WASHINGTON, DC - The Subcommittee on Commerce, Manufacturing, and Trade today took a critical step in its efforts to advance a single, federal standard on data security and breach notification. Members of the subcommittee reviewed a bipartisan draft of “The Data Security Breach Notification Act, " authored by Energy and Commerce Committee Vice Chairman Marsha Blackburn (R-TN) and Rep. Peter Welch (D-VT).
The draft bill is designed to help protect sensitive consumer information from the consequences of harmful cyber attacks. The bill requires entities that collect and maintain personal information of individuals secure that information and provide notice to the individual should a breach of security occur. Members heard today from government and private sector witnesses who offered their perspectives on the draft and provided some suggestions for improvement.
“Data breaches are a real and growing threat. Many Americans have already suffered the consequences of a cyber crime and nearly every consumer’s personal information is at risk in this digital age," said Subcommittee Chairman Michael C. Burgess, M.D. (R-TX). “Ten years in - we do have greater insight into what cyber criminals are doing and on their impact. Conservative estimates put cyber crime costs to consumers at $100 billion annually. And cyber crime is estimated to cost the U.S. economy 508,000 jobs each year."
“It’s important that we do something now," said Full Committee Vice Chairman Marsha Blackburn (R-TN). “2014 was dubbed the year of the breach. The issue is getting out of control, and we need to take steps to put the guidance in place so individuals will know they have the tools in place to protect their data and their presence online."
“Cybercrime is a crisis for American consumers and businesses," said Welch. “Rome is burning while Congress has been asleep at the switch. This legislation is an important first step towards protecting Americans’ sensitive financial information from cyber criminals. We made good progress in today’s hearing identifying the challenges to gaining consensus. I am optimistic that we can improve on this draft and ultimately get a bipartisan bill to the President’s desk for his signature."
Jessica Rich, Director of the Bureau of Consumer Protection at the Federal Trade Commission highlighted that within the last year alone news headlines have been filled with reports of data breaches impacting millions of Americans and agreed that the time for strong legislation is now. “If sensitive information falls into the wrong hands, the results can be devastating," she said. “The commission supports the goals of the subcommittee’s data security bill to establish broadly applicable data security standards for the companies and require them, in certain circumstances, to notify consumers in the event of a data breach."
Senior Vice President and General Counsel at the National Retail Federation Mallory Duncan thanked subcommittee members and praised their efforts to tackle such a complex issue. “Through this hard work, the Committee on Energy and Commerce is beginning to take steps necessary to help raise the level of data security practices throughout industry and to provide greater consumer awareness and notification of breaches of security when they do occur."
Yael Weinman, Vice President of Global Privacy Policy at the Information Technology Industry Council, noted the importance of the draft’s preemption language, stating, “The draft bill preempts the patchwork of 51 breach notification regimes. Preemption is critical in order to streamline the data breach notification regime in place today. Without preemption, however, the bill would further muddy the unclear waters and add another layer of complexity to the data breach response process by adding a 52nd law to the existing patchwork."
The Honorable Jon Leibowitz, Co-Chairman of the 21st Century Privacy Coalition and former FTC head, supported the effort. He stated, “Given the bipartisan congressional support for data breach legislation as well as support from the President and the FTC, we believe that Congress is poised to enact legislation that better protects consumers, and avoids the pitfalls inherent in today’s patchwork of conflicting laws and requirements."
Full committee Chairman Fred Upton (R-MI) added, “By targeting the most sought-after personal information and the areas lacking current federal protections, this bill avoids controversial issues that have derailed past efforts. Our goal is to create clear requirements to secure personal information from - and notify consumers in cases of - unauthorized access; the goal is not to broadly regulate the use of data."
Afterward Burgess concluded, “It was a good airing of perspectives. There seemed to be two camps - folks wanting to target privacy and folks targeting the criminal incentives for data breaches. The latter is something that I think could pass and help consumers. I look forward to continuing the bipartisan and good faith negotiations with all interested stakeholders."
