3500 Lacey Road, Suite 100
Downers Grove, IL 60515
Last Thursday, Reps. Michael Burgess (R-TX), Marsha Blackburn (R-TN), and Peter Welch (D-VT) circulated a draft of a long-anticipated bipartisan data security and data breach notification bill, and it was certainly worth the wait. This bill has been in the works for months, but several of its original co-sponsors retired or lost re-election last year, delaying its release. The bill's bipartisan co-sponsorship is a major step towards establishing a national data breach notification standard, and it represents the first completely original such bill in years. The House Energy & Commerce Committee's Subcommittee on Commerce, Manufacturing and Trade will be holding a hearing tomorrow to discuss the draft.
The draft represents a true compromise between the bills we've seen from the respective parties over the last several years, and strikes the appropriate balance between protecting consumer data and regulating industry. Some of the key provisions of the bills are as follows:
There are still some unresolved questions in the draft, however, most notably about whether the preemption provision will prevent consumers from suing companies under state tort laws for damages stemming from breaches. We have long argued that a federal standard should preempt such laws. Additionally, the draft currently permits both the FTC and state AGs to punish companies for the same violation, meaning they could be hit with multiple fines for the same breach. We will continue to work towards resolving these issues.
In the meantime, tomorrow's hearing will go a long way towards determining whether this bill can get the necessary support to actually pass into law. We're still a ways from getting there, but this draft may represent the best chance at passing a national data breach notification standard in several years.