A coalition of business groups is urging House lawmakers not to drop an amendment to their data security bill that would require third-party vendors to inform affected consumers when they experience a breach.
Deleting this requirement from the legislation would unfairly push the responsibility for notification onto businesses that work with breached vendors, even if their own systems were not compromised, the groups wrote in a letter to lawmakers on Monday.
{mosads}The letter, obtained by The Hill, stated that lawmakers plan to bring up an altered version of the legislation that does not contain the amendment during a full committee markup on Tuesday and Wednesday.
Businesses called the amendment a “very significant step forward” for the bill. It was authored by Rep. Joe Pompeo (R-Kan.) and passed by voice vote during a March 25 subcommittee markup.
“In our view, it is inappropriate to remove from the base text for the full Committee markup language that was approved by voice vote at the subcommittee markup. That is a counterproductive and unusual way for the Committee to proceed,” the groups wrote to chairman Fred Upton (R-Mich.).
“The Pompeo amendment was consistent with the testimony during the subcommittee hearings provided by multiple witnesses who strongly asserted that the breached business should bear the burden of providing notice to consumers.”
Private industry is focused on the enactment of a national data breach notification standard that would save businesses the trouble of complying with a slew of state laws. The bill headed to markup, from Reps. Marsha Blackburn (R-Tenn.) and Peter Welch (D-Vt.), seems most likely to receive backing from House leadership.
Monday’s letter was co-authored by the National Association of Convenience Stores, the National Association of Realtors, the National Grocers Association, the National Restaurant Association and the National Retail Federation.