[Congressional Record Volume 155, Number 15 (Monday, January 26, 2009)]
[House]
[Pages H497-H500]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                       NATIONAL DATA PRIVACY DAY

  Mr. WELCH. Madam Speaker, I move to suspend the rules and agree to 
the resolution (H. Res. 31) expressing support for designation of 
January 28, 2009, as ``National Data Privacy Day''.
  The Clerk read the title of the resolution.
  The text of the resolution is as follows:

                               H. Res. 31

       Whereas the Internet and the capabilities of modern 
     technology cause data privacy issues to figure prominently in 
     the lives of many people in the United States at work, in 
     their interaction with government and public authorities, in 
     the health field, in e-commerce transactions, and online 
     generally;
       Whereas many individuals are unaware of data protection and 
     privacy laws generally and of specific steps that can be 
     taken to help protect the privacy of personal information 
     online;
       Whereas ``National Data Privacy Day'' constitutes an 
     international collaboration and a nationwide and statewide 
     effort to raise awareness about data privacy and the 
     protection of personal information on the Internet;
       Whereas government officials from the United States and 
     Europe, privacy professionals, academics, legal scholars, 
     representatives of international businesses, and others with 
     an interest in data privacy issues are working together on 
     this date to further the discussion about data privacy and 
     protection;
       Whereas privacy professionals and educators are being 
     encouraged to take the time to discuss data privacy and 
     protection issues with teens in high schools across the 
     country;
       Whereas the recognition of ``National Data Privacy Day'' 
     will encourage more people nationwide to be aware of data 
     privacy concerns and to take steps to protect their personal 
     information online; and
       Whereas January 28, 2009, would be an appropriate day to 
     designate as ``National Data Privacy Day'': Now, therefore, 
     be it
       Resolved, That the House of Representatives--
       (1) supports the designation of a ``National Data Privacy 
     Day'';
       (2) encourages State and local governments to observe the 
     day with appropriate activities that promote awareness of 
     data privacy;
       (3) encourages privacy professionals and educators to 
     discuss data privacy and protection issues with teens in high 
     schools across the United States; and
       (4) encourages individuals across the Nation to be aware of 
     data privacy concerns and to take steps to protect their 
     personal information online.

  The SPEAKER pro tempore. Pursuant to the rule, the gentleman from 
Vermont (Mr. Welch) and the gentleman from Florida (Mr. Stearns) each 
will control 20 minutes.
  The Chair recognizes the gentleman from Vermont.


                             General Leave

  Mr. WELCH. I ask unanimous consent that all Members may have 5 
legislative days in which to revise and extend their remarks.
  The SPEAKER pro tempore. Is there objection to the request of the 
gentleman from Vermont?
  There was no objection.
  Mr. WELCH. Madam Speaker, I rise in strong support today of House 
Resolution 31, introduced by Representative

[[Page H498]]

