Data Security Bills Abound
Following the spring announcements of several high profile data security breaches, renewed political interest in data security legislation has reached a fevered pitch. Along with the Obama Administration, multiple committees in the House and Senate are involved, with no less than half a dozen bills having already been introduced.
While the House and Senate Commerce and Judiciary committees held half a dozen hearings on the matter throughout the spring, the mid-May Administration release of a legislative proposal on cybersecurity, one component of which was “draft” data security legislation, led to a flurry of bills being introduced. A majority of the bills attempt to achieve similar goals — mandating information security measures and notification to consumers in the event of a breach of security. However, they differ significantly on critical issues like what triggers notification, the timing of the notice, the definition of what data is covered, and the extent to which a new federal law would preempt the 45 existing state laws relating to data security and breach notification. All of the proposed bills would cover data magazine publishers use and store as a part of their regular business practices.
Though there is some Congressional and industry support for action, at this juncture, it does not appear likely that comprehensive data security legislation will advance this year. However, should a broader effort on the related issue of cybersecurity, an Administration priority, move forward, it remains possible that cybersecurity could serve as a vehicle to move the issue of data security forward as well.