Senators introduce sweeping data protection bill

With more reports of the potential compromise of government-held data, and the rise of computer malware aimed at the theft of financial information, senators have introduced the first major piece of legislation of the new Congress aimed at expanding data and privacy protections.

The Personal Data Privacy and Security Act of 2007 (S. 495), introduced in a substantially similar form in 2005 and again last year, puts a heavy onus on government to ensure the commercial data it collects is protected, and to take what its sponsors called basic steps to ensure an individual’s personal information is secure.

If the legislation becomes law, the General Services Administration would also be required to review all government contracts to make sure that vendors have appropriate security programs in place and that they don’t provide information to the government that they know to be inaccurate.

Agencies would have to regularly audit the information security practices of their vendors.

“These are basic, good government measures,” said Sen. Russ Feingold (D-Wis.), one of the co-sponsors of the bill. “They guarantee that the federal government is not wasting money on inaccurate data and that vendors are undertaking the security programs that they have promised and for which the government is paying.”

The bill’s primary sponsors are Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and Sen. Arlen Specter (R-Pa.), its ranking member. Other co-sponsors are Sens. Bernie Sanders (I-Vt.) and Charles Schumer (D-N.Y.).

The bill has already received broad approval. Officials at the Center for Democracy and Technology, for example, called it one of the stronger data breach proposals that Congress has made, and said they are particularly supportive of the provision that strengthens oversight of the government’s use of commercial databases to collect information about citizens through data mining.

Despite support for the legislation across the political spectrum, the bill got caught last year in a spate of competing proposals on a subject that was politically popular during an election year. Three House and three Senate committees produced their own proposals on data security, and at least two other Senate committees got involved.

Specter said he’s hopeful that this year the differences among committee members can be bridged.

“The problem is simply too large to ignore,” he said.

About the Author

Brian Robinson is a freelance writer based in Portland, Ore.


  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.