House Democrat pushes new data breach bill

House Democrat pushes new data breach bill
© Greg Nash

Rep. David Cicilline is trying to restart the stalled debate on legislation that would require companies to tell customers they have been hacked.

On Tuesday, the Rhode Island Democrat introduced a House companion bill to Sen. Patrick LeahyPatrick Joseph LeahyChances for disaster aid deal slip amid immigration fight Immigration fight imperils deal on disaster aid package Graham says Bolton briefed him on Iran, tells Trump to 'stand firm' MORE’s (D-Vt.) Consumer Privacy Protection Act.


Like numerous other Senate and House offerings, the bill mandates that companies inform customers within 30 days of a data breach and that they meet minimum security standards.

But unlike several other measures, Cicilline’s bill would not pre-empt stricter state-level data breach laws, a sticking point for Republicans and Democrats. That element of the bill is a major reason Cicilline’s measure is preferred by consumer advocates and digital rights groups.

“I see this as an important baseline,” Cicilline told The Hill in an interview. “States are the places where very often great innovation in this area is happening. We want to encourage that, but at the same time, we want to make sure there’s a baseline for all consumers.”

But it’s also those state laws that have spurred legislators to seek a federal standard. With 47 different local rules, companies say they are struggling to comply with the patchwork of regulations.

As businesses are hacked at a rapidly increasing rate, they have upped the pressure on Congress to lighten the regulatory burden faced in the wake of a digital intrusion.

Mammoth data breaches at Target, Home Depot, JPMorgan and Anthem, among many others, have also put hundreds of millions of Americans’ private data at risk and spurred calls for action.

“We all have constituents who have great anxiety about their personal information being out there,” Cicilline said.

However, Congress has not yet been able to pass a major anti-hacking bill.

“The more the public hears about these breaches, the more they experience the effects of them, the more they’re going to put pressure on their elected officials in Congress,” Cicilline said. “I’m going to work hard to capture and build on that momentum.”

Cicilline will be vying with other House members to harness that momentum.

Reps. Randy NeugebauerRobert (Randy) Randolph NeugebauerCordray announces he's leaving consumer bureau, promotes aide to deputy director GOP eager for Trump shake-up at consumer bureau Lobbying World MORE (R-Texas) and John Carney (D-Del.) in early May introduced their own data breach bill as a companion to a Senate offering from Sens. Tom CarperThomas (Tom) Richard CarperOvernight Energy: EPA watchdog finds Pruitt spent 4K on 'excessive' travel | Agency defends Pruitt expenses | Lawmakers push EPA to recover money | Inslee proposes spending T for green jobs Lawmakers take EPA head to task for refusing to demand Pruitt repay travel expenses Dems request investigation of lobbyist-turned-EPA employee who met with former boss MORE (D-Del.) and Roy BluntRoy Dean BluntHillicon Valley: Trump takes flak for not joining anti-extremism pact | Phone carriers largely end sharing of location data | Huawei pushes back on ban | Florida lawmakers demand to learn counties hacked by Russians | Feds bust 0M cybercrime group Top Republican says Senate unlikely to vote on any election security bills San Francisco becomes first city to ban facial recognition technology MORE (R-Mo.). Neugebauer chairs the House Financial Services Financial Institutions and Consumer Credit Subcommittee, and the financial industry quickly came out in favor of his measure.

Reps. Peter WelchPeter Francis WelchDemocrats talk subpoena for Mueller Bernie Sanders is hypocritical on most significant campaign issues Booker takes early lead in 2020 endorsements MORE (D-Vt.) and Marsha BlackburnMarsha BlackburnHillicon Valley: Google delays cutting off Huawei | GOP senators split over breaking up big tech | Report finds DNC lagging behind RNC on cybersecurity GOP senators split over antitrust remedies for big tech Graham warns of 5G security threat from China MORE (R-Tenn.) had previously backed their own bipartisan offering. But Democrats pulled support at the last minute during an Energy and Commerce Committee markup in April. Although the measure was approved along party lines, it did not get a floor vote.

Cicilline said his bill has only Democratic co-sponsors lined up for now, reflecting Leahy’s upper chamber offering, which has the support of five progressive Democrats.

“I do think there’s a coalition that will develop between progressives and some people who are more conservative but assign a deep value to respecting the privacy of individuals,” Cicilline said.

In April, the Rhode Island Democrat voted against the House’s two complementary bills that would boost the public-private exchange of cyber threat data. The votes put him to the left of centrist Democrats on some data security issues and aligned him with privacy advocates, who worried the measures would simply shuttle more personal data to the National Security Agency.

Portions of Cicilline’s data breach bill reflects this position.

It provides the broadest definition of what is considered private information. In addition to data that could lead to financial fraud — banking information, Social Security numbers — the bill counts data that could lead to “dignity harm,” such as personal photos and videos.

“Things which may not result in financial loss but can impose great harm to people if shared widely with the public,” Cicilline explained.

The bill would also create civil penalties for companies failing to comply with the standards.

Civil penalties have been a tough sell for Republicans, who are worried about giving too much power to federal regulators.

Cicilline conceded that he had work to do winning over the GOP. But he maintained that public pressure will eventually force Congress to act, hopefully by the end of the year.

“This is not a complicated bill to understand,” he said. “It’s not going to require lots of study.”