American Society of Magazine Editors

Here’s the Latest: Data Breach Legislation

Issue Summary:

Recent and continuing high profile data breaches have reignited Congressional interest in data breach legislation in the 114th Congress. Both consumers and companies operating in the digital space have called on Congress to enact a federal standard that best protects consumers from the unauthorized use of sensitive, personally identifiable information, and also establishes an effective protocol for businesses to notify their customers when a breach has occurred.  In the absence of Federal legislation, 47 states have enacted their own unique data breach laws making compliance an onerous task.

Importance to Magazine Media:

MPA and our members are deeply committed to protecting consumers and their privacy interests while enriching their interaction with the brands they trust and value most.  As magazine publishers adopt new ways to connect and enhance reader experience through digital and mobile platforms, consumer data is an effective resource that allows publishers to market and tailor their products to best fit the needs of their customers.

In the area of data security and data breach, MPA supports a uniform - and workable- national standard that preempts existing state laws in order to simplify compliance and improve consumer protection overall. Such a standard should give companies adequate time, at least 30 days, to fully investigate the specifics and extent of a breach, and companies should only be required to notify consumers when there is a likelihood of material harm to the consumers. Excessive notices can be overly burdensome and can cause the consumer to ignore, or overlook pertinent information.  

State of Play:

The House Energy and Commerce Committee has approved legislation that would require businesses that collect and maintain consumers’ personal information to secure such information and to provide notice to affected individuals in the case of a breach of security involving personal information. The bipartisan effort, known as the Data Security and Breach Notification Act, passed Committee without a single Democratic vote, including the bill’s minority sponsor Rep. Peter Welch (D-VT). Negotiations are ongoing with leaders in both parties working to find a compromise on several issues, most notably involving the pre-emption of state data security laws and the level of adequacy of federal protections. Legislators and stakeholders are hopeful a compromise can be reached in order to move the legislation to the House Floor with ample support. Doing so will enhance the legislation’s chances in the Senate where Chairman John Thune of the Commerce, Science and Transportation Committee, has indicated his intention to move the bill should it receive adequate bipartisan support on the House Floor.

In January, President Obama unveiled the Administration’s proposal regarding privacy and data security. The President’s proposal includes a 30-day data breach notification law, regulatory requirements pertaining to student privacy for grades K-12 and a Consumer Privacy Bill of Rights which would give consumers the right to decide what personal information gets collected and how it gets used.