|
Despite other legislative priorities, data protection legislation remains a main concern on Capitol Hill, with Congress recently taking action on a few of the data protection bills that we have been monitoring. Below is a summary of activity in the House Energy and Commerce and Senate Judiciary committees.
House Energy and Commerce Committee Bill Introduced
Today, the House Subcommittee on Commerce, Trade and Consumer Protection held an open markup session and passed the Data Accountability and Trust Act (DATA), introduced by Chairman Stearns (R-FL) and Rep. Pryce (R-OH) late last month. The bill would not have a significant impact on most Kids in the Know members, primarily because it limits its definition of “security breach” to the loss or theft of data when “there is a significant risk of identity theft to the individual.” It also defines “personal information” as a combination of name and “sensitive information” such as a person’s Social Security number, driver’s license numbers, and numbers associated with financial accounts. However, the bill would authorize the Federal Trade Commission (FTC) to broaden the definition of “personal information” and potentially include some data security requirements for all data brokers.
A comment period between the subcommittee and full markup is expected, and the legislation may change in this process. We will keep you posted on future actions and how they may impact Kids in the Know.
Sessions Bill Advances to Senate Floor; Others Remain on Agenda
The Notification of Risk to Personal Data Act, introduced in the Judiciary Committee by Sen. Sessions (R-AL) in June, was approved in committee and sent to the Senate floor last week. This bill requires businesses and organizations to notify consumers if there is a security breach involving their information and if they may be at risk of identity theft. This bill does not affect most Kids in the Know members, as sensitive personal information is defined as a person’s name, address, telephone number AND social security number. The bill also calls for businesses to implement and maintain reasonable security and notification procedures if they possess this computerized sensitive personal data.
The two other bills requiring notification of security breach remain on the agenda of the Judiciary Committee, but have not yet been discussed in the committee’s weekly mark-up. One is the measure introduced by Senators Feinstein (D-CA) and Kyl (R- AZ), the other the more aggressive measure introduced by Judiciary Committee Chairman Specter (R-PA) Ranking Democrat Leahy (D-VT) and Sen. Feingold (D-WI).
While these bills remain a priority, a full vote by the Senate this year is unlikely due to other legislative concerns. We will continue to monitor their progress as the session draws to a close.
|
