Published: April 2015

Federal data breach law would preempt stronger state laws

A federal data breach law seeks to simplify compliance for businesses, but consumer advocates argue the move would weaken protections for consumers in states with higher standards.

The Data Security and Breach Notification Act of 2015 (H.R. 1770) would be the first federal law requiring businesses to notify consumers of any hacking threats that may compromise their personal data. The federal law would preempt all state data breach laws and replace them with one national standard.

Privacy advocates worry the bill undercuts stronger state laws and eliminate some of the FCC's authority to require data security, which could allow for  potentially sensitive personal information, like sexual preferences, to be revealed.

The goal of the bill is to make compliance requirements easier for U.S. companies, however 38 states that have existing data breach laws argue their privacy standards provide consumers with stronger protections. The federal law, as it stands, has a long way to go before it becomes the better option in protecting consumers’ data.

Other Organizations

Center for Democracy & Technology | Center for Digital Democracy | Consumer Action | Consumer Federation of America Consumer Watchdog | Consumers Union | Electronic Frontier Foundation | National Consumers League | New America’s Open Technology Institute Privacy Rights Clearinghouse | Public Knowledge | U.S. PIRG

More Information

Click here to read the coalition letter to the Committee on Energy and Security.

Download PDF

No Download Available