Data Breach Notification Legislation Moves Forward

The controversial data breach notification legislation made its way past the committee level yesterday (April 15) when the House Energy and Commerce Committee approved the measure 29-20.

The Data Security and Breach Notification Act of 2015, which was sponsored by Republican Rep. Marsha Blackburn and Democrat Peter Welch, was approved by the House Energy and Commerce Subcommittee on Trade in late March, and will now head to the full Energy and Commerce committee with amendments.

While some legislators have argued the bill is too vague and overarching, others think there needs to be more provisions about enhanced consumer data protection at the state level — as well as the federal. Democrats against the bill have pushed to have more specifics included, while proponents of the bill think tailoring it too much would hinder the impact of the legislation.

“I am very concerned,” Rep. Frank Pallone (D-N.J.) said yesterday, according to The Hill. “I just think that this is moving much too quickly. There are a lot of changes that I think need to be made. I’m very concerned, particularly, about the preemption issue. All of these things need a lot of time and work … I would like to see the process slowed down.”

In response to the bill’s committee approval, the National Retail Association released a statement from Senior Vice President and General Counsel Mallory Duncan.

“We need strong tools to combat criminal data breaches. Throughout this process, it has been our goal to work toward legislation that advances and strengthens consumer protections and incentivizes businesses to safeguard sensitive data. NRF commends the committee leadership and bill sponsors for their dedicated efforts to reach these important goals,” she said. “In order to be successful, data breach legislation must secure a single national standard and match any penalties to obligations so as to avoid adverse effects on small and medium-sized businesses attempting to deal with the scourge of criminal hacks.”

On behalf of the NRF, she praised the committee for passing the measure and urged that the “legislation must ensure public notice of breaches so consumers are promptly and effectively informed and businesses understand and appreciate the consequences of failing to adequately guard sensitive information.”

The bill requires that a business inform customers within 30 days if their data might have been stolen during a breach. The clock starts after the business has discovered the breach and conducted a good-faith investigation to determine if there’s a reasonable risk of identity theft, financial fraud or economic loss or harm, and restored the security of the breached systems.

In addition, the amended bill would require breached third-party vendors to notify affected consumers on the same schedule.

But the bill also preempts state notification and security requirements, many of them conflicting. Opponents of previous breach bills have fought for a single national standard both for notifications and security requirements. The new legislation bumps out specific requirements that exist in 47 states in favor of maintaining “reasonable security measures and practices.” That last section, in part, has been one aspect of why the bill has been so controversial because some legislators have said it is too vague and could lead to being overly intrusive in business and consumer privacy.

Get our hottest stories delivered to your inbox.

Sign up for the Newsletter to get updates on top stories and viral hits.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Recent Posts

Agora Services Debuts New Tools For SMB Banking

Challenger bank Agora Services wants to address challenges with banking for small businesses with a new solution called Agora SMB,…

2 hours ago

Google Almost Done With Transition To SAP Ariba Network

Google's transition to SAP Ariba's cloud-based services has a completion date set for Aug. 24 after multiple waves that began…

2 hours ago

Fed Moves Ahead With FedNow Despite Objections

Not everyone favors the Federal Reserve Board’s launch of its settlement service designed to eliminate the three-day check clearing and…

3 hours ago

Pelosi, Mnuchin Call For Reopening Stimulus Talks

Weeks of failed negotiations on pandemic-related aid has led to House Speaker Nancy Pelosi and Treasury Secretary Steve Mnuchin, representing…

3 hours ago

Bitcoin Daily: S. Korea To Use Blockchain To Collect Highway Tolls; Polish Financial Watchdog Warns Of Fake Crypto Scams

South Korean highways could see blockchain-based toll booths before the end of the year, according to a report from Crypto…

4 hours ago

CHAMPS Group Purchasing Works With Procurement Partners On Smoother P2P Services

CHAMPS Group Purchasing is partnering with Procurement Partners, which works in procure-to-pay (P2P) solutions, to provide a new service for…

4 hours ago