Rep. David Cicilline (D-R.I.) introduced a data breach bill, the House version of a Senate bill introduced by Sen. Patrick Leahy (D-Vt.) earlier this year.
Although data breaches have become commonplace, i.e., Target, Anthem, Home Depot, Michaels, Neiman Marcus and others, Congress has struggled to agree on new legislation that would protect consumers.
The Consumer Privacy Protection Act (the same name of the Leahy bill) would require companies to inform consumers within 30 days of a data breach and to take steps to make sure personal data is secure. Personal information protected in the bill includes social security numbers, usernames, passwords, biometric data, geolocation, health information and private photos.
Unlike some of the other data breach bills floating around Congress, Cicilline’s bill would not pre-empt state laws, a real sticking point with lawmakers that has stalled other legislation.
The bill has 11 Democratic co-sponsors. Because it doesn’t weaken state data security and privacy laws, the bill has picked up support from a number of consumer and public interest groups including Public Knowledge, Consumer Action, Consumer Watchdog, and the Consumer Federation of America.