Congress Fails To Make Progress on Data Breach Notification Bill
July 23, 2015 in News
The Data Security and Breach Notification Act of 2015, introduced by House Energy and Commerce Committee Vice Chair Marsha Blackburn (R-Tenn.) and Rep. Peter Welch (D-Vt.), would establish a national standard for the way companies protect consumers’ personal information and respond to data breaches. Specifically, the bill would require entities that collect and store consumers’ personal information to keep such data secure and to notify individuals if the data are breached (iHealthBeat, 3/19).
The bill has not advanced since an April 15 markup.
Reasons for Delay
According to Roll Call, the bill has stalled amid debate over its reach and the type of data included.
For example, Democrats during the bill’s markup criticized the measure for its potential to pre-empt state laws (Roll Call, 7/22). Some have said that existing state laws are stronger and more comprehensive than what has been proposed under HR 1770 (iHealthBeat, 4/23)
Further, a Federal Trade Commission official at a House subcommittee hearing in March raised concerns that the legislation does not include protections for consumer health information (iHealthBeat, 3/19).
Welch — who was a co-sponsor of the measure — ultimately voted against the bill because Republicans would not add an amendment to expand the bill’s definition of personal information to include health records. He said, “For me, that is a problem.”
Blackburn and other Republican lawmakers said the bill was designed to be narrow in scope to avoid issues in the Senate.
Legislative staff believe they can reach a deal with Welch to include more medical record protections in the bill, Roll Call reports.
They also want to work to address other concerns about the legislation. Opponents of the measure include the:
- Credit Union National Association;
- Financial Services Roundtable;
- National Association of Convenience Stores; and
- National Association of Realtors (Roll Call, 7/22).