Data security bill loosens notification requirements.Insurers and other businesses would be subject to less burdensome data-security notification requirements under the terms of a bill filed by Sen. Dianne Feinstein Dianne Goldman Berman Feinstein (born June 22, 1933) is the senior U.S. Senator from California, having held office as a senator since 1992. She is a member of the Democratic Party. , D-Calif. The Notification of Risk to Personal Data Act, S. 239, would be a boon to businesses that have complained that state laws requiring blanket notifications of data-security breaches are costly and onerous. Feinstein's bill would require businesses and government agencies alike to tell people without "unreasonable delay" if their data has been compromised, but exemptions are broad, and the bill preempts state notification laws, most of which are stronger than Feinstein's measure. The bill requires "any agency, or business entity engaged in interstate commerce interstate commerce In the U.S., any commercial transaction or traffic that crosses state boundaries or that involves more than one state. Government regulation of interstate commerce is founded on the commerce clause of the Constitution (Article I, section 8), which , that uses, accesses, transmits, stores, disposes of or collects sensitive personally identifiable information In information security and privacy, personally identifiable information or personally identifying information (PII) is any piece of information which can potentially be used to uniquely identify, contact, or locate a single person. " to notify anyone in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. if their private information has been accessed, or even if it is "reasonably believed to have been" compromised. Yet businesses need not make the disclosure if a "risk assessment" concludes that there is no "significant" risk that the breach has caused any harm, according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the bill. A company would then have to tell the U.S. Secret Service within 45 days of the discovery of the breach that it has decided to invoke the "risk assessment" exemption, and provide the results of that assessment. The Secret Service would be tasked with oversight; the agency could, within 10 days, tell the company that notice of the security breach should be given. At the same time, law enforcement agencies A law enforcement agency (LEA) is a term used to describe any agency which enforces the law. This may be a local or state police, federal agencies such as the Federal Bureau of Investigation (FBI) or the Drug Enforcement Administration (DEA). , which are also subject to the legislation, would not be required to tell people of a breach if the agency decides that notification would hinder an investigation or jeopardize national security. The business or government agency involved in a data breach would also have to notify major media outlets if the number of people affected is more than 5,000. Feinstein introduced similar legislation in November 2005. That bill passed the Senate Judiciary Committee The U.S. Senate established the Committee on the Judiciary on December 10, 1816, as one of the original 11 standing committees. It is also one of the most powerful committees in Congress; among its wide range of jurisdictions is investigation of federal judicial nominees and oversight of but failed to make it to a vote before the full Senate. "Since then, the problem of identity theft has worsened," Feinstein said from the Senate floor. "There have been numerous large-scale data security breaches involving companies, federal agencies, and universities. We cannot afford to keep waiting to act." According to the Privacy Rights Clearinghouse Privacy Rights Clearinghouse (PRC) is a project of the Utility Consumers' Action Network (UCAN), an American 501(c)(3) non-profit consumer advocacy organization. The Privacy Rights Clearinghouse is devoted to upholding the right to privacy and protecting consumers against identity , there have been data-security breaches involving more than 100 million personal records, involving many of the country's corporate giants, such as Bank of America
Bank of America (NYSE: BAC TYO: 8648 ) is the largest commercial bank in the United States in terms of deposits, and the largest company of its kind in the world. , Boeing, Ford Motor Co., Veriton, and Wells Fargo Wells Fargo armored carriers of bullion. [Am. Hist.: Brewer Dictionary, 1147] See : Protectiveness Wells Fargo company that handled express service to western states; often robbed. [Am. Hist. , among others. A widely publicized security breach at data aggregator ChoicePoint Inc. in February 2005 spurred lawmakers in statehouses across the country to try to address the problem. Nevertheless, a number of significant data-security breaches have made headlines since then. In February 2006, a U.S. Agriculture Department contractor responding to a request for public information accidentally released the Social Security and tax identification numbers of about 350,000 tobacco farmers. In March 2006, a hacker obtained the Social Security numbers and banking information of about 570,000 Georgia state retirees. In May 2006, a Department of Veterans Affairs employee's laptop containing the names, birth dates, and Social Security numbers of 26.5 million veterans was stolen from his car. That information was later recovered, |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion