Congress fails to reach agreement on cybersecurity legislation

Our guest blogger this week is Zachary Smith, a legislative analyst for the Experian Government Affairs team.

Despite being a top priority for the Administration and leadership in Congress for much of the past year, the Senate failed to reach agreement on a comprehensive cybersecurity bill before adjourning for August recess.

After several revisions, the Senate began debate on the Cybersecurity Act of 2012 during the last week of July.  The bill would have created a National Cybersecurity Council to develop best practices for industries designated as “critical infrastructure.”  These industries might include utilities, pipelines and financial service companies.  In addition, the legislation would have encouraged the establishment of voluntary data exchanges to allow government agencies and private companies to share cyber threat information.

Disagreements arose between over the level of authority that the proposal would provide the Federal government to establish new cybersecurity standards for certain entities that it deemed to be “critical infrastructure.”  A majority of Senate Republicans voiced support for alternative legislation that would make the participation by private entities completely voluntary.

There were also attempts to establish a new law for a national data breach notification standard.  However, the Senate could not reach agreement on specific provisions of a preemptive program.

There is a possibility that the Senate could revisit cybersecurity legislation when it returns for a brief work period in September or during the lame duck session after the election.  However, unless there are significant changes made to the bill so that it is palatable to a significant majority in the Senate, it is highly unlikely that legislation will be passed and signed into law this year.