House Focuses on Data Breach Bills
Monday, March 30, 2015
House Focuses on Data Breach Bills

Related Practices & Jurisdictions
Print Mail Download i

The issues of data breach notification and data security issued received a fair amount of attention in the House this week:  On Wednesday, the House Energy and Commerce Subcommittee on Trade approved one data breach bill, and on Thursday, Rep.  Jim Langevin (D-RI), co-chairman of the House Cybersecurity Caucus, announced the release of another.

The bill approved on Wednesday—the Data Security and Breach Notification Act—is sponsored by Reps. Michael Burgess (R-TX),  Marsha Blackburn (R-TN),  and Peter Welsh (D-VT).  It would require companies to maintain reasonable security practices and inform customers within 30 days if their data might have been stolen during a breach.  It would also empower the Federal Trade Commission (“FTC”) to enforce the bill’s rules.

The bill was approved along party lines, with Republicans and Democrats disagreeing over the bill’s preemption of state data security and breach notification standards.  Several Democrats expressed concern that the bill would provide a uniform federal data security standard at the expense of eliminating stronger consumer protections at the state level.

Rep. Joseph Kennedy (D-MA) offered two amendments to prevent the bill from preempting state data security requirements and relevant common law, but the amendments failed to garner sufficient support.  Democrats also offered amendments to give the FTC rulemaking authority to define “personal information” and to bolster the Federal Communications Commission’s data security role.  These measures were also defeated.

Langevin’s legislation, which requires companies to disclose data breaches to affected customers within 30 days of discovery, will go head-to-head with the Data Security and Breach Notification Act.  Langevin said he thinks data security regulation should remain at the state level.  Representatives will likely debate Langevin’s bill in the near future.

Langevin also introduced another bill on Thursday, which would establish a point-person in the executive office of the president to oversee the cybersecurity of the .gov domain.

This post was written with contributions from Ani Gevorkian.

© 2024 Covington & Burling LLP

Current Legal Analysis

More from Covington & Burling LLP

Standing Issues in Data Breach Litigation: An Overview
by: Priscilla Fasoro , Lauren Wiseman
Financial Agencies Release Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing
by: Lucille C. Bartholomew
Senate Confirms Kraninger as BCFP Director
by: Luis Urbina
FTC Solicits Public Comment on Identity Theft Detection Rules
by: S. Burr Eckstut
Significant FDA Digital Health Policy Development for Prescription Drug Sponsors
by: Mingham Ji , Christina G. Kuhn
First Significant Pay-to-Play Legislation for the District of Columbia Approved by D.C. Council
by: Kevin Glandon
FTC Settles with PR Firm and Publisher Over Social Media Endorsements
by: Inside Privacy Blog at Covington and Burling
Senate Testimony Highlights Tensions in BSA/AML Reform Efforts as Lawmakers Consider Bipartisan Legislation
by: Sam Adriance
Reprieve in U.S.-China Trade Tensions: U.S. Tariffs on $200 Billion in Chinese Imports to Stay at 10 Percent for 90 Days; China to Purchase U.S. Goods
by: Christopher Adams , John Veroneau
AI Update: FCC Hosts Inaugural Forum on Artificial Intelligence
by: Thomas Parisi

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins