BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Rockefeller, Pryor introduce federal data security law

From: Jake Kouns <jkouns () opensecurityfoundation org>
Date: Sat, 7 Aug 2010 10:32:08 -0400
http://www.scmagazineus.com/rockefeller-pryor-introduce-federal-data-security-law/article/176495/

Two senators on Thursday introduced a national data breach
notification bill that also would force businesses to create measures
to protect sensitive information under their control, according to a
news report.

The legislation, introduced Thursday by Sens. Mark Pryor, D-Ark., and
John Rockefeller, D-W.Va., would require organizations to alert
victims of a breach within 60 days and provide them with two years of
credit monitoring services, according to the National Journal's Tech
Daily Dose blog.

In addition, businesses and nonprofits would have to implement
policies and procedures to protect their data, the blog post said.

Representatives for Pryor and Rockefeller did not immediately respond
to requests for comment by SCMagazineUS.com.

Last month, Sens. Tom Carper, D-Del., and Bob Bennett, R-Utah,
reintroduced a similar bill

"The Data Security Act of 2010 would require entities such as
financial establishments, retailers, and federal agencies to safeguard
sensitive information, investigate security breaches, and notify
consumers when there is a substantial risk of identity theft or
account fraud," said a news release. "These new requirements would
apply to retailers who take credit card information, data brokers who
compile private information and government agencies that possess
nonpublic personal information."

A national data breach notification law has been in the works for a
number of years. Several versions have made the rounds, but nothing
ever has cleared both chambers.

This mainly has been due to other Congressional priorities and, more
specific to the bills, disagreement over what constitutes a suitable
threshold to report a breach. The lack of a federal measure has given
way to a hodgepodge of state laws, 46 to be exact.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php
Previous By Date Next
Previous By Thread Next

Current thread: