Data Mining and Data Breach Legislation Advance in Congress

Last week the Senate Judiciary Committee sent S236, the Federal Agency Data Mining Reporting Act of 2007 to the Senate floor by a voice vote. The bill, which we posted about earlier this year, would require the federal government to report annually on the development and use of technologies that would mine data for patterns of criminal or terrorist activity. Any classified, sensitive or proprietary information on data mining would be placed in an annex not available to the public. According to this afternoon’s edition of Technology Daily, the main debate in this morning’s markup was over penalties for leaking material in the annex. The debate focused not on having penalties, but whether or not existing laws covered such leaks.

This bill specifically focuses on the federal government and technologies that it develops for data mining. No legislation currently covers any commerically developed or implemented technologies, though they would be covered under the bill if the federal government made use of them. The full Senate will consider the legislation at a later date.

The Committee also approved two data privacy bills. S239, sponsored by Senator Feinstein, requires companies to notify consumers in the event of security breaches that expose consumer data. S495 focuses on data broker firms such as ChoicePoint, requiring similar notification in the event of a breach and for those firms to let individuals know what sensitive information they have stored in their records, and allow them to correct any inaccuracies.

The Commerce, Science and Transportation Committee recently approved S1178, an Identity theft prevention bill sponsored by Senatore Inouye. It would have businesses develop a written procedure for notifying consumers if their information is exposed. It would also allow consumers to freeze their credit reports for a small fee. There is some concern with the bill, as it would pre-empt stronger state laws.

All of these bills have simply made it out of committee. They still need to be approved by the Senate and go through the same procedure in the House.

This entry was posted in Privacy and Security. Bookmark the permalink. Comments are closed, but you can leave a trackback: Trackback URL.