Price of North Carolina. This resolution correctly identifies the 
importance of data security in all of our lives. Particularly, as we 
continue to incorporate Internet use into our daily lives and routines, 
it's vital that we focus on the need to protect the sensitive 
information that is transmitted over the Internet.
  Over the past few years, as we all know, we have seen numerous and 
troubling incidences involving data breach that compromise private 
information. That includes credit card numbers, bank statements, Social 
Security numbers, and health records. According to the Privacy Rights 
Clearinghouse, over 250 million records containing sensitive personal 
information has been subject to security breaches since 2005. We know 
we have got to protect security if we are going to have the advantages 
of electronic transmission of records.
  Just last week, it was reported that another data breach involving 
credit and debit card information potentially exposed tens of millions 
of consumers to the risk of fraud. These incidents underscore the need 
for vigilance in protecting the privacy of sensitive information.
  At this time, Madam Speaker, I yield such time as he may consume to 
the author of the resolution, the gentleman from North Carolina (Mr. 
Price).
  Mr. PRICE of North Carolina. I want to thank the gentleman from 
Vermont for yielding, and for his good work in bringing this resolution 
to the floor.
  I am here as the lead sponsor, among many sponsors, of House 
Resolution 31, supporting the designation of January 28 as National 
Data Privacy Day. In the last 10 years, the Internet has become the 
preferred carrier of communication in our society. Electronic 
communications dominate workplaces, and are increasingly prevalent in 
commerce, in interactions between the public and government at every 
level, and through social networking sites on the Internet.
  While we have realized incredible efficiencies and other benefits 
from new electronic technologies, those technologies have also raised 
challenges for protecting the privacy of personal and proprietary 
information. If we are going to fully realize the potential of 
electronic communications, we must address these challenges, and that 
is what H. Res. 31 is all about.
  Fortunately, we are off to a good start. On Wednesday, privacy 
professionals, corporations, government agencies, nonprofit 
organizations, academic institutions, and students across the Nation 
are already planning to come together to raise awareness and underscore 
the importance of data privacy protection as part of National Data 
Privacy Day.
  Academic institutions such as the Wharton Business School, Arizona 
State University, Santa Clara Law School, and Ohio State University, 
have planned events and panel discussions on a broad range of data 
privacy issues ranging from information security best practices to data 
privacy issues at public and private institutions of higher education.
  One of the major focuses of Data Privacy Day will be to educate 
teenagers about the importance of online privacy. An estimated 55 
percent of American teenagers with access to the Internet use social 
networking Web sites, and an even greater engage in real-time 
information sharing through instant messaging, cell phone text 
messaging, and chat rooms.
  While pre-teens, teenagers, and young adults are often the most 
sophisticated and skilled Internet users--we all know that--many are 
too often neglectful of their personal safety online. Young people who 
are participating in online social networking should be made aware of 
the dangers of failing to protect their personal data. They need to 
know that not everyone on Facebook or MySpace is a friend.
  On Wednesday, educators and privacy professionals across the country 
will lead discussions with young people to raise awareness about online 
privacy to promote safe use of the Internet and to help them learn 
about how to protect the privacy of their personal data.
  I am especially proud of events in North Carolina surrounding Data 
Privacy Day. This week, the Carolina Privacy Officials Network will 
host panels on consent policy options in health care, information 
security breaches, and off-shoring of data. At the Sanford Institute of 
Public Policy at Duke University, representatives from Intel, the 
Institute for Homeland Security Solutions, the Triangle Center on 
Terrorism and Homeland Security, the Provost's Office at Duke 
University, the Duke Center for European Studies, the Center for 
International Studies, and the Triangle Institute for Security Studies, 
will gather with officials from the United States Departments of State, 
Justice and Homeland Security, as well as the European Commission, to 
discuss issues surrounding the protection of national security and 
privacy.
  Madam Speaker, H. Res. 31 underscores the importance of data privacy 
protection and expresses support for the designation of January 28, 
2009, as National Data Privacy Day. I want to thank the Members who 
cosponsored this important resolution, and members of the Energy and 
Commerce Committee, Chairman Waxman, for moving H. Res. 31 to the floor 
today. It's a resolution that has good bipartisan support. I appreciate 
that support, and I urge my colleagues to support the measure.
  Mr. WELCH. I reserve the balance of my time.
  Mr. STEARNS. Madam Speaker, I yield myself such time as I may 
consume.
  Madam Speaker, I am also pleased that our data privacy resolution 
could be considered on the floor today, and I would like to thank, 
obviously, Mr. Price of North Carolina, for introducing this important 
resolution, as the lead cosponsor on the Republican side. I am glad to 
be able to support it. As well as Chairman Barton from the Energy and 
Commerce Committee; Mr. Markey, the former chairman of the 
Telecommunications Committee; and, Mr. Radanovich, who will speak 
later, for their support as well.
  My colleagues, this resolution supports the designation of January 28 
as National Data Privacy Day. As ranking member of the Communications, 
Technology, and Internet Subcommittee, I am especially concerned about 
the challenges that all of us face today protecting the privacy of 
personal sensitive information.
  Most of our work product and personal records are now, obviously, 
digitally stored, as well as transferred. The timesaving convenience of 
instantaneous communications means we all rely heavily on the Internet 
and the latest state-of-the-art technology in our simple daily 
interactions. And, more often than not, all of our electronic 
communications leave behind a digital fingerprint that opens the 
potential for abuse if the information is in the wrong hands.
  That is why it is pertinent that we, as representatives of the 
American people here in Congress, take the simple initiative to draw 
awareness to the importance to protecting sensitive personal 
information, including financial and health records, from misuse and 
theft.
  Consumers must be vigilant in protecting their data. They have a 
personal responsibility, and they must be cautious with whom they do 
business with. Likewise, we must continue to ensure that legitimate 
businesses which collect and store U.S. consumer personal data will 
respect the privacy of those consumers at all times and employ the 
necessary protections to safeguard that data.
  Data security is not a new issue. We examined this problem related to 
data breaches in the Energy and Commerce Committee as far back as the 
109th Congress that were spurred by breaches at data brokers affecting 
millions of our citizens. We learned that State laws created numerous 
notice requirements that were to inform the customer of these breaches, 
but it is unclear, Madam Speaker, how many data breaches occurred 
before those laws took place.
  The problem continues to affect countless Americans every year. In 
fact, there are estimates of data breaches since 2005 that indicate 
that as many as 251 million records have been exposed or compromised. 
That is due to these breaches.
  The result is often credit card fraud or, worse, identity theft, 
which can require time, money, and energy from consumers to repair 
their good name and, obviously, restore their credit history.

