Congress

Equifax breach drives legislative push on data privacy

Shutterstock image (by Robert Adrian Hillman): Abstract design for broken code. 

Rep. David Cicilline (D-R.I.) is the latest member of Congress to offer a legislative answer to the growing problem of consumer data breaches. His Consumer Privacy Protection Act, introduced Oct. 19, orders companies to notify consumers if sensitive information has been compromised in a data breach. The bill widens the scope of sensitive information, including not just Social Security and credit card numbers, but also digital photographs and geographical and biometric data.

Like Rep. Jim Langevin's (D-R.I.) September legislation, Cicilline's bill holds companies with access to sensitive data on more than 10,000 customers accountable, giving them 30 days to disclose data breaches involving personal information. If a breach that costs a customer $1,000 or more in "economic harm" is found to have been concealed, the responsible company can expect legal repercussions in the form of a fine or imprisonment.

Currently, 48 states have data breach laws in place. Provisions of Cicilline's bill would supersede any state law deemed "less stringent." The legislation has seven cosponsors, all Democrats. The original version was introduced in 2015.

Since the disclosure of the Equifax breach in September, there has been increased pressure on Capitol Hill to update the laws around consumer data privacy. Many officials agree that there is a need for new consumer privacy laws, but some wonder whether federal notification and national standards alone can fully help consumers mitigate the effects of cyber theft.

At an Oct. 17 Senate Banking Committee hearing, Chris Jaikaran, cybersecurity policy analyst at the Congressional Research Service, said that while a federal notification law would "provide a level of certainty for both businesses and consumers," follow-up remains critical.

"What will consumers be expected to do with that information? Do they just get a letter in the mail saying that their data was compromised and they're on their own? Or is there some recourse that the business or the corporation [must] provide to the consumer?" Jaikaran asked.

Sen. Mike Rounds (R-S.D.) stated while he agreed with the idea of establishing a security standard and "continued surveillance" of credit reporting agencies, more must be done to combat perpetrators of these attacks.

"Until we get down to the point where there are actually consequences for the bad guys involved, we're not going to make the major dent that we have to in terms of cyber theft," Rounds said. "We're focusing on the people who are trying to provide services. We're not focusing on going after the guys who are actually causing the problems for everybody else."

About the Author

Ben Berliner is an editorial fellow at FCW. He is a 2017 graduate of Kenyon College, and has interned at the Center for Responsive Politics and at Sunlight Foundation.

He can be contacted at bberliner@fcw.com.

Click here for previous articles by Berliner.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.