Senators John Kerry and John McCain introduced a tough new privacy bill Tuesday that would require companies to notify consumers in clear language whenever their data is being collected, and obligate companies to keep that information safe from hackers.
There are increasing concerns in the United States and elsewhere about the security of consumers' personal data that is often collected by companies. Security experts said last week that millions of people faced heightened risk of email swindles after a massive security breach suffered by Epsilon , an online marketing firm that handles email marketing lists for hundreds of clients.
The bill applies to any company or nonprofit organization that collects information about consumers, over the Internet or otherwise, including search engines, telephone companies and cable companies.
"The ease of gathering and compiling personal information on the Internet and off, both overtly and surreptitiously, is becoming increasingly efficient and effortless," Kerry and McCain wrote in the text of the bill.
The bill, if it becomes law, would require companies to tell consumers why data is being collected, whom it will be shared with and how it will be safeguarded.
Companies collecting data must also allow consumers to opt out of some data collection, and they must agree, or opt in, to collection of sensitive data like medical conditions.
The bill would also press businesses to collect only the information they need for any particular transaction.
Kerry, a Democrat from Massachusetts, said the measure had support from some big technology companies.
"These companies agree with us that it doesn't just make good business sense to protect their customer; they know it's the right thing to do," he told a news conference.
McCain, an Arizona Republican, noted that many websites -- like most search engines -- are free precisely because they are supported by advertising.
"Our bill seeks to respect the ability of businesses to advertise while also protecting consumers' personal information," said McCain.
The bill seeks to protect data that is unique to a person, like their name, physical address, email address, telephone number, Social Security number and credit card numbers.
Enforcing the bill would fall to the Federal Trade Commission and to state attorneys general, with the FTC taking the lead.
© 2013 Thomson/Reuters. All rights reserved.