Tweet Cybersecurity

Pushing Data Breach Legislation over the Top

Data security and breach-notification legislation, badly needed for the good of the digital economy and long sought by stakeholders of all stripes, has nonetheless proven to be a Sisyphean task in Congress. Lawmakers first took up the issue six years ago, during the 109th Congress, but to no avail. In the 111th Congress, there was enough momentum for the House to pass a bill, but not the Senate. And now, in the 112th Congress, we again have fundamentally sound data security and breach-notification bills on the table in both chambers.

Will this be the year Congress finally pushes this boulder over the top of the hill, as Sisyphus himself never could? I certainly hope so.

This week, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade reported to the full committee Chairman Mary Bono Mack’s SAFE Data Act (H.R. 2577), a solid legislative framework that would require organizations holding sensitive personal information to implement reasonable security procedures, create market incentives to adopt strong security measures, and ensure consumers are notified when a breach puts them at risk of identity theft, fraud or other unlawful activity. By creating a uniform, national framework to replace the state patchwork we have today, it also would streamline compliance burdens. The net effect would be good for businesses and consumers alike.

There is reason to hope the full House Energy and Commerce Committee will adopt the SAFE Data Act in the next couple of weeks prior to the coming summer recess. In the Senate, meanwhile, the Pryor-Rockefeller Data Security and Breach Notification Act of 2011 (S. 1207) — which is nearly identical to the House SAFE Data Act — may have similar momentum in the Commerce Committee. Likewise, Sen. Patrick Leahy (D-Vt.), along with Sens. Charles Schumer (D-N.Y.) and Ben Cardin (D-Md.), has added energy to the debate by renewing the push in the Judiciary Committee for privacy and data security legislation.

Clearly, forces are aligned in the right direction. As I have said before on this blog and in testimony to lawmakers, the time is now. We just cannot afford, like Sisyphus, to keep starting over from the bottom of the hill in each new Congress.

Robert Holleyman

Author:

As President and CEO of BSA | The Software Alliance from 1990 until April 2013, Robert Holleyman long served as the chief advocate for the global software industry. Before leaving BSA to start his own venture, Cloud4Growth, Holleyman led the most successful anti-piracy program in the history of any industry, driving down software piracy rates in markets around the world.

Named one of the 50 most influential people in the intellectual property world, he was instrumental in putting into place the global policy framework that today protects software under copyright law. A widely respected champion for open markets, Holleyman also was appointed by President Barack Obama to serve on the President’s Advisory Committee for Trade Policy and Negotiations, the principal advisory committee for the US government on trade matters.

Holleyman was a leader in industry efforts to establish the legal framework necessary for cloud-computing technologies to flourish. He was an early proponent for policies that promote deployment of security technologies to build public trust and confidence in cyberspace. And he created a highly regarded series of forums for industry executives and policymakers to exchange points of view and forge agreements on the best ways to spur technology advances and promote economic growth.

Before heading BSA, Holleyman was a counselor and legislative adviser in the United States Senate, an attorney in private practice, and a judicial clerk in US District Court. He holds a bachelor’s degree from Trinity University in San Antonio, Texas, a J.D. from Louisiana State University, and has completed the Stanford Executive Program at the Stanford Graduate School of Business.

Leave a Reply

Your email address will not be published. Required fields are marked *