Congresswoman: Require Feds to Disclose Security Breaches on

Admin ‘has thrown Americans’ data security out the window’

Rep. Diane Black (R., Tenn.) / AP
December 16, 2013

A bill in the House of Representatives would require the federal government to tell Americans if their personal information has been stolen while using

Rep. Diane Black (R., Tenn.) introduced the "Federal Exchange Data Breach Notification Act of 2013" on Thursday to address privacy concerns regarding the Obamacare insurance website, which has been live for months despite its lack of fundamental security safeguards.

The two-page bill (H.R. 3731) would "simply require the federal government to notify individuals if their personal information has been compromised on the federal Obamacare exchange."

"Whether through Navigators with no background checks, or inadequate security testing on their website, the Obama administration has thrown Americans’ data security out the window when it comes to Obamacare," Black said in a statement.

Black cited a report from, which explained that no law currently requires notification when the security of online government databases is breached.

Many state-run exchanges are required to disclose security incidents. For instance, the Minnesota health exchange was compromised even before it launched, resulting in the leak of 2,400 insurance brokers’ Social Security numbers.

Should Black’s bill be signed into law, failure to disclose a security breach on the federal health exchange would be classified as an "unfair or deceptive act" under the Federal Trade Commission Act, which can carry a civil penalty of up to $16,000 per violation. The bill was referred to the House Committee on Energy and Commerce.

Cyber security experts have warned Americans to stay away from the Obamacare website, saying no security has been built into its over 500 million lines of code, leaving Americans’ personal information at risk.

Last week, the House science committee sent a letter to the White House asking the administration what, if any, steps have been taken to address the security flaws within

Black said her bill would at least allow Americans to know if their data has been hacked while using

"IT experts have repeatedly raised red flags about the security of the information people are putting into the exchanges, and it is only fair that the administration gives people proper notice if this information has been compromised," she said. "Americans deserve this basic notice so that they can protect themselves from cyber attacks and identity theft."