WASHINGTON – U.S. Senator Jerry Moran (R-Kan.) – Chairman of the Commerce Subcommittee on Consumer Protection – today introduced the Consumer Data Privacy and Security Act to strengthen the laws that govern consumers’ personal data and create clear standards and regulations for American businesses that collect, process and use consumers’ personally identifiable data.

“Americans need to be able to count on strong baseline responsibilities that businesses must uphold when collecting, processing and protecting their personally identifiable information,” said Sen. Moran. “While our economy has benefited from the use of data, these advancements should not be traded for an individual’s right to have control over their personal information. We have witnessed unauthorized activities and security breaches from bad actors attempting to access and process consumers’ personal data and sensitive information in unfair and deceptive ways. Without action from Congress, consumers will continue to be vulnerable to future threats against their personal data, and innovators and job creators will be plagued with regulatory uncertainty resulting from a growing patchwork of state laws.”

“It is clear that Congress needs to act to provide consumers and companies with a clear federal standard that lays out robust protections for consumers’ personal data, and I encourage my colleagues to support the Consumer Data Privacy and Security Act as the federal standard for comprehensive privacy legislation,” continued Sen. Moran.

The Consumer Data Privacy and Security Act would:

• establish a clear federal standard for data privacy protection, giving businesses a uniform standard rather than a patchwork of confusing state laws.
• provide consumers with control over their own data to access, correct and erase their personal data.
• require businesses that collect and process a significant amount of personal data to take extra precautionary steps to protect and responsibly process that data.
• prohibit companies from collecting data without consumers’ consent with limited and specific exceptions.
• require businesses to develop and implement robust data security programs to protect personal data from unauthorized access and disclosure.
• equip the Federal Trade Commission (FTC) and state attorneys general with authority to uniformly enforce federal consumer privacy protections while providing the FTC the resources necessary to carry out those authorities.

Click here for a detailed section-by-section of this legislation.

Click here to download the full bill text.

Timeline of Sen. Moran’s Work on Crafting a Federal Data Privacy Bill:

• November 8, 2017 – Sen. Moran participated in a full Senate Commerce Committee hearing on industry responses to Yahoo!’s 2013 data breach and Equifax’s 2017 data breach.
• November 27, 2017 – Sen. Moran (and Senators Thune, Hatch, and Cassidy) sent a letter to Uber Technologies pertaining to reports of a data breach involving the personal data of millions of customers.
• December 12, 2017 – Sen. Moran successfully enacted his Modernizing Government Technology (MGT) Act as part of the FY2018 NDAA, which focused on encouraging federal agencies to modernize their government IT infrastructure in the interest of securing government data (including personally identifiable information of taxpayers and federal employees).
• February 6, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing on vulnerability disclosure programs employed by industry actors, while specifically focusing on the Uber data breach and the use of its bug bounty program to conceal the incident.
• March 22, 2018 – Sen. Moran and Sen. Blumenthal sent a letter to Aleksandr Kogan seeking additional information about how the personal data of 50 million Facebook users was transmitted to Cambridge Analytica.
• April 10, 2018 – Sen. Moran participated in a joint hearing held by the Senate Commerce and Judiciary Committees that had Facebook CEO Mark Zuckerberg providing testimony. Senator Moran asked a series of questions pertaining to the provisions of Facebook’s (then) FTC consent decree and how allegations of its third-party sharing did not conflict with such provisions. 
• June 13, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing following the joint full committee hearing with Facebook CEO Zuckerberg to focus on the collection and use of social media data and associated privacy concerns. Aleksandr Kogan from University of Cambridge and Ashkan Soltani a former FTC technologist provided testimony.
• September 20, 2018 – Sen. Moran (and Senators Blumenthal, Wicker, and Schatz) sent a letter to Commerce Secretary Ross to encourage the department to include Congress in any blueprint discussions regarding a national privacy framework.
• September 26, 2018 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine the privacy policies of top technology and communications firms, including AT&T, Amazon, Google, Twitter, Apple, and Charter Communications.
• October 10, 2018 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine lessons learned from the European Union’s General Data Protection Regulation and the California Consumer Privacy Act. This hearing included testimony from the European Data Protection Board Chair Dr. Andrea Jelinek and author of the California law Alastair Mactaggart.
• November 27, 2018 – Sen. Moran chaired a Senate Commerce Subcommittee hearing to conduct oversight of the Federal Trade Commission, which acts as the lead federal enforcer of consumer data privacy and security violations.  All five commissioners were in attendance.
• February 27, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing in which he asked specific questions of industry stakeholders related to provisions that could be included in privacy legislation like FTC rulemaking authority, first-time civil penalty authority, and resources.
• March 26, 2019 – Sen. Moran chaired a Senate Commerce Subcommittee hearing to discuss small business perspectives on a federal privacy framework. The witnesses on the panel included consumer advocates and industry representatives from a variety of sectors, including Ryan Weber from the KC Tech Council.
• April 30, 2019 – Sen. Moran participated in a Senate Commerce Subcommittee on Security hearing on Cybersecurity of the Internet of Things (IoT), which included testimony from CTA, US Chamber of Commerce, Rapid7, USTelecom and NIST.
• May 1, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing that included testimony from Helen Dixon the Data Protection Commission for the Republic of Ireland (who spoke on the implementation of EU GDPR) along with others from consumer advocacy groups like ACLU, the Future of Privacy Forum and Common Sense Media.
• December 4, 2019 – Sen. Moran participated in a full Senate Commerce Committee hearing to examine legislative proposals to protect consumer privacy, which included testimony from a variety of industry stakeholders and a consumer advocate from Center for Democracy and Technology.

# # #