The Data Security and Breach Notification Act has passed The House Energy and Commerce Committee by a vote of 29-22, reports The Hill.
The cybersecurity bill would require companies gathering personal data to alert their customers of any data breach within 30 days, however a number of concerns are already being raised about the bill.
The main issue, according to Fortune, is that counter-intuitively the country-wide bill might supersede stronger legislation already active in specific states.
"Fifty-one states or territories have some sort of data protection legislation on the books -- 38 would see the data protection breach notification diminished in some way because this is a preemption law," Rep. Jan Schakowsky (D-Ill.) said.
Laura Moy, senior policy counsel at New America's Open Technology Institute went a step further, explaining that the security measures suggested by the bill could end up weakening states' existing responses. "This bill would remove core protections and eliminate some of the FCC's authority to require data security, as it relates to things like order histories for cable or satellite video on demand services -- which can reveal potentially sensitive personal information, like sexual preferences," she told The Washington Post.
Consumer advocates have also expressed concern with the language of the bill, which allows businesses exemption from disclosure if they believe "there is no reasonable risk of identity theft, economic loss, economic harm, or financial fraud." Fortune points out that as many companies get hacked with minimal impact to their bottom line, this could be used as the basis for unilaterally deciding against disclosure.
However, Rep. Marsha Blackburn, one of the co-sponsors of the bill, said in a written statement to the Washington Post, "Every American deserves to have their personal information protected, but right now only 12 states have data security requirements."
"We want to provide strong protections to everyone, and we go even further than most of the states that do have security laws."
Rep. Peter Welch - Blackburn's co-sponsor - added, "I am usually, almost uniformly opposed to preemption -- but this is an instance where unless you have a national standard you won't have protection."