Congress

Equifax breach drives legislative push on data privacy

Shutterstock image (by Robert Adrian Hillman): Abstract design for broken code. 

Rep. David Cicilline (D-R.I.) is the latest member of Congress to offer a legislative answer to the growing problem of consumer data breaches. His Consumer Privacy Protection Act, introduced Oct. 19, orders companies to notify consumers if sensitive information has been compromised in a data breach. The bill widens the scope of sensitive information, including not just Social Security and credit card numbers, but also digital photographs and geographical and biometric data.

Like Rep. Jim Langevin's (D-R.I.) September legislation, Cicilline's bill holds companies with access to sensitive data on more than 10,000 customers accountable, giving them 30 days to disclose data breaches involving personal information. If a breach that costs a customer $1,000 or more in "economic harm" is found to have been concealed, the responsible company can expect legal repercussions in the form of a fine or imprisonment.

Currently, 48 states have data breach laws in place. Provisions of Cicilline's bill would supersede any state law deemed "less stringent." The legislation has seven cosponsors, all Democrats. The original version was introduced in 2015.

Since the disclosure of the Equifax breach in September, there has been increased pressure on Capitol Hill to update the laws around consumer data privacy. Many officials agree that there is a need for new consumer privacy laws, but some wonder whether federal notification and national standards alone can fully help consumers mitigate the effects of cyber theft.

At an Oct. 17 Senate Banking Committee hearing, Chris Jaikaran, cybersecurity policy analyst at the Congressional Research Service, said that while a federal notification law would "provide a level of certainty for both businesses and consumers," follow-up remains critical.

"What will consumers be expected to do with that information? Do they just get a letter in the mail saying that their data was compromised and they're on their own? Or is there some recourse that the business or the corporation [must] provide to the consumer?" Jaikaran asked.

Sen. Mike Rounds (R-S.D.) stated while he agreed with the idea of establishing a security standard and "continued surveillance" of credit reporting agencies, more must be done to combat perpetrators of these attacks.

"Until we get down to the point where there are actually consequences for the bad guys involved, we're not going to make the major dent that we have to in terms of cyber theft," Rounds said. "We're focusing on the people who are trying to provide services. We're not focusing on going after the guys who are actually causing the problems for everybody else."

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Cyber. Covered.

Government Cyber Insider tracks the technologies, policies, threats and emerging solutions that shape the cybersecurity landscape.

Featured

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group