The collection, protection and use of personally identifiable information by both the government and private companies deserves close scrutiny. Americans are rightly concerned about the collection and use of their data, and how such data is secured and protected. So concerned, in fact, that in January 2014, Congress adopted a resolution expressing support for the designation of January 28 as “National Data Privacy Day.” This is an international effort held annually to create awareness about the importance of respecting privacy and safeguarding data.
The number of data breach incidents at U.S. businesses, government agencies and other organizations topped 1,500 in 2017, versus fewer than 200 in 2005, according to the Identity Theft Resource Center. The discrepancy is large, but not particularly surprising. As technology has developed, and the ability to readily and cheaply interact with and use data has flourished, we have experienced a sort of revolution into the digital era. This digital revolution brings with it the promise of increasing consumer choice, inclusion and economic prosperity, among other things. Although these technological developments are incredibly positive, the increased digitization and ease of collecting, storing and using data present a new set of challenges and require our vigilance.
Concerns about privacy and protection of personal information are not new. What is new is the vast amount of data collected by entities, and the ease with which it is done. Many of today’s products and services revolve around big data analytics, data aggregation and other technologies that make use of consumer data. Oftentimes, these processes operate in the background, and are not always completely transparent to consumers. Big data collection has long troubled me, and it is important for consumers to know when their data is being collected and how it is being used. It is equally important for the companies and the government alike to act responsibly with this data and ensure its protection. As we have seen in recent years, this can be a challenging task.
In order to fully embrace the immense benefits that can result from technological innovation, we must ensure proper safeguards are in place and consumers are fully informed. In light of the hundreds of millions of consumer accounts affected by massive data breaches at corporate entities and government agencies, we cannot underestimate the intrinsic vulnerability in collecting and storing our personal financial information.
Aside from collection and protection, consumers should also focus on how their information is used. For example, last year, some began to encourage banks to use customers’ information to further scrutinize activities for conformance to a social policy agenda, such as limiting sales of legal firearms. The use of Americans’ information to monitor and deny financial services to those engaged in completely legal (and, in this case, constitutionally-protected) conduct is alarming, and something I will continue to monitor closely.
Data privacy and data security legislation will remain a priority in the 116th Congress. As Chairman of the Senate Banking Committee, I intend to further explore legislative solutions that would give consumers more control over and enhance the protection of consumer financial data, and ensure consumers are notified of breaches in a timely and consistent manner. We should also examine what can be done to ensure financial regulators and private financial companies give adequate disclosure to citizens and consumers about what information is being collected about them and for what purposes, and what can be done to implement best practices to give citizens and consumers control over how financial regulators, private financial companies and non-affiliated third parties use consumer data.