Data Breach Act in Congress

[Jake Kouns <jkouns () opensecurityfoundation org>]

http://theft-protection.net/identity-theft/data-breach-act-in-congress

Consumers may soon have a stronger voice when it comes to data
breaches. The Senate Judiciary Committee recently approved two bills:
the Data Breach Notification Act and the Personal Data Privacy and
Security Act, which, if they become law, will require businesses whose
data has been compromised to inform all affected consumers of the
breach – and in a timely fashion.

Currently, the majority of states have their own data breach laws in
effect, but it can be difficult to enforce conflicting standards,
especially when a data breach impacts residents of several different
states. Also, there is no specific nationwide standard as to what type
of breach event warrants consumer notification. For example, do you
have to notify a person if his or her address is leaked, or only if it
is something more serious, like a Social Security number?

As it stands right now, many companies do not report data breaches
that occur, especially if they are smaller ones, such as an employee
stealing a 20 patient list from a doctor’s office. This may not seem
like a big deal – unless you happen to be one of those 20 patients.

If the Data Breach Notification Act makes it through Congress, the
government will have to draft rules regarding privacy when it uses
personal information it garners from outside sources. Also, large
corporations will have to report significant data breaches to the
Secret Service. Finally, any organization that uses personal data
would have to report a breach to both the affected persons and law
enforcement.

Many people do not know that data brokers, which are companies whose
major role is to collect personal information, actually possess their
information. If the Personal Data Privacy and Security Act passes,
consumers will not only have access to this data; they will be able to
make changes to it to correct any errors. People who steal this data
will face increased criminal penalties, which will hopefully help to
discourage potential identity thieves.

There is no guarantee that either of these laws will make it to the
President’s desk, although it is hoped that they do. Even if both
pass, this doesn’t mean identity thieves will cease to operate. If
anything, they simply highlight the seriousness of the crime, which is
not even beginning to wane. According to Javelin Research, one in 10
Americans has already been victimized.

It is still just as important to protect yourself from identity
thieves and not rely on the government to do it for you. One easy way
is to purchase the best identity theft protection service from a
highly rated source. While there is no 100% foolproof way to prevent
yourself from becoming a victim, a plan can certainly lower your odds.
Since this issue is serious, as evidenced by current political
activity, and it’s not going away anytime soon, the time to set
yourself up with a plan is now – before this crime happens to you or a
loved one.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php