Congress continues to debate data breach legislation
Members of both the House and the Senate have continued to debate and discuss data security and data breach notification legislation in the aftermath of large-scale data breaches that occurred this spring. Continued domestic and international threats to the nation’s critical information infrastructure, whether maintained by private- or public-sector entities, also fuel the debate on data security. However, bills introduced in both the House and the Senate face significant hurdles before a bipartisan bill can be signed into law.
This controversy and lack of consensus were on display at a House Energy and Commerce Subcommittee hearing earlier this summer that focused on the SAFE Data Act (H.R. 3577), which would require commercial entities to meet a national data security and data breach notification standard. Partisan disagreement was demonstrated on issues such as defining the scope of sensitive data covered by the proposed bill and what role the Federal Trade Commission would have in writing regulations implementing the proposal. Furthermore, the issue of whether and how to preempt the current patchwork of state data breach notification laws continues to be controversial.
Disagreement also continues over which congressional committee has jurisdiction on data breach and data security issues. To date, the Senate Judiciary, Homeland Security, Banking and Commerce committees all have had bills introduced and signal that they intend to take the lead on actions pertaining to data security. It isn’t just Congress fighting over jurisdiction, as a number of federal agencies, including the Federal Trade Commission, the U.S. Secret Service and the Department of Homeland Security, all have a vested interest in the area of data security and data breach notification.