New Senate Bill Would Protect Online Data

December 6, 2019

U.S. Senator Brian Schatz (D-Hawai‘i) and 16 senators have reintroduced legislation to protect people’s personal data online.

The Data Care Act would require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.

“People have a basic expectation that the personal information that is collected by websites and apps is well-protected and won’t be used to harm them. Just as doctors and lawyers are expected to protect and responsibly use the personal data they hold, online companies should be required to do the same. Our bill will help make sure that when people give online companies their information, it won’t be abused,” said Senator Schatz.

Doctors, lawyers, and bankers are legally required to exercise special care to protect their clients and not misuse their information. While online companies also hold personal and sensitive information about the people they serve, they are not required to protect consumers’ data. This leaves users in a vulnerable position; they are expected to understand the information they give to providers and how it is being used – an unreasonable expectation for even the most tech-savvy consumer. By establishing an explicit duty for online providers, Americans can trust that their online data is protected and used in a responsible way.

Schatz’s Data Care Act is co-sponsored by U.S. Senators Michael Bennet (D-Colo.), Catherine Cortez Masto (D-Nev.), Ed Markey (D-Mass.), Tammy Duckworth (D-Ill.), Tammy Baldwin (D-Wis.), Joe Manchin (D-W.Va.), Dick Durbin (D-Ill.), Sherrod Brown (D-Ohio), Cory Booker (D-N.J.), Amy Klobuchar (D-Minn.), Maggie Hassan (D-N.H.), Martin Heinrich (D-N.M.), Patty Murray (D-Wash.), Bernie Sanders (I-Vt.), and Chris Murphy (D-Conn.).

The Data Care Act establishes reasonable duties that will require providers to protect user data and will prohibit providers from using user data to their detriment:

Duty of Care – Must reasonably secure individual identifying data and promptly inform users of data breaches that involve sensitive information;
Duty of Loyalty – May not use individual identifying data in ways that harm users;
Duty of Confidentiality – Must ensure that the duties of care and loyalty extend to third parties when disclosing, selling, or sharing individual identifying data;
Federal and State Enforcement – A violation of the duties will be treated as a violation of an FTC rule with fine authority. States may also bring civil enforcement actions, but the FTC can intervene. States and the FTC may go after both first- and third-party data collectors.
Rulemaking Authority – FTC is granted rulemaking authority to implement the Act.

You must login or register in order to post a comment.

ON DEMAND: DevSecOps creates an environment of shared responsibility for security, where AppSec and development teams become more collaborative. With the right training and tools, developers can become more hands-on with security and, with that upskilling, stand out among their peers... however, they need the security specialists on-side, factoring them into securing code from the start and championing this mindset across the company.

Join our subject matter experts as they explore how the right systems can help identify, analyze and report potential incidents and help building owners sustain compliance and create safer spaces.

Security Magazine

2020 September

This month in Security magazine, we bring you our 2020 Most Influential People in Security annual report, where we highlight 22 industry leaders, their path to security, careers, goals and guidance for future security professionals. Industry experts discuss the evolution of ransomware, houses of worship security, cybersecurity standards, security careers in investigations and the unifying power of security. Diane Ritchey, past Editor-in-Chief, says goodbye and thank you to our readers.

View More Create Account

New Senate Bill Would Protect Online Data

Related Articles

Report Abusive Comment