On Wednesday, Dec. 9, the House Financial Services Committee approved a bill that would require companies to notify consumers and the government when a data breach compromises certain unencrypted consumer information. The bill, H.R. 2205, purports to protect consumers’ electronically-stored financial information by establishing a uniform system of data security and breach notification standards, while granting the Federal Trade Commission authority to enforce these standards. Introduced in May by Rep. Randy Neugebauer (R-Texas), the legislation has received bipartisan support from 29 cosponsors and is now slated to be reported for general consideration by the House.
The bill has not proceeded without opposition, however. A number of consumer and privacy advocates, such as the Consumer Federation of America and Public Citizen, have voiced concern over the preemptive effect of the legislation. In a letter dated Dec. 7, the 17 advocacy groups contended that the measure would “eliminate stronger existing state protections and prevent future state innovation.” Despite this appeal for a broader, more flexible approach to consumer data protection, the bill was approved in a 46-9 vote by the House panel.
A companion bill in the Senate, S.961, was also introduced by Sen. Thomas Carper (D-Del.) in April. It was initially referred to the Senate Committee on Commerce, Science and Transportation, but no action has been taken on that measure since that time. Nevertheless, the two bills signal the possible advent one day of a federal regulatory scheme tailored towards protecting consumers against security breaches of sensitive electronic data.
Reporter, Brett E. Schlossberg, Silicon Valley, +1 650 422 6708, bschlossberg@kslaw.com.