Multiple data breach notification bills are currently pending in both houses of Congress. H.R. 1770, the Data Security and Breach Notification Act of 2015, introduced by Representatives Marsha Blackburn (R-TN) and Peter Welch (D-VT) was reported favorably out of the U.S. House of Representatives Committee on Energy and Commerce on April 15, but has yet to reach the house floor.
Also on April 15, Senators Thomas Carper (D-DE) and Roy Blunt (R-MO) introduced S. 961, the Data Security Act of 2015, which sets a minimum data security standard and creates detailed federal breach notification requirements. On May 1, 2015, Representatives Randy Neugebauer (R-TX), Chairman of the U.S. House of Representatives’ Committee on Financial Services, and John Carney (D-DE) introduced H.R.2205, the companion bill to S. 961. Senator Mark Warner (D-VA) has announced plans to introduce data security legislation that is expected to receive backing from the retail industry. Senator Warner’s bill will be the third data breach bill to be introduced in the Senate this year. Senator Bill Nelson (D-FL) introduced the first bill in January.
On May 14, 2015, the House Committee on Financial Services (“Committee”) held a hearing entitled “Protecting Consumers: Financial Data Security in the Age of Computer Hackers.” The panel featured representatives from the financial services, retail, electronic transactions, and payment security industries. Topics discussed during the hearing include potential data security and breach notification legislation, payment technology (e.g., EMV, tokenization, encryption), and industry efforts to further protect consumers’ financial information. During the hearing, representatives Neugebauer and Carney promoted bipartisan the Data Security Act of 2015.