New Information Security Legislation Introduced in Washington
If your insurance company’s database was breached, exposing the medical and personal records of thousands of patients, would you hear about it? What if your child’s college professor lost a thumb drive with student information, including Social Security numbers – would you be notified? And if you are told, do you know what happens next to make sure your identity remains safe and secure?
Right now, 46 states have data breach notification laws, but each state follows a different model for notifying victims and has different penalties for organizations if they don’t follow the rules. In addition, there are few standard laws and regulations on how to securely store private consumer information .
In response to the growing concern of identity theft , Congress introduced several pieces of bipartisan legislation this summer aimed at providing better protection and privacy of consumer data.
The “Data Security Act of 2010”, introduced by Senators Tom Carper (D-Del) and Bob Bennett (R-Utah), would create a national standard for breach notification and data security requirements. The “Data Security and Breach Notification Act of 2010”, introduced by Senators Mark Pryor (D-Ark) and Jay Rockefeller (D-West Va), focuses on how sensitive consumer information is stored and handled, as well as provide national notification for breaches.
This bill also requires the breached organization to provide some restitution for the victims, including credit monitoring and other services that will enable consumers to keep track of their personal information and how it is used.
Another bill, called the Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards (“Best Practices”) Act, introduced by Rep. Bobby Rush (D-Ill), aims to foster transparency in the way businesses use and disclose personal information of customers.
Consumer groups are applauding the bills. In a letter to Senators Pryor and Rockerfeller, the Consumer Union wrote: “This legislation represents a significant step forward in the effort to ensure that consumers’ privacy is protected.”