The Federal Communications Commission and the Federal TradeCommission have voiced opposition to the data security draft bill released by the House Energy andCommerce Committee.

“The Federal Trade Commission would be granted some, but notall, elements of the consumer protection authority that the FCCpresently exercises,” Clete Johnson, FCC chief counsel forcybersecurity, said in his testimony at a Commerce, Manufacturingand Trade Subcommittee hearing on the draft of the DataSecurity and Breach Notification Act of 2015.

“If the draft bill were to become law, the FTC would not havethe authority to develop rules to protect the security of consumers' data or update requirementsas new security threats emerge and technology evolves,” Johnsonalso said on Wednesday.

Jessica Rich, director of the Bureau of Consumer Protection atthe FTC, said the agency supports the draft bill's goals toestablish broadly applicable data security standards for companiesand require them, in certain circumstances, to notify consumers ofa breach.

However, Rich said the draft bill does not provide theprotections needed to combat breaches, identity theft and otheracts that harm consumers.

“The definition of personal information does not protect some ofthe information, which is currently protected under state law,” shesaid in her prepared testimony. “The bill should address the entiredata ecosystem, including Internet-enabled devices.”

Rich also said the bill does not afford the FTC with rulemakingauthority under the Administrative Procedure Act, which she arguedwould be necessary to ensure the goals of the bill aremet.

“The scope of the breach notification trigger should be expandedto cover other substantial harm,” she said. “While the commissionunderstands the importance of targeting concrete, substantialharms, and has sought to do so in its own enforcement efforts, weare concerned the draft bill does not strike the rightbalance.”

Rep. Frank Pallone (D-N.J.), ranking member of the House Energyand Commerce Committee, and Rep. Jan Schakowsky (R-Ill.), rankingmember of the Commerce, Manufacturing and Trade Subcommittee, bothexpressed opposition to the draft.

“We are disappointed with the draft of the Data Security andBreach Notification Act released by Reps. Burgess, Blackburn andWelch,” the lawmakers said in a joint statement. “Data breaches cancreate serious harm to consumers and businesses alike, and thisbill does not provide solutions.”

The members added, “We have numerous concerns about theweakening of consumer protections overall, as well as the dilutionof protections for customers of telecommunications and cableservices. We will continue to work for legislation that providesthe strongest possible safeguards and protections for Americanconsumers.”

Pallone also said at the hearing that the draft bill has to beimproved before it moves forward.

“The draft legislation under discussion today preempts strongerstate and federal laws,” he said.

Subcommittee Chairman Michael Burgess (R-Texas) said thebipartisan negotiations are ongoing and the door of thesubcommittee remains open.

John McKechnie, partner at the Washington-based consulting firmTotal Spectrum, said establishing a national data securitystandard faces some significant legislative challenges.

“Despite a growing consensus that something needs to be done ondata security, it's beginning to look like the perfect is becomingthe enemy of the good,” he said. “A number of Democratic membersare pushing for more expansive consumer protections, and gettingeven basic agreements beyond 30-day notification seems difficult.Judging from the donnybrook at yesterday's hearing, data breachlegislation has already reached a critical point, and it's onlyMarch.”