EPIC Statement Expressing Concerns on the Inclusion of the Judicial Security and Privacy Act in the NDAA

Congress is currently considering passing a narrow and ineffective privacy law; they should take a more comprehensive approach as EPIC has previously recommended. The Judicial Security and Privacy Act, currently integrated into the NDAA, would in practice do very little to protect the privacy of personal information about federal judges and their families. The bill as currently written would make almost all data brokers exempt from the rules that are ostensibly meant to limit data broker sales of protected personal information. Congress should not pass a privacy and data broker bill that fails to regulate data brokers or protect consumers. 

The Judicial Security and Privacy Act purports to prohibit data brokers from knowingly selling, licensing, trading, transferring, or purchasing the personal information of those covered by the bill (judges and their close relatives). The ostensible goal is to limit access to addresses and other personal information that could pose a risk to these individuals. But the bill as written exempts any “consumer reporting agency subject to the Fair Credit Reporting Act” and any “financial institution subject to the Graham-Leach-Bliley Act.” But these are precisely the types of data brokers that buy and sell people’s personal information in ways that could put the subjects of this bill at risk. 

The entities subject to the FCRA include commercial websites like Spokeo that sell access to personally identifiable information, including contact data, marital status, age, occupation, economic health, and wealth information. And the GLBA applies to a wide range of entities that “offer financial products and services to individual” like loans and insurance. So the Judicial Security and Privacy Act would, by exempting these entities, not actually accomplish the goal of protecting judges and their families from data brokers and threats to their privacy or security. 

All Americans deserve privacy protections that actually work. That is why we urge the Senate to remove the Judicial Security and Privacy Act from the NDAA and instead work towards passing meaningful, comprehensive privacy protections for all Americans.