On the case - March 2007March 2007
Introducing the bill, Senator Leahy referenced the “waves of security breaches” affecting millions of Americans and singled out high-profile (and high volume) data losses by ChoicePoint, LexisNexis, and Acxiom. He also outlined the bill’s five point plan to improve data security.
First off, Leahy wants Americans to be given notice when they have been harmed by a data breach and seeks to address the problems of lax security and lack of accountability. All well and good, and broadly reflecting the Seventh Data Protection principle.
The bill also attacks “Data Brokers”. Leahy’s definition of a data broker is “a business entity which for monetary fees, dues, or on a cooperative non profit basis, regularly engages, in whole or in part, in the practice of collecting, transmitting, or otherwise providing personally identifiable information on a nationwide basis on more than 5,000 individuals who are not the customers or employees of the business entity or affiliate.” So, in direct marketing terms, list compilers but, interestingly, not response list owners. If asked Data Brokers must allow individuals access to their data and the chance to correct inaccuracy. Seemingly similar to the “Subject Access” provisions of the European legislation.
But it’s not just the Data Brokers who would have to protect personal data all companies must vigilantly protect databases (over 10,000 records) and make sure that contractors hired to process data are vetted.
His penultimate point could cause severe pain for the
Finally there is a salvo aimed at the government’s use of personal data and seeking audit and security measures for all government contractors.
The bill would provide tough monetary and criminal penalties for those who infiltrate systems to compromise personal data or attempt to cover-up security breaches.
Whether it makes the statute books or not, the Specter-Leahy bill certainly points towards a more regulated future for American direct marketers.
Other recent items: