Legislation that would set a national standard for data security in the U.S., preempt the cacophony of conflicting state laws, and protect both consumers and survey, opinion and marketing researchers, passed the House Commerce Subcommittee by voice vote this afternoon.
Subcommitee members debated several amendments to the bill which would have weakened the state premption provisions, empowered the FTC with extraordinary regulatory authority to expand the defnition of data covered by the bill, added a number of data points to the definition, and removed provisions that included telecommunications carriers in the legislation, among other amendments. These proposed changes were either withdrawn from consideration or defeated.
Several minor amendments were accepted, including one requiring the FTC to run small business education on data security and best practices, and another to allow consumer-facing companies to notify customers of a data security breach by their third-party business partners (without requiring such notification by the consumer-facing company).
Opening the subcommittee markup, Subcommittee Chairman Michael Burgess (R-TX) emphasized that "cybercrime is estimated to cost Americans 508,000 jobs annually. Oh, to have a bill with so many jobs to show our constituents!"
Focusing on the bipartisan support for this legislation, sponsored by Rep. Marsha Blackburn (R-TN) and Rep. Peter Welch (D-VT), Energy & Commerce Committee Chairman Fred Upton (R-MI) noted that the bill "represents a compromise between a wide variety of stakeholders and policymakers. Nearly 50 bills have been introduced in Congress since the first major data breach in 2005 and yet none have crossed the finish line. I believe our draft legislation finds the sweet spot that has eluded lawmakers over the past decade."
The legislation also picked up support from another two Democrats on the Subcommittee, Reps. Dave Loebsack (D-IA) and Tony Cardenas (D-CA).
The Subcommittee meeting went significantly more smoothly than the last such meeting, in June 2011, when partisan rancor, intra-party disagreements, and dozens of amendments dragged out debate on the SAFE Data Act. That data security bill, although it passed the subcommittee along with several amendments strongly endorsed and supported by MRA, never progressed any farther in the legislative process.
MRA looks forward to helping this bipartisan solution continue towards approval by the full House Energy & Commerce Committee, and eventually passage into law.