14 DAY TRIAL // Senators Dianne Feinstein, John Rockefeller, Mark Pryor, and Bill Nelson have introduced a new bill that aims at providing a federal standard for data security and breach notifications.
Following the recent breaches suffered by retailers, US politicians are seeing a perfect opportunity to introduce such legislation.
If the Data Security and Breach Notification Act passes, the US Federal Trade Commission (FTC) will develop a set of security standards for organizations that store personal and financial information. In case their systems are breached, they will be forced to notify authorities and affected customers.
“Recent massive data breaches at Target and Neiman Marcus have put the personal information of tens of millions of Americans at risk. This is a real and growing problem,” explained Senator Feinstein.
“The legislation I introduce today with Chairman Rockefeller will ensure that Americans’ sensitive personal and financial information is stored securely, that Americans receive prompt notification when this information is compromised and that law enforcement is promptly notified in order to prosecute cybercrime,” the senator added.
“For more than a decade, I have worked to pass data breach legislation. The breaches are getting more frequent, and members of Congress—of both parties and across different congressional committees—must come together to pass this common-sense plan to protect the American consumer.”
The Data Security and Breach Notification Act has four key points. The FTC would establish security standards for databases to ensure that companies deploy reasonable security systems.
The bill would also establish notification requirements to allow individuals impacted by data breaches to take steps to protect themselves in a timely manner.
Breached organizations would report incidents to a central entity (established by the DHS), which notifies other government and law enforcement agencies. Companies that try to conceal data breaches would face civil and criminal penalties.
Finally, the legislation aims at increasing the use of technology in an effort to combat cybercriminals. More precisely, a set of incentives would be established to encourage businesses to adopt technology that would make data unreadable or unusable in case of a breach.