The 114th Congress is already shaping up to be a busy one, with the various committees of jurisdiction working on establishing aggressive legislative agendas.  While final agendas have yet to be cemented, we received a fair idea of the main issues to be addressed. 

For instance, top items for House Energy and Commerce include:

• 21st Century Cures Initiative: The committee plans to come out of the gate quickly in 2015 with a discussion draft of proposals related to the discovery, development, and delivery of treatments and cutting edge medical cures.
• Building the Architecture of Abundance: The Energy and Power Subcommittee will examine the physical and regulatory infrastructure necessary to take full advantage of our emerging energy abundance.
•  #CommActUpdate: The Communications and Technology Subcommittee has already set the stage for an update to the Communications Act - a law written in the telegraph era and last updated when Palm Pilots were at the cutting edge.
• Protecting Consumers and Commerce in the Internet Age: The Commerce, Manufacturing, and Trade Subcommittee manages the modern manifestation of the committee's historic role overseeing interstate and foreign commerce. Today, that commerce increasingly occurs in cyberspace, which is why the committee and the CMT subcommittee in particular will be focused on data security and the implications of cyber threats to American commerce.
• Patient-Centered Health Care Reform and Smart Environmental Regulation.

Senate Commerce Committee 

Meanwhile, Senate Commerce has yet to set their agenda, but Chairman Thune has already laid out a number of technology-related issues he'd like to address this Congress, including: Data Security; Internet Governance and Supporting an Open Internet; Supporting Tech Startups; Cybersecurity; and Updating the Communications Act.  

Senate HELP Committee

We met with HELP staff to discuss their agenda for the 114th.  The committee has not yet set a formal agenda, but is expected to in the coming weeks.  the HELP Committee has traditionally worked well together, but it appears that Chairman Alexander's agenda will include some issues vehemently opposed by Democrats, including weakening the Affordable Care Act and Equal Employment Opportunity Commission's (EEOC) enforcement power, and subjecting its decisions to greater public scrutiny and comment.

Staff predicts that committee comity will break down over such legislation, so the Chairman is not yet convinced that EEOC legislation, in particular, is worth pursuing, especially considering that the President will certainly veto any such legislation, and he doubts the GOP has the votes to override.

House Energy and Commerce Data Breach Hearing

On Tuesday, January 27, 2015, the Subcommittee on Commerce, Manufacturing, and
Trade convened a hearing entitled "What are the Elements of Sound Data Breach Legislation."  The hearing is likely an initial step towards potential enactment of federal data breach notification legislation.

Since the Energy and Commerce Committee first examined this issue following the data

breach of ChoicePoint ten years ago, data security and breach notification issues have been debated in this Subcommittee, other committees in both chambers, the Federal Trade Commission (FTC), and State legislatures.

Currently, there are forty-seven different State laws dealing with data breach notification and twelve state laws governing commercial data security.

This patchwork of State laws creates confusion for consumers looking for consistency and
predictability in breach notices as well as compliance issues for businesses in the midst of securing their systems after a breach.

Consumers face an environment that involves an increasing risk of financial fraud and
identity theft created by criminals with varying motivations, but a common goal-to steal
personal information for financial gain. 

Federal data breach legislation is expected to pre-empt existing state laws and establish one federal data breach notification standard. In addition, the legislation is expected to establish a federal data security standard that is technology-neutral. 

Questions to be considered included:  

What are important components of a trigger for notifying consumers after a breach? 

When should companies notify consumers after a breach? 

What factors go into that decision?

Does including a data security requirement in this bill add value for consumers and businesses navigating the current patchwork of State laws? 

What types of information lead to identity theft? Financial fraud? 

What elements of a breach notification bill are most critical to reduce the complexity associated with the existing 47 different State laws? 

What can be done to protect against customer over notification?

During the hearing, witnesses discussed federal pre-emption, harm-based triggers for notification, potential regulation of data brokers, enforcement by the Federal Trade Commission and state attorneys general, and whether to deny private rights of action. Invariably, the positions of the witnesses relfected their position in the industry and academia, with some calling for a unified standard, with others seeing not to pre-empt existing state laws.

Energy & Commerce Committee Chairman Fred Upton (R-MI) and Ranking Member Frank Pallone (D-NJ) each expressed an interest in working with the Subcommittee on data breach legislation to address this issue this year.