IDG News Service - A U.S. House of Representatives committee has unanimously approved a bill that would create regulations for so-called data brokers, including a requirement that U.S. companies that traffic in personal data notify victims of breaches.
The House Energy and Commerce Committee's 41-0 approval of the Data Accountability and Trust Act comes a year after the beginning of a rash of data breaches at dozens of U.S. companies, starting with data brokers ChoicePoint Inc. and LexisNexis Group. The bill, which now goes to the full House for a vote, would require any company that "experiences reasonable risk of identity theft" to notify potential victims as well as the Federal Trade Commission (FTC).
"This is legislation that consumers deserve if we are to help them and our economy defeat the growing menace of identity theft," Rep. Cliff Stearns (R-Fla.), a primary sponsor of the bill, said in a statement.
Companies that encrypt data would be exempt from data breach notification rules under the bill, as some tech trade groups have requested. Backers of an encryption exemption say it would encourage more companies to use encryption.
Since the outbreak of breaches in early 2005, more than 20 states have passed notification laws. Data brokers such as ChoicePoint have called for a national law to standardize notification.
The House bill would require data brokers to develop security policies that explain the "collection, use, sale, other dissemination and security" of the data they hold. It would also direct the FTC to create standards for the handling of personal data, and it would allow the FTC to audit a data broker's security practices following a breach of security.
The bill would also allow consumers to annually access the records data brokers hold about them and give them the right to demand inaccurate information be corrected or labeled as disputed.
The bill "sends a clear message: 'If you can't protect it, don't collect it,'" said Rep. John Dingell from Michigan, the committee's ranking Democrat.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
