Sending Office: Honorable James R. Langevin
Sent By:

        Request for Cosponsor(s)

Cosponsors (13)Robert BradyDemings, Evans, Jackson Lee, Khanna, Lieu, Moore, Ruppersberger, Shea-Porter, Slaughter, Speier, Takano, Bennie Thompson

Dear Colleague,

The number of cybersecurity incidents continues to rise and companies continue to have consumer data stolen from their networks.  Often, the notification to consumers about such breaches is slow and inconsistently executed across states. The breach of Uber in
which hackers stole the personal data of 57 million customers and drivers is the most recent example.  The ride sharing service concealed the details of the breach for more than a year, even paying the attackers a significant sum to remain silent. This breach
follows Equifax losing control of the highly sensitive personal and financial information of as many as 143 million Americans, throwing in stark relief the scope and damage
that can be caused by these incidents. In the weeks since the Equifax breach was first revealed, confusion has abounded among people wondering whether or not their data have been exposed and what Equifax knew when.

We place trust in corporations to protect our most crucial information: social security numbers, financial records, employment history, and other sensitive data.  When a malicious actor breaches company safeguards, consumers lose control of these sensitive
secrets and are at risk for fraud and identity theft.  To encourage businesses to improve their data security and to better protect consumers in case of a breach, I have reintroduced the Personal
Data Notification and Protection Act
.  This bill provides consumers with clear, actionable information when their data are compromised by:

  • Requiring that companies storing data on more than 10,000 individuals to directly notify such individuals of any breach of their sensitive personal information within 30 days of discovery.
  • Preempting a patchwork of 48 state breach notification laws and replacing them with a single nationwide standard to streamline and strengthen companies’ obligations to report intrusions that compromise consumers’ personal information. 
  • Empowering the Federal Trade Commission (FTC) to define the criteria for personally identifiable information that triggers notification.
  • Establishing a repository at the Department of Homeland Security (DHS) for information about threats, incidents, and vulnerabilities that arise from data breaches.
  • Providing a safe harbor for responsible data security practices, such as encryption, that render stolen data unreadable. 

Please join me in cosponsoring HR 3806 to protect consumers by increasing transparency and streamlining breach notification standards. If you or your staff have any questions about
the bill, please contact Nick Leiserson ( in my office.


James R. Langevin
Member of Congress

Related Legislative Issues

Selected legislative information: Consumer Affairs, Economy, Finance, Government, Homeland Security, Technology

Related Bill Information

Bill Type: H.R.
Bill Type: 3806
Special Note: The Personal Data Notification and Protection Act

icon eDC logo e-Dear Colleague version 2.0