The U.S. Senate Judiciary Committee passes two bills that establish federal guidelines for data breach notifications.
Two sweeping bills that would set new standards for
data
breach notifications made their way out of the Senate Judiciary Committee
Nov. 5.
The committee voted yes on the Personal Data Privacy and Security Act of
2009 (S.1490) and the Data Breach Notification Act (S.139). The vote means
the
bills are now headed to the full Senate for its stamp of approval.
The Personal Data Privacy and Security Act of 2009 establishes guidelines
for performing risk assessments and vulnerability testing and controlling and
logging
access
to sensitive information. There are also provisions tied to protecting data
in transit and at rest, and a set of rules for notifying law enforcement,
credit reporting agencies and individuals affected by a breach.
In addition, the bill creates the Office of Federal Identity Protection
inside the Federal Trade Commission.
The committee also gave the thumbs up to the Data Breach Notification Act,
which requires U.S.
agencies and corporations involved in interstate commerce to notify anyone
whose personal information either was or may have been accessed or acquired in
a breach.
"We commend the Judiciary Committee's recognition of the importance of
providing national standards for
better
security safeguards in order to prevent breaches from occurring and for notification
should a real risk of harm exist," Symantec CEO
Enrique Salem said in a statement. "According to the Privacy Rights
Clearinghouse, more than 330 million records containing sensitive personal
information have been involved in data security breaches since 2005. As such,
we believe that the United States
urgently
needs to pass a national data breach law."
Email
Print
