IDG News Service - Members of Congress introduced a flurry of new technology-related bills this week, including two bills that would require companies with data breaches to notify affected customers.
Vermont Sens. Patrick Leahy, a Democrat, and Bernie Sanders, an independent, introduced the Personal Data Privacy and Security Act. In addition to requiring data breach notification, the bill would also require data brokers to disclose what information they hold on individuals. The bill would allow individuals to correct information held by data brokers, and it would require companies that have databases with personal information on more than 10,000 U.S. residents to implement data privacy and security programs.
Reps. Bobby Rush, an Illinois Democrat, and Cliff Stearns, a Florida Republican, introduced the Data Accountability and Trust Act this week. Their bill, with 24 co-sponsors, authorizes the Federal Trade Commission (FTC) to draw up data privacy requirements for businesses, including requirements that they have vulnerability assessments and policies for disposing of obsolete data.
After a company reports a data breach, the FTC would conduct an audit of its security practices, and, like the Leahy-Sanders bill, the bill would require data brokers to disclose the information they hold on individuals and allow individuals to correct wrong information.
Organizations have lost 100 million personal records belonging to U.S. residents in data breaches since 2005, Leahy said in a speech on the Senate floor. Leahy, chairman of the Senate Judiciary Committee, singled out data breaches at the Department of Veterans Affairs last May and retailer The TJX Companies Inc. announced in January in his speech.
"These data security breaches are compelling examples of why we need strong federal data privacy and security laws to protect Americans’ personal data and to address the ills of lax data security," he said. "In the information age, any company that wants to be trusted by the public must earn that trust by vigilantly protecting the databases they use and maintain."
Members of Congress introduced about a dozen bills requiring data breach notification after a series of breaches in early 2005, but legislation stalled largely over committee jurisdictional wrangling. About 30 states have passed breach notification laws, most of them since 2005.
The Cyber Security Industry Alliance, a trade group of IT security vendors, in January called on Congress to pass a comprehensive data protection bill, including breach notification. But some groups, including conservative think tank the Progress and Freedom Foundation, have questioned the need for a breach notification law, saying the cost to businesses may far outweigh the benefits to consumers.
Other tech-related bills introduced this week:
Two spyware bills passed the House of Representatives by overwhelming majorities in March 2005, but the Senate didn't act on them.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
