Hogan Lovells Privacy and Information Management lawyer Jared Bomberg makes a novel proposal regarding federal data security and breach notification legislation in his opinion piece in The Hill. Bomberg suggests “making federal rules for data security and breach notification voluntary, opt-in standards enforceable by the FTC, instead of mandatory rules that remove all companies from the state system.”
A federal scheme that only applies to those companies that sign up would allow businesses that want to avoid the patchwork of state laws to do so in favor of following the federal regulations. Similarly, businesses that choose not to sign up for the federal standards would remain regulated by state law, allowing privacy advocates to continue to push for stronger laws at the state level. Consumers would win because the FTC’s authority would be defined and enlarged, and states would retain certain jurisdiction to continue looking for creative solutions to ever-changing data breach problems.
Prior to joining Hogan Lovells, Bomberg served as staff to the U.S. Senate Committee on Commerce, Science, and Transportation between 2007 and 2013.