Rep. Jan Schakowsky is set to unveil on Tuesday a proposal to set nationwide data security standards, including mandating that companies notify law enforcement 10 days — and customers 30 days — after a breach.
The Illinois Democrat’s legislation would also require companies to install security systems to both monitor for and repel digital intruders.
{mosads}One of many competing data breach bills, introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) and set for House Financial Services Committee markup Tuesday, has come under fire from retailers for introducing static regulation.
“Haphazardly slapping rules that were written 15 years ago for the financial industry on retailers, restaurants and thousands of small businesses is not the kind of data security legislation that will safeguard our economy,” 13 trade groups wrote in a Monday letter to the committee. “This is red tape masquerading as security.”
Other bills have some industry support, but have been stymied by a variety of concerns.
Lawmakers have wrangled over how strongly a federal bill should supercede state laws. Democrats worry a weak federal standard might undercut existing consumer protections. Republicans fear an invasive law could give too much power to zealous federal regulators.
Schakowsky has touted her bill as part of the solution to systemic European distrust of American privacy practices.
The EU high court recently invalidated a 15-year data flow agreement between the U.S. and Europe on the grounds that due to U.S. surveillance practices, American companies can’t be trusted to adequately protect European citizens’ data. Negotiators have been scrambling to create a revised version of the pact, but privacy concerns have continued to plague the talks.
Schakowsky suggested during a November hearing that her bill could help the U.S. reestablish credibility across the Atlantic.
“My bill would enhance data security standards here at home, and it would probably have the added benefit of making the EU more confident in U.S. privacy and data security standards,” she said.