On April 15, the House Energy and Commerce Committee approved the Data Security and Breach Notification Act by a 29-20 vote.  The bill, H.R. 1770: The Data Security and Breach Notification Act of 2015, was initially backed by Rep. Peter Welch (D-VT) and Rep. Marsha Blackburn (R-TN) but passed along party lines.

The legislation would require companies to maintain “reasonable security measures and practices” to protect consumer data, and to disclose breaches when there is a risk of consumer harm.  The notification would be required to take place within 30 days of when a company determines the scope of a breach and restores its systems.

Of significance is that the legislation will “expressly preempt any related State laws to ensure uniformity of this Act’s standards and the consistency of their application across jurisdictions.”  This is important because nearly every state has its own law on when consumers must be told that their data has been stolen in a cyber breach, but no single national standard exists that covers all intrusions.  Many companies believe that the individual state notification standard is unwieldy to navigate in the event of a data breach.

The Blackburn-Welch bill is one of two data breach measures that could get a floor vote as early as this week.

You can follow the Consumer Financial Services Law Monitor for continued updates on this and other news stories.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Ashley L. Taylor, Jr. Ashley L. Taylor, Jr.

Ashley is co-leader of the firm’s nationally ranked State Attorneys General practice, vice chair of the firm, and a partner in its Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He helps his clients navigate the complexities involved with multistate attorneys general investigations…

Ashley is co-leader of the firm’s nationally ranked State Attorneys General practice, vice chair of the firm, and a partner in its Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He helps his clients navigate the complexities involved with multistate attorneys general investigations and enforcement actions, federal agency actions, and accompanying litigation.

Photo of Stephen C. Piepgrass Stephen C. Piepgrass

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies,

Stephen leads the firm’s Regulatory Investigations, Strategy + Enforcement (RISE) Practice Group. He focuses his practice on enforcement actions, investigations, and litigation. Stephen primarily represents clients engaging with, or being investigated by, state attorneys general and other state or local governmental enforcement bodies, including the CFPB and FTC, as well as clients involved with litigation, with a particular focus on heavily regulated industries. He also has experience advising clients on data and privacy issues, including handling complex investigations into data incidents by state attorneys general other state and federal regulators. Additionally, Stephen provides strategic counsel to Troutman Pepper’s Strategies clients who need assistance with public policy, advocacy, and government relations strategies.