The Senate Commerce Committee is circulating a new draft of the "Data Security and Breach Notification Act" (S. 1207). Accomodating two of the biggest concerns MRA raised with the Committee and member Senators, the new draft deletes the special regulations for data brokers (which could have badly impacted sampling companies) and the unfettered ability of the Federal Trade Commission (FTC) to radically expand the definition of personally identifiable information. As MRA explained in lobbying for successful amendments to the House Subcommittee markup of the SAFE Data Act (H.R. 2577), the FTC would most certainly expand that definition to common research data if given the power to do so.

Other improvements include express exempttions for entities subject to data security requirements under the Gramm-Leach-Bliley Act, HIPAA, HITECH, or the Communications Act, and restrictions on the tools for state attorneys general when enforcing the law.

MRA will continue to make the case on behalf of the survey and opinion research profession in the Senate on data security legislation, but these new changes paint a much happier picture for our prospects. A more detailed analysis of this draft will be posted for MRA members soon as we redo our cross-comparisons.