Federal Data Breach Notification Bill Introduced
Aug 31, 2010
The Senate Commerce Subcommittee on Consumer Protection, Product Safety, and Insurance recently introduced the Data Security and Breach Notification Act of 2010, S. 3742. Mark Pryor (D-AR), the subcommittee's chairman, and John Rockefeller (D-WV), the full committee's chairman, announced the bill on August 5, 2010. The bill (.pdf ) advanced by the two senators is designed “to protect consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.” The bill protects “consumers by requiring reasonable security policies and procedures to protect data containing personal information, and to provide for nationwide notice in the event of a security breach.”
The bill would require that covered entities, which are essentially any organization in the U.S., take several comprehensive precautionary measures including:
- Creating a policy for securing personal information
- Appointing a person responsible for information security
- Identifying, assessing, preventing, and mitigating vulnerabilities
- Regular monitoring for breaches
- Developing a process for disposing of personal information, whether in electronic or paper form
According to a post on AlertBoot.com, "Not complying with the above means civil penalties, capped at $5 million, can be pursued by state Attorneys General. The actual fine would be calculated by multiplying the number of days that a covered entity is not in compliance with such section by an amount not greater than $11,000.”
A press release by Senator Tom Carper (D-Del.) said, "More than 46 states have enacted security breach notification laws. Many states have inconsistent and conflicting standards, forcing businesses to comply with multiple regulations, and leaving many consumers without proper recourse and protections. Carper said the bill "builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied. Regulators of entities who do not comply would have the authority to levy finds, require corrective measures or even bar individuals from working in their respective industries."
The Washington Policy Brief is an online advisory that contains brief summaries of recent legislative and regulatory issues that may affect the records and information management profession. Further information about the issue is accessed by clicking on the link provided at the end of each summary.
Want to sign up to receive an e-mail version of the Washington Policy Brief? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.