Dingell Examines Requiring More Protections for Consumer Data Breaches
Today, Congressman John D. Dingell (D-MI15) issued the following statement for the record at the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade hearing on draft legislation to require greater protection for sensitive consumer data and timely notification in case of breaches:
"Thank you, Madam Chairman, for your continued efforts to ensure that Americans' privacy is protected. I look forward to further collaboration on this and other matters requiring the Subcommittee's attention.
"I note that we will examine draft data breach legislation this morning and commend you for thus far moving through regular order to do so. Your bill bases itself on H.R. 2221, the Data Accountability and Trust Act, which the House passed by voice vote in December 2009. H.R. 2221 was a model bipartisan legislation that was co-sponsored by the chairmen and ranking members of the Full Committee and Subcommittee on Commerce, Trade, and Consumer Protection. Although disappointing, it comes as no surprise that our colleagues in the other body did not take up H.R. 2221, thus necessitating our doing so in the House yet again.
"Your draft bill contains many worthwhile provisions, Madam Chairman. I am particularly pleased that it includes a 48-hour data breach notification requirement. Unfortunately, that "shot clock," so to speak, cannot be activated until after a covered entity makes a number of determinations regarding the nature and extent of a data breach, providing ample cover for dilatory tactics that could ultimately harm consumers. Further, your draft legislation does not contain a backstop notification period like H.R. 2221 did. More alarming, the draft legislation does not contain enhanced requirements for data brokers with respect to personally identifiable information. Finally, your bill ties the hands of the Federal Trade Commission with respect to updating the definition of "personal information." I believe the Commission should have more streamlined authority to do this, especially in view of continuous advancements in hacking.
"I stand ready to work with you, Madam Chairman. Protecting consumers' personal information -- and especially that of their children -- is a worthy cause and one worth doing well. I hope you will bear my constructive criticism and that of other members in mind as we move forward.
"Thank you, and I yield back the balance of my time."
Source