Legislation to Require Mandatory Breach Reporting

Tuesday, June 14, 2011



Congresswoman Mary Bono Mack, Chairman of the House Subcommittee on Commerce, Manufacturing and Trade, released a discussion draft of the Secure and Fortify Data Act (SAFE Data Act), which proposes the establishment of uniform national standards for data security and data breach notification.

“With nearly 1.5 billion credit cards now in use in the United States – and more and more Americans banking and shopping online – sophisticated hackers and cyber thieves have a treasure chest of opportunities to ‘get rich quick’. The SAFE Data Act will provide American consumers with better safeguards in the future,” Bono Mack said.

Congresswoman Bono Mack seeks to build on prior legislation passed by the House in 2009 citing “a threat to the future of electronic commerce." 

Bono Mack's updated legislation takes into account recent data loss events such as the well-publicized breaches at Sony, Epsilon and Citigroup, which put millions of consumer accounts at risk.

“You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit ‘enter.’ E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security. Most importantly, consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them," Bono Macksaid.

Bono Mack says the increased frequency and scope of consumer data breaches is “causing incalculable damage to consumer confidence when it comes to shopping and banking online.”

The SAFE Data Act would require organizations to notify to the FTC and consumers within 48 hours and provide information on the scope of the incident. The FTC would be given power to levy civil penalties if companies or entities fail to respond in a timely and responsible manner.

The SAFE Data Act would also give the FTC the authority to expand the definition of “personally identifiable information” (PII) if the data poses a reasonable risk of consumer identity theft.

“These eye-popping data breaches only reinforce my long held belief that much more needs to be done to protect sensitive consumer information.  Americans need additional safeguards to prevent identity theft, and the SAFE Data Act will help to accomplish this goal,"
Bono Mack said.

Source:  http://bono.house.gov/News/DocumentSingle.aspx?DocumentID=246029

Possibly Related Articles:
breaches Privacy FTC legislation Congress Personally Identifiable Information Mandatory Reporting Consumers SAFE Data Act
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.