[Congressional Record Volume 151, Number 89 (Wednesday, June 29, 2005)]
[Senate]
[Pages S7619-S7620]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]

      By Mr. JOHNSON (for himself, Mr. Thomas, Mr. Enzi, Mr. Dorgan, 
        Mr. Burns, Mr. Thune, Mr. Bingaman, and Mr. Baucus):
  S. 1331. A bill to amend the Agricultural Marketing Act of 1946 to 
change the date of implementation of country of origin labeling to 
January 30, 2006; to the Committee on Agriculture, Nutrition, and 
Forestry.
  Mr. JOHNSON. Mr. President, I rise to discuss an issue of great 
importance to producers and consumers in my home State of South Dakota 
and across the Nation. Mandatory country of origin labeling, COOL, 
remains an overwhelmingly popular provision not only as a consumer 
right-to-know issue, but also as a marketing tool for our Nation's 
farmers and ranchers.
  Mandatory country of origin labeling was signed into law under this 
most recent Farm Bill and by this current President. As the primary 
author of the COOL language included in the 2002 Farm Bill, I am 
increasingly frustrated at the amount of heel dragging this 
Administration has shown for the program. I rise to introduce a bill to 
move forward with the implementation of mandatory COOL in a timely and 
reasonable manner, instating a January 30, 2006 mandatory date of 
implementation. COOL has experienced great bipartisan support in the 
Senate. I am pleased that Senator Craig Thomas joins me in this 
bipartisan effort, as does Senator Mike Enzi, Senator Byron Dorgan, and 
Senator Conrad Burns.
  I worked with my Senate colleagues to ensure that no delay language 
was included in the Senate version of the fiscal year 2006 Agriculture 
Appropriations Bill that was reported out of committee. As a member of 
the Senate Appropriations Committee, and specifically, the Agriculture 
Appropriations Subcommittee, I worked with my Senate colleagues to 
ensure we assembled a satisfactory bill that did not contain the same 
delay language as found in the House agriculture spending measure. The 
House fiscal year 2006 Agriculture Appropriations Bill contained a 1-
year delay for meat and meat products, which is identical to the 
situation that unfolded with the program in fiscal year 2004.
  While the House version of the fiscal year 2004 spending bill 
contained a 1-year delay for meat and meat products exclusively, the 
final omnibus contained a 2-year delay for all covered commodities 
except fish and shellfish. During closed door consideration of the 
measure, Senate leadership chose to bow to special interest groups 
despite the significant support COOL experiences from the majority of 
consumers and producers. While I was pleased to see the Senate version 
of the fiscal year 2006 bill that we reported out of committee 
contained $3.111 million for an audit-based compliance program for COOL 
implementation, the United States Department of Agriculture, USDA, 
Agricultural Marketing Service, AMS, will need substantive funding for 
the implementation of the full program. While the money funds an audit-
based compliance program exclusively for fish and shellfish, additional 
dollars are needed for the inclusion of all covered commodities.
  Mandatory COOL for fish and shellfish was implemented on April 4, 
2005. USDA instituted a six month phase-in period to ensure adequate 
time for compliance, and the Department promulgated an interim final 
rule on September 30, 2004. Given this process, I see no reason why the 
Department should not proceed with the promulgation of the interim 
final rule for all covered commodities at the earliest possible time. 
If the implementation date is moved to January 30, 2006, then producers 
and consumers will at least see benefits under the program by late 
summer of 2006. Producers and consumers have waited long enough for 
program implementation, and it is high time USDA move forward with the 
implementation of this crucial program.
  Mr. FEINGOLD. Mr. President, I am proud to join the chairman and the 
ranking member of the Senate Judiciary Committee in cosponsoring the 
Personal Data Privacy and Security Act of 2005. This bill is a much-
needed solution to the daunting problem of ensuring the privacy and the 
security of our personal data, which has become such a precious 
commodity.
  As we enter the 21st century, several forces are converging to make 
our personal information more valuable--and vulnerable--than ever. The 
world is going digital, and so is our personal data. In this day and 
age, almost everything we do results in a third party creating a 
digital record about us--digital records that we may not even realize 
exist. We seek the convenience of opening bank accounts and making 
major purchases over the Internet, often without ever speaking to 
another person face to face or even over the telephone, making identity 
theft easier and more lucrative. Businesses, nonprofits and even 
political parties are personalizing their messages, products and 
services to a degree we've never seen before, and they are willing to 
invest significant amounts of money in collecting personal information 
about potential customers or donors. And we are living in an age where 
identity-based screening and security programs can be vitally 
important, resulting in more information being collected about 
individuals in an attempt to identify them accurately.
  As a result, personal information has become a hot commodity that is 
bought, sold, and--as so often happens when something becomes 
valuable--stolen.
  We are at a crossroads. We all know about the security breaches that 
have been on the front pages of newspapers all over the country for the 
past 6 months. They have placed the identities of hundreds of thousands 
of Americans at risk.
  But this is about much more than just information security. Until 
California law required ChoicePoint to notify individuals that their 
information was compromised and they might be vulnerable to identity 
theft, many Americans had never heard of this company. As news stories 
focused on the data broker business, many Americans were surprised to 
discover that companies are creating digital dossiers about them that 
contain massive amounts of information, and that these companies sell 
that information to commercial and government entities. The revelations 
about these security breaches highlighted the fact that Americans 
need a better understanding of what happens to their information in a 
digital world--and what kind of consequences they can face as a result.

