Members of the U.S. House Energy and Commerce Committee introduced a package of bills Thursday evening aimed at identity theft, pretexting, data security and breach notifications.
Included in the four pieces of legislation is Rep. Mary Bono’s (D-Calif.) Securely Protect Yourself Against Cyber Trespass Act (SPY Act), which has twice passed the House and twice failed to interest the U.S. Senate. The bill calls for consumer notification of any software downloaded to a computer.
Commerce Committee Chairman John Dingell (D-Mich.) and Rep. Joe Barton (R-Texas), the former chairman of the committee, also introduced the Prevention of Fraudulent Access to Phone Records Act, which would impose restrictions on telephone carriers’ use of confidential consumer information and increase penalties for pretexting.
The two other bills in the package include legislation by Rep. Ed Markey (D-Mass.) to limit the sale and purchase of Social Security numbers and a bill sponsored by Reps. Bobby Rush (D-Ill.) and Cliff Stearns (R-Fla.) to require notification to consumers of data breaches.
“Data breaches continue at a rapid pace and constitute a major threat to consumers,” said Rush. “We must pass comprehensive data security legislation this year.”
Data breach notification bills in both the House and Senate failed in the 109th Congress largely because of jurisdictional disputes between various committees. Lawmakers also struggled with the trigger mechanisms for breach notification. Some favored notification when a “significant” risk of potential identity theft exists while others supported a “reasonable” risk standard.
Still other disputes over notification emerged over whether companies encrypting data would be exempt from disclosure laws.
“We will work cooperatively with other committees to resolve jurisdictional issues and with stakeholders to resolve policy issues,” Dingell said. “The American public is owed no less than the full measure of our combined best efforts. These bills address serious problems that are not going away and only worsen while the Congress dithers.”
According to Dingell, the four bills will be considered individually and “expeditiously” moved to the House floor for full votes.
Dingell said the legislation was timed to promote National Consumer Protection Week, which began Feb. 4 and concludes Feb. 10.
“National Consumer Protection Week is a fitting time to make a serious down payment on resolving the scourge of identity theft and related abuse,” Dingell said in a statement.
The bills represent the first tech-related bills to be introduced by members of the House committee. Democrats in the Senate have already introduced many similar measures. Nevertheless, the bills — in both chambers — are likely to run into opposition from data brokers, telephone carriers and even other lawmakers.
Congress, for instance, has already passed legislation and President Bush signed into law last year the Telephone Records and Privacy Protection Act targeting pretexters and the Internet sites that sell the telephone records. Dingell and Barton’s new bill aims at carriers’ protection procedures against pretexting, a measure opposed by the carriers.
Federal Communications Commission Chairman Kevin Martin said he plans to attack the problem through the agency’s existing regulatory authority over telephone carriers.