Chances slim that Congress will pass federal data security legislation in election year, say Senate aide and Experian executive

28 March 2018 2:08pm
Capitol Building

27 March 2018. By Amy Miller.

An adviser to a prominent Republican senator and a public policy executive from Experian weren't hopeful that any data security legislation will be passed by Congress this year.

Legislators have been talking about a national standard for data breach notifications for years, and they’re still grappling with the same issues they always have, said Cort Bush, a data security and privacy adviser to US Senate Commerce Committee Chairman John Thune, a Republican from South Dakota.

“This is something we’ve been working on a long time, but what are we delivering to consumers? That is our guidance,” Cort said at a privacy conference* in Washington before a standing-room-only audience.* “Our primary goal is the protection of consumers and their data.”

Thune has been meeting privately with “interested parties in a manner we think is most constructive,” hoping to craft data security legislation that can move forward, Cort said.

The conversations have been productive, he said, and now the Senate is close “to having an agreement on legislation that could have a good chance of advancing.”

The chances of any data security legislation being passed by Congress during a midterm election year, however, are slim, he said.

Fellow panelist Tony Hadley, a senior vice president for public policy at Experian, agreed and predicted more delays and complications if Democrats take over after the midterm election.

"I think it would make it harder," Hadley said. 

That doesn’t mean federal data security legislation will never get passed, he said. There are some “converging events” that could still help push legislation forward, the Experian executive said. The EU’s Global Data Protection Regulation is going to normalize standards for data protection and data breach notifications at the national level, he said.

“So we may see some international balancing going on that many companies have a stake in,” Hadley said.

US states are also pushing for change, and more than a dozen data security bills have been introduced in state legislatures this year alone, he said.

“All that will combine to force some action at the federal level,” Hadley said.

“Legislative Update on Privacy and Data Security.” IAPP Global Privacy Summit. Washington, DC. March 27, 2018.

CCPA Report