Cybersecurity

Dem offers rival bill on data security

Another lawmaker is taking a crack at a bill to set nationwide data security standards.

Rep. Jan Schakowsky (D-Ill.) said in a Tuesday hearing that she was preparing a bill “that would require strong security standards for a wide array of personal data,” such as geolocation data, health records, biometric details, and email and social media account information.

{mosads}The bill would also require companies hit by hackers to notify their consumers of the breach within 30 days of its discovery, she added.

Schakowsky’s bill would join a slate of other offerings already floating around the House. But each has been mired for various reasons.

But Schakowsky hopes that a recent European Court of Justice ruling invalidating a U.S.-EU Safe Harbor data transfer agreement will spur Congress to action.

For 15 years under the Safe Harbor agreement, U.S. companies had been able to “self certify” that they met the more stringent European privacy protections in order to handle EU data.

But in October, Europe’s top court struck down the agreement, citing U.S. surveillance practices.

The ruling, Schakowsky said during Tuesday’s hearing on the topic, “does rightly call into question the adequacy of U.S. data security practices.”

Schakowsky is the ranking member of the House Subcommittee on Commerce Manufacturing and Trade, one of the two subpanels that was holding the hearing.

Lawmakers are unanimously concerned about the repercussions the court’s ruling could have on both European and American businesses.

In total, over 4,400 businesses used Safe Harbor to legally shuttle EU data to the U.S.

Now these companies are not sure how to proceed. Meanwhile, negotiators are scrambling to reach a stricter Safe Harbor 2.0 agreement. European officials said last week that a deal had been reached “in principle,” but that a final pact could be months away.

Schakowsky warned her colleagues that doubts would remain about any new pact until the U.S. established “adequate and transparent” data security policies.

“If we fail to do that, the economic implications could be disastrous,” she said.

Her upcoming bill would help in this effort, Schakowsky believes.

“My bill would enhance data security standards here at home, and it would probably have the added benefit of making the EU more confident in U.S. privacy and data security standards,” she said.

It’s path to passage, though, is far from clear. The House is crowded with bills that would all require some type of data breach notification from companies and set minimum nationwide data security standards.

Two prominent members of the House Energy and Commerce Committee — Reps. Marsha Blackburn (R-Tenn.) and Peter Welch (D-Vt.) — have a separate measure that the full committee approved in April amid controversy.

Reps. Fred Upton (R-Mich.), head of Energy and Commerce, has supported the Blackburn-Welch offering. Schakowsky’s subcommittee is a part of the Energy and Commerce panel.

Rep. Frank Pallone (D-N.J.), the top Democrat on Energy and Commerce, backs Schakowsky’s efforts.

Elsewhere, Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) in early May introduced their own data breach bill that the financial industry strongly supports.

Rep. David Cicilline (D-R.I.) also has his privacy advocate favored bill.

Schakowsky did not specify a timeline for her bill’s introduction.

— Updated 1:01 p.m.