The Senate Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security is considering drafting a federal data breach bill that would set federal, cross-industry standards for reporting breaches.
At a hearing on Thursday, the subcommittee heard testimonies from a number of private-sector witnesses about the importance of a uniform federal standard for dealing with data breaches. Currently, there is no federal, cross-industry standard for informing the population after a data breach.
The subcommittee heard testimonies from representatives of the National Retail Federation, Providence, R.I.-based Brown University, the Information Technology Industry Council, the American Bankers Association, Symantec Corp. and the State of Illinois. Several witnesses cited the Anthem data breach, which had been announced the night before the hearing, as a major impetus for drafting a federal data breach bill.
More than 550 million identities were exposed in 2013, with eight breaches exposing more than 10 million identities each, said Cheri F. McGuire, the vice president of global government affairs and cybersecurity policy for Symantec Corp. in her testimony. Currently, 48 states have specific data breach notification policies, but a federal standard would be easier for companies, she said.
"Legislation cannot stop breaches from happening, but smart data breach legislation can help businesses and governments respond effectively and efficiently and empower consumers with accurate and timely information," McGuire said.