Data Breaches: Industry Calls for Single, Federal Breach Notification Standard

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/data-breaches-industry-calls-for-single-54248/

Yesterday, a coalition of 44 service and retail industry trade associations
sent a letter to congressional leadership, urging the House and Senate to
adopt a single data breach notification standard at the federal level.  The
letter, addressed to the Majority and Minority Leaders of each chamber,
states that “a single, federal law applying to all breached entities would
ensure clear, concise and consistent notices to all affected consumers
regardless of where they live or where the breach occurs.”

The coalition letter states that any legislation to address data security
and data breaches should cover all types of entities that handle sensitive
data, and should not provide exemptions for certain business sectors.  The
letter cites several recent examples of breaches across different sectors,
including the JP Morgan and Apple iCloud breaches, as well as one involving
a Department of Homeland Security contractor.

Further, in an attempt to recognize companies who suffer data breaches as
victims, the letter references several times the theft of financial payment
information, noting that “the failure of the payment cards themselves to be
secured by anything more sophisticated than an easily-forged signature
makes the card numbers particularly attractive to criminals and the cards
themselves vulnerable to fraudulent misuse.  Better security at the source
of the problem is needed.”  President Obama recently announced a new
initiative aimed at making financial transactions more secure through “chip
and pin” technology.

While the letter does call for national regulation of data breach
notification, it does include the caveat that “Congress should act to
standardize reasonable, timely notification of sensitive data breaches.”
 Nonetheless, many sectors would now welcome a federal breach notification
standard as a less costly alternative to complying with the patchwork of
different state laws currently in place.

Congress is unlikely to act on data security and breach notification during
the lame duck session; however, given House Republicans’ interest in this
issue in past months; we could see a resurgence of data security
legislation in the Republican-controlled 114th Congress.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!