As The Hill and other news outlets are reporting, Sen. Richard Blumenthal (D-CT) — who previously was one of the most active state attorneys general on privacy and data security issues before joining the Senate in 2011 — has introduced data protection legislation. This will be the eighth breach notification bill introduced on Capitol Hill during the 113th Congress.

The breach notification components of Sen. Blumenthal’s draft bill share some similarities with legislation introduced by Sen. Patrick Leahy (D-VT) (S. 1151):

  • The legislation would give the Attorney General the primary enforcement role, but would authorize the Federal Trade Commission to craft rules as to appropriate data security controls and safeguards.
  • Notice to the FBI and Secret Service would be required within 14 days of discovering a breach and 48 hours before notifying any individuals for any breach involving a certain number of individuals or a database of a certain size.
  • Businesses would be require to notify individuals of a breach without unreasonable delay, but in any event within 60 days of discovering a breach.
  • Like S. 1151, the Blumenthal legislation would relieve businesses from the obligation to notify consumers if there is no significant risk of harm to individuals, but would require businesses to document their risk of harm analysis in a written risk assessment submitted to law enforcement.

However, there apparently are a number of significant differentiators between Senator Blumenthal’s draft legislation and the other bills that have circulated. These include providing a private right of action — with attendant substantial civil penalties — for individuals to pursue in the event they are aggrieved by a violation of the Act’s data security protections or breach notification requirements.  The draft bill also would create a presumption of commonality for class certification purposes and limit the ability of businesses to direct disputes to arbitration in advance of a breach. And, the bill would impose criminal penalties for certain online data collection practices conducted without the consent of individuals.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Libbie Canter Libbie Canter

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports…

Libbie Canter represents a wide variety of multinational companies on privacy, cyber security, and technology transaction issues, including helping clients with their most complex privacy challenges and the development of governance frameworks and processes to comply with global privacy laws. She routinely supports clients on their efforts to launch new products and services involving emerging technologies, and she has assisted dozens of clients with their efforts to prepare for and comply with federal and state privacy laws, including the California Consumer Privacy Act and California Privacy Rights Act.

Libbie represents clients across industries, but she also has deep expertise in advising clients in highly-regulated sectors, including financial services and digital health companies. She counsels these companies — and their technology and advertising partners — on how to address legacy regulatory issues and the cutting edge issues that have emerged with industry innovations and data collaborations.

As part of her practice, she also regularly represents clients in strategic transactions involving personal data and cybersecurity risk. She advises companies from all sectors on compliance with laws governing the handling of health-related data. Libbie is recognized as an Up and Coming lawyer in Chambers USA, Privacy & Data Security: Healthcare. Chambers USA notes, Libbie is “incredibly sharp and really thorough. She can do the nitty-gritty, in-the-weeds legal work incredibly well but she also can think of a bigger-picture business context and help to think through practical solutions.”