A bipartisan pair of House lawmakers is rolling out draft legislation to protect people whose data may have been stolen by hackers.
"Until today, Washington has been asleep at the switch while millions of Americans have had their personal information stolen by cyber criminals,” Rep. Peter WelchPeter WelchDem lawmakers propose bill to regulate drone data collection Cummings: Trump commits to strong push for Medicare drug price negotiation Top Oversight Dem to meet with Trump about prescription drug prices MORE (D-Vt.), one of the authors of the Data Security and Breach Notification Act, said in unveiling the bill. “While this draft bill is far from perfect, it is an important step in the right direction.”
It would also require that companies who have been breached notify people whose data may have been stolen within 30 days, unless there isn’t a reasonable risk of identity theft of financial harm.
“As one of the tens of millions of Americans who has been a victim of a data breach I know firsthand the great importance of needing to protect our personal information from identity theft,” Blackburn said in a statement. “This bill will help enhance the security of sensitive information and provide much needed clarity by creating a national standard and ensure that consumers are notified of a breach without unreasonable delay.”
Violating the new bill’s rules would qualify as an unfair and deceptive practice subject to enforcement from the Federal Trade Commission and state attorneys general.
The legislation would not apply to companies already subject to other data protection laws — such as medical facilities, for instance — and would also not impact privacy law, the lawmakers said.
Legislators will consider the bill at a hearing in the Energy and Commerce Committee next on March 18.
Congress has long attempted to write a bill requiring companies notify people after a data breach, but the efforts have failed to get off the ground. Some Republican lawmakers have worried about an overly intrusive federal mandate, while Democrats have feared that legislation could preempt stronger protections that currently exist at the state level.