The House Energy & Commerce Committee Tuesday began the markup of the Data Security and Breach Notification Act of 2015. The bill passed the Commerce subcommittee two weeks ago.
The House Commerce, Manufacturing, and Trade subcommittee last week passed the bill.
"Over 40 bills have been introduced in Congress since the first major data breach in 2005 and we haven’t yet reached the finish line," said E&C chairman Fred Upton (R-Mich.) in his prepared opening statement. "This committee has worked hard to find a balanced, well-targeted solution, and I believe our legislation is closer than we have come in a long time to addressing a problem that has only worsened over the past decade. At long last we have a bipartisan bill that focuses on the data that criminals monetize...."
The bill, co-sponsored by House Energy & Commerce Committee vice chair Marsha Blackburn (R-Tenn.) and Rep. Peter Welch (D-Vt.), would require entities that collect personal information to secure it and provide notice to individuals if that security is breached.
It would do so by preempting the current "patchwork" of laws with a single, national protection/notification standard.
Ranking committee member Frank Pallone (D-N.J.) is not a fan of the bill. He said the bill weakens existing consumer protections by preempting more effective state laws. Pallone also said the text is markedly different from the draft that came out of subcommittee and he had procedural issues with that language overhaul. He also said a substitute to the bill would be offered.
Rep. Blackburn stood up for her bill, saying that it would protect "virtual you's" in cyberspace. She said the bill was a step in the right direction. She called it a narrow bill, and purposefully so. She said the time to act was now, rather than let another 10 years go by without cybersecurity legislation.
Rep. Joe Barton (R-Tex.) said he would have a number of amendments to the bill. He said he hoped some of the amendments would be accepted, but said he planned to vote for final passage regardless. "I think you have a good bill, but it can be improved," he said.
Rep. Welch said it probably could be improved. He cited Barton's previous cybersecurity bill and suggested it may be voted on as a substitute.
Welch said the bill needs to pass. He said he was normally against preemption, but said it may be necessary to protect consumers. Good state laws are bounded by a state. The Internet is not, he pointed out.
Welch has said before that something has to be done, even if it is not the perfect answer.