The House Financial Services Committee voted 46-9 on Wednesday to approve a bill that would require companies to notify consumers and the government after data breaches of unencrypted consumer information.
The committee also adopted an amendment that would allow state attorneys general to enforce the bill and speed up the timing of required notification following a breach.
Rep. Randy Neugebauer (R-Texas), who is chairman of the Subcommittee on Financial Institutions and Consumer Credit, introduced the bill, H.R. 2205, in May. The legislation has bipartisan support among its 29 cosponsors, and it has a companion bill in the Senate, S. 961, introduced in April by Sen. Thomas Carper (D-Del.). No action has been taken on that measure, which has two cosponsors.
The legislation has drawn opposition from consumer and privacy groups such as Public Citizen and the Consumer Federation of America, who say the measure would weaken existing state protections against breaches and prevent states from developing newer, more innovative responses to cyber theft. The bill “would do consumers far more harm than good,” the two groups, along with 15 others, wrote in a letter dated Dec. 7.
Other groups, such as the American Bankers Association and the Credit Union National Association, applauded today’s committee vote, saying it will enhance consumer protections when it comes to data breaches.