Is it time for a national data breach notification law?
Lawmakers are again considering legislation that would create federal requirements for notifying people when their personal data is compromised.
Federal lawmakers are again considering legislation that would create nationwide rules for notifying potential victims of identify theft when organizations improperly expose their sensitive information.
The Senate Judiciary Committee approved two bills this month that would impose data breach notification requirements on businesses, and a bill with notification requirements is making its way through the House.
It’s not the first time lawmakers have pushed for such federal requirements. However, previous efforts stalled in the legislative process. In the absence of federal requirements, most states have promulgated their own laws, creating a complicated legal patchwork.
Gail Hillebrand, senior attorney at the West Coast Office of
She said it was a positive sign that the bill proposed by Sen. Patrick Leahy (D-Vt.) dealt with data brokers, or businesses that get paid for collecting, transmitting or providing sensitive personal data.
Hillebrand said her group supports both bills that recently made it through the Senate Judiciary Committee and supports the notice of breach approach in the House bill. However, for the House measure, the group has concerns about the scope of the pre-emption of state laws that address data safeguards.
Meanwhile, Enrique Salem, CEO of Symantec, said in an e-mail that the Leahy bill was “a major step forward towards enacting a comprehensive, uniform national framework to better prevent breaches of sensitive consumer information as well as setting a clear standard for effective notification should a breach occur.” Salem said Symantec believes the United States urgently needs to pass a national data breach law.
NEXT STORY: Is a legislative fix in FISMA's future?