Senate wades into effort to prevent data breaches
Protecting personal information is all the rage on Capitol Hill these days, with two new data-breach bills introduced on Thursday in the Senate.
Sens. Thomas Carper, D-Del., and Roy Blunt, R-Mo., introduced legislation designed to prevent identity theft and account fraud.
The bill, tentatively named the Data Security Act of 2011, would require financial companies, retailers, and federal agencies to guard private information, investigate possible breaches, and notify consumers if there is a chance their information was compromised.
"At the very least, identity fraud can cause worry and confusion, and at the very most it can cause serious financial harm," Carper said in a statement. "We need to replace the current patchwork of state and federal regulations for identity theft with a national law that provides uniform protections across the country."
Organizations that discover data breaches would be required to investigate the incident. If it affects more than 5,000 and the breach could cause "individual harm or bank fraud," the organization is mandated to inform federal regulators, law-enforcement officials, and consumer-reporting agencies.
Sen. Dianne Feinstein, D-Calif., also introduced legislation on Thursday that would require organizations to notify consumers when their personally identifiable information is compromised.
"It is past time for Congress to pass a national breach notification standard to ensure that consumers are notified when their information is exposed so they can take the necessary steps to protect themselves," Feinstein said in a statement.
Besides protecting consumers, Feinstein argued that her Data Breach Notification Act of 2011 would give law enforcement more information to stop future attacks, as well as cut costs for businesses by providing clear guidance.
Recent attacks at Sony, Citibank, and Epsilon, among others, have exposed hundreds of thousands of personal accounts to hackers. Last week, the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade approved a bill that would set national standards for protecting and responding to computer breaches involving the loss of personal data.