Trouble for new data breach bill?

New draft legislation to protect people after their data may have been stolen is running into some quick opposition on Capitol Hill.

Mere hours after Reps. Peter Welch (D-Vt.) and Marsha Blackburn (R-Tenn.) unveiled their Data Security and Breach Notification Act on Thursday, a pair of key House Democrats is calling it a non-starter. 


“Data breaches can create serious harm to consumers and businesses alike, and this bill does not provide solutions,” Reps. Frank Pallone Jr. (D-N.J.) and Jan SchakowskyJanice (Jan) Danoff SchakowskyAmerican workers need us to get this pandemic under control around the world Democrats repeal prohibition on funding abortions abroad Nearly 140 Democrats urge EPA to 'promptly' allow California to set its own vehicle pollution standards MORE (D-Ill.) said in a joint statement.

“We have numerous concerns about the weakening of consumer protections overall, as well as the dilution of protections for customers of telecommunications and cable services.”

Pallone is the top Democrat on the Energy and Commerce Committee and Schakowsky is the ranking member on its Commerce, Manufacturing and Trade subcommittee, which has jurisdiction over data breach issues.

The early opposition may not be a total deathblow to the bipartisan bill, but it is certainly an indication that many Democrats are likely to rally against it.

Lawmakers have repeatedly failed to pass new data breach laws, even as the rash of hacks at major banks, retailers and websites continues to dominate the news. 

In part, the setbacks have been due to the fact that multiple congressional committees have jurisdiction in the area, which has sparked a series of Capitol Hill turf battles. At the same time, conservative lawmakers have raised fears about the government setting an overly rigid set of digital security standards that could actually weaken companies’ security, while Democrats have feared that any additional flexibility could weaken the consumer protections that already exist.

The Welch and Blackburn bill would require companies who have been hacked to tell people within 30 days if their identity or financial information may have been stolen.