|
March 27, 2015 – The Data Security and Breach Notification Act of 2015 has cleared its first congressional hurdle. This week it was approved by the House Energy and Commerce Subcommittee on Trade and now advances. If ever there was a pig in lipstick, this bill is it! And we can hear it smacking its lips already.
The bill now moves to the full Energy and Commerce committee where it will be amended, marked up and presumably be approved for a vote by the full House of Representatives. You may find our position on this surprising but with a little luck, if the bill ever makes it to the Senate for a vote is will face a filibuster and die. We take that position because if it ever becomes law, it will preempt much stronger laws currently on the books in 47 states.
When the idea of a federal law on data breaches first reared its head a few years ago, it never really got much traction. Congress tried to sell the idea as a consumer protection bill. That worked for a while… when only a few states had data breach laws. But now that almost all states have laws on their books, making the claim that congress is just trying to protect consumers is a much more difficult sale. Frankly, the members of Congress who are behind this new effort aren’t making any claims that they are trying to protect consumers. The new argument is all about business.
Both congress and the White House are now pushing for a business friendly national data breach law. The claim is that it is too difficult for businesses to have to comply with 47 separate state laws so a single national standard is needed. Up to that point, we can all agree.
But that brings up the question. If there are too many laws on the books and you want to consolidate them into a single standard, why not take the most consumer friendly of those laws and rework them into a national standard? That is not what congress is doing.
As is, the law that is being considered would significantly weaken consumer protection laws across the United States. It would preempt all current state laws on data breaches. And while some states include medical information as personally identifiable information (PII), the proposed law would eliminate that designation.
The federal legislation would also place responsibility for enforcement of the law with the Federal Trade Commission; an agency that is already overburdened and underfunded.
And it isn’t just data breach laws that would be preempted. Other state laws that outlaw the publication of social security numbers or that restrict what information merchants can record and store as a part of a transaction could also be relegated to the trash heap.
This is a bill that should be opposed by the vast majority of consumers. Call your congressional representatives and let them know how you feel.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|
Politics & Politicians 
