Legislators explore need for national data security standard

Laura Pedulli | | Health Exec | Cybersecurity

 

Congressional leaders convened on Jan. 27 for an initial discussion exploring the need for federal data breach legislation.

The Energy & Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade hearing follows a call from the Obama administration to create a national data security standard across all industries.

During the session, legislators and stakeholders examined what elements should be included in data breach legislation and noted the importance of a federal standard. A single requirement across the states would give companies some confidence that their methods are sound in handling electronic data, an inherently interstate activity. Moreover, it would put all companies on notice that if you fail to keep up with other companies and if you aren’t learning from other breaches, you will be subject to federal enforcement,” said Rep. Michael Burgess, MD (R-TX).

In his testimony, Brian Dodge of Retail Industry Leaders Association (RILA) said retailers struggle complying with a complex system of duplicative and sometimes conflicting state laws.

“RILA supports federal data breach notification legislation that is practical, proportional and sets a single national standard that replaces the often incongruous and confusing patchwork of state laws in place today. A single, clear, preemptive federal standard will help ensure that customers receive timely and accurate information following a breach,” he told the committee.

Elizabeth Hyman, executive vice president of Public Policy for Tech America, added that the increasingly mobile and decentralized nature of the U.S. economy and data underscores the need for one comprehensive law.

“This patchwork of state data breach notification laws creates significant compliance costs since no two state data breach laws are exactly the same,” said Hyman in her testimony. “Any federal data breach notification law must preempt state laws and requirements. Without strong preemption language, the entire basis for enacting a federal data breach notification standard disappears.”

Representing consumers, Jennifer Glasgow, chief privacy officer at Acxiom Corporation, added in her testimony a breach standard would make notice procedures in the event of a breach clearer.

“No committee is more aware than this one about how central the online economy is to our future. A data breach bill is the first step to securing that future,” said Chairman Fred Upton (R-MI) in his closing remarks.

Laura Pedulli

Related Content

Healthcare hacker sentenced to 10 years in prison
Ransomware group deploys ticking clock to threaten Georgia hospital
Hackers were inside an Iowa hospital’s network for two weeks
Microsoft: Ransomware hit nearly 400 healthcare entities this year—a 300% rise since 2015
Feds make it official: Change data breach was the largest in healthcare history, impacting 100M
CMS contractor takes $1.2M loss after data breach, DOJ lawsuit

Around the web

Cardiovascular Business
Q&A: MedAxiom CEO explores key trends in cardiologist, cardiovascular surgeon compensation

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

Cardiovascular Business
Payment cuts and beyond: Key takeaways for cardiologists from the 2025 Medicare Physician Fee Schedule

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

AI in Healthcare
A modest proposal to rally AI regulators around a simple game plan

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”