Tens of millions of consumers have had their personal health care information, Social Security numbers, credit card numbers, and email addresses hacked — and that’s just this year alone.
The Data Security and Breach Notification Act would create the first-ever federal standard for punishing such breaches.
Context and what the bill does
The biggest data and consumer information hacks of all time include more than 50 million customers each on Uber, LinkedIn, Target, Home Depot, Yahoo, and eBay.
The Data Security and Breach Notification Act would:
- Require companies to notify consumers that they have had a security breach within 30 days.
- Institute a maximum five-year prison sentence for intentionally hiding such a breach.
- Create financial incentives for companies or organizations that utilize technologies which make consumer information unreadable in the event of a breach.
The bill was introduced on November 30 by Sen. Bill Nelson (D-FL), labelled S. 2179 in the Senate.
What supporters say
Supporters argue the bill would add tough accountability measures in the wake of a dramatically escalating threat to consumer privacy.
“We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers,” Sen. Nelson said in a press release. “Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal.”
What opponents say
Opponents note that 48 states already have existing similar laws on a state level, all except Alabama and South Dakota. In the opponents’ view, this renders a federal equivalent less necessary or possibly even unnecessary.
47 state attorneys general of both parties wrote a letter to Congress expressing this sentiment in 2015.
“State attorneys general are on the front lines responding to data breaches. Our offices hear directly from affected consumers, and we regularly respond directly to their complaints and calls,” the letter read. “Preempting state law would make consumers less protected than they are right now. Our constituents are continually asking for greater protection. If states are limited by federal legislation, we will be unable to respond to their concerns.”
Odds of passage
The legislation has attracted two Senate cosponsors, both Democrats. It awaits a vote in the Senate Commerce, Science, and Transportation Committee, where Nelson is the top-ranking Democrat.
Nelson introduced similar legislation in 2015, where it attracted one cosponsor and never received a vote. However, just in the past two years, public anger about data breaches as increased significantly after breaches of tens of millions of Uber and Equifax accounts, including Social Security numbers and other private information.