A House Energy and Commerce subcommittee has approved a bill that would require companies to notify customers who have been affected by a data breach and require businesses that keep personal information to implement data security programs.
"It's time for Congress to take decisive action," Rep. Mary Bono Mack, (R-Calif.) said, PCWorld.com reports. "Sophisticated and carefully orchestrated cyber-attacks – designed to obtain personal information about consumers, especially when it comes to their credit cards – have become one of the fastest-growing criminal enterprises here in the United States and across the world."
The legislation would require businesses to report data breaches within 48 hours in most cases. It would also require the Federal Trade Commission to create data security rules for businesses that keep private data.
Bono, who sponsored the bill, is urging lawmakers to move forward with the legislation, although she is facing opposition from House democrats who say the bill would preempt stronger state laws that currently exist in more than 45 states.
Democrats also argue that the bill does not do enough to protect private information because it only requires companies to send notifications if a customer’s name, phone number or credit card is compromised along with a Social Security number, driver’s license number or a government ID, PCWorld.com reports.
The bill now will now go to the full House Energy and Commerce Committee.
Breach notification bills have been introduced in Congress for several years without ever reaching final passage.