February 9, 2015
Last Thursday morning, just as news was emerging that a security breach of health insurer Anthem Inc.’s network may have exposed the personal data (including many Social Security numbers) of up to 80 million customers, a U.S. Senate subcommittee held the first hearing on data breach notification since President Obama made it part of a sweeping cybersecurity initiative he announced in January . Noting Anthem, subcommittee ranking member Richard Blumenthal (D-Conn.), whose state relies heavily on the insurance industry, called the breach “absolutely breathtaking” in scope, “mind-bending” in impact and “potentially heart breaking for consumers affected.” It was an immediate reminder, he said, of the importance of the hearing.
The hearing focused on a potential national data-breach notification law and data-security standard supplanting a patchwork of state laws on the subject. According to Sen. Jerry Moran (R-Kan.), chairman of the Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security, the president’s desire to have a national standard to replace state laws on the matter is sound.
“The need for federal action becomes clearer each day,” said Sen. Moran. “Last month, President Obama voiced his support for national data breach notification legislation with strong preemptive language in part because he recognizes the benefits to American consumers and businesses of a predictable, uniform data breach notice. The President’s support, along with bipartisan and bicameral congressional interest, has renewed optimism among stakeholders that Congress can develop balanced and thoughtful legislation in the near term.”