Steps Closer to a Data Breach Notification Bill

Bills that would require organizations to notify consumers if their personal information has been compromised have been in the Senate for some time now, and the Senate Judiciary Committee approved two of them on Thursday. Getting out of the Senate is a critical step toward the creation of a national data-breach notification bill, which is the ultimate goal.

A variety of consumer advocacy groups, technology vendors, and privacy groups have long been calling for Congress to pass a comprehensive federal data-breach notification bill. Several of these have been introduced in both the House and the Senate in recent years, but none of them have made it to the president’s desk as of yet.

Each of bills from Thursday would mandate that organizations that store consumers’ sensitive data must notify consumers if that data is breached. Senate bill 139 would require “Federal agencies, and persons engaged in interstate commerce, in possession of data containing sensitive personally identifiable information, to disclose any breach of such information.” The language of the bill is very similar to that in the existing state notification bills, including the landmark California Senate bill 1386.

The Data Breach Notification Act, S. 139, was introduced by Dianne Feinstein of California. It’s most important detail is that federal agencies and other organizations subject to the bill would not have to disclose a breach if the data involved in the breach was encrypted. This clause has caused controversy, as some experts say that simply encrypting data does not render it useless. Courtesy of threatpost.com