National US data security breach notification law on the horizon?

Californian Representative Mary Bono Mack has jumpstarted the latest quest for a national data security breach notification law and is currently working on its draft.

Spurred to action by the things she heard during the Sony and Epsilon breach hearings she held last month, she decided that consumers need protection. And since breaches into company systems have lately become an everyday occurrence, it’s none too soon.

California was the first American state that enacted a data security breach notification law in 2002, and after that plenty of other states followed its lead. But, there is still no federal law that would require companies to disclose a data breach to customers.

According to the National Journal, Mack’s draft is geared towards protecting consumers by requiring companies to institute reasonable security policies and procedures for protecting personal consumer information and to issue a nationwide notice if they suffer a breach.

Should this bill pass, companies will also be required to notify the government within 48 hours of discovering a breach and to safely dispose of old or unnecessary data.

The draft will, naturally, undergo some changes during the discussions about it, so it remains to be seen if the final draft will contain all the provisions it has now. “But it’s safe to say that we are going to have an aggressive timetable in place for moving the bill through subcommittee and full committee,” said Mack’s spokesman.

1