Is it time for a national data breach notification law?

Federal lawmakers are again considering legislation that would create nationwide rules for notifying potential victims of identify theft when organizations improperly expose their sensitive information.

The Senate Judiciary Committee approved two bills this month that would impose data breach notification requirements on businesses, and a bill with notification requirements is making its way through the House.

It’s not the first time lawmakers have pushed for such federal requirements. However, previous efforts stalled in the legislative process. In the absence of federal requirements, most states have promulgated their own laws, creating a complicated legal patchwork.

Gail Hillebrand, senior attorney at the West Coast Office of Consumers Union, a nonprofit organization that publishes Consumer Reports, said some states have requirements that are more stringent than the ones that Congress is proposing. Hillebrand said consumers are already receiving proper notifications from businesses and that companies tend to follow the requirements of the state with the highest standards when there is a breach that affects people nationwide.

She said it was a positive sign that the bill proposed by Sen. Patrick Leahy (D-Vt.) dealt with data brokers, or businesses that get paid for collecting, transmitting or providing sensitive personal data.

Hillebrand said her group supports both bills that recently made it through the Senate Judiciary Committee and supports the notice of breach approach in the House bill. However, for the House measure, the group has concerns about the scope of the pre-emption of state laws that address data safeguards.

Meanwhile, Enrique Salem, CEO of Symantec, said in an e-mail that the Leahy bill was “a major step forward towards enacting a comprehensive, uniform national framework to better prevent breaches of sensitive consumer information as well as setting a clear standard for effective notification should a breach occur.” Salem said Symantec believes the United States urgently needs to pass a national data breach law.

About the Author

Ben Bain is a reporter for Federal Computer Week.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.