In a letter to the editor, Rep. Joe Barton (R-Texas) responded to a recent New York Times editorial urging Congress pass a strong federal privacy law that would not preempt state laws. When federal and state laws conflict, “preemption” allows federal laws to trump state laws. Consumer advocates continue to urge (pdf) that any federal laws set a floor for regulation (which allows states to create stronger laws) not a ceiling (which bars states from creating more protective laws).
Barton knows a lot about privacy. He’s co-chairman and co-founder of the Congressional Privacy Caucus. Also, last year, he fell victim to a security breach that put his medical data at risk. An unencrypted National Institutes of Health laptop containing data on 3,000 individuals was stolen from a car in February 2009. Barton and the other individuals affected were not told of the security breach until late March 2009. “Barton was enrolled in a cardiac study, and the password-protected records on the computer contained patient names, diagnoses of heart disease, MRI heart scans and birth dates,” reported the Associated Press.
Initially, NIH said that Social Security numbers were not on the laptop, however, the Washington Post reported, “But an ongoing review of the computer’s last-known contents, performed on data backed up from the laptop before it was stolen, has found a file that, unbeknownst to the lead researcher, had been loaded onto the laptop by a research associate. That file included Social Security numbers for at least 1,281 of the 3,078 patients enrolled in the multi-year study.” At the time, Barton said, “In the wrong hands, Social Security numbers let people unlock our lives and steal both our money and our reputations . . . and the government largely has failed to do much about it.”
Last year, Barton told AP “that this incident will make him more aggressive in pushing legislation to increase privacy protections.” He said, “Maybe it’s a sign from heaven that the time for this type of legislation has arrived.”
As Barton noted in his recent letter to the editor, Congress still hasn’t passed more privacy-protective legislation, but not for lack of trying by him and other legislators. He wrote, “At the very least, federal legislation to establish national data security standards is right for the times. A bill written by Representative Bobby Rush, an Illinois Democrat, and me is ready for a vote of the full House. Our only opponent seems to be inertia.”