Letter to the Senate Committee on the Judiciary Opposing S. 1535, the “Personal Data Protection and Breach Accountability Act"

Tuesday, September 20, 2011 - 8:00pm

The Honorable Patrick J. Leahy
Chairman
Committee on the Judiciary
United States Senate
Washington, DC 20510

The Honorable Charles E. Grassley
Ranking Member
Committee on the Judiciary
United States Senate
Washington, DC 20510

Dear Chairman Leahy and Ranking Member Grassley:

The U.S. Chamber of Commerce, the world’s largest business federation representing the interests of more than three million businesses and organizations of every size, sector, and region, strongly opposes S. 1535, the “Personal Data Protection and Breach Accountability Act of 2011” because it would impose unnecessary and extremely burdensome regulations on the business community that would inevitably stifle innovation and harm job growth.

Protecting individuals’ sensitive personal information from theft or illegal uses has been and will continue to be a top priority for the business community. Enacting a truly uniform federal standard for data security and breach notifications would ease compliance and foster job creation.

However, S. 1535 is seriously flawed because it is overly-broad and creates a needlessly complex and onerous liability regime. The Chamber has many serious concerns with the bill including, but not limited to, the definition of sensitive personally identifiable information (PII); liability provisions that include a private right of action (with punitive damages for undefined “personal injuries”), excessive civil penalties, and the failure to impose criminal penalties solely on those that actually use PII for unlawful purposes; potential conflicts with existing federal law; inadequate preemption of state laws; overbroad enforcement authority designed to induce settlements at the hands of state attorneys general and an unlimited number of undefined “State or local law enforcement agenc[ies];” a definition of harm that is vague and not restricted to situations where there is significant risk of identity theft, fraud, or other economic harm; the onerous requirements of the personal data privacy and security program; and the data brokerrelated provisions.

For the above reasons, the Chamber respectfully urges you to oppose S. 1535.

Sincerely,
R. Bruce Josten

Cc: Members of the Senate Committee on the Judiciary