Sens. Introduce Consumer Privacy Bill With Health Data Implications
May 6, 2015 in News
The legislation, called the Consumer Privacy Protection Act of 2015, was introduced by Sen. Patrick Leahy (D-Vt.) and is being co-sponsored by Democratic Sens.:
- Richard Blumenthal (Conn.);
- Al Franken (Minn.);
- Edward J. Markey (Mass.);
- Elizabeth Warren (Mass.); and
- Ron Wyden (Ore.).
The bill would require companies to take preventive measures to defend against data breaches and cyberattacks. The legislation also calls for companies to notify consumers quickly in the event of a data breach.
Specifically, the bill would mandate that:
- Companies inform federal law enforcement of large breaches;
- Companies with data from at least 10,000 customers would have to meet certain privacy and data security standards and inform customers of a breach within 30 days; and
- Individuals be notified when their medical and health information has been compromised (Dvorak, FierceHealthIT, 5/5).
In addition, the bill calls for a broad definition of information that must be protected, including:
- Financial information;
- Social Security numbers;
- Physical and mental health information; and
- Unique biometric data, such as fingerprints (Markey release, 4/30).
According to Leahy, the measure does not aim to override existing state privacy laws. It would only preempt a state law if the state law’s protections are weaker than those of the bill. The measure is based on laws in states with the “strongest consumer protections,” Leahy said (FierceHealthIT, 5/5).