WASHINGTON, June 16, 2011 – Just days after Senate email accounts were hacked, the House Subcommittee on Commerce, Manufacturing and Trade held a hearing Wednesday to discuss a draft bill that would require companies to minimize the amount of data collected from consumers and notify them within two days of a data breach.
Subcommittee members met with witnesses to clarify the ambiguous language of a discussion draft of Subcommittee Chairman Rep. Mary Bono Mack’s (R-CA) Secure and Fortify (SAFE) Data Act. The measure addresses the increasing threat of data theft, in the wake of high-profile cyber attacks on Sony, Epsilon, Lockheed-Martin and other U.S. companies.
The SAFE Data Act, is based on the language of the Data Accountability and Trust (DATA) Act , according to an internal committee memorandum.
Members reiterated key revisions within the SAFE Data Act throughout the hearing. In the new legislation, companies would be required to notify law enforcement authorities and consumers within 48 hours of the breach. The bill would also include a provision, also known as ‘data minimization,” for companies to reduce the amount of less sensitive information collected from consumers.
Rep. Henry Waxman (D-CA), in his opening remarks, while worried that the proposed legislation favors the protection of businesses over consumers, lauded the provision on ‘data minimization’ as ‘potentially valuable.’
“It’s time for us to declare war on identity theft and online fraud,” said Bono Mack in her opening statement, echoing a bipartisan call from members and witnesses for the drafting of a muscular national data breach notification law.
“E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with a robust cyber security.”
Edith Ramirez, Commissioner at the Federal Trade Commission, emphasized the need to notify consumers of a data breach “as soon as practicable.”
Ramirez also requested that the bill require the FTC to be notified at the same time as law enforcement agencies and that the agency should be granted the authority to sue non-profit entities for data security violations.
“The FTC promotes data security through law enforcement, consumer and business education, and policy initiatives.," said a statement issued by the agency. "Since 2001, the agency has brought 34 cases charging business to protect consumers’ personal information.”
The proposed legislation would also preempt the data breach notification laws already in place in 47 states in order to create national legal consistency. The provision responds to a pronounced frustration by private companies over the confusing labyrinth of state data breach notification laws
Marc Rottenberg, Executive Director of Electronic Privacy Information Center, however, cautioned members to take into consideration stronger state data breach notification laws while drafting the new legislation so as not to override them with a weaker federal mandate.
Rottenberg also articulated concerns that the draft’s current definition of ‘Personal Information’ was too narrow.
“The bill seems to suggest that a social security number would not be personally identifiable if it is possessed without a associated person’s name,” said Rottenberg.
“The bill also ignores other popular identifiers, such as a user ID for Facebook, which points as readily to a unique individual as would a driver’s license or a social security number.”
House members are energized to move quickly due to growing numbers of sophisticated cyber attacks and increased consumer reliance upon cloud computing. A senior advisor, in response to an email query, said that Congresswoman is looking to incorporate into her legislation some of the ideas raised by other members at the hearing.
According to a senior advisor speaking on condition of anonymity in Bono Mack's office, the representative expects to have a bill up before the full House within a month.
The congresswoman reiterated in comments after the hearing her intent on having a full committee markup of the bill before the August recess.
“It is my intent with [Rep. G.K. Butterfield (D-NC)] is that there is a bipartisan bill that moves through the Senate,” said Bono Mack. “Maybe [the recent Senate attacks] will give them a bit of an incentive over there.”
- Broadband Roundup: Bill Aims to Make Social Media Interoperable, Colorado Drops T-Mobile Lawsuit, Indian Country Very Unconnected
- Africa’s Informal Sector Marred by Small Manufacturing Base and Low Technology Adoption, Brookings Experts Say
- Wireless Internet Providers Excited About Multiple Spectrum Sharing Opportunities, Including FCC Priority Access
- FCC Commissioner Geoffrey Starks Gives the Broadband Scoreboard at SHLB: FCC Maps-0, Libraries-1
- Senate Appropriations Subcommittee Tackles Question of Public Versus Private Auction of C-Band Spectrum
Signup for Broadband Breakfast
Intellectual Property3 months ago
In Congressional Oversight Hearing, Register of Copyrights Says Office Is Responding to Online Users
Broadband Data5 months ago
Pennsylvania Broadband Speeds Worse Than Previously Believed, According to State Report
Broadband Data4 months ago
California Report: Income Most Significant Factor in Low Broadband Adoption
Privacy and Security2 months ago
Comparing Privacy Policies for Wearable Fitness Trackers: Apple, Fitbit, Xiaomi and Under Armour
Antitrust1 month ago
Addressing the Impact of Big Data Upon Antitrust is More Complicated Than a Big Tech Breakup
Expert Opinion3 months ago
Geoff Mulligan: A ‘Dumb’ Way to Build Smart Cities
Antitrust1 month ago
Broadband Roundup: Everyone (Almost) Gangs Up on Google, Muni Broadband Fact Sheet, SHLB Anchornet Conference
Broadband Roundup2 months ago
Cable Industry Touts Energy Efficiency, Next Century Highlights Open Access Fiber, Aspen Forum Set