Data Breach Notification

ASIS supports federal data breach legislation that would preempt state notification laws. Despite continual congressional interest spurred by highly publicized data breaches, and despite the overarching desire to have a federal data breach notification law to replace the current patchwork of 47 state laws, Congress has yet to pass a bill.

The 114th Congress has seen some progress in the form of new bills and Committee action, but action now remains stalled by disagreements among members. In the House, the Energy and Commerce Committee approved H.R. 1770, the Data Security and Breach Notification Act, in April 2015. The measure would create standards for the way companies protect against and respond to data breaches, and would enable the Federal Trade Commission and state attorneys general to enforce those standards.

In the Senate, a half dozen different data breach bills are in play, but none have gained substantial momentum. The bills all preempt state law to varying degrees. ASIS will continue following these bills and working to support a federal law to streamline the nearly 50 different state laws on data breach notification. ​