Groups Slam Data Breach Notification Bill

[lyger <lyger () attrition org>]

http://www.internetnews.com/security/article.php/3592416

A U.S. House panel effort to write a national data breach disclosure law 
is running into fierce opposition by consumer groups calling the 
legislation the "worst data security bill ever."

Passed out of the House Financial Services Committee on a 48-17 vote late 
Thursday afternoon, the Financial Data Protection Act of 2005 (H.R. 3997) 
allows data brokers and other companies to conduct an investigation of a 
breach and determine if notification to consumers is necessary.

The bill also allows companies that choose to protect their data with 
encryption to take that into consideration when determining if consumer 
notification is necessary in the aftermath of a breach.

"We think consumers should be notified in case of a breach and it 
shouldn't be left to the companies to decide," Susanna Montezemolo, a 
policy analyst with Consumers Union, told internetnews.com.

The legislation also pre-exempts any state laws mandating breach 
disclosures to consumers. According the Consumers Union, 11 states 
currently have stricter notification standards than H.R. 3997, including a 
California law that resulted in data broker ChoicePoint being forced into 
disclosing the breach of 145,000 consumer records.

[...]
_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/