dataprotectionlaw&policy FEATURED ARTICLE 0/06 cecile park publishing Head Office UK Cecile Park Publishing Limited, 17 The Timber Yard, Drysdale Street, London N1 6ND tel +44 (0)20 7012 1380 fax +44 (0)20 7729 6093 info@e-comlaw.com www.e-comlaw.com
UNITED STATES US update: federal data security legislation Despite some 91 million Americans Congress will likely conclude its be incorporated into any final two-year session without passage legislation. being exposed to data security of federal data security legislation. Time is running out for passage. breaches since 2005 and US states The result is surprising, given that Upon returning from its August continuing to pass their own laws, an eruption of high-profile security recess, Congress has a short Congress is likely to conclude its breaches led to congressional schedule in September, because it hearings, the introduction of must break early this year for the two-year session without passage various proposals by senior political campaigning required of a federal data security law. Emilio lawmakers and their approval by prior to the November elections. W. Cividanes, a partner in the congressional committees, and Even if Congress were to return Washington DC office of Venable overall bipartisan, bicameral after the elections for a “lame LLP , examines the latest interest in addressing the threat of duck” session, time is very short for identity theft that is perceived to be a seven-way compromise to be developments and the issues associated with such breaches. worked out among all of the affecting the passage of legislation. House and Senate panels. Turf battles Very few observers would have No factor has contributed to this predicted this scenario a year ago. surprising outcome more than the By last summer, Congress had jurisdictional turf battles among reacted relatively swiftly to the well congressional committees. Seven publicized rash of security different committees – three in the breaches by, in a matter of months, Senate and four in the House – holding multiple hearings, have drafted their versions of introducing legislation, and even federal data security legislation that securing approval of a version of would establish a national standard the legislation by the Senate for safeguarding sensitive Commerce Committee. consumer data, and set uniform standards for notifying consumers Recent developments when a breach of security has During the past year, there have compromised their data. Six of been more reports of security them have approved and cleared breaches, bringing to 91 million their proposals for a vote by the the total number of records of full House or Senate. Americans exposed due to data Some of the rivalry among panels security breaches since 2005. has been public. For example, the Earlier this summer, the U.S. House Energy and Commerce and Department of Veterans Affairs the Financial Services committees reported that a laptop containing each sought jurisdiction of the the social security numbers of 26.5 other’s bill, and proceeded to mark million veterans had been stolen in up the other’s bill by striking it and a burglary. The fallout from this replacing it with the panel’s own incident, affecting a very powerful language. Republican leaders so far sector in American politics, was have failed in their bid to get the expected to renew congressional two committees to work out their interest in passage of differences. comprehensive federal data Even if the House Energy and security legislation. Instead, the Commerce and the Financial Federal Bureau of Investigation Services committees were to apprehended the thieves who stole resolve their differences, there are the laptop, forensic analysis other panels with claims to parts of satisfied government officials that the legislation. For example, the the data in the laptop had not been House Veterans Affairs and compromised, and another Judiciary committees have passed congressional committee drafted legislation that would likely need to and approved data security 10 data protection law & policy august 2006
UNITED STATES legislation, this time targeting the For many in drafted or endorsed by privacy industry, no rights of veterans. advocates. Industry is temporarily federal More than a dozen additional willing to learn to adapt to the legislation is states have passed security-breach patchwork of state laws while it also notification laws, bringing the total waits for a more favorable climate preferable to a bill drafted number of states to 34. The for passage of federal legislation. or endorsed majority of the remaining 16 states Which is one reason why by privacy are expected to pass similar laws in lobbying efforts continue on data advocates 2007. security legislation, despite Enforcement actions and private repeated predictions by pundits law suits continue. The Federal that no legislation will get passed Trade Commission, for example, by Congress this year. First, secured $15 million from wherever efforts end this year are ChoicePoint in connection with its likely to mark the starting points security breach that exposed on the “playing field” for next 145,000 consumers to criminals. It year’s lobbying push. Not willing to was ChoicePoint’s February 2005 lose hard-fought concessions they announcement of its security have gained during the past year, breach that first drew national the sides continue to do battle. attention to the issue of consumer Second, there’s the possibility that data security and sparked something, for example, a security legislative action in both the incident of a severe magnitude, will Congress and the states. propel Congress to act this year The Information Policy Institute after all. All sides wish to be well issued a study that found that the poised in the event that this was to incidence of identity theft was happen. declining due, at least in part, to Third, if the Democrats reclaim industry’s greater investments in control of the House or Senate, then fraud detection and information most observers expect that the security. The study also warned climate for passage of industry- against legislation that result in friendly federal legislation will likely “over notification” of consumers, get worse, not better. Thus, industry which risks anesthetizing must keep its options open for a consumers and thereby having possible lobbying push later this them fail to direct efforts to year in a post-election “lame duck” incidences where vigilance and session of the Congress. monitoring are crucial. Privacy advocates are pleased with Conclusion the stalemate in Congress. As one Whatever year federal data security leading consumer spokesman legislation gets passed, and recently stated:“The states have whatever shape it takes, these solved the problem and we have dynamics confirm one of the constructive compliance with the enduring realities of legislative strongest state laws.” Since the type politics in the United States that of federal legislation that industry is affects all privacy proposals: it is far supporting would preempt state easier to pass state laws than to laws and establish a uniform block their enactment, and it is far national standard that they perceive easier to block the passage of as being weaker than the standards federal legislative proposals than it most states have enacted, for is to get them enacted. privacy advocates, no bill is better Emilio W. Cividanes Partner than an industry-friendly bill. Venable LLP For many in industry, no federal ecividanes@venable.com legislation is also preferable to a bill 11 data protection law & policy august 2006
Recommend
More recommend
