Calls Grow for Data Breach Notification Law
U.S. lawmakers and consumer proponents are pushing for national data breach notification standards that supersede a patchwork of state statutes and guidelines “that are not effective enough in today’s national economy,” says Sen. Thomas R. Carper (D-Del.). State laws often provide differing rules on when companies should alert consumers of hacks that compromise their personal information, and how much they disclose. A handful of states stipulate that merchants must report a breach within 45 days of its occurrence, while many states excuse companies from disclosure if their data is encrypted and the leak did not include the encryption key. Sens. Carper and Roy Blunt (R-Mo.) are co-sponsoring legislation to set up a comprehensive national framework that would require firms to safeguard their data, evaluate what damage a breach may do, notify the proper federal agencies of breaches, and, when appropriate, inform consumers of all breaches that affect more than 5,000 customers. The retail industry says it supports a national standard since it would simplify procedures in the event of a breach, while Consumers Union policy counsel Delara Derahkshani says a strong federal breach law would apply much needed protection to consumers, especially in states that have no such ordinances.
From “When Should Shoppers Hear About Hacks? It’s Complicated.”
Washington Post (02/18/14) Tsukayama, Hayley