Senate hears testimony on national data breach legislation

The bill, known as the Data Security Breach and Notification Act, was first proposed by Senator Mark Pryor (D-Ak.) in August of this year. Among its provisions, the nationwide bill would require organizations that suffer a data breach to appropriately notify affected individuals, potentially trumping the current state-by-state patchwork of notification laws.

The Senate Subcommittee on Consumer Protection, Product Safety, and Insurance heard testimony from several witnesses yesterday regarding the proposed legislation, including Maneesha Mithal of the Federal Trade Commission (FTC) and Mark Bregman, CTO of Symantec.

Senator Jay Rockefeller (D-Wv.), a co-sponsor of the bill, opened the hearing by reminding attendees that security breaches have lead to identity theft and placed individuals in financial peril. “Our bill would help ensure that companies are keeping consumers’ personal information safe and quickly alerting individuals if their data has been compromised”, he told the committee.

The FTC, the nation’s consumer watchdog, has engaged in a policy push as of late regarding the importance of data security and privacy. So it was only natural that the subcommittee would invite an FTC representative to weigh in on the proposed bill.

Maneesha Mithal, associate director for privacy and identity protection at the FTC, confirmed that the agency supports the bill. In addition, she outlined three additional items the FTC would like to see included in the legislation:

  • The provision that requires companies to notify consumers in the event of a data breach should not be limited to electronic information
  • The proposed requirements should be extended to telephone companies
  • The bill should grant the FTC rulemaking authority to determine the circumstances under which providing free credit reports and monitoring may be required

“Data security is of critical importance to consumers”, Mithal told the subcommittee. “If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, and consumers could lose confidence in the marketplace.”

Speaking on behalf of the technology advocacy group TechAmerica, Symantec CTO Mark Bregman urged the subcommittee to quickly approve a national data breach law.

“In today’s connected world – where data is everywhere and the perimeter can be anywhere – protecting information assets from sophisticated hacking techniques is an extremely tough challenge” Bregman testified. “Driven by the rising tide of organized cyber-crime, targeted attacks are increasingly aimed at stealing information for the purpose of identity theft.”

Infosecurity notes that, with the November elections just around the corner, and the balance of power in the Senate in question, exactly what’s next for the proposed data breach bill is really anyone’s guess.

What’s Hot on Infosecurity Magazine?