WASHINGTON, June 16, 2011 – Just days after Senate email accounts were hacked, the House Subcommittee on Commerce, Manufacturing and Trade held a hearing Wednesday to discuss a draft bill that would require companies to minimize the amount of data collected from consumers and notify them within two days of a data breach.
Subcommittee members met with witnesses to clarify the ambiguous language of a discussion draft of Subcommittee Chairman Rep. Mary Bono Mack’s (R-CA) Secure and Fortify (SAFE) Data Act. The measure addresses the increasing threat of data theft, in the wake of high-profile cyber attacks on Sony, Epsilon, Lockheed-Martin and other U.S. companies.
The SAFE Data Act, is based on the language of the Data Accountability and Trust (DATA) Act , according to an internal committee memorandum.
Members reiterated key revisions within the SAFE Data Act throughout the hearing. In the new legislation, companies would be required to notify law enforcement authorities and consumers within 48 hours of the breach. The bill would also include a provision, also known as ‘data minimization,” for companies to reduce the amount of less sensitive information collected from consumers.
Rep. Henry Waxman (D-CA), in his opening remarks, while worried that the proposed legislation favors the protection of businesses over consumers, lauded the provision on ‘data minimization’ as ‘potentially valuable.’
“It’s time for us to declare war on identity theft and online fraud,” said Bono Mack in her opening statement, echoing a bipartisan call from members and witnesses for the drafting of a muscular national data breach notification law.
“E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with a robust cyber security.”
Edith Ramirez, Commissioner at the Federal Trade Commission, emphasized the need to notify consumers of a data breach “as soon as practicable.”
Ramirez also requested that the bill require the FTC to be notified at the same time as law enforcement agencies and that the agency should be granted the authority to sue non-profit entities for data security violations.
“The FTC promotes data security through law enforcement, consumer and business education, and policy initiatives.," said a statement issued by the agency. "Since 2001, the agency has brought 34 cases charging business to protect consumers’ personal information.”
The proposed legislation would also preempt the data breach notification laws already in place in 47 states in order to create national legal consistency. The provision responds to a pronounced frustration by private companies over the confusing labyrinth of state data breach notification laws
Marc Rottenberg, Executive Director of Electronic Privacy Information Center, however, cautioned members to take into consideration stronger state data breach notification laws while drafting the new legislation so as not to override them with a weaker federal mandate.
Rottenberg also articulated concerns that the draft’s current definition of ‘Personal Information’ was too narrow.
“The bill seems to suggest that a social security number would not be personally identifiable if it is possessed without a associated person’s name,” said Rottenberg.
“The bill also ignores other popular identifiers, such as a user ID for Facebook, which points as readily to a unique individual as would a driver’s license or a social security number.”
House members are energized to move quickly due to growing numbers of sophisticated cyber attacks and increased consumer reliance upon cloud computing. A senior advisor, in response to an email query, said that Congresswoman is looking to incorporate into her legislation some of the ideas raised by other members at the hearing.
According to a senior advisor speaking on condition of anonymity in Bono Mack's office, the representative expects to have a bill up before the full House within a month.
The congresswoman reiterated in comments after the hearing her intent on having a full committee markup of the bill before the August recess.
“It is my intent with [Rep. G.K. Butterfield (D-NC)] is that there is a bipartisan bill that moves through the Senate,” said Bono Mack. “Maybe [the recent Senate attacks] will give them a bit of an incentive over there.”
- Smart Cities Connect to Hold 2020 Global Event Honoring 50 Smart Projects
- Broadband Roundup: More on the Rural Digital Opportunity Fund, 5G National Advocacy, and Policy Hackers
- Panelists on NTIA Broadband Webinar Say Smart Buildings Boost Civic Resiliency and Public Health
- Dynamic Spectrum Sharing Subject of Debate at Senate Commerce Committee Hearing on the Future
- FTC Settlement with YouTube Has Creators Upset and Worried About FTC Approach to Children’s Privacy
Signup for Broadband Breakfast
China2 months ago
Prakash Sangam: China’s Huawei Clones Are Greater Threat to National Security than Huawei
Open Access3 weeks ago
UTOPIA Fiber: A Model Open-Access Network
Broadband's Impact3 months ago
FCC Chairman Ajit Pai Praises Agency’s Work in Promoting High-Speed Internet at ‘Broadband Heros’ Event
Open Access2 months ago
UTOPIA Fiber Announces Partnerships with Morgan, Utah, Idaho Falls, and Other Cities
Broadband Mapping & Data3 months ago
Broadband Data From Providers Needs to be Checked With Data From Users, Say Panelists at Mapping Event
Education2 months ago
State Educational Technology Officials Say Better Broadband Necessary for Pedagogy and Equity
FCC2 months ago
As Next Year’s C-Band Auction Looms, FCC Officials Reflect on Innovation in Spectrum Auctions
FCC1 month ago
Telephony Industry Rises to the Challenge of Robocalls, With Legislation, Regulation and Enforcement Close Behind