In the Senate, Sen. Bill Nelson (D-FL) has introduced his own breach notification bill (S. 177) that would require companies, under most circumstances, to notify consumers of data breaches within 30 days. It also would direct the Federal Trade Commission (FTC) to develop security standards to help businesses protect consumers’ personal and financial data. Additionally, the legislation would provide incentives to businesses who adopt new technologies to make consumer data unusable or unreadable if stolen during a breach. Sen. Nelson’s bill is very similar to the proposal put forward by the White House.
Whether or not Congress can ultimately pass such legislation still remains uncertain; however, it is possible that breach notification legislation could provide a starting point for a renewed sense of bi-partisan effort that President Obama called for in his address. On the other hand, differences are starting to emerge with respect to liability protections for the sharing of cyber threat information, which could again stall the momentum of any comprehensive cybersecurity legislation.