Senators Propose National Data Breach Solution Post AT&T Settlement

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.channelpartnersonline.com/news/2015/04/senators-propose-national-data-breach-solution-po.aspx

Sens. Tom Carper (D-Delaware) and Roy Blunt (R-Missouri) on Thursday
introduced legislation that would establish national standards for public
and private entities to govern prevention of and responses to the growing
number of data breaches plaguing the nation.

The Data Security Act would replace state laws and set national standards.
Similar bills have been introduced in the House and Senate.

"Nearly every day it seems we hear of another data breach that has
compromised consumers’ sensitive information," Carper said in a statement.
"For millions of Americans, these data breaches can cause worry and
confusion and, in some cases, significant financial harm. Yet despite the
increasing frequency and scope of data breaches, there still is no single
federal law that provides clear, consistent, and comprehensive protection
to American consumers impacted by a data breach."

Under the Data Security Act, an entity that determined sensitive
information was compromised would be required to notify the relevant
federal government agency, law enforcement, national consumer reporting
agencies if the breach affected more than 5,000 consumers, and all
consumers whose private information was compromised.

The bill was introduced a little more than a week after the Federal
Communications Commission announced a record $25 million settlement with
AT&T Services Inc. to resolve a probe into violations of consumer privacy
at call centers in Colombia, Mexico and the Philippines.The agency’s
Enforcement Bureau learned that employees at call centers used by AT&T
accessed customer records without authorization and obtained personal
information, then shared it with “unauthorized third parties who appear to
have been trafficking in stolen cell phones or secondary market phones that
they wanted to unlock," according to an FCC news release.

The FCC became aware of the breaches last year through a variety of
sources, including a report AT&T submitted to the California Attorney
General’s Office, an FCC official said in a call with reporters. The
official said 47 states have data breach laws.

Lawmakers on Capitol Hill favor a national solution to deal with the
growing number of data breaches. In a House Energy and Commerce Committee
markup Wednesday, the Democrats withdrew support for legislation from Reps.
Marsha Blackburn (R-Tennessee) and Peter Welch (D-Vermont), The Hill
reported. But Welch insisted the legislation remained alive, the newspaper
said.

“This is an important time for data security. 2014 was correctly dubbed
‘The Year of The Breach’ and Congress must take action," Blackburn said
last month in a statement. “The American people are watching."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!