-Mo.) reintroduced the Data Security Act of 2011, which would require entities such as financial establishments, retailers, and federal agencies to safeguard sensitive information, investigate security breaches and notify consumers when there is a substantial risk of identity theft or account fraud. These new requirements would apply to retailers who take credit card information, data brokers who compile private information and government agencies that possess nonpublic personal information. The bill also better protects consumers by replacing the current patchwork of state laws and establishing one set of national requirements.