Skip to content

U.S. Senator Tammy Baldwin Helps Introduce The Consumer Privacy Protection Act

Protects Americans’ sensitive personal information against cyberattacks and ensures timely notification and protection when data is breached

WASHINGTON, D.C. – U.S. Senator Tammy Baldwin joined with her Senate colleagues, led by Senator Patrick Leahy (D-VT), to introduce comprehensive consumer privacy legislation to protect Americans’ sensitive personal information against cyberattacks and to ensure timely notification and protection when data is breached.

The Consumer Privacy Protection Act of 2017 would require companies to take preventive steps to defend against cyberattacks and data breaches, and to quickly provide consumers with notice and appropriate protection when a data breach occurs.  The bill addresses the kinds of security breaches that have affected multiple companies – most notably the recent, massive Equifax breach that exposed the personal information of almost half the American population. This sensitive consumer information is increasingly targeted by both criminal hackers and hostile foreign powers.

“When it comes to the sensitive, personal information, we have to make sure American consumers have the information and the tools they need to protect themselves,” said Senator Baldwin. “In the case with Equifax, there are still tens of millions of Americans who don’t know whether or not they are at risk. That is unacceptable and the Senate must take action to hold these companies accountable and protect our constituents.”  

In addition to Senator Baldwin, the bill is cosponsored by Senators Ed Markey (D-Mass.), Richard Blumenthal (D-Conn.); Ron Wyden (D-Ore.) and Al Franken (D-Minn.).

The Consumer Privacy Protection Act requires that corporations meet certain baseline privacy and data security standards to keep information they store about consumers safe, and it requires that these firms provide notice and protection to consumers in the event of a breach.  This legislation protects broad categories of data, including: (1) social security numbers and other government-issued identification numbers; (2) financial account information, including credit card numbers and bank accounts; (3) online usernames and passwords, including email names and passwords; (4) unique biometric data, including fingerprints and faceprints; (5) information about a person’s physical and mental health; (6) information about geolocation; and (7) access to private digital photographs and videos.

Following a massive data breach that threatened the sensitive, private information of more than 145 million Americans, Senator Baldwin called for a hearing before the Senate Commerce Committee, and last week executives from Equifax took questions from Senator Baldwin and others on the Commerce Committee.

Senator Baldwin sent a letter to the CEO of Equifax calling on him to provide direct notice to each and every American consumer impacted by the data breach.

This Consumer Privacy Protection Act has the support of leading consumer privacy advocates, including the Center for Democracy and Technology, the Consumer Federation of America, New America’s Open Technology Institute, and Public Knowledge. 

The full text of the bill can be found here.