News & Resources

Publications & Media

“Republican majority may mean the passage of privacy legislation”

Safe and Sound By Margaret Utterback

After the results were in for the much-anticipated election on Nov. 4, we learned that Republicans gained majority control over the U.S. Senate and maintained their majority control in the U.S. House of Representatives. This shift in party control could spell the end to the gridlock that Congress has been recently experiencing for various types of proposed legislation.

Among the stalled legislation that could see some movement are the proposed laws around data security and cyber threat information-sharing, as Law360 recently reported.

Historically, Republicans and Democrats have disagreed over exactly what this type of legislation should entail. While Democrats’ focus was on expanding safeguards to protect consumer privacy, Republicans aimed for clarification on businesses responsibilities within the 47 state breach notification laws already in place. The end results of the head-to-head was long-stalled, but necessary legislation that never saw the light of day.

With this potential new harmony among the two chambers, Republicans’ previous efforts to pass data breach notifications and security legislation may see a rebirth. It’s likely that the two parties will have to meet somewhere in the middle—taking into consideration what’s in the best interest of both businesses and consumers. A more successful bill would likely be one that improves privacy protections overall without imposing too many stringent – or expensive – requirements on companies.

Companies may see a higher threshold for costly data breach notifications, for example, pre-empting state laws that currently impose costly notification requirements, regardless of the nature of the breach. Data security legislation may also get tamed, a bit. A more passable bill may provide guidance on best security practices but stop short of imposing broad penalties or obligations.

Many experts also believe Republicans will apply a similar type of flexibility to cyber threat information-sharing regulation, which has also been delayed over the potentially costly and stringent requirements proposed by Democrats.

While what exactly will happen to data security and cyber threat information-sharing legislation is entirely speculative at this point, we can say with confidence that something is much more likely to pass, thanks to the recent election and new alignment within the Congress.

Resources