WASHINGTON, D.C.—Chairman John D. (Jay) Rockefeller IV today announced a full committee hearing on privacy and data security. The hearing will examine how entities collect, maintain, secure, and use personal information in today’s economy and whether consumers are adequately protected under current law. The Commerce Committee will hear from representatives from relevant government agencies as well as business and consumer advocate stakeholders.
Please note the hearing will also be webcast live via the Senate Commerce Committee website at http://commerce.senate.gov. Refresh the Commerce Committee homepage 10 minutes prior to the scheduled start time to view the webcast.
Individuals with disabilities who require an auxiliary aid or service, including closed captioning service for webcast hearings, should contact Collenne Wider at 202-224-5511 at least three business days in advance of the hearing date.
Chairman John D. (Jay) Rockefeller IVU.S. Senate Committee on Commerce, Science, and Transportation
WASHINGTON, D.C.—This is the third hearing on consumer privacy that we have held in the 112th Congress. As I have repeatedly emphasized, Americans are often completely unaware of the vast amounts of information that is being collected and stored on them. I have focused on the need for companies to provide everyday consumers with a clear understanding of what information they are collecting, where the information goes and how it is being used. I have also asked companies to give consumers an easy way for them to stop those collection practices. I don’t think this is too much to ask of companies that are making millions, if not billions, of dollars off of consumers’ personal information.
Poll after poll shows that Americans are increasingly concerned about their loss of privacy; and those same polls show that Americans don’t know what to do about it. It is my intent, as Chairman of the Committee of jurisdiction, to change that. I want ordinary consumers to know what is being done with their personal information, and I want to give them the power to do something about it.
This is why I have introduced S. 917, the Do-Not-Track Online Act of 2011. This bill is based on a simple concept. With an easy click of the mouse, consumers can tell all online companies that they do not want their information collected. Under my bill, companies would be obliged to honor that request. It’s that simple.
Senator Kerry has also introduced a bill, S.799, the Commercial Bill of Rights Act of 2011, which is a less targeted, more comprehensive piece of legislation; and other members of this Committee have similarly voiced strong interest in privacy matters. I believe these hearings form the basis for building bipartisan consensus about legislation to protect consumer privacy.
Today’s hearing is also about data security, which directly implicates consumer privacy—we are reminded of this, I’m afraid, every day in the headlines. The recent security breaches at Citibank, Sony, and Epsilon show that companies are increasingly vulnerable to cyberattacks that compromise the safety and privacy of Americans. When criminals break into a database and steal credit card numbers, social security numbers, or even email addresses, they can use this information to commit identity theft, which can have devastating consequences for the victims.
This is why Senator Pryor and I have reintroduced S. 1207, the Data Security and Breach Notification Act. The bill would impose an obligation on companies to adopt basic security protocols to protect sensitive consumer data; and would further require these companies to notify affected consumers in the wake of a security breach.
The bill would also require greater transparency in the “data broker” industry. These are companies that amass vast amounts of data on consumers and sell that information to other companies, often for marketing purposes. Americans do not have any direct relationship with these data brokers and often have no idea that such companies even exist and have files of information on them.
There is broad consensus that federal data security legislation is necessary. The Obama Administration included a breach notification provision similar to the provision in S. 1207 in its cybersecurity proposal. In order for this bill to be ready for floor consideration as part of the larger cybersecurity effort, I will work with Senator Pryor and all of my colleagues on both sides of the aisle to mark-up data security legislation.
I look forward to hearing from today’s witnesses, and I thank them for their participation.
Witness Panel 1
The Honorable Julie BrillCommissionerFederal Trade Commission
The Honorable Cameron F. KerryGeneral CounselU.S. Department of Commerce
Mr. Austin SchlickGeneral CounselFederal Communications Commission
Witness Panel 2
Mr. Scott TaylorVice President and Chief Privacy OfficerHewlett-Packard Company
Mr. Stuart PrattPresident and CEOConsumer Data Industry Association
Ms. Ioana RusuRegulatory CounselConsumers Union
Mr. Tim SchaaffPresidentSony Network Entertainment International
Mr. Thomas M. Lenard Ph.D.President and Senior FellowTechnology Policy Institute