FTC Requests Clarification in Data Security Draft Bill
The recently proposed Data Security and Breach Notification Act of 2015 was designed to create a standard for the way companies protect personal information and notify consumers of data breaches. The draft bill has strong support across most areas of the government, but the Federal Trade Commission says there needs to be more clarification on the meaning of “personal information.”
“The definition of personal information does not protect some of the information, which is currently protected under state law,” said Jessica Rich, Director of the Bureau of Consumer Protection for the FTC. “The bill should address the entire data ecosystem, including Internet-enabled devices.”
Another concern with the current start of the bill is that it does not provide for the protection of consumers’ health information. House subcommittee Chair Michael Burgess suggested Congress continue with the draft legislation because health information is already covered under HIPAA. He argued that, “taking on health care privacy and data in this bill would delay the consumer benefits that we can provide under this draft.”
The data breaches in America over the last year and a half have certainly sparked a need for a cohesive system for reporting breaches and protecting personal information, and the draft bill may have the potential to provide this. Without proper clarification though, the FTC and the Federal Communications Commission both agree the bill will fail to provide true data security.
Several Republican lawmakers released a joint statement in opposition of the bill, saying,”“We have numerous concerns about the weakening of consumer protections overall, as well as the dilution of protections for customers of telecommunications and cable services.”
Members of the Commerce, Manufacturing and Trade Subcommittee will continue to work on the drafted bill with the hopes of addressing the new concerns brought to the their attention.