The Green Sheet Online Edition
July 09, 2012 • Issue 12:07:01
Republican senators introduce national data security standard
A group of senators headed by Sen. Pat Toomey, R-Pa., introduced a bill June 22, 2012, to create a national standard for companies responsible for protecting and securing electronic data.
Currently, merchants and payments industry businesses that transmit, process, store or secure electronic third-party personal information must comply with separate standards in 46 states for protecting electronic data and reporting breaches.
Toomey's S. 3333, titled "A bill to require certain entities that collect and maintain personal information of individuals to secure such information and to provide notice to such individuals in the case of a breach of security involving such information, and for other purposes," has not yet been assigned to a committee.
One standard to ease compliance burden
"Congress needs to provide businesses and consumers with certainty and establish a single reasonable standard for information security and breach notification practices," Toomey said about the proposed legislation. "Our bill would eliminate the burden of complying with varying standards and laws, ensuring that all consumers and their personal information are afforded the same level of protection."
Co-sponsoring S. 3333 are Sen. Roy Blunt, R-Mo., Sen. Jim DeMint, R-S.C., Sen. Dean Heller, R-Nev., and Sen. Olympia Snowe, R-Maine. Sen. Snowe pointed out that, according to the Privacy Rights Clearinghouse, more than 540 million records have been reported breached since 2005, and research from the Ponemon Institute puts the average organizational cost of a breach at $5.5 million.
"While states have led the way in establishing policies to protect consumer data and notify them if such data is compromised, the existing patchwork of state laws and the inherent interstate commerce aspect of this issue warrants action by Congress," Snowe said. "Our legislation would implement a national data security breach standard to simplify compliance for businesses and notifications to consumers to reduce undue burden and confusion."
Holli Targan is a partner in the Michigan law firm Jaffe Raitt Heuer & Weiss; her practice specializes in card processing and payment systems law. Targan, a member of the Electronic Transactions Association's Government Relations Committee, said she supports the goal of national data breach notification regulation. Targan said state laws can differ greatly in how basic terms such as "personal information" and "breach" are defined and can have very different notification requirements, making compliance challenging for breach victims.
For additional news stories, please visit www.greensheet.com and click on "Read the Entire Story" in the center column below the latest news story excerpt. This will take you to the full text of that story, followed by all other news stories posted online.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.