Inside Cybersecurity

September 19, 2021

Daily News

Rep. Luetkemeyer says draft data-breach notification bill is ‘ready to move’

By Charlie Mitchell / May 9, 2018

Rep. Blaine Luetkemeyer (R-MO) has completed work on a draft data security and breach notification bill and is awaiting word on next steps from committee heads and the House GOP leadership, the lawmaker told Inside Cybersecurity.

“I’m ready to move the bill, and now it’s up to leadership on how to move the bill,” Luetkemeyer, who chairs the House Financial Services financial institutions and consumer credit subcommittee, said in a brief interview Tuesday after joining House GOP leaders at their weekly press conference.

“We continue to tweak the bill, but it’s basically done,” Luetkemeyer said. “I’m ready to drop it in leadership’s lap. I’ve done my job.”

Numerous industry sources didn’t respond to requests for comment, with one source saying the latest draft hasn’t been widely circulated. The retail and tech sectors, in particular, raised issues with the last draft of the bill, while the financial and communications sectors were supportive.

When it does move, sources have said the bill is likely to be marked up at the full-committee level, though no schedule has been announced.

Luetkemeyer said Financial Services Chairman Jeb Hensarling (R-TX) and Energy and Commerce Chairman Greg Walden (R-OR) have been discussing next steps, along with the House GOP leadership.

“Jeb and Greg are talking, and it’s up to leadership to keep it moving,” Luetkemeyer commented.

“It’s a priority and we’re working on it,” Hensarling told Inside Cybersecurity.

Energy and Commerce has jurisdiction over most of the business sectors that would be covered by Luetkemeyer’s bill, and it has been unclear whether that committee would move its own breach notification measure or use the Luetkemeyer proposal as the base legislation.

An Energy and Commerce source last week said digital commerce and consumer protection subcommittee Chairman Bob Latta (R-OH) has completed a series of “listening sessions” on the issue with industry stakeholders.

All 50 states now have breach-notification laws – with Alabama recently coming on board – but national business groups have targeted the patchwork of standards as costly, sometimes conflicting and often straying into other data-security issues.

Luetkemeyer has said creation of a uniform national standard, with strong security requirements, is his top priority. But some state officials, backed by their congressional allies, are fiercely opposed to federal pre-emption of what they say are stronger and more effective state laws. – Charlie Mitchell (