On October 10, 2018, the Senate Committee on Commerce, Science, and Transportation held a second hearing on data privacy, inviting experts and advocates to discuss a federal privacy law.
As with the previous hearing on data privacy, the discussion focused on two major issues:
-
Potential components of a federal privacy bill. In particular, the matter of data breach notifications, pre-emption of state law, and the scope of consumer rights.
-
Enforcement authority under a new federal privacy regime.
General agreement was reached on the main components to be included in a new federal privacy law. The witnesses expressed the need for stronger data breach requirements.
It was noted that the European Union’s General Data Protection Regulation (GDPR) requires companies to retain data only as long as it is needed – a requirement that could result in less data being at risk in the event of a breach.
It was also noted that under the current US regime companies have strong financial motivations to retain data for as long as possible. Therefore, clear rules and effective enforcement are vital, in order to limit the amount of data that can be compromised.