Year Ends Without Much Progress on Data Security or Privacy Legislation
While three data security bills passed the Senate Judiciary Committee in September, an attempt to move a data security bill in the Commerce Committee faltered this fall, as Sen. Rockefeller was unable to resolve differences between Democrats and Republicans on his Committee. In the House, following a very contentious markup of data security legislation in July, Rep. Bono Mack’s Secure and Fortify Electronic (SAFE) Data Act has not been able to proceed to full Committee markup, and the outlook is foggy for 2012.
Among the key issues clouding the prospects for passage of data security legislation are various proposals for private rights of actions, extensive requirements for securing data, and triggers for data breach notification.
As far as general privacy legislation, there was considerably less action in Congress this year than for data security, and apparently nominal interest. Two hearings were held in the House, in the Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade. Indicative of the waning interest in the matter, the Senate took no action on the issue for much of 2011, nor were highly anticipated privacy reports set to be issued by the Department of Commerce and FTC released by year’s end. The Administration seems committed to a self-regulatory approach, with the US Deputy Chief Technology Officer saying in a speech to the Chamber of Commerce, “the traditional rule-making process lacks flexibility and agility in the Internet environment.”