Businesses and government agencies would have to notify consumers under certain circumstances of data breaches under legislation introduced by U.S. Sen. Dianne Feinstein (D-Calif).
Security before and after a data breach::
significant privacy laws to have been enacted in years, Senate Bill 1386 Back to Top. Copyright American Bar Association. http://www.abanet.org
http://www.abanet.org/buslaw/blt/2006-11-12/raether.shtmlHOME |
Law breaches content at silicon.com::
High-profile data breaches and new laws have put encryption back in the limelight. law, data breach, legislation. Lords take fresh look at data
http://www.silicon.com/tags/Law+breaches.htmHOME |
On the face of it, the Notification of Risk to Personal Data Act would require data breach notifications to individuals without an "unreasonable delay," but exemptions in the legislation are broad.
Businesses, for instance, would be allowed to make a "risk assessment" of a data breach and only notify consumers if there is "significant" risk of harm. In addition, financial institutions are not required to notify consumers of a breach if the breach does not result in a financial loss, even if the data breached includes a PIN number of other personally identifiable information.
New York Enacts Data Breach Bill -- Data Breach Legislation ::
the bills sponsor, in a statement when the law passed from the Senate to Pataki. Back Issues. White Papers. Briefing Centers. Site Map. Technology
http://www.informationweek.com/news/management/showArticle.jhtml?articleID=168601734HOME |
Law enforcement agencies would be not required to notify consumers of a breach if the agency decides the notification would jeopardize an investigation or national security.
Feinstein Testifies on Recent Data Breaches and Her Identity Theft ::
Today in the Senate. Washington D.C. Tours & Information. Flag Requests. Academy Nominations The California law only includes unencrypted, electronic data.
http://www.feinstein.senate.gov/05releases/r-notification-hrg413.htmHOME |
In addition, the bill pre-empts state data breach notification laws, many of which contain tougher language than Feinstein's bill.
"Should there even be a risk assessment? Should the business get to decide who is at risk?" Gail Hillebrand, a senior attorney at the Consumers Union told internetnews.com. "Particularly with bank accounts, debit cards and credit cards, I want to know if there is a breach. They don't even have to tell you about it."
The bill is a revival of legislation Feinstein introduced in the 109th Congress. It passed the Senate Judiciary Committee as part of larger package of data breach bills, but the legislation never made it to a full vote of the Senate.
"It's critical that victims of a security breach are informed promptly when their personal or financial information has been compromised," Feinstein said in a statement. "Individuals cannot take the appropriate steps to protect themselves if they are not armed with detailed information about the breach. Without that knowledge, individuals are left defenseless to identity thieves."
Since the now infamous ChoicePoint data breach two years ago, lawmakers have introduced bills to notify consumers of a breach, but no national laws have been enacted.
In the interim, the Privacy Rights Clearinghouse has documented data security breaches involving more than 100 million records. It's a lengthy list, including Bank of America, LexisNexis, DSW, MCI, Ameritrade, Time Warner, Boeing, Ford Motor Company, Verizon, MasterCard, Wells Fargo, the American Red Cross, as well as colleges and government agencies.
Businesses have objected to blanket notification laws including alienating consumers by sending out numerous notifications, particularly if the risk of ID theft is low. "I've never had one of our members object to getting too many notices," Hillebrand said.
 Data Breach Lawsuits Pile up on T.J Maxx
 Hackers Target Commerce Dept. Computers
|
PRINT
Add to favorites