recommended reading

Panel approves data-breach bills despite partisan rancor

The Senate Judiciary Committee approved three bills on Thursday aimed at setting national standards for security breaches involving personal data, but the party-line vote on the measures may complicate efforts to move them to the Senate floor.

The three measures are similar in that each would require companies to take reasonable steps to secure personal information about consumers and to notify consumers when their personal data has been stolen as a result of a security breach.

Senate Judiciary ranking member Chuck Grassley, R-Iowa, voiced similar concerns with all three bills, saying they would burden both big and small businesses and could lead to job losses at a time when policymakers are looking for ways to encourage job creation.

He went after one bill, offered by Sen. Dianne Feinstein, D-Calif., saying it could lead to companies burying customers in data-breach notices.

"Americans want and need the Congress to work with private businesses to create jobs," Grassley said. "However, under this bill, we may end up with more burdensome regulations, small businesses forced into bankruptcy, jobs lost, and consumers still going unprotected because the over-notifications will be ignored."

Grassley offered several amendments, including one that would set minimum sentences for hackers that was adopted by the panel. The committee rejected other Grassley amendments, including one that would limit the ability of state attorneys general to bring civil suits over a data breach and another that would require that any funds stolen and recovered as a result of a data breach go toward deficit reduction.

Grassley told National Journal after the markup that supporters will have a difficult time moving the bills to the Senate floor unless more changes are made.

Judiciary Chairman Patrick Leahy, D-Vt., authored the Personal Data Privacy and Security Act, the first bill adopted on Thursday.

A spokesman for Leahy pointed out that data breach legislation had enjoyed bipartisan backing, but now Republicans are opposing it. Grassley said the measures approved Thursday were more burdensome than the data breach bills approved by the committee in past years.

Feinstein said her bill is narrower and has a better shot of passing than the Leahy bill, which also includes legislation aimed at updating the Computer Fraud and Abuse Act. "I have tried to accommodate the other side and put out a bill that has a good chance of passage," she said.

The third data breach measure approved by the committee was authored by Sen. Richard Blumenthal, D-Conn. Grassley was particularly concerned that the definition of personal information included in Blumenthal's measure was too broad. He offered an amendment, which was rejected, that would have barred the Federal Trade Commission from expanding the definition.

Grassley and others said data-breach legislation may get wrapped up in cybersecurity legislation being negotiated by a bipartisan group of senators from several Senate committees. Grassley voiced frustration that Judiciary decided to act on the data-breach bills while efforts to craft a cybersecurity bill are still in play.

A committee spokeswoman said the panel brought up all three measures at the request of the senators who sponsored them, saying it is not unusual for the panel to approve different versions of the same bill. Leahy most likely will have to work with the other bills' authors on which version should be considered by the full Senate.

The Senate Commerce Committee had scheduled a markup of its own data-breach bill for this week but postponed it while Chairman Jay Rockefeller, D-W.Va., continues to work to bring some Republicans on board to support it, according to a Senate aide.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.