Federal Data-Protection Law « Mrs. Mecomber's Scrapbook

On the surface, this sounds like good news. Basically, it’s a bill that would create a national standard for protection of data, and would require notification of breaches of sensitive data. Data breaches, data sharing, and data theft has become FAR too common, and businesses and the government have treated it very lightly. So, I’m hoping this new bill would help resolve it– of course, I’m also hoping the government hasn’t added a ton of pork or liberty-killing bills dog-eared with this bill. :-p

Federal data-protection law inches forward
The Personal Data Privacy and Security Act was approved by the Senate Judiciary Committee

A sweeping new bill that would implement a national standard for data protection and breach notification got a boost of support today from the Senate Judiciary Committee.

The committee approved the Personal Data Privacy and Security Act of 2009 (S.1490) by a vote of 15-5. The bill is now headed to the full Senate for consideration.

If it becomes law, the bill, which was introduced by Sen. Patrick Leahy (D-Vt.), would require companies and government agencies to follow specific rules for protecting sensitive and personally identifiable data.

Under the proposed law, all private and government entities handling sensitive data would be required to implement specific risk assessment and vulnerability testing measures. They also would be required to deploy measures for controlling access to sensitive data, detecting and logging unauthorized accesses to the data, and protecting data while it is in transit and at rest.

The bill would introduce a federal breach-notification standard under which companies would be required to notify not just individuals affected by a data breach, but also, in some cases, credit reporting agencies and the U.S. Secret Service. It would establish a new Office of Federal Identity Protection within the Federal Trade Commission and stiffen penalties for identity theft and related fraud.

The law would also provide notification exemptions for companies that have taken adequate measures — such as encryption — to protect sensitive data. Companies would also not be required to immediately disclose a breach if it would hinder a criminal investigation. But such exemptions would need to be vetted by the Secret Service. The law provides for penalties against executives of companies that willfully conceal a data breach.

Here’s hoping we see some change….

This entry was posted on November 24, 2009, 1:36 pm and is filed under crime, security news. You can follow any responses to this entry through RSS 2.0. Both comments and pings are currently closed.

Mrs. Mecomber's Scrapbook

Talking technology, computers, and the Internet… for the average computer user

Federal Data-Protection Law

Comments are closed.

Industrial Strength Search Engine

Archives

Recent Comments

Buttons

Excellent Web Hosting