Companies that store certain types of personal information about web users -- including their "faceprints," digital photos, and geolocation data -- could face new regulations if a bill introduced this week by Sen. Patrick Leahy (D-Vermont) moves forward.
The measure also would obligate companies handling sensitive data to use encryption (or other protective technologies), to vet third parties before allowing them to acquire the data, and to destroy sensitive information when it is no longer needed.
Data covered by the bill includes social security numbers, bank account numbers, biometric data such as faceprints and fingerprints, geolocation data and password-protected photos and videos.
Senators Ed Markey (D-Massachusetts.), Richard Blumenthal (D-Connecticut); Ron Wyden (D-Oregon), Al Franken (D-Minnesota), Tammy Baldwin (D-Wisconsin), and Kamala Harris (D-California) are co-sponsoring the measure.
The bill also would require companies to notify consumers about data breaches. The measure was unveiled two months after the credit bureau Equifax disclosed that hackers obtained a trove of personal information -- including names, Social Security numbers, birthdays and addresses -- of more than 140 million people.
Equifax isn't the only company to suffer a massive data hack. Yahoo also disclosed recently that hackers obtained data from 3 billion accounts in 2013. Several years ago, hackers who broke into Apple's iCloud released private photos of celebrities.
Advocacy groups including Public Knowledge, the Center for Democracy and Technology, the Consumer Federation of America and New America’s Open Technology Institute are backing the bill.