GOP chairman backs national data breach notification standard

GOP chairman backs national data breach notification standard
© Keren Carrion

House Financial Services Committee Chairman Jeb Hensarling (R-Texas) on Thursday expressed support for a national standard for notifying individuals impacted by corporate data breaches, amid scrutiny over the Equifax breach.

“I do believe that we need to ensure we have a consistent national standard for both data security and breach notification in order to better protect our consumers, hold companies accountable, and ensure that this affair does not repeat itself,” Hensarling said during his committee’s hearing on the Equifax breach. 


The Equifax breach, which exposed the personal information of as many as 145 million Americans, has revived calls for a national notification standard. Lawmakers have been severely critical of the company for waiting roughly a month to notify the public of the incident after suspicious activity was initially detected.

Currently, 48 states have regulations stipulating when companies must notify their citizens if they have been caught up in a breach. 

The idea of passing federal legislation has been talked up by bipartisan lawmakers in both chambers, especially in the wake of the Equifax breach.

Sen. Chuck GrassleyCharles (Chuck) Ernest GrassleyWhite House denies exploring payroll tax cut to offset worsening economy Schumer joins Pelosi in opposition to post-Brexit trade deal that risks Northern Ireland accord GOP senators call for Barr to release full results of Epstein investigation MORE (R-Iowa), chairman of the Judiciary Committee, said ahead of his panel’s hearing on the breach Wednesday that it’s “long past time for a uniform national data security and breach notification standard.” 

“I’ve been working with Sen. Feinstein and a bipartisan group of senators on this issue for years. I remain committed to getting a good bill put together and over the finish line. But that’s just one step,” Grassley said, referring to the panel's ranking member, Sen. Dianne FeinsteinDianne Emiel FeinsteinTrump administration urges Congress to reauthorize NSA surveillance program The Hill's Morning Report - More talk on guns; many questions on Epstein's death Juan Williams: We need a backlash against Big Tech MORE (D-Calif.). 

Meanwhile, Rep. Jim Langevin (D-R.I.) has already reintroduced legislation that would establish a single national breach notification standard, mandating companies notify those affected within 30 days of the discovery of a data breach that affects personal information. His measure would also require that the Federal Trade Commission help coordinate the breach notification. 

Thursday’s hearing was the fourth on Capitol Hill this week during which lawmakers grilled former Equifax CEO Richard Smith on the company’s response to the breach. Smith resigned late last month as outrage over the breach continued to build, but is still advising the interim CEO.

“This may be the most harmful failure to protect private consumer information the world has ever seen,” Hensarling said during his opening remarks.