Pa. House Commerce Panel Splits 14-12 on Data Breach Bill
A data breach bill containing a private right of action split the Pennsylvania House Commerce Committee by political party at a livestreamed hearing Tuesday. The panel voted 14-12 to clear an amended HB-997, with Democrats voting yes and Republicans voting no.
Sign up for a free preview to unlock the rest of this article
The bill would require companies to take reasonable steps to secure personal data from hacking -- and compensate consumers in the event of a data breach. In addition, it would let consumers seek damages in court after suffering harm from a data breach. Under the state’s existing data breach law, only the Pennsylvania attorney general may enforce violations.
The committee adopted by voice an amendment that Chairman Scott Conklin (D) said would remove language that might conflict with an exemption for the Gramm-Leach-Bliley Act. The bill goes next to the floor.
HB-997 sponsor Rep. Jared Solomon (D) said he was inspired by a recent data breach at Wawa, the regional convenience store franchise. "The cyber criminals who are after all of our information are tenacious,” he said. “Whether as individuals, companies or as legislators, we must match them blow for blow. If our goal is to make data breaches as rare as possible, we cannot sit idly by while our citizens' private information is hacked and stolen.”
While nobody "can debate the gravity of the issue,” Minority Chair John Lawrence (R) said, he mentioned concerns with the bill’s private right of action. In addition, Lawrence sounded the alarm about bill language that "basically nullifies arbitration provisions in existing contracts between an institution and a consumer and would instead put disputes into the courts." The Republican sees that as “a dramatic and potentially unconstitutional retroactive change of existing long-standing contracts.”