[[Page H499]]

  Furthermore, universities all across this Nation have had names, 
photos, phone numbers, and addresses of their students and staff 
compromised or stolen. Sensitive technology companies such as Science 
Applications International Corporation and Boeing have also had data 
security breaches. Breaches have also occurred in large financial 
institutions such as Bank of America and Wachovia Bank.
  Also, in the private sector a single stolen computer at Ford Motor 
Company exposed the names and Social Security numbers of 70,000 current 
and former employees, and hundreds of hospitals have had the personal 
information of their patients compromised.
  Breaches are pervasive in government agencies such as the IRS, the 
Federal Trade Commission, the FDIC, the State Department, the 
Department of Veterans' Affairs, the Department of Justice and Energy, 
and the U.S. Navy. Of course, the list goes on.
  Clearly, the resolution we are considering tonight is timely. Just 
last week we were reminded again of how pervasive this problem is with 
the announcement of Heartland Payment Systems, a credit card processor, 
that over 100 million personal records were compromised. This could be, 
to date, one of the largest known security breaches in our Nation.
  Thus, Madam Speaker, highlighting problems such as this to Americans 
will increase their awareness and encourage them to exercise more 
diligence and care in protecting their personal information today. So I 
thank my colleagues for their support and recognition of the importance 
of data privacy and the benefits of designating January 28, 2009, as 
National Data Privacy Day, and I look forward to generating support in 
my home State of Florida for this important initiative.
  I reserve the balance of my time.
  Mr. WELCH. I am the last speaker on my side, and I will continue to 
reserve.
  Mr. STEARNS. Madam Speaker, I yield such time as he may consume to 
the gentleman from California (Mr. Radanovich).
  Mr. RADANOVICH. The capabilities and, in some cases, the failures of 
modern technology, have brought the issues of data privacy and data 
security into the lives of all Americans. Whether it be at work, in 
health, in finance, or online generally, we all must be concerned about 
the unauthorized access to personal information, access which could put 
our livelihoods and, in extreme cases, our lives even at stake.
  The Subcommittee on Commerce, Trade, and Consumer Protection has 
received testimony over the years about corporate data breaches that 
have damaged people financially as well as heard heartbreaking stories 
of stalkers stealing or buying personal information. As the new ranking 
member of the subcommittee, I am particularly concerned about these 
issues.
  Just last week, we got reports about the hacking of the New Jersey-
based credit card processor, Heartland Payment Systems. This company 
processes more than 5 billion transactions a year, involving tens of 
millions of credit card numbers, and someone was able to break into 
their system and monitor these transactions.
  This is just another example of how all of us must be aware of the 
security of sensitive information. Furthermore, not only must 
individuals be careful with their information, but the businesses which 
we entrust with that data must guard it as if it were their very own.
  I want to commend Mr. Price and Mr. Stearns for bringing this 
resolution before us today, and I want to thank Mr. Barton, Mr. Waxman, 
and Mr. Dingell for their continued efforts to address this issue. I 
want to lend my support to their efforts to educate the American public 
about ways to protect their personal information.
  I look forward to continuing to work in this Congress to ensure the 
proper security of data and appropriate notice to consumers when their 
information is lost or revealed and there is significant risk of 
damage, financial or otherwise.
  I fully support the goals and ideals of the National Data Privacy Day 
on January 28, and I urge all my colleagues to join in this effort.

