07/21/2011 07:14 pm ET | Updated Sep 20, 2011

Pushing Data Breach Legislation over the Top

Data security and breach-notification legislation, badly needed for the good of the digital economy and long sought by stakeholders of all stripes, has nonetheless proven to be a Sisyphean task in Congress. Lawmakers first took up the issue six years ago, during the 109th Congress, but to no avail. In the 111th Congress, there was enough momentum for the House to pass a bill, but not the Senate. And now, in the 112th Congress, we again have fundamentally sound data security and breach-notification bills on the table in both chambers.

Will this be the year Congress finally pushes this boulder over the top of the hill, as Sisyphus himself never could? I certainly hope so.

This week, the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade reported to the full committee Chairman Mary Bono Mack's SAFE Data Act (H.R. 2577), a solid legislative framework that would require organizations holding sensitive personal information to implement reasonable security procedures, create market incentives to adopt strong security measures, and ensure consumers are notified when a breach puts them at risk of identity theft, fraud or other unlawful activity. By creating a uniform, national framework to replace the state patchwork we have today, it also would streamline compliance burdens. The net effect would be good for businesses and consumers alike.

There is reason to hope the full House Energy and Commerce Committee will adopt the SAFE Data Act in the next couple of weeks prior to the coming summer recess. In the Senate, meanwhile, the Pryor-Rockefeller Data Security and Breach Notification Act of 2011 (S. 1207) -- which is nearly identical to the House SAFE Data Act -- may have similar momentum in the Commerce Committee. Likewise, Sen. Patrick Leahy (D-Vt.), along with Sens. Charles Schumer (D-N.Y.) and Ben Cardin (D-Md.), has added energy to the debate by renewing the push in the Judiciary Committee for privacy and data security legislation.

Clearly, forces are aligned in the right direction. As I have said before on this blog and in testimony to lawmakers, the time is now. We just cannot afford, like Sisyphus, to keep starting over from the bottom of the hill in each new Congress.

This post was also featured on the Business Software Alliance's blog, BSA TechPost. The Business Software Alliance is a trade group that represents software makers against copyright infringement.