Analysis: Data breach notification law unlikely this year

[lyger <lyger () attrition org>]

http://computerworld.com/securitytopics/security/story/0,10801,111197,00.html

News Story by Grant Gross

MAY 05, 2006 (IDG NEWS SERVICE) - In the wake of a series of data breaches 
in early 2005, the U.S. Congress seemed ready to move quickly on 
legislation that would require companies to notify customers when their 
personal information had been compromised.

Now, more than a year after data breaches at ChoicePoint Inc. and 
LexisNexis set off a national debate about identification theft and data 
security, time is running out for Congress to pass a law before it 
finishes business this year. Some proponents of a national breach 
notification law say it's unlikely that Congress will be able to pass a 
law by then.

Lawmakers have introduced more than 10 bills dealing with data breach 
notification since early 2005. The bills differ in several ways, including 
varying requirements about when a breached company should notify customers 
and whether consumers should be able to freeze their credit reports 
following a breach.

Beyond the confusion about the differences in the bills, five 
congressional committees have claimed jurisdiction over some of the data 
breach bills. "It's certainly a popular and pro-consumer issue to tackle," 
said David Sohn, a staff counsel at the Center for Democracy and 
Technology, a privacy and civil rights advocacy group. "It's difficult to 
see how Congress will reconcile all the bills."

[...]

_______________________________________________
Dataloss Mailing List (dataloss () attrition org)
http://attrition.org/errata/dataloss/