Information covered under the Data Security and Breach Notification Act – introduced by Sens. Pat Toomey (R-Pa.), Roy Blunt (R-Mo.), Jim DeMint (R-S.C.), Dean Heller (R-Nev.), and Olympia Snowe (R-Maine) – includes social security numbers, driver’s license numbers, financial account numbers, credit or debt card numbers and related security codes.
Companies that suffer a breach would have to inform the affected individuals about when the information was accessed, what information was compromised, and how to contact the company for more details. Failure to follow the notification requirements could result in fines up to $500,000, according to a report by The Hill newspaper.
"Congress needs to provide businesses and consumers with certainty and establish a single reasonable standard for information security and breach notification practices. Our bill would eliminate the burden of complying with varying standards and laws, ensuring that all consumers and their personal information are afforded the same level of protection", Toomey said in a statement.
The Cybersecurity Act, backed by Senate Democrats, contains provisions establishing national data breach notification requirements, along with many other cybersecurity provisions related to critical infrastructure protection and Federal Information Security Managment Act (FISMA) implementation. That bill is currently stalled due to disagreements between Democratic and Republican senators, although Senate Majority Leader Harry Reid (D-Nev.) has vowed to move the bill to a floor vote soon.