Legislation establishing a national standard on data security was passed by the House Financial Services Committee late on March 16. But the bill faces an unclear path to passage this year because of consumer concerns voiced by Democrats about the precise rights individuals have to protect themselves when a data security breach occurs.
The insurance industry also has concerns. For example, the American Council of Life Insurers said the bill does not provide a clear, preemptive standard for life insurers with respect to investigation and notice of security breaches.
“Clarity and uniformity are vital in this area,” said Jack Dolan, a spokesman for the ACLI. “Unfortunately, the legislation may open the door to various approaches in the states to when investigations of potential data breaches need to be launched and when consumers need to be notified.
“ACLI does not think it wise for consumers in one state to enjoy protections unavailable to consumers in another state,” Dolan said. In addition, “a hodgepodge of rules throughout the country results in onerous, unnecessary and costly burdens on insurers.”
The bill passed the House panel, 48-17, after more than 24 hours of maneuvering to win support for changes in the original legislation acceptable to insurers.