Indiana lawmakers push ahead on data privacy amid congressional inaction
INDIANAPOLIS (WISH) — The author of a statewide data privacy bill on Wednesday said Indiana residents can’t wait for Congress to enact federal data protections.
Sen. Liz Brown’s bill would let anyone demand a copy of the data a company is keeping on them and even order the company to delete their data and stop tracking them. Brown, a Fort Wayne Republican, said she wants consumer data to be protected while still allowing businesses to function.
“What we landed on is really workable. Everyone understands it. It’s easy for the consumer to understand, it’s easy for the AG’s (attorney general’s) office to enforce, and it’s easy for the businesses to comply with. And that’s the key,” she said.
The European Union adopted data privacy standards in 2018. The United States has yet to adopt its own. A bill in Congress to do so has sat on a House calendar since the end of last year, though a subcommittee held a hearing on it at the beginning of this month. In the meantime, California, Colorado, Connecticut, Utah and Virginia have adopted their own, state-level standards. Brown said she and lawmakers in other states have based their legislation off of Virginia’s in an effort to create a de facto national standard.
The bill has strong bipartisan support. It passed the Senate unanimously in early February. Rep. Carey Hamilton, D-Indianapolis, is one of the bill’s House sponsors. She said state governments could pressure Congress to pass a national law by enacting their own regulations.
“I think Hoosiers know that every day when they go online and make purchases, they’re giving their personal data away, and we’re all getting more and more nervous about how that data is being used,” she said. “And they should be nervous. There are thousands of points of data being collected and that’s a risk.”
The House Judiciary Committee took testimony on Brown’s bill early Wednesday morning but did not vote on it. Rep. Matt Lehman, R-Bremen, told the panel he wants to see more comprehensive workarounds for doctors who already are subject to HIPAA regulations. Casey Cliffel, Deputy Attorney General for Data Privacy, said the Attorney General’s office wants lawmakers to add language dealing with data from personal devices and to allow the Attorney General’s office to provide guidance for companies on how to comply with privacy regulations.
Brown said she has been working closely with Lehman and the Attorney General’s office on their concerns. She said she’s not sure her bill will be able to address all of the concerns lawmakers might have.
“My concern with government is we’re never going to be ahead of technology,” she said. “We have to make sure that we have guardrails in place that businesses protect their data but at the same time we’re not so restrictive that they can’t implement and advance.”