Data breach bill moves forward in the House

Legislation to create a national data security and breach notification standard moved forward over objections from Democratic lawmakers. The House Energy and Commerce Subcommittee on Trade approved the bill by voice vote after a markup that saw five Democratic amendments rejected along party lines. The bill from Reps. Marsha Blackburn (R-TN) and Peter Welch (D-VT) appears headed for further changes before its markup by the full committee. The measure would require companies to maintain reasonable security practices and inform customers within 30 days if their data might have been stolen during a breach.

Violating the bill’s rules would subject companies to enforcement actions by the Federal Trade Commission (FTC). Disagreements over the bill lie in its pre-emption of state data security and breach notification standards. Several Democrats argued that the legislation, while saving companies the hassle of following separate state laws, would do away with stronger consumer protections at the state level. Massachusetts Attorney General Maura Healey has criticized the legislation, saying it would “scale back our state’s essential safeguards against cybercrime.”