WASHINGTON, June 16, 2011 – Just days after Senate email accounts were hacked, the House Subcommittee on Commerce, Manufacturing and Trade held a hearing Wednesday to discuss a draft bill that would require companies to minimize the amount of data collected from consumers and notify them within two days of a data breach.
Subcommittee members met with witnesses to clarify the ambiguous language of a discussion draft of Subcommittee Chairman Rep. Mary Bono Mack’s (R-CA) Secure and Fortify (SAFE) Data Act. The measure addresses the increasing threat of data theft, in the wake of high-profile cyber attacks on Sony, Epsilon, Lockheed-Martin and other U.S. companies.
The SAFE Data Act, is based on the language of the Data Accountability and Trust (DATA) Act , according to an internal committee memorandum.
Members reiterated key revisions within the SAFE Data Act throughout the hearing. In the new legislation, companies would be required to notify law enforcement authorities and consumers within 48 hours of the breach. The bill would also include a provision, also known as ‘data minimization,” for companies to reduce the amount of less sensitive information collected from consumers.
Rep. Henry Waxman (D-CA), in his opening remarks, while worried that the proposed legislation favors the protection of businesses over consumers, lauded the provision on ‘data minimization’ as ‘potentially valuable.’
“It’s time for us to declare war on identity theft and online fraud,” said Bono Mack in her opening statement, echoing a bipartisan call from members and witnesses for the drafting of a muscular national data breach notification law.
“E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with a robust cyber security.”
Edith Ramirez, Commissioner at the Federal Trade Commission, emphasized the need to notify consumers of a data breach “as soon as practicable.”
Ramirez also requested that the bill require the FTC to be notified at the same time as law enforcement agencies and that the agency should be granted the authority to sue non-profit entities for data security violations.
“The FTC promotes data security through law enforcement, consumer and business education, and policy initiatives.," said a statement issued by the agency. "Since 2001, the agency has brought 34 cases charging business to protect consumers’ personal information.”
The proposed legislation would also preempt the data breach notification laws already in place in 47 states in order to create national legal consistency. The provision responds to a pronounced frustration by private companies over the confusing labyrinth of state data breach notification laws
Marc Rottenberg, Executive Director of Electronic Privacy Information Center, however, cautioned members to take into consideration stronger state data breach notification laws while drafting the new legislation so as not to override them with a weaker federal mandate.
Rottenberg also articulated concerns that the draft’s current definition of ‘Personal Information’ was too narrow.
“The bill seems to suggest that a social security number would not be personally identifiable if it is possessed without a associated person’s name,” said Rottenberg.
“The bill also ignores other popular identifiers, such as a user ID for Facebook, which points as readily to a unique individual as would a driver’s license or a social security number.”
House members are energized to move quickly due to growing numbers of sophisticated cyber attacks and increased consumer reliance upon cloud computing. A senior advisor, in response to an email query, said that Congresswoman is looking to incorporate into her legislation some of the ideas raised by other members at the hearing.
According to a senior advisor speaking on condition of anonymity in Bono Mack's office, the representative expects to have a bill up before the full House within a month.
The congresswoman reiterated in comments after the hearing her intent on having a full committee markup of the bill before the August recess.
“It is my intent with [Rep. G.K. Butterfield (D-NC)] is that there is a bipartisan bill that moves through the Senate,” said Bono Mack. “Maybe [the recent Senate attacks] will give them a bit of an incentive over there.”
- Part IV: As Hate Speech Proliferates Online, Critics Want to See and Control Social Media’s Algorithms
- Part III: The GOP Wants to Kill the Fairness Doctrine, Then Applies It to the Internet
- Justice Department Collaborating with State Attorneys General’s Antitrust Investigation of Big Tech, Says Chief
- Part II: Senators Josh Hawley and Ted Cruz Want to Repeal Section 230 and Break the Internet
- A Short History of Online Free Speech, Part I: The Communications Decency Act Is Born
Intellectual Property4 weeks ago
In Congressional Oversight Hearing, Register of Copyrights Says Office Is Responding to Online Users
Broadband Data3 months ago
Pennsylvania Broadband Speeds Worse Than Previously Believed, According to State Report
Broadband Data2 months ago
California Report: Income Most Significant Factor in Low Broadband Adoption
Fiber2 weeks ago
‘Dig Once’ Provides Future-Proofing Solution for Federal Highway Infrastructure, Says BroadbandNow
Drones2 weeks ago
Greater Commercial Use of Drones Will Force Revisions of Federal Aviation Administration Regulations, Say Experts
Broadband Roundup2 weeks ago
Cable Industry Touts Energy Efficiency, Next Century Highlights Open Access Fiber, Aspen Forum Set
Broadband Roundup1 week ago
Trump Delays 10 Percent Tariff on Chinese Tech Goods, Buttigieg on Broadband, Facebook Eavesdropping
Free Speech2 days ago
Part IV: As Hate Speech Proliferates Online, Critics Want to See and Control Social Media’s Algorithms