A closely watched bipartisan national data privacy, security, and breach notification bill cleared a House subcommittee yesterday, sending it to the full House Energy and Commerce Committee for review. There have been many similar bills introduced over the years to attempt to establish one clear standard for data privacy and breach notification, to replace the 47 different state laws in place now. None of them have been successful yet.
This legislation aims to set a national standard for data privacy, security and breach notification by requiring companies to report cyber intrusions, share information about cyber hackings, strengthen consumer protection and apply a uniform data breach notification standard. The subcommittee added several amendments to the bill, including one requiring the FTC to educate small businesses about data security.
There continues to be criticism of some aspects of the bill, but in this environment when massive data breaches are occurring every day, the timing for setting a national standard may be riper than in the past. Many predict this bill will die like the ones before it, even though it is needed now more than ever, but we will continue to watch it as it winds through the system.