House panel approves data breach notification bill

Democrats say the SAFE Data Act is full of loopholes that would compromise data security

A U.S. House of Representatives subcommittee has voted to approve a bill that would require companies to notify affected customers about data breaches and would require businesses holding personal information to establish data security programs.

The House Energy and Commerce Committee's trade subcommittee approved the Secure and Fortify Electronic Data Act (SAFE Data Act) by a voice vote Wednesday, after hours of debate on the legislation. Democrats on the subcommittee offered several amendments in an effort to broaden the types of personal data the bill would cover, but the majority Republicans rejected the amendments.

The bill is filled with "loopholes that sacrifice data security and privacy," said Representative Henry Waxman, a California Democrat. "A bill that is supposed to be enhancing data security and consumer privacy would actually seriously undermine it."

Representative Mary Bono Mack, the subcommittee chairwoman and a California Republican, urged lawmakers to move forward with the legislation, which she sponsored.

"It's time for Congress to take decisive action," she said. "Sophisticated and carefully orchestrated cyber-attacks -- designed to obtain personal information about consumers, especially when it comes to their credit cards -- have become one of the fastest-growing criminal enterprises here in the United States and across the world."

The bill now heads to the full committee for debate and a vote. The legislation would require businesses to report data breaches within 48 hours in most cases, and it would require the U.S. Federal Trade Commission to create data security rules for businesses that hold personal data.

U.S. lawmakers have attempted to pass breach notification bills for several years without success.

Several Democrats opposed the bill, saying it would preempt stronger state laws. More than 45 states now have data breach notification laws.

Bono Mack's bill also does not protect personal information such as over-the-counter drug purchases, e-mail addresses, payroll records, and online pictures and videos, Democrats argued.

The bill would require breach notifications only when a customer's name, phone number or credit card numbers were compromised along with a Social Security number, driver's license number, or other government ID, Democrats said. The bill would not require notification if a Social Security number, credit card number or bank account number was compromised, unless it were combined with other personal information, Waxman said.

The definition of personal information in the bill is "far too limited," said Representative G.K. Butterfield, a North Carolina Democrat.

Republicans defended the bill, saying it strikes the right balance between consumer protection and overly aggressive regulation.

The bill is "a measured response to an identified problem," said Representative Fred Upton, a Michigan Republican and chairman of the full committee. "Data breaches of consumers' personal information -- whether by accident or deliberate criminal activity -- can lead to identity theft, fraud, and other unlawful conduct."

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's e-mail address is grant_gross@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags U.S. Federal Trade CommissionFred UptonU.S. House of Representatives Energy and Commerce CommitteeIdentity fraud / theftgovernmentlegislationMary Bono MackprivacyG.K. ButterfieldsecurityHenry Waxmandata security billdata breach

Struggling for Christmas presents this year? Check out our Christmas Gift Guide for some top tech suggestions and more.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?