[[Page S7620]]

  When I am back home in Wisconsin, I hear from people who do not 
understand why companies have the right to sell their sensitive 
personal information. I hear from people who are shocked to discover 
that personal information about them is available for free on the 
Internet.
  There is no question that data aggregators facilitate societal 
benefits, allowing consumers to obtain instant credit and personalized 
services, and police officers to locate suspects. But these companies 
also gather a great deal of potentially sensitive information about 
individuals, and in many instances they go largely unregulated.
  Too many of my constituents feel they have lost control over their 
own information. Congress must return some power to individual 
Americans so that we can all better understand and manage what happens 
to our own personal data.
  The Personal Data Privacy and Security Act takes a comprehensive 
approach to the privacy and security problems we face. It gives 
consumers back some control over their own information. The bill 
requires data brokers to allow consumers to access their own 
information, and to investigate when consumers tell them that 
corrections are necessary. And it requires companies to give notice to 
affected consumers and to law enforcement if there is a serious 
security breach, so that individuals know their identity may be at risk 
and can take steps to protect themselves.
  In addition, the bill increases penalties for those who steal our 
identities. It provides grants to State and local law enforcement to 
help them combat data fraud and related crimes. It requires companies 
that buy and sell information to have appropriate data security systems 
in place. It provides protection to Social Security numbers by 
prohibiting the sale, purchase or display of Social Security numbers, 
with certain exceptions, and preventing companies from requiring 
customers to provide their Social Security numbers in order to purchase 
goods or services. These protections will help safeguard against future 
privacy violations and security breaches in the commercial data 
industry. But that is not all this bill accomplishes.
  The bill also contains some critically important privacy and security 
provisions to govern the Government's use of commercial data. This is 
an aspect of the data broker business that has not yet gotten as much 
attention in the wake of the recent security breaches. The information 
gathered by these companies is not just sold to individuals and 
businesses; Government agencies of all stripes also buy or subscribe to 
information from commercial sources. The most recent example was the 
discovery that the Pentagon has a contract with a marketing firm to 
analyze commercial and other data about high school and college 
students.

  While I believe the Government should be able to access commercial 
databases in appropriate circumstances, there are few existing rules or 
guidelines to ensure this information is used responsibly. Nor are 
there restrictions on the use of commercial data for powerful, 
intrusive data mining programs, an issue I have been particularly 
concerned about. The Privacy Act, which governs when Government 
agencies themselves are collecting data, does not apply because the 
information is held outside the Government and is not gathered solely 
at Government direction.
  As a result, there is a great deal we do not know about Government 
use of commercial data, even in clearly appropriate circumstances such 
as when the agency's goal is simply to locate an individual already 
suspected of a crime.
  We don't know under what circumstances Government employees can 
obtain access to these databases or for what purposes. We don't know 
how Government agencies evaluate the accuracy of the databases to which 
they subscribe, or how the accuracy level affects government use of the 
data. We don't know how employees are monitored to ensure they do not 
abuse their access to these databases, or how those who misuse the 
information are punished. And we don't know how Government agencies, 
particularly those engaged in sensitive national security 
investigations, ensure that the data brokers cannot keep records of who 
the Government is investigating, records which themselves could create 
a huge security risk in light of the vulnerabilities that have come to 
the forefront in recent months.
  That is why I am so pleased that this bill includes provisions to 
address the Government's use of commercial data. A comprehensive 
approach to data privacy and security would be incomplete without 
taking on this piece of the puzzle. The bill recognizes there are many 
legitimate reasons for Government agencies to obtain commercially 
available data, but that they need to be subject to privacy and 
security protections. It takes a commonsense approach, pushing 
Government agencies to take basic steps to ensure that individuals' 
personal information is secure and only used for legitimate purposes, 
and that the commercial information the Government is paying for and 
relying on is accurate and complete.
  Specifically, the bill would require that Federal agencies that 
subscribe to commercial data adopt standards governing its use. These 
standards would reflect long-standing basic privacy principles. The 
bill would ensure that Government agencies consider and determine which 
personnel will be permitted to access the information and under what 
circumstances; develop retention policies for this personal data and 
get rid of data they no longer need, minimizing the opportunity for 
abuse or theft; rely only on accurate and complete data, and penalize 
vendors who knowingly provide inaccurate information to the Federal 
Government; provide individuals who suffer adverse consequences as a 
result of the agency's reliance on commercial data with a redress 
mechanism; and establish enforcement mechanisms for those privacy 
policies.

  The bill also extends to other screening programs the existing 
protections that already are in place to govern the Transportation 
Security Administration's possible use of commercial data for its 
identity-based airline passenger screening program, Secure Flight. If 
the Federal Government is going to rely on commercial data to screen 
Americans and decide whether to permit them to travel by air or engage 
in other common activities, it should do so only subject to explicit 
congressional authorization, as this bill provides. In addition, 
agencies should have to provide a redress process for those wrongly 
affected, and should have to operate under rules that govern the 
access, use, disclosure, accuracy and retention of that data.
  The bill also directs the General Services Administration to review 
Government contracts for commercial data to make sure that vendors have 
appropriate security programs in place, and that they do not provide 
information to the Government that they know to be inaccurate. And it 
requires agencies to audit the information security practices of their 
vendors.
  These are basic good Government measures. They guarantee that the 
Federal Government is not wasting money on inaccurate data, and that 
vendors are undertaking the security programs that they have promised 
and for which the Government is paying.
  We live in a new digital world. The law may never fully keep up with 
technology, but we must make every effort we can. I am proud to be 
involved in this comprehensive, reasoned approach to privacy and 
security. I congratulate Chairman Specter and Ranking Member Leahy for 
their excellent work on this bill. This bill is important and it 
deserves very serious consideration by the Senate.
                                 ______