Congress must protect cyberspace

Cyberspace is where the digital economy lives and has increasingly become the home of our personal information — Social Security numbers, financial data, health information and personal tastes. But it has also become the modern-day Wild West, with hackers and criminals stealing this personal data and cashing in on it over and over again to the detriment of consumers and the economy.

2014 was appropriately dubbed “The Year of the Breach” and once again revealed that industry and the government must be more aggressive in protecting consumer data. Unfortunately, Congress has watched Rome burn rather than pass common-sense national data security and breach notification legislation. We hope this inaction comes to an end with the passage of our bipartisan legislation to protect Americans against the all too common breach.


Since 2005, there have been 4,000 data breaches compromising millions of Americans’ personal information. During that same time, Congress has introduced more than 40 bills to attempt to address the problem of data breach, but not a single one is law
because none struck the right balance.

Cybercrimes cost consumers $100 billion annually and cost the U.S. economy 508,000 jobs each year. And the impact on individuals who have had their information breached is real and lasting, with one-third of data-breach notification recipients becoming victims of identity fraud in 2013 — an increase from one-fourth in 2012.

The growth of big data has unlocked unlimited potential within our economy and daily lives across critical sectors such as energy, healthcare and agriculture, making the complex more convenient and the unthinkable doable. But it also represents a persistent and growing threat to our online presence. Cyber criminals, foreign and domestic, have been wildly successful at breaching systems and stealing consumer data for financial gain. We cannot afford another trillion dollars in costs and five million lost jobs — at the current rate — that will come with another 10 years of
congressional inaction.   

Our bill, the Data Security and Breach Notification Act of 2015 (H.R. 1770), is a sensible approach focused on data security and breach notification by creating a single national standard based on existing state laws. We were able to find consensus on this legislation, because we have kept it narrow and have not addressed the important but more elusive topic of online privacy. We must make progress where we can as the first step in better protecting consumer information.

The bill protects consumers from: 1) financial fraud; 2) economic loss; 3) economic harm; 4) identity theft; and 5) health and medical fraud. It requires businesses to maintain data security, which they are not currently required to do on the federal level, and to notify consumers in the event they become victims to a breach of personal information. It applies federal preemption in order to have consistency across the country rather than the patchwork of state laws currently in existence. States are not as well suited, in this space, to protect consumers from online hackers and criminals who do not stop their nefarious activity at a state’s border. But states would still be free to address issues of data privacy — what data can be collected, how it is used and what sharing is allowed — after the passage of our bill as they are today.

Through a decade of large and small and constant data breaches, Congress has sat on the sidelines. The impact and significance of data breaches is obvious, and Congress must do what it can now to protect consumers and the economy from the cybercriminals who use the money they steal to perpetuate worse crimes. We encourage our colleagues in the House and Senate to support this bipartisan agreement and send it to President Obama’s desk for signature so consumers have the protection they deserve.

Blackburn has represented Tennessee’s 7th Congressional District since 2003. She sits on the Budget and the Energy and Commerce committees. Welch has represented Vermont’s At-Large Congressional District since 2007. He sits on the Energy and Commerce and the Oversight and Government Reform committees.