Categories: RegulationSecurity

US to Get Data Breach Notification Laws

Two bills that address the handling of data breaches have been approved by a The US Senate Committee – and the country also got a new official body for identity protection.

Two sweeping billsthat will set new standards for data breach notifications, the Personal Data Privacy and Security Act of 2009 (S.1490) and the Data Breach Notification Act (S.139), were passed by the Senate Judiciary Committee Nov. 5. The bills are now headed to the full Senate for its stamp of approval.

The Personal Data Privacy and Security Act of 2009 establishes guidelines for performing risk assessments and vulnerability testing and controlling and logging access to sensitive information. There are also provisions tied to protecting data in transit and at rest, and a set of rules for notifying law enforcement, credit reporting agencies and individuals affected by a breach.

In addition, the bill creates the Office of Federal Identity Protection inside the Federal Trade Commission.

The committee also gave the thumbs up to the Data Breach Notification Act, which requires US agencies and corporations involved in interstate commerce to notify anyone whose personal information either was or may have been accessed or acquired in a breach.

“We commend the Judiciary Committee’s recognition of the importance of providing national standards for better security safeguards in order to prevent breaches from occurring and for notification should a real risk of harm exist,” Symantec CEO Enrique Salem said in a statement. “According to the Privacy Rights Clearinghouse, more than 330 million records containing sensitive personal information have been involved in data security breaches since 2005. As such, we believe that the United States urgently needs to pass a national data breach law.”

In the UK last week, the Government’s Rural Payments Agency lost backup tapes containing the banking data ofa all the farmers in England. In the UK, data breach notification is not a legal requirement, but is considered best practice and was done, for instance, last month when hackers stole a million CVs from Guardian Jobs.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

11 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

12 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

14 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

1 day ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

1 day ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

1 day ago