Legislative Activity

House Discusses Potential Data Breach Legislation

Last week during the House Energy and Commerce Subcommittee hearing, Subcommittee Chairman Michael Burgess (R-TX) hinted about his plans to develop legislation addressing federal standards on data security and breach notification.  While the Subcommittee Chairman did not explicitly state a timeline for this legislation, it is expected that the House will begin soliciting stakeholders and industry partner’s comments before drafting legislation.  This same sentiment was echoed by House Homeland Security Committee Chairman, Michael McCaul (R-TX), who also noted that despite previous challenges he believes bipartisan legislation is an achievable goal.

Senate Examines Information Sharing

Senate Homeland Security and Government Affairs Chairman, Ron Johnson (R-WI) has already begun efforts in developing a strategy for information sharing and data breach legislation.  He has shared that his next steps will be to examine the White House’s  advanced information-sharing proposal  reported to be released on February 13, 2015, and then determine whether his Committee or the Senate Intelligence Committee has jurisdiction.  The Chairman has said he will work with other committees in the Senate with jurisdiction over information sharing and both he and Ranking Member Tom Carper (D-DE) expressed their strong interest in introducing and moving strong legislation enabling better sharing of cyber threat information in the coming months.

Upcoming Hearings:

  • Wednesday, February 4: The Senate Commerce, Science and Transportation Committee will host a hearing titled “Building a More Secure Cyber Future: Examining Private Sector Experience with the NIST Framework.”
  • Thursday, February 5: The Senate Commerce, Science and Transportation Subcommittee on Consumer Protection, Product Safety and Insurance will host a hearing titled “Getting it Right on Data Breach on Notification Legislation in the 114th Congress.”
  • Thursday, February 12: The House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies will host a hearing titled “Emerging Threats and Technologies to Protect the Homeland.”

Regulatory Activity

White House Prepares Online Privacy Bill

The White House is slated to send a comprehensive online privacy proposal/bill to Congress within the coming weeks.  The draft proposal would restrict how large technology companies like Google and Facebook handle consumer data, while also expanding the power of the Federal Trade Commission (FTC) – both ideas likely to stir opposition in Congress.  In addition, the draft proposal/bill would allow the FTC to have greater enforcement authority, thus allowing them the ability to fine companies for online privacy missteps – potentially up to $16,500 per violation per day for breaking the law.  Furthermore, the proposal also addresses big data, where the White House proposes that a separate entity monitor companies that amass and sell consumer information in coordination with the FTC; however the specifics are still unclear.

DHS Will Focus on Community Outreach

In the coming weeks, the Department of Homeland Security (DHS) is set to release the locations and dates for their national “roadshow” aimed at assisting smaller businesses to confront cybersecurity challenges.  The “roadshow” is part of a more aggressive campaign the DHS is engaging in to assist the private sector in cyberspace and part of the planned activities for the 2015 “C-Cubed Voluntary Program” as an additional effort to promote the framework.