                              {time}  1745

  Mr. STEARNS. I yield back the balance of my time.
  Mr. WELCH. Madam Speaker, I want to thank Chairman Price and Ranking 
Member Stearns for this excellent resolution. It draws attention to the 
importance of privacy protections by supporting the designation of 
January 28, 2009 as the National Data Privacy Day. It seeks to inform 
the public of data privacy concerns and urge them to take steps to 
ensure that their own private data is secure and accounted for. In that 
vein, State and local governments, as well as schools, are encouraged 
to educate citizens about data privacy. I thank the Representative from 
North Carolina for authoring this resolution.
  Ms. JACKSON-LEE of Texas. Madam Speaker, H. Res. 31 seeks to protect 
the personal interests and information of men and women across the 
country who exchange personally identifiable information across the 
Internet. I salute my colleague, Representative Price from North 
Carolina, in his efforts to designate January 28, 2009, as ``National 
Data Privacy Day.''
  It is our duty and obligation to protect those victims of the 
exploitation of their personally identifiable information who often 
face a difficult and arduous process of cleaning up their credit 
records. These innocent victims, who may be an aging grandmother 
attempting to retire from over 30 years of labor as a housekeeper, or a 
young man who balances three jobs and is seeking a college loan, will 
be left to face lengthy investigations by credit card companies, 
financial institutions, and law enforcement agencies, while these 
cyber-criminals take minutes or less to destroy a namesake that has 
taken years to build.


                         texas Privacy Efforts

  Texas seeks to perform its part through the Texas Business and 
Commerce Code, which bolsters the security of personally identifiable 
information, with respect to an individual who is the owner or operator 
of a computer, including first name or first initial in combination 
with last name; a home or other physical address, including street 
name; electronic mail address; a credit or debit card number; a bank 
account number; a password or access code associated with a credit or 
debit card or bank account; a Social Security number, tax 
identification number, driver's license number, passport number, or 
other government-issued identification number; or any information if 
the information alone or in combination with other information 
personally identifies the individual.


                              Data Privacy

  According to the Privacy Rights Clearing House, since February 2005, 
more than 100 million records containing personal information have been 
subject to some sort of security breach.
  Data privacy concerns exist wherever personally identifiable 
information is collected and stored--in digital form or otherwise. 
Improper or non-existent disclosure control can be the root cause for 
privacy issues. Data privacy issues can arise in response to 
information from a wide range of sources, such as: healthcare records, 
criminal justice investigations and proceedings, financial institutions 
and transactions, biological traits, such as genetic material, 
residence and geographic records.
  The greatest challenge that we face in data privacy is to share data 
while maintaining a high level of protection amongst personally 
identifiable information. The ability to control what information one 
reveals about oneself over the Internet, and who can access that 
information, has become a growing concern over the ability for emails 
to be stored or read by third parties without consent, as well as the 
possibility of web sites which are visited collecting, storing, and 
possibly sharing personally identifiable information about users. For 
many reasons, individuals may not wish for the revelation of personal 
information such as their religion, sexual orientation, political 
affiliations, or private activities.
  The economic crisis that our country is faced with today calls for an 
elevated guard of our financial information, as identity theft and a 
multitude of cyber-crimes are on the rise. Information about a person's 
financial transactions, including the amount of assets, positions held 
in stocks or funds, outstanding debts, and purchases can be sensitive. 
If criminals gain access to information such as a person's accounts or 
credit card numbers, that person could become the victim of fraud or 
identity theft. Information about a person's purchases can reveal a 
great deal about that person's history, such as places visited, persons 
contacted, products used, as well as activities and habits.
  National Data Privacy Day provides for an international 
collaboration, and a nationwide and statewide effort to raise awareness 
about data privacy and the protection of personal information on the 
Internet and will call for government officials from the United States 
and Europe, privacy professionals, academics, legal scholars, 
representatives of international businesses, and others with an 
interest in data privacy issues to work together on this date to

[[Page H500]]

further the discussion about data privacy and protection.


                               Conclusion

  Madam Speaker, I urge my colleagues to join me in supporting the 
promotion of the protection of personal information and data by 
designating January 28, 2009, as ``National Data Privacy Day,'' which 
will endorse the safeguard of personal information online and affects 
all of us.
  Mr. WELCH. I yield back the balance of my time.
  The SPEAKER pro tempore. The question is on the motion offered by the 
gentleman from Vermont (Mr. Welch) that the House suspend the rules and 
agree to the resolution, H. Res. 31.
  The question was taken.
  The SPEAKER pro tempore. In the opinion of the Chair, two-thirds 
being in the affirmative, the ayes have it.
  Mr. WELCH. Madam Speaker, on that I demand the yeas and nays.
  The yeas and nays were ordered.
  The SPEAKER pro tempore. Pursuant to clause 8 of rule XX and the 
Chair's prior announcement, further proceedings on this motion will be 
postponed.

                          ____________________