Is it time for a national data breach notification law?

Federal lawmakers are again considering legislation that would create nationwide rules for notifying potential victims of identify theft when organizations improperly expose their sensitive information.

The Senate Judiciary Committee approved two bills this month that would impose data breach notification requirements on businesses, and a bill with notification requirements is making its way through the House.

It’s not the first time lawmakers have pushed for such federal requirements. However, previous efforts stalled in the legislative process. In the absence of federal requirements, most states have promulgated their own laws, creating a complicated legal patchwork.

Gail Hillebrand, senior attorney at the West Coast Office of Consumers Union, a nonprofit organization that publishes Consumer Reports, said some states have requirements that are more stringent than the ones that Congress is proposing. Hillebrand said consumers are already receiving proper notifications from businesses and that companies tend to follow the requirements of the state with the highest standards when there is a breach that affects people nationwide.

She said it was a positive sign that the bill proposed by Sen. Patrick Leahy (D-Vt.) dealt with data brokers, or businesses that get paid for collecting, transmitting or providing sensitive personal data.

Hillebrand said her group supports both bills that recently made it through the Senate Judiciary Committee and supports the notice of breach approach in the House bill. However, for the House measure, the group has concerns about the scope of the pre-emption of state laws that address data safeguards.

Meanwhile, Enrique Salem, CEO of Symantec, said in an e-mail that the Leahy bill was “a major step forward towards enacting a comprehensive, uniform national framework to better prevent breaches of sensitive consumer information as well as setting a clear standard for effective notification should a breach occur.” Salem said Symantec believes the United States urgently needs to pass a national data breach law.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.