Tags: data | breach | legislation | security

Senate Subcommittee Looks at Data Breach Legislation

By    |   Friday, 06 February 2015 09:05 AM

The Senate Commerce Committee's Subcommittee on Consumer Protection, Product Safety and Insurance, chaired for the first time by Sen. Jerry Moran, R-Kan., held a hearing Feb. 5 on data security breach legislation.

Coincidentally, at the same time, this writer was attending an event near K Street on what the private sector can do to combat data breaches. The sentiment was that the private sector should take many steps to shore up its defenses without waiting for action by the federal government, and there was a degree of mistrust of the bona fides of the government given its own record in compiling and losing sensitive data.

It should be noted that Moran is a member of the Senate Banking Committee as well as of the Commerce Committee, so he would be well-positioned to sponsor legislation that could come out of these and other hearings and meetings on the issue. In his opening statement, Moran stated that the focus of the hearings will be on whether the federal government should prescribe a federal standard for data breach response and prescribe a standard notification that would preempt the standards adopted by states and other authorities given the widespread use of digital technology to conduct everyday transactions that require the transmission of sensitive personal data.

Moran mentioned, as did the private-sector group witnesses, that on that very morning the press had reported the largest breach of healthcare data ever as hackers were able to infiltrate the second largest health insurer, Anthem, and steal data that included personal identification and health and income data.

He added that the Privacy Rights Clearinghouse has estimated that 4,400 breaches involving nearly a billion records have been reported since 2005. In the meantime, Congress has been unable to reach consensus on national data breach notification standards. Moran spoke approvingly of the administration's expressed support for legislation, and he said he looks forward to working on bipartisan legislation to achieve this.

Speaking for Democrats, Sen. Richard Blumenthal, D-Conn., a former Attorney General of Connecticut, stated that he, too, looks forward to working on a bipartisan bill, and he called the reports of a breach at Anthem "absolutely breathtaking" and "potentially heartbreaking," although the company said there is no evidence critical health data were lost. He also referred to the loss of financial data on 83 million customers of JPMorgan Chase and of the recent hacking of Sony that the government was found to have been directed by the North Korean government.

Blumenthal recalled having brought a number of enforcement cases for violations of Connecticut's data breach law and he urged that the guiding principle of the legislative effort should be "first do no harm" to the protections that states have already put in place.

Private-sector witnesses covered a range of interests, including the American Bankers Association, the National Retail Federation, Symantec Corp., Brown University and the Information Technology Industry Council, as well as the Attorney General of Illinois. At hearings held by the Senate Banking Committee last year, bankers and retailers blamed each other for the vulnerability of the payment system to costly data breaches.

On this occasion, Doug Johnson of American Bankers Association called for legislators to recognize that a "mountain" of standards and requirements is already in place for the financial services industry, and the industry supports the preemption of these requirements in favor of a uniform federal standard.

On behalf of the National Retail Federation, Mallory Duncan called for a uniform federal notice and suggested that disclosure would provide a powerful incentive to prevent the breaches but warned that preemption of state laws could lead to adoption of the weakest standard for the nation.

Thus, while the political parties seem willing to work on bipartisan legislation, it looks like the stage is set for another round of conflict between the bankers and retailers, which have longstanding, divergent differences about how the nation's payment system should be administered.

(Archived video and witness statements can be found here.)

© 2018 Newsmax Finance. All rights reserved.

1Like our page
The Senate Commerce Committee's Subcommittee on Consumer Protection, Product Safety and Insurance, chaired for the first time by Sen. Jerry Moran, R-Kan., held a hearing Feb. 5 on data security breach legislation.
data, breach, legislation, security
Friday, 06 February 2015 09:05 AM
Newsmax Media, Inc.

Newsmax, Moneynews, Newsmax Health, and Independent. American. are registered trademarks of Newsmax Media, Inc. Newsmax TV, and Newsmax World are trademarks of Newsmax Media, Inc.

© Newsmax Media, Inc.
All Rights Reserved