- Several data breach security bills have been introduced within the last year, offering stronger protections for consumers as cyberattacks become more frequent. The state representatives who introduced one such bill recently submitted an article to The Hill explaining why Congress should consider their legislation and pass it on to the White House.
Reps. Marsha Blackburn (R-Tenn.) and Peter Welch (D-Vt.) reiterated to Congress that data breaches have become increasingly common, and that their bi-partisan legislation is the answer to protecting consumer information.
“Since 2005, there have been 4,000 data breaches compromising millions of Americans’ personal information,” the duo wrote. “During that same time, Congress has introduced more than 40 bills to attempt to address the problem of data breach, but not a single one is law because none struck the right balance.”
The Data Security and Breach Notification Act (HR 1770) was passed by The House Energy and Commerce Committee in April, and was then referred to the Subcommittee on Commerce, Manufacturing, and Trade.
Blackburn and Welch said that the legislation will protect consumers from financial fraud, economic loss, economic harm, identity theft, and health and medical fraud. The bill also requires consumers to be notified as soon as possible and not later than 30 days “after the covered entity has taken the necessary measures to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system.”
HR 1770 would also create “federal preemption,” which Blackburn and Welch believe would create better consistency in place of the various state laws currently dictating data breach security.
“States are not as well suited, in this space, to protect consumers from online hackers and criminals who do not stop their nefarious activity at a state’s border,” the duo said. “But states would still be free to address issues of data privacy — what data can be collected, how it is used and what sharing is allowed — after the passage of our bill as they are today.”
Blackburn and Welch added that “Congress has sat on the sidelines” while data breaches of all sizes have taken place. It is critical that Congress work to protect consumers and the economy from cyber attacks, the duo explained, and “the impact and significance of data breaches is obvious.”
However, HR 1770 has already been faced with criticism and has competition in terms of data security legislation. HealthITSecurity.com previously reported on other lawmakers’ concern with the Data Security and Breach Notification Act, saying that it is moving too quickly and changes still need to be made to it.
Moreover, The Consumer Privacy Protection Act was introduced on April 30 and would allow states to keep their own notification laws if they have more strict policies already in place. That legislation also includes medical and health information in types of data that individuals would need to be notified about should it be compromised.
“We must ensure consumers have strong protections on the federal level, but in so doing, we must make sure Congress doesn’t weaken state protections that consumers rely on to keep their information safe,” explained Connecticut Senator Richard Blumenthal, one of the bill’s sponsors. “Importantly, this measure strikes the right balance between state rights and strong federal enforcement and extends consumer privacy protections into a new digital era.”