Legislators Agree On Data-breach Terms

Members of a House committee have agreed on compromise language in a data-protection bill intended to provide increased protections for sensitive consumer information. The Data Accountability and Trust Act (DATA) includes definitions of when organizations must report a data breach to customers and requires companies that handle such information to meet minimum standards for protecting sensitive data. In its original form, the bill only required disclosure if an event carried a “significant risk” of identity theft. The compromise language mandates notification if a “reasonable threat” exists. The bill requires data stewards to take “reasonable” precautions against data theft and to perform periodic assessments to verify that data has not been compromised. Rep. Joe Barton (R-Tex.), chair of the Energy and Commerce Committee, said the existing statutes for data protection “are so flimsy they’re laughable.” Rep. John Dingell (D-Mich.) said the DATA bill “focuses on strong security systems, notice to consumers of breaches, and tough enforcement.”

Internet News, 24 March 2006