Rep. Luetkemeyer (R-MO) and Rep. Maloney (D-NY) circulated a draft bill, the “Data Acquisition and Technology Accountability and Security Act,” that would set federal requirements for companies collecting personal data and require prompt breach notification. The Federal Trade Commission, which has often failed to pursue important data breach cases, and state Attorneys General would both be responsible for enforcing the law. The law would only trigger liability if the personal data breached is “reasonably likely to result in identity theft, fraud, or economic loss” and would preempt stronger state data breach laws. Earlier this week, EPIC President Marc Rotenberg testified before the House, calling for comprehensive data privacy legislation that would preserve stronger state laws. Last fall, EPIC testified at a Senate hearing on the Equifax breach, calling it one of the worst in U.S. history.
See also Ted Knutson’s report on Forbes, No Requirement For Banks To Tell Customers Their Info Was Hacked In New Breach Notification Bill, for more negative reviews of the bill.