The House Energy and Commerce Committee yesterday gave the green light to a draft of the Data Security and Breach Notification Act, which would set national standards for companies in protecting and securing customers’ personal information. The bill would supersede several state laws already on the books.
The proposed legislation calls for empowerment of both state attorney generals and the Federal Trade Commission in levying civil penalties for violations. Private legal actions are not covered in the bill.
“Over 40 bills have been introduced in Congress since the first major data breach in 2005 and we haven’t yet reached the finish line,” said Committee Chairman Fred Upton (R-MI). “This committee has worked hard to find a balanced, well-targeted solution, and I believe our legislation is closer than we have come in a long time to addressing a problem that has only worsened over the past decade.”
The House’s move for a national data privacy policy was matched today in the Senate with the introduction of The Data Security Act of 2015, modeled after the Gramm-Leach-Bailey Act of 1999. Sen. Tom Carper (D-DE), co-sponsor of the bill with Sen. Roy Blunt (R-MO), commented that, despite an increasing number of data breaches, “there still is no single federal law that provides a clear, consistent, and comprehensive protection to American consumers.”
The Direct Marketing Association issued a statement applauding the House committee’s approval of the bill, which it agrees would bring added protections to businesses and consumers alike. “DMA remains confident that Congress will do the right thing and come together in a bipartisan fashion to address this pressing issue,” said Peggy Hudson, the association’s SVP of government affairs. “We will continue to work with both Republicans and Democrats as this bill moves to the full House for consideration.”
The bill’s standards for data breach notifications would have a direct impact on marketers, according to DMA VP of Government Affairs Rachel Nyswander Thomas. “When you experience a breach, the potential to lose customer trust is massive and very difficult to maintain,” she said.
