Data Breach Legislation Gets Renewed Push on the Hill

Following President Obama’s lead, the House and Senate have made consumer data protection a top priority in their first month of work. And a number of associations look to play a role in the process.

After another round of high-profile hackings, data breach legislation is no longer on the back burner for Congress, and associations are trying to capitalize on this newfound opportunity.

In the wake of the Sony Pictures data breach, President Obama announced a major initiative on consumer privacy during his annual State of the Union address earlier this month—a move that seemed to give new life to the issue in both chambers of Congress.

How many more consumers will be affected before something is done? Now is the time Congress must act.

On Tuesday, the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing, and Trade held a hearing to discuss the necessary elements of a data breach bill. Subcommittee Chairman Michael Burgess (R-TX) called passage of a uniform data breach notification law a “top priority” for Congress this year.

“There is a limited window for us to act. Criminal data breaches have grabbed headlines for about a decade, but a consensus solution has thus far eluded federal legislators,” he said in his opening statement [PDF]. “This committee is calling for action, the president is calling for legislation … but most importantly, consumers are calling for legislation. The time to act is now.”

Several associations were present at the hearing, looking to shape the discussion.

“With the increasingly mobile and decentralized nature of our economy … most companies are under the umbrella of multiple state laws at all times,” said Elizabeth Hyman, executive vice president of public advocacy for TechAmerica, a subdivision of the Computing Technology Industry Association (CompTIA). “This patchwork of state [data breach notification] laws creates significant compliance costs since no two state data breach laws are exactly the same. Moreover, many of these state DBN laws are in conflict with each other.”

The Retail Industry Leaders Association supported CompTIA’s call for a uniform bill, but it also asked the subcommittee to consider adopting stronger debit and credit card security protections.

“The woefully outdated magnetic stripe technology used on cards today is the chief vulnerability in the payments ecosystem. This 1960s-era technology allows cyber criminals to create counterfeit cards and commit fraud with ease,” Brian Dodge, executive vice president of communications and strategic initiatives at RILA, said in his testimony. “Retailers continue to press banks and card networks to provide U.S. consumers with the same chip and PIN technology that has proven to dramatically reduce fraud when it has been deployed elsewhere around the world.”

Other groups, including the National Retail Federation, Credit Union National Association, and Electronic Frontier Foundation, all weighed in separately on the issue through letters to the subcommittee and blog posts on the issue.

On the other side of the Capitol, Sen. Bill Nelson (D-FL) renewed his push for a bill that would create uniform consumer notification requirements, and would task the Federal Trade Commission with developing new security standards to help businesses better protect consumers’ personal and financial information.

“How many more consumers will be affected before something is done? Now is the time Congress must act,” Nelson told reporters earlier this month.


Rob Stott

By Rob Stott

Rob Stott is a contributing editor for Associations Now. MORE

Got an article tip for us? Contact us and let us know!