In addition to holding oversight hearings into the recent Office of Personnel Management (OPM) data breaches, of which there will certainly be more to come, lawmakers are also proposing legislative responses.
Last week legislation was introduced in the House and Senate to provide stronger protections for the millions of Americans affected by the OPM data breaches.
Congresswoman Eleanor Holmes Norton (D-DC), a senior member of the House Oversight and Government Reform Committee, and Senator Ben Cardin (D-MD) led their respective chambers in sponsoring the RECOVER Act (Reducing the Effects of the Cyberattack on OPM Victims Emergency Response Act of 2015; H.R. 3029, S. 1746).
The legislation would provide free lifetime identity theft protection to those affected by the OPM data breaches and includes identity theft insurance covering losses up to $5 million.
“OPM’s proposed protection would not protect workers and retirees if hackers waited a couple of years in the future before exploiting the stolen identities. The scope of the breach is bad enough; our lifetime protection would at least ease some of the anguish,” Congresswoman Norton said upon introduction of the legislation.
“Private-sector cyberhacks and cyberattacks have become too commonplace, but when the federal government’s own computer system shows its vulnerabilities to the world, we have a responsibility to protect the people who have been put at risk,” said Senator Cardin.
The House bill is cosponsored by House Oversight and Government Reform Committee Ranking Member Elijah Cummings (D-MD), and Reps. Gerry Connolly (D-VA), Chris Van Hollen (D-MD), Donna Edwards (D-MD), Dutch Ruppersberger (D-MD), and Don Beyer (D-VA). The Senate bill is cosponsored by Sens. Barbara Mikulski (D-MD), Tim Kaine (D-VA), and Mark Warner (D-VA).
Many federal employee groups have already endorsed the legislation.
The legislators representing the DC-metro area aren’t the only lawmakers offering bills in response to the OPM hack.
Reps. Matt Cartwright (D-PA), Richard Hanna (R-NY), and Cummings (D-MD) introduced the bipartisan ANTI Virus (A Necessary and Targeted Impediment to Viruses) Act (H.R. 3000). The legislation requires agencies that lose that control over personally identifiable information of their employees to provide victims with personal licenses for one year’s worth of antivirus software to help protect them from subsequent attacks that might occur at home, such as a spear phishing attack.
Other lawmakers are going beyond the OPM breach and have offered legislation to protect consumer data from breaches.
Rep. David Cicilline (D-RI) recently introduced the Consumer Privacy Protection Act of 2015 (H.R. 2977). The bill would require companies that store personal information of more than 10,000 customers to take certain steps to protect that information, and to notify customers and federal law enforcement if a breach occurred, among other provisions.
“Today, consumers are providing more personal information than ever before to major companies. Consumers expect that this information will be kept secure, and Congress has a responsibility to ensure that the corporations holding this data take measures to protect it,” said Rep. Cicilline.
The broader conversations taking place within Congress about cybersecurity and information-sharing between the public and private sectors are likely to continue this session, finally receiving attention this congressional session the issues have long been denied.