The previously bi-partisan approach to data security has fallen victim to the increasingly rigid and high pitched partisan divide on Capitol Hill. Yesterday, the Senate Judiciary Committee passed three data security/breach notice bills, Senator Leahy's S. 1151, Senator Feinstein's S. 1408, and Senator Blumenthal's S. 1535, on a party line vote. Similar versions of Senator Leahy's Personal Data Privacy and Security Act of 2011 have been passed through the Judiciary Committee with Republican support in the past. Yesterday, Republicans decried the bills as burdensome regulations that would kill jobs.
The Senate also faces jurisdictional divide that could derail the momentum for a national data security and breach notice law. The Senate Commerce Committee postponed its markup of S. 1207 this week but intends to reschedule soon. The Rockefeller/Pryor bill similarly seeks to implement a national standard for protecting consumer data and notification of breaches. And, it is not clear how Senate leadership will sort out moving the four similar data breach bills, which are likely to become part of a comprehensive cyber security bill that Majority Leader Reid is putting together in the Senate.
The House has seen equal partisan divide over Rep. Bono Mack's data security bill -- HR 2577 -- which moved through subcommittee before the summer recess on a partisan vote, but has since stalled. Like the Senate, similar data breach legislation has passed through committee with bipartisan support in the past, but the Bono Mack bill angered Democrats for its narrower approach to consumer protection. Consultation with Democrats and other groups will be ongoing before the bill can move to a full committee vote.
Even if the partisan arguments can be resolved, the process for getting a House and Senate bill on data security/breach legislation conferenced is unclear with the different approaches that each chamber are taking toward moving cyber security legislation. The House Republican leadership is in the process of developing a strategy for cyber security legislation but intend to pass individual bills through regular order rather than a comprehensive package that could be married with the Senate's large bill. Like most issues in Congress today, there are more questions than answers. We will be closely following these developments, and will post further updates if it appears there is traction on a break-through bill.