recommended reading

Panel approves data-breach bills despite partisan rancor

The Senate Judiciary Committee approved three bills on Thursday aimed at setting national standards for security breaches involving personal data, but the party-line vote on the measures may complicate efforts to move them to the Senate floor.

The three measures are similar in that each would require companies to take reasonable steps to secure personal information about consumers and to notify consumers when their personal data has been stolen as a result of a security breach.

Senate Judiciary ranking member Chuck Grassley, R-Iowa, voiced similar concerns with all three bills, saying they would burden both big and small businesses and could lead to job losses at a time when policymakers are looking for ways to encourage job creation.

He went after one bill, offered by Sen. Dianne Feinstein, D-Calif., saying it could lead to companies burying customers in data-breach notices.

"Americans want and need the Congress to work with private businesses to create jobs," Grassley said. "However, under this bill, we may end up with more burdensome regulations, small businesses forced into bankruptcy, jobs lost, and consumers still going unprotected because the over-notifications will be ignored."

Grassley offered several amendments, including one that would set minimum sentences for hackers that was adopted by the panel. The committee rejected other Grassley amendments, including one that would limit the ability of state attorneys general to bring civil suits over a data breach and another that would require that any funds stolen and recovered as a result of a data breach go toward deficit reduction.

Grassley told National Journal after the markup that supporters will have a difficult time moving the bills to the Senate floor unless more changes are made.

Judiciary Chairman Patrick Leahy, D-Vt., authored the Personal Data Privacy and Security Act, the first bill adopted on Thursday.

A spokesman for Leahy pointed out that data breach legislation had enjoyed bipartisan backing, but now Republicans are opposing it. Grassley said the measures approved Thursday were more burdensome than the data breach bills approved by the committee in past years.

Feinstein said her bill is narrower and has a better shot of passing than the Leahy bill, which also includes legislation aimed at updating the Computer Fraud and Abuse Act. "I have tried to accommodate the other side and put out a bill that has a good chance of passage," she said.

The third data breach measure approved by the committee was authored by Sen. Richard Blumenthal, D-Conn. Grassley was particularly concerned that the definition of personal information included in Blumenthal's measure was too broad. He offered an amendment, which was rejected, that would have barred the Federal Trade Commission from expanding the definition.

Grassley and others said data-breach legislation may get wrapped up in cybersecurity legislation being negotiated by a bipartisan group of senators from several Senate committees. Grassley voiced frustration that Judiciary decided to act on the data-breach bills while efforts to craft a cybersecurity bill are still in play.

A committee spokeswoman said the panel brought up all three measures at the request of the senators who sponsored them, saying it is not unusual for the panel to approve different versions of the same bill. Leahy most likely will have to work with the other bills' authors on which version should be considered by the full Senate.

The Senate Commerce Committee had scheduled a markup of its own data-breach bill for this week but postponed it while Chairman Jay Rockefeller, D-W.Va., continues to work to bring some Republicans on board to support it, according to a Senate aide.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.