President Obama's State of the Union address highlighted the importance of cybersecurity, data security and privacy to his 2015 agenda:
"No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids. We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information. If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe."
In addition to calling on Congress to enact legislation, the President referenced executive actions that do not require Congressional approval. Last week, the White House provided details on the executive actions. Information about the White House legislative proposals are below.
White House Legislative Proposals
President Obama sent three legislative proposals to Congress and promised that two additional proposals were on their way. These legislative proposals update the last White House call to enact legislation on cybersecurity from May 2011. Here are the five new legislative proposals:
- Updated Department of Homeland Security Cybersecurity Authority and Information Sharing (Section by Section Analysis)
- Updated Law Enforcement Provisions Related to Computer Security (Section by Section Analysis)
- Updated Data Breach Notification (Section by Section Analysis)
- Updated Consumer Privacy Bill of Rights (available within 45 days of the announcement)
- Student Digital Privacy Act (expected shortly)
Prospects for Congressional Action
The President's series of legislative proposals, in combination with highlighting data breach, cybersecurity and privacy during the State of the Union, will generate a significant amount of activity on Capitol Hill. For example, the House Energy & Commerce Committee recently announced they will hold a hearing on data breach legislation on January 27. However, during recent years, Congress has considered multiple data, cyber, and privacy bills. No major legislation been enacted into law, despite numerous hearings, countless news stories about cyber intrusions and data breaches and support from the President and some Members on both sides of the aisle.
Part of the reason for this legislative gridlock is the congressional committee system itself and the fact jurisdiction is shared among multiple committees in both the House and Senate. Depending on the primary focus of the legislation - law enforcement, consumer protection, information sharing, the financial industry, or government systems - certain bills may garner support within a specific committee while creating turf battles among other committees, which ultimately may prevent legislation from achieving broader support within the House or Senate. This fact helps explain why multiple committees have held hearings on data, cyber, and privacy issues, but no single committee in either chamber has (thus far) established itself as the primary committee of jurisdiction. Overcoming these hurdles will require the leadership of the House and Senate to play a role in coordinating consideration of these topics across committee jurisdictions.