WASHINGTON – Key House subcommittees this week threw their weight behind the need for action to protect consumers and the government against growing cyber threats and strategies to increase privacy.
In two subcommittee hearings in the House of Representatives on Tuesday, witnesses from both private and public corporations and federal agencies detailed the importance of cybersecurity legislation to protect Americans from harmful data breaches.
“Cybercrimes are ever increasing,” Rep. Daniel Lipinski, D-Ill., said in his opening statement at the Subcommittee on Research and Technology’s hearing Tuesday afternoon. “The threats are not only growing in number, but in the level of sophistication… Cybercrime threatens our privacy, our pocketbooks, our safety, our economy and our national security.”
With the wide-reaching impacts of cyber threats, both the White House and Congress are actively looking to enact federal legislation that could better protect the nation from cyber threats.
In 2014, there were 145 data hacks on both private businesses and the government, according to Privacy Rights Clearinghouse. Although the number of hacks has decreased over the last couple of years, the breaches of high-profile firms serving millions of consumers thrust cybersecurity issues into the spotlight. For example, both the US State Department and the White House’s Healthcare.gov suffered from data breaches last year, as well as Sony Pictures, Home Depot and Apple.
Witnesses testifying in the Commerce, Manufacturing and Trade Subcommittee hearing supported a federal law to regulate data breach legislation. Currently, 12 state laws cover data security and there are 47 different state laws that regulate cyber attack notification, according to a committee background memo.
“Compared to the current patchwork of state data breach notification laws, a single federal data breach notification standard will better protect consumers and allow companies to respond quickly and effectively following a breach. The key to any federal DBN law will be finding a single standard that maintains the strong consumer protections currently required by the states, but that does not overburden or impose inappropriate penalties on companies who should be focusing on notification and investigation in the wake of a breach,” Elizabeth Hyman, executive vice president for public advocacy at TechAmerica, a research and public policy group that often helps states and the federal government draft legislation, testifed.
Similarly, President Barack Obama recently announced plans to pursue federal legislation that would force companies to report data breaches to customers within 30 days of the breach being discovered.
A strong federal law, according to Acxiom Corporation’s Jennifer Barrett-Glasgow, would not only benefit business by simplifying data breach laws, but consumers’ information would be better protected.
“From the consumer’s perspective, a single federal standard not only increases their confidence in the safeguards protecting information businesses hold, but also makes notice procedures in the event of a breach clear,” Barrett-Glasgow, a global privacy officer, said in her testimony.
Congress was unable to pass data breach legislation in the last session when a bill stalled in the Senate over concerns of consumer security. Those matters of privacy have become the center of a debate on the value of digital privacy.
In order to for effective legislation to pass through Congress, according to Dean C. Garfield, president and CEO of the Information Technology Industry Council, a bill must address both security and consumer privacy concerns.
“Lawmakers should focus on legislation improving cybersecurity threat information sharing in a way that protects privacy and offers adequate legal liability protection for businesses,” Garfield said in his testimony at Tuesday’s Subcommittee on Research and Technology Committee on Science, Space, and Technology hearing on cyber threats.
With pressure from both Obama and recent cyber attacks on major corporations that have threatened the nation’s financial security and privacy, cybersecurity has earned an intense focus for Congress.
