Several lawmakers in Congress are optimistic that a new law to protect consumers’ data from being stolen can be passed quickly, weeks after major hacks dominated the headlines.
The retail and banking industries have begun to face off over potential new legislation, with each worried that new provisions could unduly affect their businesses.
Sen. Mark Warner (D-Va.) said in a Senate Banking subcommittee hearing on Monday that the legislative battle should not mirror a recent fight between the industries over “swipe fees.”
Rep. Joe Barton (R-Texas) predicted in a panel discussion for the Bipartisan Privacy Caucus, which he co-chairs, that a bill would be passed this year.
“It’s one of the few issues in the next 10 months that the House and the Senate can work with the president on,” he said. “I’ll go out on a limb here and predict that we’ll actually do that.”
Late last year, Target was hit by a data breach that exposed the names, addresses, phone numbers or credit card information for as many as 110 of its shoppers. In recent weeks, Neiman Marcus, the craft store Michaels and hotels including Marriott and Hilton have revealed that they, too, may have been attacked by hackers in 2013.
Lawmakers and industries on all sides have suggested that a national data breach notification law could be a place to start.
Forty-six states and the District of Columbia have their own laws requiring that people are notified if their data was compromised in a breach, but no law exists at the federal level. Businesses say that a single law will be easier for stores that operate in multiple states, and public interest advocates say it would give victims time to get in front of the thieves.
“It’s extremely important, which is why we support a law at the federal level with civil penalties,” said Jessica Rich, the director of the Federal Trade Commission’s consumer protection bureau.
Sen. Jon Tester (D-Mont.) said that a national law was necessary “so that you can get to the bottom of it, because time is literally money in this situation.”
Not everyone was convinced that a data breach notification law would be as easy to write as it seemed, however.
Companies and institutions fight off hacking attempts on a daily basis, Warner noted.
“Sorting through that is going to be a challenge,” he said. “What I’m concerned about is you don’t want to create the old Homeland Security color code system, which everybody proceeded to ignore.”